Backdoor.Bot.90815_a902bbd4f1

by malwarelabrobot on July 28th, 2017 in Malware Descriptions.

Backdoor.Bot.90815 (BitDefender), Backdoor:Win32/Xtrat.G (Microsoft), Backdoor.Win32.Xtreme.biu (Kaspersky), Trojan.Win32.SSonce.b (v) (VIPRE), BackDoor.Siggen.53415 (DrWeb), Backdoor.Bot.90815 (B) (Emsisoft), GenericRXAC-IB!A902BBD4F14D (McAfee), W32.IRCBot.NG (Symantec), Backdoor.Win32.Bifrose (Ikarus), Backdoor.Bot.90815 (FSecure), Win32:Malware-gen (AVG), Win32:Malware-gen (Avast), TROJ_SPNR.35CD13 (TrendMicro), Backdoor.Bot.90815 (AdAware), Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, PackedMoleBoxVS.YR (Lavasoft MAS)
Behaviour: Trojan, Backdoor, Packed, VirTool, IRCBot, Malware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: a902bbd4f14d21c7544611dbf220e513
SHA1: 2482b383de2b13e15a6887b3a31130d3d1cc0310
SHA256: 2380b9b4e364c67332ead5d26bf108ef9a022ffe93c421d27d953ea9a5500474
SSDeep: 98304:kgFkWEHRw PxolXF9ODKWnNb6mfvu3ipf8U YKW/5pnHROuqvfAk9jGXz5JHm5sO:kCeSWxolX6KUbZV0UhKW/HRjRJHmyO
Size: 5323015 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MingWin32vh, MingWin32DevCv4xh, UPolyXv05_v6
Company: no certificate found
Created at: 2011-07-25 01:45:39
Analyzed on: Windows7 SP1 32-bit


Summary:

Backdoor. Malware that enables a remote control of victim's machine.

Payload

Behaviour Description
IRCBot A bot can communicate with command and control servers via IRC channel.


Process activity

The Backdoor creates the following process(es):
No processes have been created.
The Backdoor injects its code into the following process(es):

%original file name%.exe:3724
iexplore.exe:3644

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

No files have been created.

Registry activity

The process %original file name%.exe:3724 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"processname" = "iexplore.exe"
"WindowClassName" = "DDEMLMom"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Katherina Walensk
Product Name:
Product Version: 1, 0, 0,
Legal Copyright: Copyright (c) 2012, Katherina Walensk
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1, 0, 0,
File Description:
Comments:
Language: Chinese (Traditional, Taiwan)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 21000 21504 4.25361 09cd097fd78021b6205d5de3c9d929d3
.data 28672 176 512 2.20578 ef371e47440b06fe75398516aef4e8f6
.idata 32768 4244 4608 3.34981 a47de70a9c0e7036185ad8ad4852d31b
.rdata 40960 608 1024 3.50025 8e6611681d42ac4c39d97f4b032cc6c5
.bss 45056 11674324 0 0 d41d8cd98f00b204e9800998ecf8427e
.tls 11722752 76 2560 0 a371492f16c0940507435909603efe88
.rsrc 11726848 11703 11776 2.26779 1a9bcdf987fef94c5c4f60d85fba27ff

Dropped from:

849b252f3cc157292a2f6924bbcd2c58

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 1
b7cd7a20b6d05038df433fbf801520ef

URLs

URL IP
hxxp://www.dev-point.com/vb 104.28.9.88
hxxp://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEENSAj/6qJAfE5/j9OXBRE4=
hxxp://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ/icg9B19asFe73bPYs+reAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0=
hxxp://www.dev-point.com/vb/ 104.28.9.88
hxxp://www.dev-point.com/vb_old/devpointv1/build14011/devstatusicon1/forum_old.gif 104.28.9.88
hxxp://prod.imgur.map.fastlylb.net/nfrPZFV.png
hxxp://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI=
hxxp://e8218.dscb1.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6cQ==
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRH4mIoBb+hjdi7K/E2J4ZS9L/ZgAQUl8InUJ7CyewMiDLIfK3ipgFP2m8CEE5DthZuQ44ma3lo34edZjM=
hxxp://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69+Aj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE=
hxxp://e6845.dscb1.akamaiedge.net/crls/secureca.crl
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACEAEAISWIsPpZp3fvBXtmJ98=
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDoBAk/IyG+h
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBOtRZrn/vaG
hxxp://www-google-analytics.l.google.com/GIAG2.crl
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB3Jwo+UwCAC
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAkCD62NWbwQ
hxxp://gp.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRH4mIoBb+hjdi7K/E2J4ZS9L/ZgAQUl8InUJ7CyewMiDLIfK3ipgFP2m8CEE5DthZuQ44ma3lo34edZjM= 23.37.43.27
hxxp://crl.geotrust.com/crls/secureca.crl 23.37.37.163
hxxp://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ/icg9B19asFe73bPYs+reAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0= 178.255.83.1
hxxp://g2.symcb.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6cQ== 23.37.43.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAkCD62NWbwQ 216.58.214.238
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBOtRZrn/vaG 216.58.214.238
hxxp://i.imgur.com/nfrPZFV.png 151.101.112.193
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDoBAk/IyG+h 216.58.214.238
hxxp://pki.google.com/GIAG2.crl 216.58.214.238
hxxp://ocsp.trust-provider.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEENSAj/6qJAfE5/j9OXBRE4= 178.255.83.1
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI= 178.255.83.1
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB3Jwo+UwCAC 216.58.214.238
hxxp://g.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACEAEAISWIsPpZp3fvBXtmJ98= 23.37.43.27
hxxp://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69+Aj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE= 178.255.83.1
ssl.gstatic.com 216.58.214.227
plus.google.com 216.58.214.238
accounts.google.com 216.58.214.237
www.google-analytics.com 216.58.214.238
apis.google.com 216.58.214.238
cdnjs.cloudflare.com 104.19.192.102
stats.g.doubleclick.net 64.233.166.154
maxcdn.bootstrapcdn.com 198.232.125.123
b.s-static.ak.facebook.com


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRH4mIoBb+hjdi7K/E2J4ZS9L/ZgAQUl8InUJ7CyewMiDLIfK3ipgFP2m8CEE5DthZuQ44ma3lo34edZjM= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: gp.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1415
content-transfer-encoding: binary
Cache-Control: max-age=365163, public, no-transform, must-revalidate
Last-Modified: Mon, 24 Jul 2017 13:06:28 GMT
Expires: Mon, 31 Jul 2017 13:06:28 GMT
Date: Thu, 27 Jul 2017 07:43:29 GMT
Connection: keep-alive
0.........|0..x.. .....0.....i0..e0..........B_...pz...........2017072
4130628Z0s0q0I0... ........G.b(...... .6'.R........'P......2.|....O.o.
.NC..nC.&kyh...f3....20170724130628Z....20170731130628Z0...*.H........
.....:..)..g....*0.e..kt.8. ..<>x"...O.....f.z..@r..2`j..$..^:..
..9.7.=......#.".\fNN..B........L|.L..<.A;y.7.....(.....|(:^..a...A
..V.(...'g|.h_"...h>.p........V...X../..3.9............1.....`.X.#.
...._...."..O.x..J.....e..........l.5.....A...........Z5.....*.....0..
.0...0..........h@*!0.T)..9.....0...*.H........0B1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....RapidSSL SHA256 CA0...170612000000Z..170910
235959Z0,1*0(..U...!RapidSSL SHA256 CA OCSP Responder0.."0...*.H......
.......0.........y....x-.@../..............:.P..p8.ey..=.-.Vc..... .l#
/.....F|.......2....b....).n[*Pp..<.........}.....4.h......T.1.9~l.
...#,?.....$....q...f...]p......S}.......a....I....z.#...n...$...z....
.\q)....k..[.Rj.N,34:....)....b.x...........7b.%`mG.....Ba.0DX........
...0..0... .....0......0"..U....0...0.1.0...U....TGV-E-16250...U.#..0.
....'P......2.|....O.o0...U..........B_...pz.........0...U.......0.0..
.U.%..0... .......0...U...........0...*.H..............5...'EgL%H?.*&l
t;T.y..._b#e......ut..@.a..|.. .D...........Ep.h.....x.~.O=I..J..S....
.59&w...t./.bc....z=m.GbJBG.7..ZLH..P..m.y%......\...W.KA4#|...h.M.D..
.d......|..ut............../n....Z$.K....O-.....q....L.>]I0cS(G.*.a
:...Z....a.YCd..dafCEDb.Wl."r`O$......
<<< skipped >>>


GET /nfrPZFV.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: i.imgur.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Fri, 23 Jun 2017 19:39:59 GMT
ETag: "a95b9880d9b4a42f6a9bc5797a6dd433"
Content-Type: image/png
Fastly-Debug-Digest: 2daaf6866662833edfa2c39f0c7e3bbc5b20373328274f26cbb0ebf49cdcd64f
cache-control: public, max-age=31536000
Content-Length: 20945
Accept-Ranges: bytes
Date: Thu, 27 Jul 2017 07:43:17 GMT
Age: 2799167
Connection: keep-alive
X-Served-By: cache-iad2131-IAD, cache-hhn1544-HHN
X-Cache: MISS, HIT
X-Cache-Hits: 0, 1
X-Timer: S1501141398.898748,VS0,VE1
Vary: Accept, Accept
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
.PNG........IHDR.......Z......V....Q.IDATx..].`.U.....d. !!.....$.B...
S.....E.T.7T.....S...r.a...J/.@.!..FB...i...7..a.;;;[....s..y..M{.....
.o.*...,X.`.......\.{.lBoo...........bX.j...3..9F...p9\.@......ht.U.ik
n.v.....VT\...7......n@OO..`....D..0`j.8..2".....5.R{g.... %%...^.A.`.
...S#`!.....l...p7.F...f.y>.~ q.y..]&Y..#.N.<.RwO............}..
....'....n...zK...p ...{./......K...)..)..W.......-...u./...,.A...OO.7
.....p ......*..k.>.y|..?q|,$.>J./.#. ,..u./...,l..`.....g...7..
.n.qqxH.M....yE.KWgL@LVx<......DA.q......s.9.eMW4......&.........n.
.e3..G..m.........P.D.1:*..uK./.5..... .mhf...,XXBoo.^....`...w {....)
...1..... .......D..BZ>/...rna....U......0..,....tY".b.066......K3.
..2d'"&.L....V.mCM\..g.g&.7$(`.f...m.,(../.,...:.<.,X8}...f.,...*_E
vF..CgzX{K....w...0.;8......nJ..U..!...qu..2.bx/.F.....`...U .`]WOAI..
.U..k...........6..._.8.}.tL...v.-.>zk[..t~.{Cl.B...a..W.:...I.e.d.
."...@>&.Aj.\.......@Cm.r.BAxH@ZR.......|..U..:Ic1..r....;...2..)..
q.{..\&....B*...zC....E{....g.....nX....x.......;.~..9.]7,.T.F..p.x.M.
....v..F...a~8~ &.1.G...)..S.b.....K..W. ....b_<.,F*.............G6
 3e...q...j.B&...@...{[4..5.....:~.....s.]........9.....mw7.h...d..&.a
......}@..@C8...=....~.......q..."._:....lq.....Z.%...#.#.L..L......._
.d..e3.G.K%b...`hni..H....>.Wbw.........NJ.<_^s......*.1...5..;.
.a.w...e(...P.q.\A..,...$./....fB.G......pjj/..UI..Y.$,..l.].].2.....\
.w..H....f.....V........9<.O!.NH.}....!.....m_.I..z...FG..... .....
..`.r[....W.s..07.. .n..q..o..5.[.....tY.W!.3*lZzb..X.......]...,.
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACEAEAISWIsPpZp3fvBXtmJ98= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1390
content-transfer-encoding: binary
Cache-Control: max-age=394117, public, no-transform, must-revalidate
Last-Modified: Mon, 24 Jul 2017 21:12:11 GMT
Expires: Mon, 31 Jul 2017 21:12:11 GMT
Date: Thu, 27 Jul 2017 07:43:42 GMT
Connection: keep-alive
0..j......c0.._.. .....0.....P0..L0......V.T'S...q..."...zr.*..2017072
4211211Z0s0q0I0... ..........9.....yP..`...<.......*.A.....>U...
.... ....!%...Y.w..{f'.....20170724211211Z....20170731211211Z0...*.H..
..............E. .bd...k..?*..K...s.Q.2.~..AK.:.....u1....,....[..)o..
......F....C.,.}.!.%..7..{i........Bv....q.........VC..D7.)......m$...
...0xT".6:..F.......o<.!.m%...W3..vuj>......'.....=.Mq..Kd.4.v..
tE..En..'..ZY.I.C......I..m.m.#....|..$...........D.v@.d...x.......0..
.0...0..s............ ...y..^..g0...*.H........0B1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust Global CA0...161208112535Z..171214
112535Z02100...U...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H
.............0...............S....!....,.t.?....d...M@.._.=.S..,."....
..Gdv._c..D1..N'E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9
.Y....../.....;.......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi
.....3.......F.6.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym..
......0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0.
.. .......0...U...........0...U.......0.0"..U....0...0.1.0...U....TGV-
OFF-570...*.H..............md.....yV{......y:5..@l#..5.......o..X....,
r}......i..3..o.e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......
a.....G..\.'*.b..>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b.
.K...PO47.J.....{.C\....G..0/.a.Eo.`z.<;IA...  #.''.CG..K@7z..7.\_.
.'.]q.f._.WN....
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com


HTTP/1.1 200 OK
Date: Thu, 27 Jul 2017 07:43:23 GMT
Server: Apache
Last-Modified: Wed, 26 Jul 2017 10:05:35 GMT
Expires: Wed, 02 Aug 2017 10:05:35 GMT
ETag: BC76214606F587264DA67FC561D3D24F10AA5BD4
Cache-Control: max-age=526331,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp33
Content-Length: 471
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0.........z4.&...&T....$.T...2017072
6100535Z0s0q0I0... ........|.fT...D.b&...e{.z.......z4.&...&T....$.T..
.'f.V.I....p...."....20170726100535Z....20170802100535Z0...*.H........
.......o....^.....fx......\.....S....]...Et(.[>m|....... !.D.. .T..
)!...P....U.`.C.rS@..i..?.. ].|..a_.qd=.O.....F.&.....V....V"-\q......
.....](..L.V(........Ds......].>z....}.J..(Vw.~..ds.1...&...{)I.\..
sM!....g..G.Y./r....f.Z.9..b'.......q..{M..._ly.jj....r....



GET /vb HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.dev-point.com
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Date: Thu, 27 Jul 2017 07:43:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 27 Jul 2017 08:43:04 GMT
Location: hXXps://VVV.dev-point.com/vb
Server: cloudflare-nginx
CF-RAY: 384df736b67b826d-KBP
0..HTTP/1.1 301 Moved Permanently..Date: Thu, 27 Jul 2017 07:43:04 GMT
..Transfer-Encoding: chunked..Connection: keep-alive..Cache-Control: m
ax-age=3600..Expires: Thu, 27 Jul 2017 08:43:04 GMT..Location: https:/
/VVV.dev-point.com/vb..Server: cloudflare-nginx..CF-RAY: 384df736b67b8
26d-KBP..0......


GET /vb/ HTTP/1.1


Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.dev-point.com
Connection: Keep-Alive
Cookie: __cfduid=d19bcda4f2528ff860c10cd72e367df241501141396


HTTP/1.1 301 Moved Permanently
Date: Thu, 27 Jul 2017 07:43:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 27 Jul 2017 08:43:16 GMT
Location: hXXps://VVV.dev-point.com/vb/
Server: cloudflare-nginx
CF-RAY: 384df7811792826d-KBP
0..HTTP/1.1 301 Moved Permanently..Date: Thu, 27 Jul 2017 07:43:16 GMT
..Transfer-Encoding: chunked..Connection: keep-alive..Cache-Control: m
ax-age=3600..Expires: Thu, 27 Jul 2017 08:43:16 GMT..Location: https:/
/VVV.dev-point.com/vb/..Server: cloudflare-nginx..CF-RAY: 384df7811792
826d-KBP..0..



GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "3bda76bd0fc527b7360ce0d6c0d99976:1501140631"
Last-Modified: Thu, 27 Jul 2017 07:30:31 GMT
Date: Thu, 27 Jul 2017 07:43:36 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equi
fax Secure Certificate Authority..170727072300Z..170806072300Z0,0....%
...020514181157Z0.....3..020515130611Z0...*.H.............c".@...\..) 
>.Vg.d.......}."y.~j2- ..&....g".}R..e........~>tt..!S.Z"I.<.
LZ ."-..UvG;..vo..sb..G...........w...\..\M...3..kd.QCHTTP/1.1 200 OK.
.Server: Apache..ETag: "3bda76bd0fc527b7360ce0d6c0d99976:1501140631"..
Last-Modified: Thu, 27 Jul 2017 07:30:31 GMT..Date: Thu, 27 Jul 2017 0
7:43:36 GMT..Content-Length: 325..Connection: keep-alive..Content-Type
: application/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U..
..Equifax1-0 ..U...$Equifax Secure Certificate Authority..170727072300
Z..170806072300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H.
............c".@...\..) >.Vg.d.......}."y.~j2- ..&....g".}R..e.....
...~>tt..!S.Z"I.<.LZ ."-..UvG;..vo..sb..G...........w...\..\M...
3..kd.QC....


GET /crls/secureca.crl HTTP/1.1


Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "3bda76bd0fc527b7360ce0d6c0d99976:1501140631"
Last-Modified: Thu, 27 Jul 2017 07:30:31 GMT
Date: Thu, 27 Jul 2017 07:43:39 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equi
fax Secure Certificate Authority..170727072300Z..170806072300Z0,0....%
...020514181157Z0.....3..020515130611Z0...*.H.............c".@...\..) 
>.Vg.d.......}."y.~j2- ..&....g".}R..e........~>tt..!S.Z"I.<.
LZ ."-..UvG;..vo..sb..G...........w...\..\M...3..kd.QCHTTP/1.1 200 OK.
.Server: Apache..ETag: "3bda76bd0fc527b7360ce0d6c0d99976:1501140631"..
Last-Modified: Thu, 27 Jul 2017 07:30:31 GMT..Date: Thu, 27 Jul 2017 0
7:43:39 GMT..Content-Length: 325..Connection: keep-alive..Content-Type
: application/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U..
..Equifax1-0 ..U...$Equifax Secure Certificate Authority..170727072300
Z..170806072300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H.
............c".@...\..) >.Vg.d.......}."y.~j2- ..&....g".}R..e.....
...~>tt..!S.Z"I.<.LZ ."-..UvG;..vo..sb..G...........w...\..\M...
3..kd.QC..



GET /GIAG2.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.google.com


HTTP/1.1 200 OK
Accept-Ranges: none
Vary: Accept-Encoding
Content-Type: application/pkix-crl
Date: Thu, 27 Jul 2017 07:40:35 GMT
Expires: Thu, 27 Jul 2017 08:40:35 GMT
Last-Modified: Thu, 27 Jul 2017 02:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 196
Transfer-Encoding: chunked
246..0..B0..*...0...*.H........0I1.0...U....US1.0...U....Google Inc1%0
#..U....Google Internet Authority G2..170727010002Z..170806010002Z0{0'
...T...y.K..170412085317Z0.0...U.......0'...~.2.|Y...170724083751Z0.0.
..U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J.
.....h.v....b..Z./0...U.......C0...*.H.............i*..,..$...eO}.i...
.e......n..fa}.....i2h...*,.P......M...k.{q...z...K.....8..5j.y.....D.
.. .Dfj.1VFAj./dA.W......r.......K......./}.v...r..-.2.k.':.g.K...A...
*oV...........F3...z....l..XQ\.....bb=..b..6..F..B..{.P4..2..0..w...l.
#........k..K...K........Z...0..HTTP/1.1 200 OK..Accept-Ranges: none..
Vary: Accept-Encoding..Content-Type: application/pkix-crl..Date: Thu, 
27 Jul 2017 07:40:35 GMT..Expires: Thu, 27 Jul 2017 08:40:35 GMT..Last
-Modified: Thu, 27 Jul 2017 02:15:00 GMT..X-Content-Type-Options: nosn
iff..Server: sffe..X-XSS-Protection: 1; mode=block..Cache-Control: pub
lic, max-age=3600..Age: 196..Transfer-Encoding: chunked..246..0..B0..*
...0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Googl
e Internet Authority G2..170727010002Z..170806010002Z0{0'...T...y.K..1
70412085317Z0.0...U.......0'...~.2.|Y...170724083751Z0.0...U.......0'.
.1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b
..Z./0...U.......C0...*.H.............i*..,..$...eO}.i....e......n..fa
}.....i2h...*,.P......M...k.{q...z...K.....8..5j.y.....D... .Dfj.1VFAj
./dA.W......r.......K......./}.v...r..-.2.k.':.g.K...A...*oV..........
.F3...z....l..XQ\.....bb=..b..6..F..B..{.P4..2..0..w...l.#........
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com


HTTP/1.1 200 OK
Date: Thu, 27 Jul 2017 07:43:23 GMT
Server: Apache
Last-Modified: Wed, 26 Jul 2017 10:05:35 GMT
Expires: Wed, 02 Aug 2017 10:05:35 GMT
ETag: BC76214606F587264DA67FC561D3D24F10AA5BD4
Cache-Control: max-age=526331,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp21
Content-Length: 471
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0.........z4.&...&T....$.T...2017072
6100535Z0s0q0I0... ........|.fT...D.b&...e{.z.......z4.&...&T....$.T..
.'f.V.I....p...."....20170726100535Z....20170802100535Z0...*.H........
.......o....^.....fx......\.....S....]...Et(.[>m|....... !.D.. .T..
)!...P....U.`.C.rS@..i..?.. ].|..a_.qd=.O.....F.&.....V....V"-\q......
.....](..L.V(........Ds......].>z....}.J..(Vw.~..ds.1...&...{)I.\..
sM!....g..G.Y./r....f.Z.9..b'.......q..{M..._ly.jj....r....



GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDoBAk/IyG+h HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Jul 2017 03:52:48 GMT
Expires: Sun, 30 Jul 2017 03:52:48 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 100259
0..........0..... .....0......0...0......J......h.v....b..Z./..2017072
5192656Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.:..O..o.....20170725192656Z....20170801192656Z0...*.H.............,.O
..$...J...........^}#j..X...>.....dU.!_"...I..G.~.P......=.*..q~.x.
]..h$.........\..;.../....3..Q....m.vo...eq....@P.T...5.><N.. ..
...4u...Z.<D......W..\........'.Y...W=.=?r.l...4.(136.. .....].7.H.
G....c..A..O..-.yXT..9G.'.|..ZM...~.....s.........Z....HTTP/1.1 200 OK
..Content-Type: application/ocsp-response..Date: Wed, 26 Jul 2017 03:5
2:48 GMT..Expires: Sun, 30 Jul 2017 03:52:48 GMT..Server: ocsp_respond
er..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Opti
ons: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 100259..0
..........0..... .....0......0...0......J......h.v....b..Z./..20170725
192656Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..
:..O..o.....20170725192656Z....20170801192656Z0...*.H.............,.O.
.$...J...........^}#j..X...>.....dU.!_"...I..G.~.P......=.*..q~.x.]
..h$.........\..;.../....3..Q....m.vo...eq....@P.T...5.><N.. ...
..4u...Z.<D......W..\........'.Y...W=.=?r.l...4.(136.. .....].7.H.G
....c..A..O..-.yXT..9G.'.|..ZM...~.....s.........Z........
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBOtRZrn/vaG HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Jul 2017 01:42:33 GMT
Expires: Sun, 30 Jul 2017 01:42:33 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 108077
0..........0..... .....0......0...0......J......h.v....b..Z./..2017072
5192525Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...E.........20170725192525Z....20170801192525Z0...*.H.............Z..
.uyh@......#..6jq............Q.[2......e.....u...0s.....UnkU..Dj!.....
...4..2.....3M...>.=....|.................).......c.H....@Vv..;...t
q.........R....)<.........{...=`."./....{..u..]....Z...]./t.O."..8.
.....Y..T..^..J.{.... &d.>G..w@...}]4.w.*...FD..LHTTP/1.1 200 OK..C
ontent-Type: application/ocsp-response..Date: Wed, 26 Jul 2017 01:42:3
3 GMT..Expires: Sun, 30 Jul 2017 01:42:33 GMT..Server: ocsp_responder.
.Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options
: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 108077..0...
.......0..... .....0......0...0......J......h.v....b..Z./..20170725192
525Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....E
.........20170725192525Z....20170801192525Z0...*.H.............Z...uyh
@......#..6jq............Q.[2......e.....u...0s.....UnkU..Dj!........4
..2.....3M...>.=....|.................).......c.H....@Vv..;...tq...
......R....)<.........{...=`."./....{..u..]....Z...]./t.O."..8.....
.Y..T..^..J.{.... &d.>G..w@...}]4.w.*...FD..L....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB3Jwo+UwCAC HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Jul 2017 02:09:22 GMT
Expires: Sun, 30 Jul 2017 02:09:22 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 106473
0..........0..... .....0......0...0......J......h.v....b..Z./..2017072
5192759Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
....... .....20170725192759Z....20170801192759Z0...*.H.............^./
8..tE..2.M.3...C....="......V][,}..)....Y{.U.... .`.%......Mr.b......|
...Cf.A..6.....;yK?NN..R.......5..kB.Q...*.)R~h.....F..G..d.>e..A..
.z;.kf%c...s.r.'h.....j.L............s..8D.,.../.%].z...w........o...X
m&y.je.cq.....2..g. k<........2..{.!...:.Y....HTTP/1.1 200 OK..Cont
ent-Type: application/ocsp-response..Date: Wed, 26 Jul 2017 02:09:22 G
MT..Expires: Sun, 30 Jul 2017 02:09:22 GMT..Server: ocsp_responder..Co
ntent-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: S
AMEORIGIN..Cache-Control: public, max-age=345600..Age: 106473..0......
....0..... .....0......0...0......J......h.v....b..Z./..20170725192759
Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./........
 .....20170725192759Z....20170801192759Z0...*.H.............^./8..tE..
2.M.3...C....="......V][,}..)....Y{.U.... .`.%......Mr.b......|...Cf.A
..6.....;yK?NN..R.......5..kB.Q...*.)R~h.....F..G..d.>e..A...z;.kf%
c...s.r.'h.....j.L............s..8D.,.../.%].z...w........o...Xm&y.je.
cq.....2..g. k<........2..{.!...:.Y........
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAkCD62NWbwQ HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Jul 2017 15:02:45 GMT
Expires: Sun, 30 Jul 2017 15:02:45 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 60070
0..........0..... .....0......0...0......J......h.v....b..Z./..2017072
6012637Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
......Y......20170726012637Z....20170802012637Z0...*.H.............$..
.T~.EX<....I.]....w.v.zy.y.......d...tn..M.......S[4f.L.....s....v.
.wJ...'.-.R..C=O..7.g..h^.s}y...&..F..zi./....6.$j-....kS.O...l....4..
.........y...........`..)....`..f.....rg.......;.....jR....6iF...QNKoj
=...}....$.^.By...K....h.I~...|.$.4....5..aH......


GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAkCD62NWbwQ HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Jul 2017 15:02:45 GMT
Expires: Sun, 30 Jul 2017 15:02:45 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 60070
0..........0..... .....0......0...0......J......h.v....b..Z./..2017072
6012637Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
......Y......20170726012637Z....20170802012637Z0...*.H.............$..
.T~.EX<....I.]....w.v.zy.y.......d...tn..M.......S[4f.L.....s....v.
.wJ...'.-.R..C=O..7.g..h^.s}y...&..F..zi./....6.$j-....kS.O...l....4..
.........y...........`..)....`..f.....rg.......;.....jR....6iF...QNKoj
=...}....$.^.By...K....h.I~...|.$.4....5..aH..HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Wed, 26 Jul 2017 15:02:45 GMT.
.Expires: Sun, 30 Jul 2017 15:02:45 GMT..Server: ocsp_responder..Conte
nt-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAME
ORIGIN..Cache-Control: public, max-age=345600..Age: 60070..0..........
0..... .....0......0...0......J......h.v....b..Z./..20170726012637Z0k0
i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.......Y....
..20170726012637Z....20170802012637Z0...*.H.............$...T~.EX<.
...I.]....w.v.zy.y.......d...tn..M.......S[4f.L.....s....v..wJ...'.-.R
..C=O..7.g..h^.s}y...&..F..zi./....6.$j-....kS.O...l....4...........y.
..........`..)....`..f.....rg.......;.....jR....6iF...QNKoj=...}....$.
^.By...K....h.I~...|.$.4....5..aH....



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEENSAj/6qJAfE5/j9OXBRE4= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.trust-provider.com


HTTP/1.1 200 OK
Date: Thu, 27 Jul 2017 07:43:10 GMT
Server: Apache
Last-Modified: Wed, 26 Jul 2017 10:05:35 GMT
Expires: Wed, 02 Aug 2017 10:05:35 GMT
ETag: 9CE4812FE79922F23A0D706ECDD4367DCCB57BDC
Cache-Control: max-age=526344,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp33
Content-Length: 471
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0.........z4.&...&T....$.T...2017072
6100535Z0s0q0I0... ........|.fT...D.b&...e{.z.......z4.&...&T....$.T..
.CR.?..........DN....20170726100535Z....20170802100535Z0...*.H........
.....G[C.B...T...By...1O ..E...'.U.O. ..&.$.~;EJ` .a./.#...w-@].^/.I.t
.v........K..!.%.(U%......>......X..VhsqD.J.x.}$.)}6}....d...Dx...z
8..m0....Y..p3D..g{.Xy=.q~9..fHg......i...V...]/.j..[..>.....[.....
.. .. E{.M....}.z.l..\.6_...b@,.3Q..........BE..?.HC..|..



GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6cQ== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g2.symcb.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1377
content-transfer-encoding: binary
Cache-Control: max-age=406554, public, no-transform, must-revalidate
Last-Modified: Tue, 25 Jul 2017 00:36:35 GMT
Expires: Tue, 1 Aug 2017 00:36:35 GMT
Date: Thu, 27 Jul 2017 07:43:24 GMT
Connection: keep-alive
0..]......V0..R.. .....0.....C0..?0......V.T'S...q..."...zr.*..2017072
5003635Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:q....20170725003635Z....20170801003635Z0...*.H............
.Ei..g.w(.?.:.. .0.s.zV.I.V.....y....9,.....Q.....=...G..7..a.........
z...."2..!..2..bT..V...MO.Y.!..]..q....3.G-.~z.#.i..0. u...OI.......Dd
....^...7nJ! r..w.....\.#..yv..y...A4....P..%&x.iz....l....G'b.....*F.
.N".H.6.@.Y....[.vj$.[..I.\....g.?....... ....@....0...0...0..s.......
..... ...y..^..g0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.
1.0...U....GeoTrust Global CA0...161208112535Z..171214112535Z02100...U
...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H.............0..
.............S....!....,.t.?....d...M@.._.=.S..,."......Gdv._c..D1..N'
E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9.Y....../.....;.
......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi.....3.......F.6
.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym........0..0...U.#
..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U.
..........0...U.......0.0"..U....0...0.1.0...U....TGV-OFF-570...*.H...
...........md.....yV{......y:5..@l#..5.......o..X....,r}......i..3..o.
e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......a.....G..\.'*.b.
.>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b..K...PO47.J.....
{.C\....G..0/.a.Eo.`z.<;IA...  #.''.CG..K@7z..7.\_..'.]q.f._.WN....
<<< skipped >>>


GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "3bda76bd0fc527b7360ce0d6c0d99976:1501140631"
Last-Modified: Thu, 27 Jul 2017 07:30:31 GMT
Date: Thu, 27 Jul 2017 07:43:36 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equi
fax Secure Certificate Authority..170727072300Z..170806072300Z0,0....%
...020514181157Z0.....3..020515130611Z0...*.H.............c".@...\..) 
>.Vg.d.......}."y.~j2- ..&....g".}R..e........~>tt..!S.Z"I.<.
LZ ."-..UvG;..vo..sb..G...........w...\..\M...3..kd.QCHTTP/1.1 200 OK.
.Server: Apache..ETag: "3bda76bd0fc527b7360ce0d6c0d99976:1501140631"..
Last-Modified: Thu, 27 Jul 2017 07:30:31 GMT..Date: Thu, 27 Jul 2017 0
7:43:36 GMT..Content-Length: 325..Connection: keep-alive..Content-Type
: application/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U..
..Equifax1-0 ..U...$Equifax Secure Certificate Authority..170727072300
Z..170806072300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H.
............c".@...\..) >.Vg.d.......}."y.~j2- ..&....g".}R..e.....
...~>tt..!S.Z"I.<.LZ ."-..UvG;..vo..sb..G...........w...\..\M...
3..kd.QC....


GET /crls/secureca.crl HTTP/1.1


Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "3bda76bd0fc527b7360ce0d6c0d99976:1501140631"
Last-Modified: Thu, 27 Jul 2017 07:30:31 GMT
Date: Thu, 27 Jul 2017 07:43:39 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equi
fax Secure Certificate Authority..170727072300Z..170806072300Z0,0....%
...020514181157Z0.....3..020515130611Z0...*.H.............c".@...\..) 
>.Vg.d.......}."y.~j2- ..&....g".}R..e........~>tt..!S.Z"I.<.
LZ ."-..UvG;..vo..sb..G...........w...\..\M...3..kd.QCHTTP/1.1 200 OK.
.Server: Apache..ETag: "3bda76bd0fc527b7360ce0d6c0d99976:1501140631"..
Last-Modified: Thu, 27 Jul 2017 07:30:31 GMT..Date: Thu, 27 Jul 2017 0
7:43:39 GMT..Content-Length: 325..Connection: keep-alive..Content-Type
: application/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U..
..Equifax1-0 ..U...$Equifax Secure Certificate Authority..170727072300
Z..170806072300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H.
............c".@...\..) >.Vg.d.......}."y.~j2- ..&....g".}R..e.....
...~>tt..!S.Z"I.<.LZ ."-..UvG;..vo..sb..G...........w...\..\M...
3..kd.QC..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69+Aj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca4.com


HTTP/1.1 200 OK
Date: Thu, 27 Jul 2017 07:43:29 GMT
Server: Apache
Last-Modified: Wed, 26 Jul 2017 10:05:35 GMT
Expires: Wed, 02 Aug 2017 10:05:35 GMT
ETag: 91C74C4FEB4E158FFF19D613C7D7C33D9B6A8E91
Cache-Control: max-age=526325,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp33
Content-Length: 727
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0........~.=...<....8...22...2017
0726100535Z0s0q0I0... ........^..hl\.....W....r.=.....~.=...<....8.
..22.........wv..e.z.%A....20170726100535Z....20170802100535Z0...*.H..
................q..jk...!.H.....u...N.^..%Zm....?.....b..2....j.....=.
......8...Ac..pc.....I8.a...l..6.a..aE..H..v.2A.)mn...gr.8.KU/.......`
.9HRYO.K..o....Uq!..A.m...X..A......N.B.r. .;.a>...,A....'...b...@.
dm......6...].[R.:...G|.........dc..b..X.'....0. $T.p....y=KN}5u......
T<?n...bP.QW...0..)...(...lJ;.i..`.PmJ.(....).[f..*.n...A..S..-....
.U~w.~...i......~. I.q...\/..Y._.e..ow..E...D.x..d...4.Ae....AJ.g].c@q
.:7...E.....rA*L..........'..f.F.~u.C.(H-.[E.Gc...'H..:.....l#..->.
?-..R)......G^0..........ba.K...r.R...^.6:..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACEAEAISWIsPpZp3fvBXtmJ98= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1390
content-transfer-encoding: binary
Cache-Control: max-age=394388, public, no-transform, must-revalidate
Last-Modified: Mon, 24 Jul 2017 21:12:11 GMT
Expires: Mon, 31 Jul 2017 21:12:11 GMT
Date: Thu, 27 Jul 2017 07:43:42 GMT
Connection: keep-alive
0..j......c0.._.. .....0.....P0..L0......V.T'S...q..."...zr.*..2017072
4211211Z0s0q0I0... ..........9.....yP..`...<.......*.A.....>U...
.... ....!%...Y.w..{f'.....20170724211211Z....20170731211211Z0...*.H..
..............E. .bd...k..?*..K...s.Q.2.~..AK.:.....u1....,....[..)o..
......F....C.,.}.!.%..7..{i........Bv....q.........VC..D7.)......m$...
...0xT".6:..F.......o<.!.m%...W3..vuj>......'.....=.Mq..Kd.4.v..
tE..En..'..ZY.I.C......I..m.m.#....|..$...........D.v@.d...x.......0..
.0...0..s............ ...y..^..g0...*.H........0B1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust Global CA0...161208112535Z..171214
112535Z02100...U...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H
.............0...............S....!....,.t.?....d...M@.._.=.S..,."....
..Gdv._c..D1..N'E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9
.Y....../.....;.......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi
.....3.......F.6.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym..
......0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0.
.. .......0...U...........0...U.......0.0"..U....0...0.1.0...U....TGV-
OFF-570...*.H..............md.....yV{......y:5..@l#..5.......o..X....,
r}......i..3..o.e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......
a.....G..\.'*.b..>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b.
.K...PO47.J.....{.C\....G..0/.a.Eo.`z.<;IA...  #.''.CG..K@7z..7.\_.
.'.]q.f._.WN......
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACEAEAISWIsPpZp3fvBXtmJ98= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1390
content-transfer-encoding: binary
Cache-Control: max-age=394388, public, no-transform, must-revalidate
Last-Modified: Mon, 24 Jul 2017 21:12:11 GMT
Expires: Mon, 31 Jul 2017 21:12:11 GMT
Date: Thu, 27 Jul 2017 07:43:44 GMT
Connection: keep-alive
0..j......c0.._.. .....0.....P0..L0......V.T'S...q..."...zr.*..2017072
4211211Z0s0q0I0... ..........9.....yP..`...<.......*.A.....>U...
.... ....!%...Y.w..{f'.....20170724211211Z....20170731211211Z0...*.H..
..............E. .bd...k..?*..K...s.Q.2.~..AK.:.....u1....,....[..)o..
......F....C.,.}.!.%..7..{i........Bv....q.........VC..D7.)......m$...
...0xT".6:..F.......o<.!.m%...W3..vuj>......'.....=.Mq..Kd.4.v..
tE..En..'..ZY.I.C......I..m.m.#....|..$...........D.v@.d...x.......0..
.0...0..s............ ...y..^..g0...*.H........0B1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust Global CA0...161208112535Z..171214
112535Z02100...U...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H
.............0...............S....!....,.t.?....d...M@.._.=.S..,."....
..Gdv._c..D1..N'E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9
.Y....../.....;.......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi
.....3.......F.6.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym..
......0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0.
.. .......0...U...........0...U.......0.0"..U....0...0.1.0...U....TGV-
OFF-570...*.H..............md.....yV{......y:5..@l#..5.......o..X....,
r}......i..3..o.e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......
a.....G..\.'*.b..>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b.
.K...PO47.J.....{.C\....G..0/.a.Eo.`z.<;IA...  #.''.CG..K@7z..7.\_.
.'.]q.f._.WN......
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACEAEAISWIsPpZp3fvBXtmJ98= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1390
content-transfer-encoding: binary
Cache-Control: max-age=394388, public, no-transform, must-revalidate
Last-Modified: Mon, 24 Jul 2017 21:12:11 GMT
Expires: Mon, 31 Jul 2017 21:12:11 GMT
Date: Thu, 27 Jul 2017 07:43:44 GMT
Connection: keep-alive
0..j......c0.._.. .....0.....P0..L0......V.T'S...q..."...zr.*..2017072
4211211Z0s0q0I0... ..........9.....yP..`...<.......*.A.....>U...
.... ....!%...Y.w..{f'.....20170724211211Z....20170731211211Z0...*.H..
..............E. .bd...k..?*..K...s.Q.2.~..AK.:.....u1....,....[..)o..
......F....C.,.}.!.%..7..{i........Bv....q.........VC..D7.)......m$...
...0xT".6:..F.......o<.!.m%...W3..vuj>......'.....=.Mq..Kd.4.v..
tE..En..'..ZY.I.C......I..m.m.#....|..$...........D.v@.d...x.......0..
.0...0..s............ ...y..^..g0...*.H........0B1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....GeoTrust Global CA0...161208112535Z..171214
112535Z02100...U...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H
.............0...............S....!....,.t.?....d...M@.._.=.S..,."....
..Gdv._c..D1..N'E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9
.Y....../.....;.......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi
.....3.......F.6.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym..
......0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0.
.. .......0...U...........0...U.......0.0"..U....0...0.1.0...U....TGV-
OFF-570...*.H..............md.....yV{......y:5..@l#..5.......o..X....,
r}......i..3..o.e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......
a.....G..\.'*.b..>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b.
.K...PO47.J.....{.C\....G..0/.a.Eo.`z.<;IA...  #.''.CG..K@7z..7.\_.
.'.]q.f._.WN....
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRH4mIoBb+hjdi7K/E2J4ZS9L/ZgAQUl8InUJ7CyewMiDLIfK3ipgFP2m8CEE5DthZuQ44ma3lo34edZjM= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: gp.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1415
content-transfer-encoding: binary
Cache-Control: max-age=365163, public, no-transform, must-revalidate
Last-Modified: Mon, 24 Jul 2017 13:06:28 GMT
Expires: Mon, 31 Jul 2017 13:06:28 GMT
Date: Thu, 27 Jul 2017 07:43:29 GMT
Connection: keep-alive
0.........|0..x.. .....0.....i0..e0..........B_...pz...........2017072
4130628Z0s0q0I0... ........G.b(...... .6'.R........'P......2.|....O.o.
.NC..nC.&kyh...f3....20170724130628Z....20170731130628Z0...*.H........
.....:..)..g....*0.e..kt.8. ..<>x"...O.....f.z..@r..2`j..$..^:..
..9.7.=......#.".\fNN..B........L|.L..<.A;y.7.....(.....|(:^..a...A
..V.(...'g|.h_"...h>.p........V...X../..3.9............1.....`.X.#.
...._...."..O.x..J.....e..........l.5.....A...........Z5.....*.....0..
.0...0..........h@*!0.T)..9.....0...*.H........0B1.0...U....US1.0...U.
...GeoTrust Inc.1.0...U....RapidSSL SHA256 CA0...170612000000Z..170910
235959Z0,1*0(..U...!RapidSSL SHA256 CA OCSP Responder0.."0...*.H......
.......0.........y....x-.@../..............:.P..p8.ey..=.-.Vc..... .l#
/.....F|.......2....b....).n[*Pp..<.........}.....4.h......T.1.9~l.
...#,?.....$....q...f...]p......S}.......a....I....z.#...n...$...z....
.\q)....k..[.Rj.N,34:....)....b.x...........7b.%`mG.....Ba.0DX........
...0..0... .....0......0"..U....0...0.1.0...U....TGV-E-16250...U.#..0.
....'P......2.|....O.o0...U..........B_...pz.........0...U.......0.0..
.U.%..0... .......0...U...........0...*.H..............5...'EgL%H?.*&l
t;T.y..._b#e......ut..@.a..|.. .D...........Ep.h.....x.~.O=I..J..S....
.59&w...t./.bc....z=m.GbJBG.7..ZLH..P..m.y%......\...W.KA4#|...h.M.D..
.d......|..ut............../n....Z$.K....O-.....q....L.>]I0cS(G.*.a
:...Z....a.YCd..dafCEDb.Wl."r`O$......
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69+Aj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca4.com


HTTP/1.1 200 OK
Date: Thu, 27 Jul 2017 07:43:29 GMT
Server: Apache
Last-Modified: Wed, 26 Jul 2017 10:05:35 GMT
Expires: Wed, 02 Aug 2017 10:05:35 GMT
ETag: 91C74C4FEB4E158FFF19D613C7D7C33D9B6A8E91
Cache-Control: max-age=526325,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp33
Content-Length: 727
Connection: close
Content-Type: application/ocsp-response
0..........0..... .....0......0...0........~.=...<....8...22...2017
0726100535Z0s0q0I0... ........^..hl\.....W....r.=.....~.=...<....8.
..22.........wv..e.z.%A....20170726100535Z....20170802100535Z0...*.H..
................q..jk...!.H.....u...N.^..%Zm....?.....b..2....j.....=.
......8...Ac..pc.....I8.a...l..6.a..aE..H..v.2A.)mn...gr.8.KU/.......`
.9HRYO.K..o....Uq!..A.m...X..A......N.B.r. .;.a>...,A....'...b...@.
dm......6...].[R.:...G|.........dc..b..X.'....0. $T.p....y=KN}5u......
T<?n...bP.QW...0..)...(...lJ;.i..`.PmJ.(....).[f..*.n...A..S..-....
.U~w.~...i......~. I.q...\/..Y._.e..ow..E...D.x..d...4.Ae....AJ.g].c@q
.:7...E.....rA*L..........'..f.F.~u.C.(H-.[E.Gc...'H..:.....l#..->.
?-..R)......G^0..........ba.K...r.R...^.6:..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ/icg9B19asFe73bPYs+reAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca4.com


HTTP/1.1 200 OK
Date: Thu, 27 Jul 2017 07:43:16 GMT
Server: Apache
Last-Modified: Wed, 26 Jul 2017 10:05:35 GMT
Expires: Wed, 02 Aug 2017 10:05:35 GMT
ETag: 04B525BAA52067769AE43A5CD3D5C360658BD097
Cache-Control: max-age=526338,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp21
Content-Length: 312
Connection: close
Content-Type: application/ocsp-response
0..4......-0..).. .....0......0...0......uq..H.....AG...Hw..y..2017072
6100535Z0s0q0I0... .........%...' ..}j.^.v.b..x..uq..H.....AG...Hw..y.
.[%.i..&Uf.9...T.....20170726100535Z....20170802100535Z0...*.H.=....g.
0d.0].\KiQ,(y..._[.T=.^.a.<M.H........;.8Q.N.....&T..0p!..A.{k.]...
.<(=....K11c..{.u.x..|P.x.vb.....ts..



GET /GIAG2.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.google.com


HTTP/1.1 200 OK
Accept-Ranges: none
Vary: Accept-Encoding
Content-Type: application/pkix-crl
Date: Thu, 27 Jul 2017 07:40:35 GMT
Expires: Thu, 27 Jul 2017 08:40:35 GMT
Last-Modified: Thu, 27 Jul 2017 02:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 196
Transfer-Encoding: chunked
246..0..B0..*...0...*.H........0I1.0...U....US1.0...U....Google Inc1%0
#..U....Google Internet Authority G2..170727010002Z..170806010002Z0{0'
...T...y.K..170412085317Z0.0...U.......0'...~.2.|Y...170724083751Z0.0.
..U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J.
.....h.v....b..Z./0...U.......C0...*.H.............i*..,..$...eO}.i...
.e......n..fa}.....i2h...*,.P......M...k.{q...z...K.....8..5j.y.....D.
.. .Dfj.1VFAj./dA.W......r.......K......./}.v...r..-.2.k.':.g.K...A...
*oV...........F3...z....l..XQ\.....bb=..b..6..F..B..{.P4..2..0..w...l.
#........k..K...K........Z...0..HTTP/1.1 200 OK..Accept-Ranges: none..
Vary: Accept-Encoding..Content-Type: application/pkix-crl..Date: Thu, 
27 Jul 2017 07:40:35 GMT..Expires: Thu, 27 Jul 2017 08:40:35 GMT..Last
-Modified: Thu, 27 Jul 2017 02:15:00 GMT..X-Content-Type-Options: nosn
iff..Server: sffe..X-XSS-Protection: 1; mode=block..Cache-Control: pub
lic, max-age=3600..Age: 196..Transfer-Encoding: chunked..246..0..B0..*
...0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Googl
e Internet Authority G2..170727010002Z..170806010002Z0{0'...T...y.K..1
70412085317Z0.0...U.......0'...~.2.|Y...170724083751Z0.0...U.......0'.
.1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b
..Z./0...U.......C0...*.H.............i*..,..$...eO}.i....e......n..fa
}.....i2h...*,.P......M...k.{q...z...K.....8..5j.y.....D... .Dfj.1VFAj
./dA.W......r.......K......./}.v...r..-.2.k.':.g.K...A...*oV..........
.F3...z....l..XQ\.....bb=..b..6..F..B..{.P4..2..0..w...l.#........
<<< skipped >>>


GET /vb_old/devpointv1/build14011/devstatusicon1/forum_old.gif HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.dev-point.com
Connection: Keep-Alive
Cookie: __cfduid=d19bcda4f2528ff860c10cd72e367df241501141396


HTTP/1.1 301 Moved Permanently
Date: Thu, 27 Jul 2017 07:43:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 27 Jul 2017 08:43:17 GMT
Location: hXXps://VVV.dev-point.com/vb_old/devpointv1/build14011/devstatusicon1/forum_old.gif
Server: cloudflare-nginx
CF-RAY: 384df788237e8406-KBP
0..



GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6cQ== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g2.symcb.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1377
content-transfer-encoding: binary
Cache-Control: max-age=406555, public, no-transform, must-revalidate
Last-Modified: Tue, 25 Jul 2017 00:36:35 GMT
Expires: Tue, 1 Aug 2017 00:36:35 GMT
Date: Thu, 27 Jul 2017 07:43:24 GMT
Connection: keep-alive
0..]......V0..R.. .....0.....C0..?0......V.T'S...q..."...zr.*..2017072
5003635Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:q....20170725003635Z....20170801003635Z0...*.H............
.Ei..g.w(.?.:.. .0.s.zV.I.V.....y....9,.....Q.....=...G..7..a.........
z...."2..!..2..bT..V...MO.Y.!..]..q....3.G-.~z.#.i..0. u...OI.......Dd
....^...7nJ! r..w.....\.#..yv..y...A4....P..%&x.iz....l....G'b.....*F.
.N".H.6.@.Y....[.vj$.[..I.\....g.?....... ....@....0...0...0..s.......
..... ...y..^..g0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.
1.0...U....GeoTrust Global CA0...161208112535Z..171214112535Z02100...U
...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H.............0..
.............S....!....,.t.?....d...M@.._.=.S..,."......Gdv._c..D1..N'
E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9.Y....../.....;.
......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi.....3.......F.6
.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym........0..0...U.#
..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U.
..........0...U.......0.0"..U....0...0.1.0...U....TGV-OFF-570...*.H...
...........md.....yV{......y:5..@l#..5.......o..X....,r}......i..3..o.
e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......a.....G..\.'*.b.
.>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b..K...PO47.J.....
{.C\....G..0/.a.Eo.`z.<;IA...  #.''.CG..K@7z..7.\_..'.]q.f._.WN....
<<< skipped >>>


GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDoBAk/IyG+h HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Jul 2017 03:52:48 GMT
Expires: Sun, 30 Jul 2017 03:52:48 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 100259
0..........0..... .....0......0...0......J......h.v....b..Z./..2017072
5192656Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.:..O..o.....20170725192656Z....20170801192656Z0...*.H.............,.O
..$...J...........^}#j..X...>.....dU.!_"...I..G.~.P......=.*..q~.x.
]..h$.........\..;.../....3..Q....m.vo...eq....@P.T...5.><N.. ..
...4u...Z.<D......W..\........'.Y...W=.=?r.l...4.(136.. .....].7.H.
G....c..A..O..-.yXT..9G.'.|..ZM...~.....s.........Z....HTTP/1.1 200 OK
..Content-Type: application/ocsp-response..Date: Wed, 26 Jul 2017 03:5
2:48 GMT..Expires: Sun, 30 Jul 2017 03:52:48 GMT..Server: ocsp_respond
er..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Opti
ons: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 100259..0
..........0..... .....0......0...0......J......h.v....b..Z./..20170725
192656Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..
:..O..o.....20170725192656Z....20170801192656Z0...*.H.............,.O.
.$...J...........^}#j..X...>.....dU.!_"...I..G.~.P......=.*..q~.x.]
..h$.........\..;.../....3..Q....m.vo...eq....@P.T...5.><N.. ...
..4u...Z.<D......W..\........'.Y...W=.=?r.l...4.(136.. .....].7.H.G
....c..A..O..-.yXT..9G.'.|..ZM...~.....s.........Z........
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBOtRZrn/vaG HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Jul 2017 01:42:33 GMT
Expires: Sun, 30 Jul 2017 01:42:33 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 108077
0..........0..... .....0......0...0......J......h.v....b..Z./..2017072
5192525Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...E.........20170725192525Z....20170801192525Z0...*.H.............Z..
.uyh@......#..6jq............Q.[2......e.....u...0s.....UnkU..Dj!.....
...4..2.....3M...>.=....|.................).......c.H....@Vv..;...t
q.........R....)<.........{...=`."./....{..u..]....Z...]./t.O."..8.
.....Y..T..^..J.{.... &d.>G..w@...}]4.w.*...FD..LHTTP/1.1 200 OK..C
ontent-Type: application/ocsp-response..Date: Wed, 26 Jul 2017 01:42:3
3 GMT..Expires: Sun, 30 Jul 2017 01:42:33 GMT..Server: ocsp_responder.
.Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options
: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 108077..0...
.......0..... .....0......0...0......J......h.v....b..Z./..20170725192
525Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....E
.........20170725192525Z....20170801192525Z0...*.H.............Z...uyh
@......#..6jq............Q.[2......e.....u...0s.....UnkU..Dj!........4
..2.....3M...>.=....|.................).......c.H....@Vv..;...tq...
......R....)<.........{...=`."./....{..u..]....Z...]./t.O."..8.....
.Y..T..^..J.{.... &d.>G..w@...}]4.w.*...FD..L....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB3Jwo+UwCAC HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Jul 2017 02:09:22 GMT
Expires: Sun, 30 Jul 2017 02:09:22 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 106473
0..........0..... .....0......0...0......J......h.v....b..Z./..2017072
5192759Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
....... .....20170725192759Z....20170801192759Z0...*.H.............^./
8..tE..2.M.3...C....="......V][,}..)....Y{.U.... .`.%......Mr.b......|
...Cf.A..6.....;yK?NN..R.......5..kB.Q...*.)R~h.....F..G..d.>e..A..
.z;.kf%c...s.r.'h.....j.L............s..8D.,.../.%].z...w........o...X
m&y.je.cq.....2..g. k<........2..{.!...:.Y....HTTP/1.1 200 OK..Cont
ent-Type: application/ocsp-response..Date: Wed, 26 Jul 2017 02:09:22 G
MT..Expires: Sun, 30 Jul 2017 02:09:22 GMT..Server: ocsp_responder..Co
ntent-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: S
AMEORIGIN..Cache-Control: public, max-age=345600..Age: 106473..0......
....0..... .....0......0...0......J......h.v....b..Z./..20170725192759
Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./........
 .....20170725192759Z....20170801192759Z0...*.H.............^./8..tE..
2.M.3...C....="......V][,}..)....Y{.U.... .`.%......Mr.b......|...Cf.A
..6.....;yK?NN..R.......5..kB.Q...*.)R~h.....F..G..d.>e..A...z;.kf%
c...s.r.'h.....j.L............s..8D.,.../.%].z...w........o...Xm&y.je.
cq.....2..g. k<........2..{.!...:.Y........
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAkCD62NWbwQ HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Jul 2017 15:02:45 GMT
Expires: Sun, 30 Jul 2017 15:02:45 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 60070
0..........0..... .....0......0...0......J......h.v....b..Z./..2017072
6012637Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
......Y......20170726012637Z....20170802012637Z0...*.H.............$..
.T~.EX<....I.]....w.v.zy.y.......d...tn..M.......S[4f.L.....s....v.
.wJ...'.-.R..C=O..7.g..h^.s}y...&..F..zi./....6.$j-....kS.O...l....4..
.........y...........`..)....`..f.....rg.......;.....jR....6iF...QNKoj
=...}....$.^.By...K....h.I~...|.$.4....5..aH..HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Wed, 26 Jul 2017 15:02:45 GMT.
.Expires: Sun, 30 Jul 2017 15:02:45 GMT..Server: ocsp_responder..Conte
nt-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAME
ORIGIN..Cache-Control: public, max-age=345600..Age: 60070..0..........
0..... .....0......0...0......J......h.v....b..Z./..20170726012637Z0k0
i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.......Y....
..20170726012637Z....20170802012637Z0...*.H.............$...T~.EX<.
...I.]....w.v.zy.y.......d...tn..M.......S[4f.L.....s....v..wJ...'.-.R
..C=O..7.g..h^.s}y...&..F..zi./....6.$j-....kS.O...l....4...........y.
..........`..)....`..f.....rg.......;.....jR....6iF...QNKoj=...}....$.
^.By...K....h.I~...|.$.4....5..aH....

The Backdoor connects to the servers at the folowing location(s):

%original file name%.exe_3724:

.rsrc
.rdata
`@.bss
biClrImportant
tagMSG
Windows
HKEY
TWMKey
KeyData
Keys
MouseMsg
ENotSupportedException
ENoMonitorSupportException
.uvCOu
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
etNoMonitorSupportException
grfLocksSupported
tdPortNameOffset
Operator
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
EInvalidOperationX
TList.TDirection
AOperator
TThread.TSynchronizeRecord
TOperation
Operation
FOnExecute
OnExecuteL
TList.Sort$ActRec
TList.Sort$ActRecT
Uhm%D
TComponent.FindComponent$ActRec
DeleteKey
TRegKeyInfo
NumSubKeys
MaxSubKeyLen
FCurrentKey
FRootKey
FCloseRootKey
CloseKey
CreateKey
GetKeyInfo
GetKeyNames
HasSubKeys
KeyExists
LoadKey
MoveKey
OpenKey
OpenKeyReadOnly
ReplaceKey
RestoreKey
SaveKey
UnLoadKey
CurrentKeyP
LastErrorMsgD
RootKeyP
RootKeyName
EInvalidGraphicOperation
EInvalidGraphicOperationpHE
SupportsPartialTransparency
SupportsClipboardFormat
MonochromeD
UhÏ
HelpKeyword
UnderstandsKeyword
FPasswordChar
PasswordCharxTO
OnKeyDown
OnKeyPress\
OnKeyUp8
ssHorizontal
OnKeyUpD
TCustomButton.TButtonStyle
OnKeyUpL
poPortrait
APort
Port
FProportional
Proportional
FOldKeyDown
cdsShowKeyboardCues
msShiftSelect
FSaveIndexes
OnKeyUp
FArrowKeys
ArrowKeys
vsReport
FCustomizeKeyName
CustomizeKeyNameP
acoUpDownKeyDropsList
TComboBoxExEnumerator5
TComboBoxExEnumerator
OnExecute`$M
FURL
URLP
ssHotTrack
TWindowState
poProportional
fsShowing
FWindowState
FKeyPreview
IsShortCut
WantChildKey
KeyPreview
WindowState
WindowStateDBO
FBiDiKeyboard
FNonBiDiKeyboard
FEnumAllWindowsOnActivateHint
FOnActionExecute
Keyword
EnumAllWindowsOnActivateHintP
BiDiKeyboardP
NonBiDiKeyboard
OnActionExecute|jR
FAutoHotkeys
RethinkHotkeys
AutoHotkeys
igoParentPassthrough
FAlwaysShowDragImages
AlwaysShowDragImages
toFlickFallbackKeys
'TCustomGestureEngine.TGestureEngineFlag
(TCustomGestureEngine.TGestureEngineFlags
Supported
TKeyEvent
TKeyPressEvent
FHelpKeyword
FOnKeyDown
FOnKeyPress
FOnKeyUp
IsHintMsg
FNativeWheelSupport
FWheelSupportMessage
thHeaderItemLeftPressed
tsArrowBtnLeftPressed
ttbThumbLeftPressed
lrMonoChrome
Uh.aR
TSQLTimeStamp
TSQLTimeStampOffset
TSQLTimeStampVariantType0
TSQLTimeStampVariantType
SqlTimSt
TSQLTimeStampOffsetVariantType0
TSQLTimeStampOffsetVariantType
TSQLTimeStampData6
ASQLTimeStamp
TSQLTimeStampData
TSQLTimeStampOffsetData6
ASQLTimeStampOffset
TSQLTimeStampOffsetData<'S
Uh%.S
ftParadoxOle
ftParams
dsSetKey
pfInKey
AKey
ValueOfKey
FKeyFields
FLookupKeyFields
FImportedConstraint
ImportedConstraint
LookupKeyFieldsP
KeyFields
AsSQLTimeStamp
AsSQLTimeStampOffsetT
TSQLTimeStampField6
TSQLTimeStampField
TSQLTimeStampOffsetField6
TSQLTimeStampOffsetField|
AsShortInt
AsSQLTimeStampOffsetP
ParseSQL
loPartialKey
KeyValues
dcrSQLWait
PasswordAdded
TPasswordDialog
TPasswordDialog$RV
Password
TLoginDialog
TLoginDialogxYV
FKeyFieldName
FKeyField
FKeyValue
FNullValueKey
FKeySelected
KeyFieldP
NullValueKey
KeyValueP
EInvalidGridOperation
EInvalidGridOperationd
goAlwaysShowEditor
dgAlwaysShowEditor
dgAlwaysShowSelection
FIsESCKey
TsWindowShowMode
fKeyword
Keywordt
sEditHexKeyPress
PickFormKeyDown
FOperand
FOnCalcKey
FOperator
FormKeyPress
CalcKey
OnCalcKeyL
UpdateIconsIndexes
FClickKey
ClickKeyXXX
t.Ht4
t{Ht.HtK
TacMenuSupport&
TacMenuSupport
IndexWebBtn
TsWebLabel6
TsWebLabelP
UpdateIndexes
csIndexed
FCrToRedTable
FCrToGreenTable
3333333
TacMDIWnd'
TacMDIWnd
acInMouseMsg
IsControlSupported
CurLeft
f;x.tP
t.Ht!
FMenuSupport
InitConstantIndexes
InitMaskIndexes
MenuSupportP
Edit1KeyPress
TDragOperation
TDragOperations
toCheckSupport
toReportMode
TVTExportMode
TVTOperationKind
FExportMode
KeyState
disSystemSupport
FColorKey
ColorKey
tsKeyCheckPending
TVTExportType
TVTNodeExportEvent
aExportType
TVTColumnExportEvent
TVTTreeExportEvent
naProportional
TVTGetImageExEvent
TVTOperationEvent
OperationKind
TVTKeyActionEvent
FDragOperations
FOperationCount
FOperationCanceled
FOnBeforeNodeExport
FOnNodeExport
FOnAfterNodeExport
FOnBeforeColumnExport
FOnColumnExport
FOnAfterColumnExport
FOnBeforeTreeExport
FOnAfterTreeExport
FOnBeforeHeaderExport
FOnAfterHeaderExport
FOnKeyAction
FOnStartOperation
FOnEndOperation
CancelOperation
OperationCount
ExportMode
PasswordChar
DragOperations\Ag
OperationCanceled
OnAfterColumnExport
OnAfterHeaderExport
OnAfterNodeExport
OnAfterTreeExportPog
OnBeforeColumnExport,sg
OnBeforeHeaderExport\gg
OnBeforeNodeExport
OnBeforeTreeExport4wg
OnColumnExport
OnEndOperationL
OnGetImageIndexEx
OnKeyAction\
OnNodeExport,|g
OnStartOperation
voCheckSupport
<html><head><META http-equiv=Content-Type content="text/html; charset=utf-8"></head><body><!--StartFragment-->
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
.noborder{border-style:
.noborder{border-style:none;
.normalborder {border-top:none; border-left:none; vertical-align:top;
AMsg
EIdCanNotBindPortInRange
EIdCanNotBindPortInRanged
EIdInvalidPortRangeD
EIdInvalidPortRange
CheckIPVersionSupport
VPort
WSGetServByPort
APortNumber
IdStackWindows
TIdSocketListWindows4
TIdSocketListWindows
TIdStackWindowsg
ReceiveMsg
WSTranslateSocketErrorMsg
SupportsIPv6
TIdStackWindowsxPl
EIdIPVersionUnsupported
FSourcePort
FDestPort
SourcePort
DestPort
ftpTransfer
ftpReady
ftpAborted
FDefaultPort
DefaultPort
FClientPortMin
FClientPortMax
FPort
FPeerPort
ClientPortMin
ClientPortMaxP
PeerPort
EIdPortRequired4
EIdPortRequired
EIdTCPConnectionError
EIdTCPConnectionErrorl
EIdObjectTypeNotSupported
EIdObjectTypeNotSupported$
"EIdTransparentProxyUDPNotSupported
FPassword
OpenUDP
CloseUDP
RecvFromUDP
VPeerPort
SendToUDP
FBoundPort
FBoundPortMax
FBoundPortMin
TIdTCPClientCustom'
TIdTCPClientCustom
IdTCPClient
BoundPort
BoundPortMax
BoundPortMin
TIdTCPClient
IPAsString
%EIdSocksUDPNotSupportedBySOCKSVersion
saUsernamePassword
FUDPSocksAssociation
BoundPortMinL
IdCustomTCPServer
TIdCustomTCPServer'
TIdCustomTCPServerP
EIdTCPServerError
EIdTCPServerError(
EIdTCPNoOnExecute
IdTCPServer
TIdTCPServer
OnExecute
TURLEvent
msnAutoOpenURL
FOnURLClick
OnURLClick
Edit2KeyPress
Edit3KeyPress
Edit4KeyPress
TFormFTPSettings
TFormFTPSettingsD
UnitFTPSettings
TFormExecParam
UnitExecParam
UploadFTP18
UploadFTP1
LastFTPAddress
LastFTPFolder
LastFTPUser
LastFTPPass
UploadFTP1Click
ListView1KeyDown
ListView2KeyDown
ComboBox1KeyPress
ListView2KeyDown
AdvListView1KeyDown
1.1.2
deflate 1.1.2 Copyright 1995-1998 Jean-loup Gailly
TFormKeylogger
UnitKeylogger
TFormKeySearch
TFormKeySearchxdq
UnitKeySearch
Copypassword1
Openwebsite1
Savepasswordstxt1
Copypassword1Click
Openwebsite1Click
Savepasswordstxt1Click
TFormPasswords
UnitPasswords
sWebLabel1
sWebLabel2
sWebLabel3
sWebLabel4
sWebLabel5
sWebLabel6
sWebLabel7
sWebLabel8
sWebLabel1Click
sWebLabel9
sWebLabel10
sWebLabel11
sWebLabel12
sWebLabel13
sWebLabel14
tsWindowsXP
tsWindowsVista
tsWindows7
stKeyword
msWindowsXP
msWindowsVista
msWindows7
iskeyWord
isURL
ChangeMsg
TURLClick
FEnhancedHomeKey
FUrlDelimiters
FUrlStyle
FUrlAware
ClearExecutableLines
WordIsURL
UrlAware
DrawKeyword
AKeyword
MultiCommentLeftP
EnhancedHomeKeyhjr
UrlAwaretOr
UrlStyle
OnKeyDown\
OnKeyPress
OnURLClickL
FKeyWords
KeyWordsDQE
Edit5KeyPress
TFormKeyloggerSettings
UnitKeyloggerSettings
FTPAddress
FTPDir
FTPUser
FTPPass
FTPRemoteName
FTPLocalName
TSendFTPFile
xFTPAddress
xFTPDir
xFTPUser
xFTPPass
xFTPRemoteName
xFTPLocalName
;!199{199
;0!8&2{199
TMsgHandler
TMsgHandlerOO
TMsgHandlers
Uh.Vu
Uh.su
TFormSelectPort
TFormSelectPortp7v
UnitSelectPort
TDesativarPorta5
xPort
TDesativarPorta
password
FormKeyDown
AdvSmoothPanel1KeyDown
TacGetImageIndexEvent
TsShellTreeView
OnKeyUp`
sShellTreeView1
sShellTreeView1Change
KeyDown
KeyPress
TExecOpenDialogEvent
SQL error or missing database
An internal logic error in SQLite
Operation terminated by sqlite3_interrupt()
Uses OS features not supported on host
2nd parameter to sqlite3_bind out of range
sqlite3_step() has another row ready
sqlite3_step() has finished executing
ESQLiteException
SQLiteTable3
TSQliteParam
TSQLiteQuery
TSQLiteDatabase8
ExecSQL
ExecSQL6
PrepareSQL
BindSQL
ReleaseSQL
TSQLiteDatabaseX
TSQLiteTable?
TSQLiteTableX
fSQL
TSQLiteUniTable?
TSQLiteUniTable
TFormSendKeys
UnitSendKeys
TFormWindows
UnitWindows
Memo1KeyPress
Edit2KeyDown
uMsg
TFormWebcam
UnitWebcam
TFormActivePorts
UnitActivePorts
MostrarMsgOnClose
Portugal
Turkey
ListView1KeyPress
IdTCPServer1
Linkhttp10
Baixareexecutar18
Enviararquivoseexecutar1@
Portasativas1p
Capturarwebcam1
Keylogger1
Passwords1
Procurarpalavrasnokeylogger1
Webcam1
Keylogger2
Baixarlogsdokeylogger1
Registrosdeconexes1
Linkhttp1
Baixareexecutar1
Enviararquivoseexecutar1
Portasativas1
MaxConnectionHttp
PortList
DynDNSPass
NoIPPass
AutoWebcam
LastExecuteCommand
LastDownExec
LastOpenWeb
LastKeySearch
LastProxyPort
IdTCPServer1Connect
IdTCPServer1Exception
IdTCPServer1Execute
IdTCPServer1Disconnect
Baixareexecutar1Click
Linkhttp1Click
Enviararquivoseexecutar1Click
Passwords1Click
Webcam1Click#
Keylogger1Click(
!Procurarpalavrasnokeylogger1Click
Capturarwebcam1Click
Portasativas1Click
Keylogger2Click"
Baixarlogsdokeylogger1Click
Registrosdeconexes1Click
Webcam1Click
Keylogger1Click
Keylogger2Click
IdTCPServerConnectAlternative
IdTCPServerExecuteAlternative
AbrirKeylogger
AbrirPortasAtivas
Uh%S~
SELECT * FROM logins
LicenseKey
_SistemaOperacional
_Porta
_PrimeiraExecucao
_WebcamList
_FormWindows
_FormActivePorts
_FormWebcam
_FormKeylogger
SistemaOperacionalP
PortaP
PrimeiraExecucaoP
WebcamList
FormWindows
FormActivePorts
FormWebcam
FormKeylogger
VMsgEnd
FLastCmdResult
TIdTCPConnectionB
RaiseExceptionForLastCmdResult
SendCmd
SendCmdf
TIdTCPConnection
IdTCPConnection
LastCmdResult
UrlMon
SQLite3
hook.dll
1.2.3
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
?456789:;<=
!"#$%&'()* ,-./0123
1Hw2.Hwa
user32.dll
windowscodecs.dll
uxtheme.dll
DWMAPI.DLL
shell32.dll
@dO.hY\
Adobe Photoshop CS5 Windows
2011:11:05 01:19:48
.ryg)s
Y/Y%S
urlTEXT
MsgeTEXT
hXXp://ns.adobe.com/xap/1.0/
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:dc="hXXp://purl.org/dc/elements/1.1/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmp:CreateDate="2011-11-05T00:18:58-02:00" xmp:MetadataDate="2011-11-05T01:19:48-02:00" xmp:ModifyDate="2011-11-05T01:19:48-02:00" dc:format="image/jpeg" xmpMM:InstanceID="xmp.iid:0C6A31045D07E111A682DE3DBBE51451" xmpMM:DocumentID="xmp.did:2583CC845407E111A682DE3DBBE51451" xmpMM:OriginalDocumentID="xmp.did:2583CC845407E111A682DE3DBBE51451" photoshop:ColorMode="3" photoshop:ICCProfile="Adobe RGB (1998)"> <xmpMM:History> <rdf:Seq> <rdf:li stEvt:action="created" stEvt:instanceID="xmp.iid:2583CC845407E111A682DE3DBBE51451" stEvt:when="2011-11-05T00:18:58-02:00" stEvt:softwareAgent="Adobe Photoshop CS5 Windows"/> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:2E83CC845407E111A682DE3DBBE51451" stEvt:when="2011-11-05T01:19:48-02:00" stEvt:softwareAgent="Adobe Photoshop CS5 Windows" stEvt:changed="/"/> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:0C6A31045D07E111A682DE3DBBE51451" stEvt:when="2011-11-05T01:19:48-02:00" stEvt:softwareAgent="Adobe Photoshop CS5 Windows" stEvt:changed="/"/> </rdf:Seq> </xmpMM:History> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="w"?>
h<%Xx
NF.WHI
Usvm%X
>%dPE\
#'.Rh
'%uds1>
%f?@4xC
r8r`.as
.IX(L
kc.pC
/M.vK
 jQ%x
".UJ{
KqE.PK
dG-l_V i8J.pR
Px%c*.
#=h.mh
gv'J<.gP
O.Pw<
%xA?w
H}.sZ
.Di Q
l:.ll
c5w%DS
^.ys@NZ\
.SLm;h
2J.zQ{
9).BO
.pxC$}VmB@
.XbP2
3.xTgD
.Fk2Y
5Q %Q.Ox
6%s^(
.ceRUv
.oz'i
-gD}<
J.DT]x l
T.nRiG?
a[.kH
Dn.wx
k%4xUI
~f.Jx*
.wgta
INc^%D
8=Sistema operacional
14=Porta
17=Primeira execu
27=Portas ativas
es do keylogger
40=Porta
s a execu
59=Windows
66=Keylogger ativo
68=Enviar logs por FTP
o FTP
72=Senha FTP
75=Registrar teclas somente se as palavras abaixo existirem na janela ativa. Ex.: (hotmail;gmail;windowslive)
80=Quando executar
o   ":"   porta
104=Por favor, selecione uma porta entre 0 e 65535
107=Teste de FTP do keylogger
109=Quando executar
113=Executar normal
114=Executar invis
tentando direcionar as portas usando UPnP. Deseja finalizar a tentativa
125=A porta
132=A nova porta de conex
133=Por favor, selecione uma porta entre 0 e 65535
es ativas na porta selecionada ser
137=Adicionar portas
138=Excluir portas
142=Selecionar portas
144=Exemplo
152=Selecionar arquivos (*.wav)
176=Executar comandos
177=Digite o comando a ser executado
179=Baixar e executar
184=Enviar arquivos e executar
297=Tem certeza que deseja apagar o valor
298=Tem certeza que deseja apagar a chave
315=Executar
316=Executar com par
324=Enviar arquivo por FTP
es de FTP
rmino do envio por FTP do arquivo
cio do envio por FTP do arquivo
vel o envio por FTP do arquivo
vel executar o arquivo
371=Foi executado corretamente o arquivo
373=Comando recebido e executado corretamente
404=Lista de portas criada com sucesso
405=Portas ativas
412=Porta local
414=Porta remota
443=Executar
446=Desligar Windows
477=Iniciar captura de webcam automaticamente
479=Capturar webcam
497=O keylogger est
498=O keylogger est
499=Keylogger
o de keylogger online est
521=Passwords
522=Procurar palavras no keylogger
532=Proxy ativado na porta
533=Proxy desativado na porta
junto com o windows. Deseja continuar
569=Webcam
570=Usar mensagem falsa na primeira execu
581=DNS Password
591=Ativar keylogger
592=Lista de janelas a serem monitoradas. Ex.: facebook;messenger;webchat;...;
637=Abrir pasta do keylogger
649=Baixar logs do keylogger
653=Usar plugin (melhor para execu
<g.Jaj`
.lApn
C0Þ
%Sa7B
^.lFm
e%SzC(
r.CUT3
%xUbzAF?
376;"(5$
%u$5@p
4m%F&h
2yV.pT
.FYe9=K'
"H[%X
v.ofD
OP.vZj
.Nxg(F^
[f.Jqv
.Ftl,p{6
\5.wR
P.iWFA
.SSsN
;a.Ay
=.gJ?fw
KJ-S}
Us.irg
jl?Ú
Pp.su
C.HoG
%7uTO*F
[A1"%s
XYz}8.lc
cd1%X
(b%Xf
wO%fo
.mWQ8
[.BJ(
.sVH%Y=B
:?e
B&.Ql
.HY<l
P&.SZ
N.arQ
v.YM|o&N
P[..gN
Options.dat#?
Huge.bmp6
L:Z.Nr
g8~XkÄ
Master.bmphf
.KE6a
pT%FyyMe
At.%F
CloseAG.png
CloseG.pngw
MaxG.png:
MinG.png2
NormG.png
~}}}||{||~}~~~~
}}|{|{{|||~
~}~}||}|
}~~~~}|~
~}|}|{|~
}bCBUdp
,.dR4a
~}}{{{{~
~}~~~|{|
~~}}~}{|
~|}~~}|}
~~~~}|||~
}~}|{{}}||}~
~~}}}~~~}}~}}}
~}}}||}~
}|}||}}~
~~}|{}~}~
~}|{{|{}
}|}||}~~
~}}}|}~~
~}||}}}~
<8%u=
pw76.uz
.gH(44s
.teQyh
I.PXQCi
.EF$qY
%UV$V
.uFP4
V'%%D
up.VY
VN.lx
AURl
LP%CT
.IL"4
bol`.tx
:H.PB`
.KWI<Np
<.ur$
xH%xQ#<u
7,%X\:p
|.pQk
w.yBE,
%s TR
X%C@H*
? !"#$%&'()* ,-./
SQLite forma
CHECKEYCO,R8
3.5.9{
AP_}ED/MSVCRT
<Key/
~d-
DW.Dp,
KERNEL32.DLL
Sqlite3.dll
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_held
sqlite3_mutex_leave
sqlite3_mutex_notheld
sqlite3_mutex_try
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_step
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
@%WrC%x1y
]U{cMd
.kOl|B
.SGBz!-
2.squ
$=)%x
P.fjA
.RRr5
N&.Op
j.hZP
U`.dKQB
x.grz
Lfo.rU
%u}?!
qh.fw
@?7.Sb
.tbM$y
R?%Dq
V?X%f
#Nd.jM
^q9Wma.ez:
/P..EM2
K.jyy
.NGHMx
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
33333333333333
337373?3
333373?33
33333337
3733333
3337333
3333373
3737333
373333?3
3333333333
333333333
333?33?333
333373?3
""@33334""@33334""@
"" 33334"" 33334""
""""3333""""3333""""3
""""3333""""3333"""4
2""$33332""$33332""$1
2""$33332""$33332""4
""@30334""@30334""@
""@33304""@33304""@
""434333""434333""4
""433343""433343""4
KWindows
rSqlTimSt
%sPopupClndr
 IdTCPServer
IUnitActivePorts
sUnitWindows
"UnitKeySearch
.bsTrayIcon
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
Picture.Data
.FNzP@
öhVx
%d~ 9
c=3V %f
{.mA8
x.od/&
UN).iJ
/.cIm
L.pO_J
7VBm%cyb
C.Ozf
TsWebLabel
HoverFont.Charset
HoverFont.Color
HoverFont.Height
HoverFont.Name
HoverFont.Style
Local Port
Remot Port
FormMain.ImageListDiversos
AddedTitle.Font.Charset
AddedTitle.Font.Color
AddedTitle.Font.Height
AddedTitle.Font.Name
AddedTitle.Font.Style
SkinData.SkinSection
HorzScrollBar.Range
HorzScrollBar.Visible
VertScrollBar.Range
VertScrollBar.Tracking
Constraints.MinWidth
Items.ItemData
Items.Strings
Quando executar
crIBeam!ActiveLineSettings.ShowActiveLine
*ActiveLineSettings.ShowActiveLineIndicator
AutoCompletion.Font.Charset
AutoCompletion.Font.Color
AutoCompletion.Font.Height
AutoCompletion.Font.Name
AutoCompletion.Font.Style
AutoCorrect.Active
CodeFolding.Enabled
CodeFolding.LineColor
EnhancedHomeKey
Gutter.DigitCount
Gutter.Font.Charset
Gutter.Font.Color
Gutter.Font.Height
Gutter.Font.Name
Gutter.Font.Style
Gutter.GutterColor
Gutter.GutterColorTo
Lines.Strings
%MarkerList.UseDefaultMarkerImageIndex
"MarkerList.DefaultMarkerImageIndex
MarkerList.ImageTransparentColor
PrintOptions.MarginLeft
PrintOptions.MarginRight
PrintOptions.MarginTop
PrintOptions.MarginBottom
PrintOptions.PageNr
PrintOptions.PrintLineNumbers
UrlStyle.TextColor
UrlStyle.BkColor
UrlStyle.Style
2.2.5.1
All files|*.*
Glyph.Data
Porta
Usar plugin (melhor para execu
<...@(((C&&&C&&&C&&&C&&&C%%%C%%%C%%%C%%%C$$$C***F$$$8
FormMain.Flags16
STO USE, INSTALL OR OPERATE THE SOFTWARE. BY USING THIS SOFTWARE YOU ACCEPT ALL THE
jBy accessing, downloading, storing, loading, installing, executing, displaying, copying the Software into
Wthe Software to you. In such event, you may not Operate or use the Software in any way.
cagreement you will no longer be authorized to operate or use the Software in any way. The Software
dYou agree that the Software and any associated ideas, methods of operation, documentation and other
cXtremeCODER grants you permission to store, load, install and execute the specified version of the
genvironments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft
inavigation or communication systems, air traffic control, direct life support machines or weapon systems
MenuSupport.IcoLineSkin
ICOLINE!MenuSupport.ExtraLineFont.Charset
MenuSupport.ExtraLineFont.Color
clWindowText MenuSupport.ExtraLineFont.Height
MenuSupport.ExtraLineFont.Name
MenuSupport.ExtraLineFont.Style
c:\Skins
ThirdParty.ThirdEdits
THotKey
TRzHotKeyEdit
ThirdParty.ThirdButtons
ThirdParty.ThirdBitBtns
ThirdParty.ThirdCheckBoxes
ThirdParty.ThirdGroupBoxes
ThirdParty.ThirdListViews
ThirdParty.ThirdPanels
ThirdParty.ThirdGrids
ThirdParty.ThirdTreeViews
ThirdParty.ThirdComboBoxes
TwwTempKeyCombo
ThirdParty.ThirdWWEdits
ThirdParty.ThirdVirtualTrees
ThirdParty.ThirdGridEh
ThirdParty.ThirdPageControl
ThirdParty.ThirdTabControl
ThirdParty.ThirdToolBar
ThirdParty.ThirdStatusBar
ThirdParty.ThirdSpeedButton
Constraints.MaxHeight
Constraints.MaxWidth
Constraints.MinHeight
 17555.-
Ë(U
&$%Uooqkezs
['$$#%&(4
$$$006666
2<===@@=
!#6&;>?@@@???'''
,>;><=:5
.UZXEDCB@>=:4
.XQTSQPMJZHHHGYYFXEDCCC@><6$3[
!6&>?@@@?@''
3333337
333333338
%XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/
.llll|>!
!"#-.-01&
()* ,-./012"
Desligar Windows
&*.doc;*.docx;*.xls;*.xlsx;*.txt;*.rft;
"FormFileManager.ImageListListView2
FormExecParam
Usar mensagem falsa na primeira execu
Items.NodeData
BoundLabel.Indent
BoundLabel.Font.Charset
BoundLabel.Font.Color
BoundLabel.Font.Height
BoundLabel.Font.Name
BoundLabel.Font.Style
BoundLabel.Layout
BoundLabel.MaxWidth
BoundLabel.UseSkinColor
EditLabel.Width
EditLabel.Height
EditLabel.Caption
*.jpg
Header.AutoSizeIndex
Header.DefaultHeight
Header.Font.Charset
Header.Font.Color
Header.Font.Height
Header.Font.Name
Header.Font.Style
Header.Options
TreeOptions.MiscOptions
TreeOptions.PaintOptions
TreeOptions.SelectionOptions
Enviar arquivo por FTP
1.2.0.1
Image.jpg
Jpeg mages (*.jpg)|*.jpg
FormFTPSettings
o FTP:
ÞFAULTBROWSER%
calc.exe
notepad.exe
explorer.exe
svchost.exe
&{5460C4DF-B266-909E-CB58-D26G798R2EB2}
Ativar keylogger
JLista de janelas a serem monitoradas. Ex.: facebook;messenger;webchat;...;
FormKeyloggerSettings
Senha FTP:
jRegistrar teclas somente se as palavras abaixo existirem na janela ativa. Ex.: (hotmail;gmail;windowslive)
Keylogger ativo
Enviar logs por FTP
FormKeySearch
Icon.Data
Idioma: portugu
Portas ativas: --//--
Header.Style
TreeOptions.AutoOptions
Sistema operacional
Primeira execu
%-!2(-%3
%.!3 2(3
$$, 3&*#2
$, 3&*#2
#%.!3 2(3
%."3.3*3-3)3
"'/#3/3,3)/'3
'/#3/3,3)/'3
3*2&3 2(3
3 3(3(.%3
2(0%3 2(3
3*2'3(.%3
3&/"3 1'3
3)1%3(.%3
3$- 3*1'3
3'/#3'.$3
3%.!3&-$3
3$, 3%-"3
*#* 3#(!3
3.3*3' $2
2)2&3.3 3
!%."3.3*3-3)3
3)1%3' $2
0$- 3 3'3
3&."3& #2
 !" 3 " 3
%-"3,3)3.3 3-3*3
3)1&3,3)3/3-3#*!3
3)0%3,3(3,3)3
3&."3*1&3-3*3% "3
3'/#3 3(3,3(3
3%- 3)1%3-3*3% "3
3%-!3 2'3,3)3
3(/$3-3)3% "3
3#  3)1&3,3)3
3'.#3,3)3% "3
3(0$3,3(3
3%.!3 3(3% "3
3'/#3,3(3
3$, 3*2'3$ "3
3%-!3 2'3
3)1&3$ "3
3$, 3*2&3
3(0$3$*!3
3'/#3#* 3
3&."3") 3
&)%FW
'*%FT
-:%f=r#
' %FP
*!" 3 " 3
#!!!3 " 3
3*2&303,3"(
.$-!3*3'3/3-3&,#3
3&-!3-3*3#)!3
3'/#3-3)3'-#3
3,3)3$) 3
3%-"3 3(3&-#3
3 3'3$)!3
3*2'3'-$3
3)1%3#) 3
3)1%3&-$3
3'/$3#) 3
3(0$3&-#3
3&."3%,"3
3%-!3%,"3
4=.aDw*
...lG&
...rY7
!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"
...lttt
.wvvv
...lY6
!"!!!"!!!"
"!!!"!!!"
.tixk
!!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"
*-.qZ1
...lH "
...lj`R
...lI
&.lHHYyee
Capturar webcam
Portas ativas
Keylogger
Link hXXp://
Baixar e executar
Enviar arquivos e executar
Passwords
Procurar palavras no keylogger
Baixar logs do keylogger
Abrir pasta do keylogger
Webcam
ThirdParty.ThirdScrollControl
ThirdParty.ThirdUpDown
&&&.GILmc
Salvar (*.txt)
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
FormPasswords
Copy password
Open website
Save passwords (*.txt)
FormSelectPort
Selecionar portas
Portas
123456789
FormSendKeys
)Iniciar captura de webcam automaticamente
''')...1///2***,
SkinData.SkinManager
BoundLabel.Caption
AnimEffects.DialogShow.Active
AnimEffects.FormShow.Active
AnimEffects.FormShow.Time
AnimEffects.PageChange.Active
AnimEffects.SkinChanging.Active
AnimEffects.SkinChanging.Time
BoundLabel.Active
GlyphMode.Blend
GlyphMode.Grayed
DNS Password:
127.0.0.1
client.no-ip.org
cliente@email.com
Type your password here...
LoginDialog
Database Login
&Password:
PasswordDialog
Enter password
Brush.Color
Pen.Style
Colors.Strings
GetProcessHeap
GetCPInfo
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegFlushKey
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
SetViewportOrgEx
SetViewportExtEx
GetViewportOrgEx
GdiplusShutdown
ShellExecuteExW
ShellExecuteW
FindExecutableW
UnhookWindowsHookEx
SetWindowsHookExW
SetKeyboardState
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MapVirtualKeyW
LoadKeyboardLayoutW
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
EnumWindows
EnumThreadWindows
EnumChildWindows
ActivateKeyboardLayout
FtpPutFileW
FtpSetCurrentDirectoryW
.text
`.itext
`.data
.idata
.didata
@.reloc
B.rsrc
'AMsg;R
@$/Ftp
version="14.0.3615.26342"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel
advapi32.dll
comctl32.dll
comdlg32.dll
gdi32.dll
gdiplus.dll
msacm32.dll
msimg32.dll
ole32.dll
oleacc.dll
oleaut32.dll
shlwapi.dll
version.dll
wininet.dll
winmm.dll
winspool.drv
wsock32.dll
kernel32.dll
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
%s[%d]
%s_%d
.Owner
TaskDialogIndirect
\\?\UNC\
HKEY_CLASSES_ROOT
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
%s%0.8x
%s (*.%s)|*.%1:s
%s (%s)|%1:s|
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
USER32.DLL
clWebSnow
clWebFloralWhite
clWebLavenderBlush
clWebOldLace
clWebIvory
clWebCornSilk
clWebBeige
clWebAntiqueWhite
clWebWheat
clWebAliceBlue
clWebGhostWhite
clWebLavender
clWebSeashell
clWebLightYellow
clWebPapayaWhip
clWebNavajoWhite
clWebMoccasin
clWebBurlywood
clWebAzure
clWebMintcream
clWebHoneydew
clWebLinen
clWebLemonChiffon
clWebBlanchedAlmond
clWebBisque
clWebPeachPuff
clWebTan
clWebYellow
clWebDarkOrange
clWebRed
clWebDarkRed
clWebMaroon
clWebIndianRed
clWebSalmon
clWebCoral
clWebGold
clWebTomato
clWebCrimson
clWebBrown
clWebChocolate
clWebSandyBrown
clWebLightSalmon
clWebLightCoral
clWebOrange
clWebOrangeRed
clWebFirebrick
clWebSaddleBrown
clWebSienna
clWebPeru
clWebDarkSalmon
clWebRosyBrown
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebOlive
clWebForestGreen
clWebGreenYellow
clWebChartreuse
clWebLightGreen
clWebAquamarine
clWebSeaGreen
clWebGoldenRod
clWebKhaki
clWebOliveDrab
clWebGreen
clWebYellowGreen
clWebLawnGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkgreen
clWebLimeGreen
clWebLime
clWebSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebLightCyan
clWebLightBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebIndigo
clWebMediumTurquoise
clWebTurquoise
clWebCyan
clWebPowderBlue
clWebSkyBlue
clWebRoyalBlue
clWebMediumBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebCadetBlue
clWebDarkCyan
clWebTeal
clWebDeepskyBlue
clWebDodgerBlue
clWebBlue
clWebNavy
clWebDarkViolet
clWebDarkOrchid
clWebMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebMediumOrchid
clWebMediumPurple
clWebPurple
clWebDeepPink
clWebLightPink
clWebViolet
clWebOrchid
clWebPlum
clWebThistle
clWebHotPink
clWebPink
clWebLightSteelBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebWhite
clWebLightgrey
clWebGray
clWebSteelBlue
clWebSlateBlue
clWebSlateGray
clWebWhiteSmoke
clWebSilver
clWebDimGray
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlategray
clWebGainsboro
clWebDarkGray
clWebBlack
RICHED20.DLL
{43826D1E-E718-42EE-BC55-A1E261C37BFE}
{D57C7288-D4AD-4768-BE02-9D969532D960}
{84BCCD23-5FDE-4CDB-AEA4-AF64B83D78AB}
%s%s%s%s%s%s%s%s%s%s
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
crSQLWait
%s (%s)
imm32.dll
%s %s
(%s%s)
-%s%s
%s-%s
%s%s-
-%s %s
%s %s-
%s -%s
(%s- %s)
(%s %s)
%s, ClassID: %s
SQLTimeStamp
SQLTimeStampOffset
%s: %s
%s.%s
C:\Users\Rafael\Desktop\Xtreme RAT Unicode\VCLFixPack.pas
Cannot apply Classes.FreeObjectInstance memory leak-fix
Kernel32.dll
ntdll.dll
1.html
Invalid ZStream operation!
Options.dat
### ### ##0.00;-### ### ##0.00;0
Webdings
Cannot load image. %s not supported for %s files.
Cannot load image. Palette in %s file is invalid.
Cannot load image. Invalid or unexpected %s image format.
Cannot load image. CRC error found in %s file.
Cannot load image. Extra compressed data found in %s file.
Cannot load image. Compression error found in %s file.
Invalid color format in %s file.
Conversion between indexed and non-indexed pixel formats is not supported.
acMDIIcons
extracted.asz
WEBBUTTON
1.tmp
.JPEG
2.tmp
" skin. Please, update a skins to latest or link with the AlphaControls support for upgrading of existing skin.
This version of the skin have not complete support by used AlphaControls package release.
Please, type your password.
Please, retype your new password.
olepro32.dll
Windows bitmap
Windows metafile
c:\program files (x86)\embarcadero\rad studio\7.0\Componentes\VST\VirtualTrees.pas
Column %d
Flat scrollbars styles are disabled. Enable UseFlatScrollbars in VTConfig.inc forflat scrollbar support.
EndOperation must not be called when no operation in progress.
%s%.8d
font-family: '%s';
font-size: %dpx;
font-size: %dpt;
font-style: %s;
font-weight: %s;
text-decoration: %s;
padding-left:%dpx;padding-right:%0:dpx;
border="%d" frame=box
\u%d\'3f
{\f%d %s;}
\red%d\green%d\blue%d;
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\System\IdStreamVCL.pas
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\System\IdGlobal.pas
10.5.5
WS2_32.DLL
MSWSOCK.DLL
getservbyport
WSAAsyncGetServByPort
WSAJoinLeaf
WSARecvMsg
WSASendMsg
Wship6.dll
Fwpuclnt.dll
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\System\IdStack.pas
255.255.255.255
0.0.0.0
0.0.0.1
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\Core\IdThread.pas
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\Core\IdScheduler.pas
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\Core\IdServerIOHandlerSocket.pas
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\Core\IdCustomTCPServer.pas
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\Core\IdSchedulerOfThread.pas
%s User
hXXp://VVV.url.com/
UXTHEME.DLL
%Program Files% (x86)\Embarcadero\RAD Studio\7.0\Componentes\Tms\ATXPVS.pas
*.xtreme
PTF.ftpserver.com
FTPFolder
ftpuser
ftppass
fmexecparam|
\DownloadAll.xtr
All Files (*.*)|*.*
fmsendftp|
*.doc;*.docx;*.xls;*.xlsx;*.txt;*.rft;
fmexecnormal|
fmexechide|
fmsendftp
fmsendftpyes
fmsendftpno
.xtreme
fmexecparam
fmexecnormal
fmexechide
%Program Files% (x86)\Embarcadero\RAD Studio\7.0\Componentes\Tms\bsEffects.pas
dwmapi.dll
PROGRESSH
keyloggerativar|
keyloggerdesativar|
keylogger|
keyloggerativar
keyloggerbaixar
keyloggerexcluir
keyloggeronlinestop
keyloggeronlinestart
keyloggeronlinekey
keyloggerbaixar|
keyloggerexcluir|
Text Files (*.txt)|*.txt
\Keylogger
keyloggeronlinestart|
keyloggeronlinestop|
Keylogger files (*.dat)|*.dat
keysearch|
getpasswords|
All files(*.*)|*.*
uploadandexecute
openweb
downexec
ServerConfig.cfg
Xtreme Server Config(*.cfg)|*.cfg
Server.exe
Executables(*.exe)|*.exe
(Ex.: 127.0.0.1:81)
010009000003
00000000
URLAware
URLBKColor
URLTextColor
URLStyleStyle
hXXp://
hXXps://
PTF://
 -.0123456789
*.ini
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
keylogger_ftp_test.html
.html
All files (*.*)|*.*
Executables (*.exe)|*.exe
Executables(*.exe); Icons(*.ico)|*.exe;*.ico
server.exe
TempIcon.ico
UPXfile.exe
plugin.xtr
Xtreme RAT Plugin(*.xtr)|*.xtr
127.0.0.1:81
Ports
ActiveKeylogger
KeyDelBackspace
SendFTPLogs
FTPFreq
FTPDelLogs
Ports0
{5460C4DF-B266-909E-CB58-E32B79832EB2}
hXXp://VVV.webserver.com/plugin.xtr
checkip.dyndns.org
GET / HTTP/1.1
C:\Users\Rafael\Desktop\Xtreme RAT Unicode\Base64.pas
base64.pas :: Test fails!
members.dyndns.org
&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG HTTP/1.0
Host: members.dyndns.org
dynupdate.no-ip.com
GET /ducupdate.php?username=
&pass=
HTTP/1.0
User-Agent: DUC v2.2.1
Unable to retrieve folder details for "%s". Error code $%x
Error Setting Path : %s
%s: Missing call to LoadColumnDetails
Rename to %s failed
Error setting path: "%s"
%Windows%\
%System%\
Unknown SQLite Error Code "
Failed to open database "%s" : %s
Failed to open database "%s" : unknown error
Error [%d]: %s.
"%s": %s
Error executing SQL
Could not prepare SQL statement
Error executing SQL statement
Error executing prepared SQL statement
Could not bind integer to prepared SQL statement
Could not bind string to prepared SQL statement
Could not release prepared SQL statement
SQL must include a ? parameter
select [sql] from sqlite_master where [type] = 'table' and lower(name) = '
SQLite is Busy
sendkeyswindow|
%Program Files% (x86)\Embarcadero\RAD Studio\7.0\Componentes\Tms\AOBXPVS.pas
\Software\Microsoft\Windows\CurrentVersion\Run
c:\server.exe
\Software\Microsoft\Windows\CurrentVersion\Run\
HKEY_LOCAL_MACHINE\
HKEY_CURRENT_USER\
SetupApi.dll
SetupDiOpenClassRegKey
SetupDiOpenClassRegKeyExA
SetupDiOpenClassRegKeyExW
SetupDiCreateDeviceInterfaceRegKeyA
SetupDiCreateDeviceInterfaceRegKeyW
SetupDiOpenDeviceInterfaceRegKey
SetupDiDeleteDeviceInterfaceRegKey
SetupDiCreateDevRegKeyA
SetupDiCreateDevRegKeyW
SetupDiOpenDevRegKey
SetupDiDeleteDevRegKey
CM_DEVCAP_LOCKSUPPORTED
CM_DEVCAP_EJECTSUPPORTED
PDCAP_D0_SUPPORTED
PDCAP_D1_SUPPORTED
PDCAP_D2_SUPPORTED
PDCAP_D3_SUPPORTED
PDCAP_WAKE_FROM_D0_SUPPORTED
PDCAP_WAKE_FROM_D1_SUPPORTED
PDCAP_WAKE_FROM_D2_SUPPORTED
PDCAP_WAKE_FROM_D3_SUPPORTED
PDCAP_WARM_EJECT_SUPPORTED
##@@##&&
tecaladoexecutar|
XtremeAudioFile.audio
Xtreme Audio File(*.audio)|*.audio
webcamstart
webcamstart|
webcamstream
webcamconfig|
\WebcamImages
webcamstop
webcam|
ActivePorts
listadeportasativas
finalizarprocessoportas
listarportas|
listarportasdns|
finalizarprocessoportas|
Text files (*.txt)|*.txt
(Ex.: test@hotmail.com)
(*.txt)
GeoIP.dat
BuildImportTable: can't load library:
BuildImportTable: ReallocMemory failed
BuildImportTable: GetProcAddress failed
BTMemoryLoadLibary: BuildImportTable failed
BTMemoryGetProcAddress: no export table found
BTMemoryGetProcAddress: DLL doesn't export anything
BTMemoryGetProcAddress: exported symbol not found
%d days, %s
CHROME
OPERA
enviarlogskey|
.functions
sound.wav
Sound files (*.wav)|*.wav
ConnectionPass
port
Shell32.dll
Portugu
s.ini
Settings\Settings.ini
Garnet.asz
80|81|82|
hXXp://VVV.server.com/server.exe
explorer.exe c:\windows
hXXp://VVV.google.com
pass.txt
client.dyndns.org
dyndnspass
noippass
IMG.jpg
JPEG Images(*.jpg)|*.jpg
password_value
origin_url
All files( *.* )|*.*
webcamlist
uploadandexecuteyes
uploadandexecuteno
enviarlogskey
listarportas
webcam
keylogger
keyloggernew
chromepass
getpasswords
sqlite3.dll
SQLITE
sqlitefile
###@@@!!!
RAS Passwords
keysearch
C:\Users\Rafael\Desktop\Xtreme RAT Unicode\NewIOHandler\IdIOHandler.pas
%d Days %d Hs %d Min %d Sec
%d Hrs %d Min %d Secs
%d Min %d Secs
%d Secs
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\Core\IdIOHandlerStack.pas
Portable Network Graphics
Portable network graphics (AlphaControls)
user.info
You typed an incorrect password.
SQLITEFILE
TFORMACTIVEPORTS
TFORMEXECPARAM
TFORMFTPSETTINGS
TFORMKEYLOGGER
TFORMKEYLOGGERSETTINGS
TFORMKEYSEARCH
TFORMPASSWORDS
TFORMSELECTPORT
TFORMSENDKEYS
TFORMWEBCAM
TFORMWINDOWS
TLOGINDIALOG
TPASSWORDDIALOG
Add to custom colors set8Listbox (%s) style must be virtual in order to set Count
Error setting %s.Count
7Cannot change the scheduler while the server is Active.NUnable to retrieve a pointer to a running object registered with OLE for %s/%s
Transparent proxy cannot bind. UDP Not supported by this proxy.$Buffer terminator must be specified.!Buffer start position is invalid.$Cannot change a connected IOHandler.%No IOHandler of type %s is installed.
Reply Code is not valid: %s
Reply Code already exists: %s Thread must be specified for the scheduler.!You must have an OnExecute event.
Command not supported.
Address type not supported."%d: Circular links are not allowed"Not enough data in buffer. (%d/%d)
File "%s" not found
Object type not supported.
Data is too large for stream:The requested IPVersion / Address family is not supported.
Set Size Exceeded.)UDP is not support in this SOCKS version.
Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.
Stack already created.1Only one TIdAntiFreeze can exist per application.&Cannot change IPVersion when connected$Can not bind in port range (%d - %d)
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.
Invalid Port Range (%d - %d)
%s is not a valid service.
%s is not a valid IPv6 address
0Address family not supported by protocol family.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Operation would block.
Operation now in progress.
Operation already in progress.
Socket operation on non-socket.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.
Clipboard operation failed.SCannot set initial user data because there is not enough user data space allocated.-Error on call to Winsock2 library function %s&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Connecting to %s.
Socket Error # %d
Bad file number.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.]The program tried to add a existent critical chunk to the current image which is not allowed.IIt's not allowed to add a new chunk because the current image is invalid.7The png image could not be loaded from the resource ID.oSome operation could not be performed because the system is out of resources. Close some windows and try again.
Setting bit transparency color is not allowed for png images containing alpha value for each pixel (COLOR_RGBALPHA and COLOR_GRAYSCALEALPHA)OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.oThe "Portable Network Graphics" could not be created because invalid image type parameters have being provided.;Target node cannot be a child node of the node to be moved.3Unable to load tree structure, the format is wrong.6Unable to load tree structure, the version is unknown.
JPEG error #%d
JPEG Image FilejThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.
Description: BThe "Portable Network Graphics" image contains an invalid palette.
The file being read is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corrupted, try obtaining it againnThis "Portable Network Graphics" image is not supported or it might be invalid.
This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.
There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.
Delete all selected records?%Operation not allowed in a DBCtrlGrid(Property already defined by lookup field/Grid requested to display more than 256 columns
Remote Login
Execute not supported1Operation not allowed on a unidirectional dataset
%s is not a valid BCD value
Invalid format type for BCD$Could not parse SQL TimeStamp string
Invalid SQL date/time values
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Duplicate name '%s' in %s"Circular datalinks are not allowed/Lookup information for field '%s' is incomplete
DataSource cannot be changed0Cannot perform this operation on an open dataset"Dataset not in edit or insert mode1Cannot perform this operation on a closed dataset1Cannot perform this operation on an empty dataset!Cannot modify a read-only dataset#Nested dataset must inherit from %s
Parameter '%s' not found
Unable to load bind parameters$Field '%s' is of an unsupported type
SQL not supported
Invalid value for field '%s'E%g is not a valid value for field '%s'. The allowed range is %g to %gE%s is not a valid value for field '%s'. The allowed range is %s to %s0'%s' is not a valid integer value for field '%s'0'%s' is not a valid boolean value for field '%s'7'%s' is not a valid floating point value for field '%s'6Type mismatch for field '%s', expecting: %s actual: %s6Size mismatch for field '%s', expecting: %d actual: %d Invalid variant type or size for field '%s'#Value of field '%s' is out of range
Field '%s' must have a value
Field '%s' has no dataset1Field '%s' cannot be a calculated or lookup field
Duplicate index name '%s'
No index for fields '%s'
Index '%s' not found
Failed to Save Stream %s is already associated with %sE%d is an invalid PageIndex value. PageIndex must be between 0 and %d=This control requires version 4.70 or greater of COMCTL32.DLL
Invalid FieldKind Field '%s' is of an unknown type
Duplicate field name '%s'
Field '%s' not found#Cannot access field '%s' as type %sÊnnot remove shell notification icon"PageControl must first be assigned"%s requires Windows Vista or later %s requires themes to be enabled
Button%d
RadioButton%d
Failed to clear tab control Failed to delete tab at index %d"Failed to retrieve tab at index %d Failed to get object at index %d"Failed to set tab "%s" at index %d Failed to set object at index %d<MultiLine must be True when TabPosition is tpLeft or tpRight
Invalid item level assignment Invalid level (%d) for item "%s"
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.,Multiselect mode must be on for this feature
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned
Value must be between %d and %d
Invalid clipboard format Clipboard does not support Icons
Cannot open clipboard: %s
Text exceeds memo capacity Operation not supported on selected printer.There is no default printer currently selected/Menu '%s' is already being used by another form
Invalid input value7Invalid input value. Use escape key to abandon changes
Grid too large for operation Too many rows or columns deleted
%s on %s@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active0Can only modify an image if it contains a bitmap*A control cannot have itself as its parent
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'
%s property out of range
Scan line index out of range!Cannot change the size of an iconÊnnot change the size of a WIC Image Invalid operation on TOleGraphic$Unknown picture file extension (.%s)
Unsupported clipboard format
Invalid image size The specified file was not found$No help viewer that supports filters
Invalid Timeout value: %s
''%s'' is not a valid date#''%s'' is not a valid date and time#''%s'' is not a valid integer value
''%s'' is not a valid time
No help found for %s*Can't write to a read-only resource stream
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)-Cannot terminate an externally created thread,Cannot wait for an externally created thread2Cannot call Start on a running or suspended thread'Parameter %s cannot be a negative value*Input buffer exceeded for %s = %d, %s = %d
The specified path is too long The specified path was not found The path format is not supported
Invalid property type: %s
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream)%s has not been registered as a COM class
Error reading %s%s%s: %s
Failed to create key %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Unable to write to %s
Invalid file name - %s
Invalid stream format$''%s'' is not a valid component name
Invalid property element: %s
Invalid destination array"Character index out of bounds (%d)
Start index out of bounds (%d)
Invalid count (%d)
Invalid destination index (%d)
Ancestor for '%s' not found
Cannot assign a %s to a %s
Operation not supported
External exception %x
Interface not supported
Object lock not owned(Monitor support function not initialized
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s,Custom variant type (%s%.4x) is out of range/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
('%s' is not a valid floating point value '%d.%d' is not a valid timestamp
'%s' is not a valid GUID value
I/O error %d
Integer overflow Invalid floating point operation
HKEY_CLASSES_ROOT@
HKEY_CURRENT_USERB
HKEY_LOCAL_MACHINE2
HKEY_USERSD
1, 0, 0, 1

%original file name%.exe_3724_rwx_00400000_00B2E000:

.rsrc
.rdata
`@.bss
biClrImportant
tagMSG
Windows
HKEY
TWMKey
KeyData
Keys
MouseMsg
ENotSupportedException
ENoMonitorSupportException
.uvCOu
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
etNoMonitorSupportException
grfLocksSupported
tdPortNameOffset
Operator
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
EInvalidOperationX
TList.TDirection
AOperator
TThread.TSynchronizeRecord
TOperation
Operation
FOnExecute
OnExecuteL
TList.Sort$ActRec
TList.Sort$ActRecT
Uhm%D
TComponent.FindComponent$ActRec
DeleteKey
TRegKeyInfo
NumSubKeys
MaxSubKeyLen
FCurrentKey
FRootKey
FCloseRootKey
CloseKey
CreateKey
GetKeyInfo
GetKeyNames
HasSubKeys
KeyExists
LoadKey
MoveKey
OpenKey
OpenKeyReadOnly
ReplaceKey
RestoreKey
SaveKey
UnLoadKey
CurrentKeyP
LastErrorMsgD
RootKeyP
RootKeyName
EInvalidGraphicOperation
EInvalidGraphicOperationpHE
SupportsPartialTransparency
SupportsClipboardFormat
MonochromeD
UhÏ
HelpKeyword
UnderstandsKeyword
FPasswordChar
PasswordCharxTO
OnKeyDown
OnKeyPress\
OnKeyUp8
ssHorizontal
OnKeyUpD
TCustomButton.TButtonStyle
OnKeyUpL
poPortrait
APort
Port
FProportional
Proportional
FOldKeyDown
cdsShowKeyboardCues
msShiftSelect
FSaveIndexes
OnKeyUp
FArrowKeys
ArrowKeys
vsReport
FCustomizeKeyName
CustomizeKeyNameP
acoUpDownKeyDropsList
TComboBoxExEnumerator5
TComboBoxExEnumerator
OnExecute`$M
FURL
URLP
ssHotTrack
TWindowState
poProportional
fsShowing
FWindowState
FKeyPreview
IsShortCut
WantChildKey
KeyPreview
WindowState
WindowStateDBO
FBiDiKeyboard
FNonBiDiKeyboard
FEnumAllWindowsOnActivateHint
FOnActionExecute
Keyword
EnumAllWindowsOnActivateHintP
BiDiKeyboardP
NonBiDiKeyboard
OnActionExecute|jR
FAutoHotkeys
RethinkHotkeys
AutoHotkeys
igoParentPassthrough
FAlwaysShowDragImages
AlwaysShowDragImages
toFlickFallbackKeys
'TCustomGestureEngine.TGestureEngineFlag
(TCustomGestureEngine.TGestureEngineFlags
Supported
TKeyEvent
TKeyPressEvent
FHelpKeyword
FOnKeyDown
FOnKeyPress
FOnKeyUp
IsHintMsg
FNativeWheelSupport
FWheelSupportMessage
thHeaderItemLeftPressed
tsArrowBtnLeftPressed
ttbThumbLeftPressed
lrMonoChrome
Uh.aR
TSQLTimeStamp
TSQLTimeStampOffset
TSQLTimeStampVariantType0
TSQLTimeStampVariantType
SqlTimSt
TSQLTimeStampOffsetVariantType0
TSQLTimeStampOffsetVariantType
TSQLTimeStampData6
ASQLTimeStamp
TSQLTimeStampData
TSQLTimeStampOffsetData6
ASQLTimeStampOffset
TSQLTimeStampOffsetData<'S
Uh%.S
ftParadoxOle
ftParams
dsSetKey
pfInKey
AKey
ValueOfKey
FKeyFields
FLookupKeyFields
FImportedConstraint
ImportedConstraint
LookupKeyFieldsP
KeyFields
AsSQLTimeStamp
AsSQLTimeStampOffsetT
TSQLTimeStampField6
TSQLTimeStampField
TSQLTimeStampOffsetField6
TSQLTimeStampOffsetField|
AsShortInt
AsSQLTimeStampOffsetP
ParseSQL
loPartialKey
KeyValues
dcrSQLWait
PasswordAdded
TPasswordDialog
TPasswordDialog$RV
Password
TLoginDialog
TLoginDialogxYV
FKeyFieldName
FKeyField
FKeyValue
FNullValueKey
FKeySelected
KeyFieldP
NullValueKey
KeyValueP
EInvalidGridOperation
EInvalidGridOperationd
goAlwaysShowEditor
dgAlwaysShowEditor
dgAlwaysShowSelection
FIsESCKey
TsWindowShowMode
fKeyword
Keywordt
sEditHexKeyPress
PickFormKeyDown
FOperand
FOnCalcKey
FOperator
FormKeyPress
CalcKey
OnCalcKeyL
UpdateIconsIndexes
FClickKey
ClickKeyXXX
t.Ht4
t{Ht.HtK
TacMenuSupport&
TacMenuSupport
IndexWebBtn
TsWebLabel6
TsWebLabelP
UpdateIndexes
csIndexed
FCrToRedTable
FCrToGreenTable
3333333
TacMDIWnd'
TacMDIWnd
acInMouseMsg
IsControlSupported
CurLeft
f;x.tP
t.Ht!
FMenuSupport
InitConstantIndexes
InitMaskIndexes
MenuSupportP
Edit1KeyPress
TDragOperation
TDragOperations
toCheckSupport
toReportMode
TVTExportMode
TVTOperationKind
FExportMode
KeyState
disSystemSupport
FColorKey
ColorKey
tsKeyCheckPending
TVTExportType
TVTNodeExportEvent
aExportType
TVTColumnExportEvent
TVTTreeExportEvent
naProportional
TVTGetImageExEvent
TVTOperationEvent
OperationKind
TVTKeyActionEvent
FDragOperations
FOperationCount
FOperationCanceled
FOnBeforeNodeExport
FOnNodeExport
FOnAfterNodeExport
FOnBeforeColumnExport
FOnColumnExport
FOnAfterColumnExport
FOnBeforeTreeExport
FOnAfterTreeExport
FOnBeforeHeaderExport
FOnAfterHeaderExport
FOnKeyAction
FOnStartOperation
FOnEndOperation
CancelOperation
OperationCount
ExportMode
PasswordChar
DragOperations\Ag
OperationCanceled
OnAfterColumnExport
OnAfterHeaderExport
OnAfterNodeExport
OnAfterTreeExportPog
OnBeforeColumnExport,sg
OnBeforeHeaderExport\gg
OnBeforeNodeExport
OnBeforeTreeExport4wg
OnColumnExport
OnEndOperationL
OnGetImageIndexEx
OnKeyAction\
OnNodeExport,|g
OnStartOperation
voCheckSupport
<html><head><META http-equiv=Content-Type content="text/html; charset=utf-8"></head><body><!--StartFragment-->
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
.noborder{border-style:
.noborder{border-style:none;
.normalborder {border-top:none; border-left:none; vertical-align:top;
AMsg
EIdCanNotBindPortInRange
EIdCanNotBindPortInRanged
EIdInvalidPortRangeD
EIdInvalidPortRange
CheckIPVersionSupport
VPort
WSGetServByPort
APortNumber
IdStackWindows
TIdSocketListWindows4
TIdSocketListWindows
TIdStackWindowsg
ReceiveMsg
WSTranslateSocketErrorMsg
SupportsIPv6
TIdStackWindowsxPl
EIdIPVersionUnsupported
FSourcePort
FDestPort
SourcePort
DestPort
ftpTransfer
ftpReady
ftpAborted
FDefaultPort
DefaultPort
FClientPortMin
FClientPortMax
FPort
FPeerPort
ClientPortMin
ClientPortMaxP
PeerPort
EIdPortRequired4
EIdPortRequired
EIdTCPConnectionError
EIdTCPConnectionErrorl
EIdObjectTypeNotSupported
EIdObjectTypeNotSupported$
"EIdTransparentProxyUDPNotSupported
FPassword
OpenUDP
CloseUDP
RecvFromUDP
VPeerPort
SendToUDP
FBoundPort
FBoundPortMax
FBoundPortMin
TIdTCPClientCustom'
TIdTCPClientCustom
IdTCPClient
BoundPort
BoundPortMax
BoundPortMin
TIdTCPClient
IPAsString
%EIdSocksUDPNotSupportedBySOCKSVersion
saUsernamePassword
FUDPSocksAssociation
BoundPortMinL
IdCustomTCPServer
TIdCustomTCPServer'
TIdCustomTCPServerP
EIdTCPServerError
EIdTCPServerError(
EIdTCPNoOnExecute
IdTCPServer
TIdTCPServer
OnExecute
TURLEvent
msnAutoOpenURL
FOnURLClick
OnURLClick
Edit2KeyPress
Edit3KeyPress
Edit4KeyPress
TFormFTPSettings
TFormFTPSettingsD
UnitFTPSettings
TFormExecParam
UnitExecParam
UploadFTP18
UploadFTP1
LastFTPAddress
LastFTPFolder
LastFTPUser
LastFTPPass
UploadFTP1Click
ListView1KeyDown
ListView2KeyDown
ComboBox1KeyPress
ListView2KeyDown
AdvListView1KeyDown
1.1.2
deflate 1.1.2 Copyright 1995-1998 Jean-loup Gailly
TFormKeylogger
UnitKeylogger
TFormKeySearch
TFormKeySearchxdq
UnitKeySearch
Copypassword1
Openwebsite1
Savepasswordstxt1
Copypassword1Click
Openwebsite1Click
Savepasswordstxt1Click
TFormPasswords
UnitPasswords
sWebLabel1
sWebLabel2
sWebLabel3
sWebLabel4
sWebLabel5
sWebLabel6
sWebLabel7
sWebLabel8
sWebLabel1Click
sWebLabel9
sWebLabel10
sWebLabel11
sWebLabel12
sWebLabel13
sWebLabel14
tsWindowsXP
tsWindowsVista
tsWindows7
stKeyword
msWindowsXP
msWindowsVista
msWindows7
iskeyWord
isURL
ChangeMsg
TURLClick
FEnhancedHomeKey
FUrlDelimiters
FUrlStyle
FUrlAware
ClearExecutableLines
WordIsURL
UrlAware
DrawKeyword
AKeyword
MultiCommentLeftP
EnhancedHomeKeyhjr
UrlAwaretOr
UrlStyle
OnKeyDown\
OnKeyPress
OnURLClickL
FKeyWords
KeyWordsDQE
Edit5KeyPress
TFormKeyloggerSettings
UnitKeyloggerSettings
FTPAddress
FTPDir
FTPUser
FTPPass
FTPRemoteName
FTPLocalName
TSendFTPFile
xFTPAddress
xFTPDir
xFTPUser
xFTPPass
xFTPRemoteName
xFTPLocalName
;!199{199
;0!8&2{199
TMsgHandler
TMsgHandlerOO
TMsgHandlers
Uh.Vu
Uh.su
TFormSelectPort
TFormSelectPortp7v
UnitSelectPort
TDesativarPorta5
xPort
TDesativarPorta
password
FormKeyDown
AdvSmoothPanel1KeyDown
TacGetImageIndexEvent
TsShellTreeView
OnKeyUp`
sShellTreeView1
sShellTreeView1Change
KeyDown
KeyPress
TExecOpenDialogEvent
SQL error or missing database
An internal logic error in SQLite
Operation terminated by sqlite3_interrupt()
Uses OS features not supported on host
2nd parameter to sqlite3_bind out of range
sqlite3_step() has another row ready
sqlite3_step() has finished executing
ESQLiteException
SQLiteTable3
TSQliteParam
TSQLiteQuery
TSQLiteDatabase8
ExecSQL
ExecSQL6
PrepareSQL
BindSQL
ReleaseSQL
TSQLiteDatabaseX
TSQLiteTable?
TSQLiteTableX
fSQL
TSQLiteUniTable?
TSQLiteUniTable
TFormSendKeys
UnitSendKeys
TFormWindows
UnitWindows
Memo1KeyPress
Edit2KeyDown
uMsg
TFormWebcam
UnitWebcam
TFormActivePorts
UnitActivePorts
MostrarMsgOnClose
Portugal
Turkey
ListView1KeyPress
IdTCPServer1
Linkhttp10
Baixareexecutar18
Enviararquivoseexecutar1@
Portasativas1p
Capturarwebcam1
Keylogger1
Passwords1
Procurarpalavrasnokeylogger1
Webcam1
Keylogger2
Baixarlogsdokeylogger1
Registrosdeconexes1
Linkhttp1
Baixareexecutar1
Enviararquivoseexecutar1
Portasativas1
MaxConnectionHttp
PortList
DynDNSPass
NoIPPass
AutoWebcam
LastExecuteCommand
LastDownExec
LastOpenWeb
LastKeySearch
LastProxyPort
IdTCPServer1Connect
IdTCPServer1Exception
IdTCPServer1Execute
IdTCPServer1Disconnect
Baixareexecutar1Click
Linkhttp1Click
Enviararquivoseexecutar1Click
Passwords1Click
Webcam1Click#
Keylogger1Click(
!Procurarpalavrasnokeylogger1Click
Capturarwebcam1Click
Portasativas1Click
Keylogger2Click"
Baixarlogsdokeylogger1Click
Registrosdeconexes1Click
Webcam1Click
Keylogger1Click
Keylogger2Click
IdTCPServerConnectAlternative
IdTCPServerExecuteAlternative
AbrirKeylogger
AbrirPortasAtivas
Uh%S~
SELECT * FROM logins
LicenseKey
_SistemaOperacional
_Porta
_PrimeiraExecucao
_WebcamList
_FormWindows
_FormActivePorts
_FormWebcam
_FormKeylogger
SistemaOperacionalP
PortaP
PrimeiraExecucaoP
WebcamList
FormWindows
FormActivePorts
FormWebcam
FormKeylogger
VMsgEnd
FLastCmdResult
TIdTCPConnectionB
RaiseExceptionForLastCmdResult
SendCmd
SendCmdf
TIdTCPConnection
IdTCPConnection
LastCmdResult
UrlMon
SQLite3
hook.dll
1.2.3
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
?456789:;<=
!"#$%&'()* ,-./0123
1Hw2.Hwa
user32.dll
windowscodecs.dll
uxtheme.dll
DWMAPI.DLL
shell32.dll
@dO.hY\
Adobe Photoshop CS5 Windows
2011:11:05 01:19:48
.ryg)s
Y/Y%S
urlTEXT
MsgeTEXT
hXXp://ns.adobe.com/xap/1.0/
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:dc="hXXp://purl.org/dc/elements/1.1/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmp:CreateDate="2011-11-05T00:18:58-02:00" xmp:MetadataDate="2011-11-05T01:19:48-02:00" xmp:ModifyDate="2011-11-05T01:19:48-02:00" dc:format="image/jpeg" xmpMM:InstanceID="xmp.iid:0C6A31045D07E111A682DE3DBBE51451" xmpMM:DocumentID="xmp.did:2583CC845407E111A682DE3DBBE51451" xmpMM:OriginalDocumentID="xmp.did:2583CC845407E111A682DE3DBBE51451" photoshop:ColorMode="3" photoshop:ICCProfile="Adobe RGB (1998)"> <xmpMM:History> <rdf:Seq> <rdf:li stEvt:action="created" stEvt:instanceID="xmp.iid:2583CC845407E111A682DE3DBBE51451" stEvt:when="2011-11-05T00:18:58-02:00" stEvt:softwareAgent="Adobe Photoshop CS5 Windows"/> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:2E83CC845407E111A682DE3DBBE51451" stEvt:when="2011-11-05T01:19:48-02:00" stEvt:softwareAgent="Adobe Photoshop CS5 Windows" stEvt:changed="/"/> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:0C6A31045D07E111A682DE3DBBE51451" stEvt:when="2011-11-05T01:19:48-02:00" stEvt:softwareAgent="Adobe Photoshop CS5 Windows" stEvt:changed="/"/> </rdf:Seq> </xmpMM:History> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="w"?>
h<%Xx
NF.WHI
Usvm%X
>%dPE\
#'.Rh
'%uds1>
%f?@4xC
r8r`.as
.IX(L
kc.pC
/M.vK
 jQ%x
".UJ{
KqE.PK
dG-l_V i8J.pR
Px%c*.
#=h.mh
gv'J<.gP
O.Pw<
%xA?w
H}.sZ
.Di Q
l:.ll
c5w%DS
^.ys@NZ\
.SLm;h
2J.zQ{
9).BO
.pxC$}VmB@
.XbP2
3.xTgD
.Fk2Y
5Q %Q.Ox
6%s^(
.ceRUv
.oz'i
-gD}<
J.DT]x l
T.nRiG?
a[.kH
Dn.wx
k%4xUI
~f.Jx*
.wgta
INc^%D
8=Sistema operacional
14=Porta
17=Primeira execu
27=Portas ativas
es do keylogger
40=Porta
s a execu
59=Windows
66=Keylogger ativo
68=Enviar logs por FTP
o FTP
72=Senha FTP
75=Registrar teclas somente se as palavras abaixo existirem na janela ativa. Ex.: (hotmail;gmail;windowslive)
80=Quando executar
o   ":"   porta
104=Por favor, selecione uma porta entre 0 e 65535
107=Teste de FTP do keylogger
109=Quando executar
113=Executar normal
114=Executar invis
tentando direcionar as portas usando UPnP. Deseja finalizar a tentativa
125=A porta
132=A nova porta de conex
133=Por favor, selecione uma porta entre 0 e 65535
es ativas na porta selecionada ser
137=Adicionar portas
138=Excluir portas
142=Selecionar portas
144=Exemplo
152=Selecionar arquivos (*.wav)
176=Executar comandos
177=Digite o comando a ser executado
179=Baixar e executar
184=Enviar arquivos e executar
297=Tem certeza que deseja apagar o valor
298=Tem certeza que deseja apagar a chave
315=Executar
316=Executar com par
324=Enviar arquivo por FTP
es de FTP
rmino do envio por FTP do arquivo
cio do envio por FTP do arquivo
vel o envio por FTP do arquivo
vel executar o arquivo
371=Foi executado corretamente o arquivo
373=Comando recebido e executado corretamente
404=Lista de portas criada com sucesso
405=Portas ativas
412=Porta local
414=Porta remota
443=Executar
446=Desligar Windows
477=Iniciar captura de webcam automaticamente
479=Capturar webcam
497=O keylogger est
498=O keylogger est
499=Keylogger
o de keylogger online est
521=Passwords
522=Procurar palavras no keylogger
532=Proxy ativado na porta
533=Proxy desativado na porta
junto com o windows. Deseja continuar
569=Webcam
570=Usar mensagem falsa na primeira execu
581=DNS Password
591=Ativar keylogger
592=Lista de janelas a serem monitoradas. Ex.: facebook;messenger;webchat;...;
637=Abrir pasta do keylogger
649=Baixar logs do keylogger
653=Usar plugin (melhor para execu
<g.Jaj`
.lApn
C0Þ
%Sa7B
^.lFm
e%SzC(
r.CUT3
%xUbzAF?
376;"(5$
%u$5@p
4m%F&h
2yV.pT
.FYe9=K'
"H[%X
v.ofD
OP.vZj
.Nxg(F^
[f.Jqv
.Ftl,p{6
\5.wR
P.iWFA
.SSsN
;a.Ay
=.gJ?fw
KJ-S}
Us.irg
jl?Ú
Pp.su
C.HoG
%7uTO*F
[A1"%s
XYz}8.lc
cd1%X
(b%Xf
wO%fo
.mWQ8
[.BJ(
.sVH%Y=B
:?e
B&.Ql
.HY<l
P&.SZ
N.arQ
v.YM|o&N
P[..gN
Options.dat#?
Huge.bmp6
L:Z.Nr
g8~XkÄ
Master.bmphf
.KE6a
pT%FyyMe
At.%F
CloseAG.png
CloseG.pngw
MaxG.png:
MinG.png2
NormG.png
~}}}||{||~}~~~~
}}|{|{{|||~
~}~}||}|
}~~~~}|~
~}|}|{|~
}bCBUdp
,.dR4a
~}}{{{{~
~}~~~|{|
~~}}~}{|
~|}~~}|}
~~~~}|||~
}~}|{{}}||}~
~~}}}~~~}}~}}}
~}}}||}~
}|}||}}~
~~}|{}~}~
~}|{{|{}
}|}||}~~
~}}}|}~~
~}||}}}~
<8%u=
pw76.uz
.gH(44s
.teQyh
I.PXQCi
.EF$qY
%UV$V
.uFP4
V'%%D
up.VY
VN.lx
AURl
LP%CT
.IL"4
bol`.tx
:H.PB`
.KWI<Np
<.ur$
xH%xQ#<u
7,%X\:p
|.pQk
w.yBE,
%s TR
X%C@H*
? !"#$%&'()* ,-./
SQLite forma
CHECKEYCO,R8
3.5.9{
AP_}ED/MSVCRT
<Key/
~d-
DW.Dp,
KERNEL32.DLL
Sqlite3.dll
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_held
sqlite3_mutex_leave
sqlite3_mutex_notheld
sqlite3_mutex_try
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_step
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
@%WrC%x1y
]U{cMd
.kOl|B
.SGBz!-
2.squ
$=)%x
P.fjA
.RRr5
N&.Op
j.hZP
U`.dKQB
x.grz
Lfo.rU
%u}?!
qh.fw
@?7.Sb
.tbM$y
R?%Dq
V?X%f
#Nd.jM
^q9Wma.ez:
/P..EM2
K.jyy
.NGHMx
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
33333333333333
337373?3
333373?33
33333337
3733333
3337333
3333373
3737333
373333?3
3333333333
333333333
333?33?333
333373?3
""@33334""@33334""@
"" 33334"" 33334""
""""3333""""3333""""3
""""3333""""3333"""4
2""$33332""$33332""$1
2""$33332""$33332""4
""@30334""@30334""@
""@33304""@33304""@
""434333""434333""4
""433343""433343""4
KWindows
rSqlTimSt
%sPopupClndr
 IdTCPServer
IUnitActivePorts
sUnitWindows
"UnitKeySearch
.bsTrayIcon
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
Picture.Data
.FNzP@
öhVx
%d~ 9
c=3V %f
{.mA8
x.od/&
UN).iJ
/.cIm
L.pO_J
7VBm%cyb
C.Ozf
TsWebLabel
HoverFont.Charset
HoverFont.Color
HoverFont.Height
HoverFont.Name
HoverFont.Style
Local Port
Remot Port
FormMain.ImageListDiversos
AddedTitle.Font.Charset
AddedTitle.Font.Color
AddedTitle.Font.Height
AddedTitle.Font.Name
AddedTitle.Font.Style
SkinData.SkinSection
HorzScrollBar.Range
HorzScrollBar.Visible
VertScrollBar.Range
VertScrollBar.Tracking
Constraints.MinWidth
Items.ItemData
Items.Strings
Quando executar
crIBeam!ActiveLineSettings.ShowActiveLine
*ActiveLineSettings.ShowActiveLineIndicator
AutoCompletion.Font.Charset
AutoCompletion.Font.Color
AutoCompletion.Font.Height
AutoCompletion.Font.Name
AutoCompletion.Font.Style
AutoCorrect.Active
CodeFolding.Enabled
CodeFolding.LineColor
EnhancedHomeKey
Gutter.DigitCount
Gutter.Font.Charset
Gutter.Font.Color
Gutter.Font.Height
Gutter.Font.Name
Gutter.Font.Style
Gutter.GutterColor
Gutter.GutterColorTo
Lines.Strings
%MarkerList.UseDefaultMarkerImageIndex
"MarkerList.DefaultMarkerImageIndex
MarkerList.ImageTransparentColor
PrintOptions.MarginLeft
PrintOptions.MarginRight
PrintOptions.MarginTop
PrintOptions.MarginBottom
PrintOptions.PageNr
PrintOptions.PrintLineNumbers
UrlStyle.TextColor
UrlStyle.BkColor
UrlStyle.Style
2.2.5.1
All files|*.*
Glyph.Data
Porta
Usar plugin (melhor para execu
<...@(((C&&&C&&&C&&&C&&&C%%%C%%%C%%%C%%%C$$$C***F$$$8
FormMain.Flags16
STO USE, INSTALL OR OPERATE THE SOFTWARE. BY USING THIS SOFTWARE YOU ACCEPT ALL THE
jBy accessing, downloading, storing, loading, installing, executing, displaying, copying the Software into
Wthe Software to you. In such event, you may not Operate or use the Software in any way.
cagreement you will no longer be authorized to operate or use the Software in any way. The Software
dYou agree that the Software and any associated ideas, methods of operation, documentation and other
cXtremeCODER grants you permission to store, load, install and execute the specified version of the
genvironments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft
inavigation or communication systems, air traffic control, direct life support machines or weapon systems
MenuSupport.IcoLineSkin
ICOLINE!MenuSupport.ExtraLineFont.Charset
MenuSupport.ExtraLineFont.Color
clWindowText MenuSupport.ExtraLineFont.Height
MenuSupport.ExtraLineFont.Name
MenuSupport.ExtraLineFont.Style
c:\Skins
ThirdParty.ThirdEdits
THotKey
TRzHotKeyEdit
ThirdParty.ThirdButtons
ThirdParty.ThirdBitBtns
ThirdParty.ThirdCheckBoxes
ThirdParty.ThirdGroupBoxes
ThirdParty.ThirdListViews
ThirdParty.ThirdPanels
ThirdParty.ThirdGrids
ThirdParty.ThirdTreeViews
ThirdParty.ThirdComboBoxes
TwwTempKeyCombo
ThirdParty.ThirdWWEdits
ThirdParty.ThirdVirtualTrees
ThirdParty.ThirdGridEh
ThirdParty.ThirdPageControl
ThirdParty.ThirdTabControl
ThirdParty.ThirdToolBar
ThirdParty.ThirdStatusBar
ThirdParty.ThirdSpeedButton
Constraints.MaxHeight
Constraints.MaxWidth
Constraints.MinHeight
 17555.-
Ë(U
&$%Uooqkezs
['$$#%&(4
$$$006666
2<===@@=
!#6&;>?@@@???'''
,>;><=:5
.UZXEDCB@>=:4
.XQTSQPMJZHHHGYYFXEDCCC@><6$3[
!6&>?@@@?@''
3333337
333333338
%XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/
.llll|>!
!"#-.-01&
()* ,-./012"
Desligar Windows
&*.doc;*.docx;*.xls;*.xlsx;*.txt;*.rft;
"FormFileManager.ImageListListView2
FormExecParam
Usar mensagem falsa na primeira execu
Items.NodeData
BoundLabel.Indent
BoundLabel.Font.Charset
BoundLabel.Font.Color
BoundLabel.Font.Height
BoundLabel.Font.Name
BoundLabel.Font.Style
BoundLabel.Layout
BoundLabel.MaxWidth
BoundLabel.UseSkinColor
EditLabel.Width
EditLabel.Height
EditLabel.Caption
*.jpg
Header.AutoSizeIndex
Header.DefaultHeight
Header.Font.Charset
Header.Font.Color
Header.Font.Height
Header.Font.Name
Header.Font.Style
Header.Options
TreeOptions.MiscOptions
TreeOptions.PaintOptions
TreeOptions.SelectionOptions
Enviar arquivo por FTP
1.2.0.1
Image.jpg
Jpeg mages (*.jpg)|*.jpg
FormFTPSettings
o FTP:
ÞFAULTBROWSER%
calc.exe
notepad.exe
explorer.exe
svchost.exe
&{5460C4DF-B266-909E-CB58-D26G798R2EB2}
Ativar keylogger
JLista de janelas a serem monitoradas. Ex.: facebook;messenger;webchat;...;
FormKeyloggerSettings
Senha FTP:
jRegistrar teclas somente se as palavras abaixo existirem na janela ativa. Ex.: (hotmail;gmail;windowslive)
Keylogger ativo
Enviar logs por FTP
FormKeySearch
Icon.Data
Idioma: portugu
Portas ativas: --//--
Header.Style
TreeOptions.AutoOptions
Sistema operacional
Primeira execu
%-!2(-%3
%.!3 2(3
$$, 3&*#2
$, 3&*#2
#%.!3 2(3
%."3.3*3-3)3
"'/#3/3,3)/'3
'/#3/3,3)/'3
3*2&3 2(3
3 3(3(.%3
2(0%3 2(3
3*2'3(.%3
3&/"3 1'3
3)1%3(.%3
3$- 3*1'3
3'/#3'.$3
3%.!3&-$3
3$, 3%-"3
*#* 3#(!3
3.3*3' $2
2)2&3.3 3
!%."3.3*3-3)3
3)1%3' $2
0$- 3 3'3
3&."3& #2
 !" 3 " 3
%-"3,3)3.3 3-3*3
3)1&3,3)3/3-3#*!3
3)0%3,3(3,3)3
3&."3*1&3-3*3% "3
3'/#3 3(3,3(3
3%- 3)1%3-3*3% "3
3%-!3 2'3,3)3
3(/$3-3)3% "3
3#  3)1&3,3)3
3'.#3,3)3% "3
3(0$3,3(3
3%.!3 3(3% "3
3'/#3,3(3
3$, 3*2'3$ "3
3%-!3 2'3
3)1&3$ "3
3$, 3*2&3
3(0$3$*!3
3'/#3#* 3
3&."3") 3
&)%FW
'*%FT
-:%f=r#
' %FP
*!" 3 " 3
#!!!3 " 3
3*2&303,3"(
.$-!3*3'3/3-3&,#3
3&-!3-3*3#)!3
3'/#3-3)3'-#3
3,3)3$) 3
3%-"3 3(3&-#3
3 3'3$)!3
3*2'3'-$3
3)1%3#) 3
3)1%3&-$3
3'/$3#) 3
3(0$3&-#3
3&."3%,"3
3%-!3%,"3
4=.aDw*
...lG&
...rY7
!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"
...lttt
.wvvv
...lY6
!"!!!"!!!"
"!!!"!!!"
.tixk
!!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"!!!"
*-.qZ1
...lH "
...lj`R
...lI
&.lHHYyee
Capturar webcam
Portas ativas
Keylogger
Link hXXp://
Baixar e executar
Enviar arquivos e executar
Passwords
Procurar palavras no keylogger
Baixar logs do keylogger
Abrir pasta do keylogger
Webcam
ThirdParty.ThirdScrollControl
ThirdParty.ThirdUpDown
&&&.GILmc
Salvar (*.txt)
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
FormPasswords
Copy password
Open website
Save passwords (*.txt)
FormSelectPort
Selecionar portas
Portas
123456789
FormSendKeys
)Iniciar captura de webcam automaticamente
''')...1///2***,
SkinData.SkinManager
BoundLabel.Caption
AnimEffects.DialogShow.Active
AnimEffects.FormShow.Active
AnimEffects.FormShow.Time
AnimEffects.PageChange.Active
AnimEffects.SkinChanging.Active
AnimEffects.SkinChanging.Time
BoundLabel.Active
GlyphMode.Blend
GlyphMode.Grayed
DNS Password:
127.0.0.1
client.no-ip.org
cliente@email.com
Type your password here...
LoginDialog
Database Login
&Password:
PasswordDialog
Enter password
Brush.Color
Pen.Style
Colors.Strings
GetProcessHeap
GetCPInfo
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegFlushKey
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
SetViewportOrgEx
SetViewportExtEx
GetViewportOrgEx
GdiplusShutdown
ShellExecuteExW
ShellExecuteW
FindExecutableW
UnhookWindowsHookEx
SetWindowsHookExW
SetKeyboardState
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MapVirtualKeyW
LoadKeyboardLayoutW
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
EnumWindows
EnumThreadWindows
EnumChildWindows
ActivateKeyboardLayout
FtpPutFileW
FtpSetCurrentDirectoryW
.text
`.itext
`.data
.idata
.didata
@.reloc
B.rsrc
'AMsg;R
@$/Ftp
version="14.0.3615.26342"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel
advapi32.dll
comctl32.dll
comdlg32.dll
gdi32.dll
gdiplus.dll
msacm32.dll
msimg32.dll
ole32.dll
oleacc.dll
oleaut32.dll
shlwapi.dll
version.dll
wininet.dll
winmm.dll
winspool.drv
wsock32.dll
kernel32.dll
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
%s[%d]
%s_%d
.Owner
TaskDialogIndirect
\\?\UNC\
HKEY_CLASSES_ROOT
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
%s%0.8x
%s (*.%s)|*.%1:s
%s (%s)|%1:s|
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
USER32.DLL
clWebSnow
clWebFloralWhite
clWebLavenderBlush
clWebOldLace
clWebIvory
clWebCornSilk
clWebBeige
clWebAntiqueWhite
clWebWheat
clWebAliceBlue
clWebGhostWhite
clWebLavender
clWebSeashell
clWebLightYellow
clWebPapayaWhip
clWebNavajoWhite
clWebMoccasin
clWebBurlywood
clWebAzure
clWebMintcream
clWebHoneydew
clWebLinen
clWebLemonChiffon
clWebBlanchedAlmond
clWebBisque
clWebPeachPuff
clWebTan
clWebYellow
clWebDarkOrange
clWebRed
clWebDarkRed
clWebMaroon
clWebIndianRed
clWebSalmon
clWebCoral
clWebGold
clWebTomato
clWebCrimson
clWebBrown
clWebChocolate
clWebSandyBrown
clWebLightSalmon
clWebLightCoral
clWebOrange
clWebOrangeRed
clWebFirebrick
clWebSaddleBrown
clWebSienna
clWebPeru
clWebDarkSalmon
clWebRosyBrown
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebOlive
clWebForestGreen
clWebGreenYellow
clWebChartreuse
clWebLightGreen
clWebAquamarine
clWebSeaGreen
clWebGoldenRod
clWebKhaki
clWebOliveDrab
clWebGreen
clWebYellowGreen
clWebLawnGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkgreen
clWebLimeGreen
clWebLime
clWebSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebLightCyan
clWebLightBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebIndigo
clWebMediumTurquoise
clWebTurquoise
clWebCyan
clWebPowderBlue
clWebSkyBlue
clWebRoyalBlue
clWebMediumBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebCadetBlue
clWebDarkCyan
clWebTeal
clWebDeepskyBlue
clWebDodgerBlue
clWebBlue
clWebNavy
clWebDarkViolet
clWebDarkOrchid
clWebMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebMediumOrchid
clWebMediumPurple
clWebPurple
clWebDeepPink
clWebLightPink
clWebViolet
clWebOrchid
clWebPlum
clWebThistle
clWebHotPink
clWebPink
clWebLightSteelBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebWhite
clWebLightgrey
clWebGray
clWebSteelBlue
clWebSlateBlue
clWebSlateGray
clWebWhiteSmoke
clWebSilver
clWebDimGray
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlategray
clWebGainsboro
clWebDarkGray
clWebBlack
RICHED20.DLL
{43826D1E-E718-42EE-BC55-A1E261C37BFE}
{D57C7288-D4AD-4768-BE02-9D969532D960}
{84BCCD23-5FDE-4CDB-AEA4-AF64B83D78AB}
%s%s%s%s%s%s%s%s%s%s
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
crSQLWait
%s (%s)
imm32.dll
%s %s
(%s%s)
-%s%s
%s-%s
%s%s-
-%s %s
%s %s-
%s -%s
(%s- %s)
(%s %s)
%s, ClassID: %s
SQLTimeStamp
SQLTimeStampOffset
%s: %s
%s.%s
C:\Users\Rafael\Desktop\Xtreme RAT Unicode\VCLFixPack.pas
Cannot apply Classes.FreeObjectInstance memory leak-fix
Kernel32.dll
ntdll.dll
1.html
Invalid ZStream operation!
Options.dat
### ### ##0.00;-### ### ##0.00;0
Webdings
Cannot load image. %s not supported for %s files.
Cannot load image. Palette in %s file is invalid.
Cannot load image. Invalid or unexpected %s image format.
Cannot load image. CRC error found in %s file.
Cannot load image. Extra compressed data found in %s file.
Cannot load image. Compression error found in %s file.
Invalid color format in %s file.
Conversion between indexed and non-indexed pixel formats is not supported.
acMDIIcons
extracted.asz
WEBBUTTON
1.tmp
.JPEG
2.tmp
" skin. Please, update a skins to latest or link with the AlphaControls support for upgrading of existing skin.
This version of the skin have not complete support by used AlphaControls package release.
Please, type your password.
Please, retype your new password.
olepro32.dll
Windows bitmap
Windows metafile
c:\program files (x86)\embarcadero\rad studio\7.0\Componentes\VST\VirtualTrees.pas
Column %d
Flat scrollbars styles are disabled. Enable UseFlatScrollbars in VTConfig.inc forflat scrollbar support.
EndOperation must not be called when no operation in progress.
%s%.8d
font-family: '%s';
font-size: %dpx;
font-size: %dpt;
font-style: %s;
font-weight: %s;
text-decoration: %s;
padding-left:%dpx;padding-right:%0:dpx;
border="%d" frame=box
\u%d\'3f
{\f%d %s;}
\red%d\green%d\blue%d;
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\System\IdStreamVCL.pas
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\System\IdGlobal.pas
10.5.5
WS2_32.DLL
MSWSOCK.DLL
getservbyport
WSAAsyncGetServByPort
WSAJoinLeaf
WSARecvMsg
WSASendMsg
Wship6.dll
Fwpuclnt.dll
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\System\IdStack.pas
255.255.255.255
0.0.0.0
0.0.0.1
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\Core\IdThread.pas
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\Core\IdScheduler.pas
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\Core\IdServerIOHandlerSocket.pas
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\Core\IdCustomTCPServer.pas
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\Core\IdSchedulerOfThread.pas
%s User
hXXp://VVV.url.com/
UXTHEME.DLL
%Program Files% (x86)\Embarcadero\RAD Studio\7.0\Componentes\Tms\ATXPVS.pas
*.xtreme
PTF.ftpserver.com
FTPFolder
ftpuser
ftppass
fmexecparam|
\DownloadAll.xtr
All Files (*.*)|*.*
fmsendftp|
*.doc;*.docx;*.xls;*.xlsx;*.txt;*.rft;
fmexecnormal|
fmexechide|
fmsendftp
fmsendftpyes
fmsendftpno
.xtreme
fmexecparam
fmexecnormal
fmexechide
%Program Files% (x86)\Embarcadero\RAD Studio\7.0\Componentes\Tms\bsEffects.pas
dwmapi.dll
PROGRESSH
keyloggerativar|
keyloggerdesativar|
keylogger|
keyloggerativar
keyloggerbaixar
keyloggerexcluir
keyloggeronlinestop
keyloggeronlinestart
keyloggeronlinekey
keyloggerbaixar|
keyloggerexcluir|
Text Files (*.txt)|*.txt
\Keylogger
keyloggeronlinestart|
keyloggeronlinestop|
Keylogger files (*.dat)|*.dat
keysearch|
getpasswords|
All files(*.*)|*.*
uploadandexecute
openweb
downexec
ServerConfig.cfg
Xtreme Server Config(*.cfg)|*.cfg
Server.exe
Executables(*.exe)|*.exe
(Ex.: 127.0.0.1:81)
010009000003
00000000
URLAware
URLBKColor
URLTextColor
URLStyleStyle
hXXp://
hXXps://
PTF://
 -.0123456789
*.ini
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
keylogger_ftp_test.html
.html
All files (*.*)|*.*
Executables (*.exe)|*.exe
Executables(*.exe); Icons(*.ico)|*.exe;*.ico
server.exe
TempIcon.ico
UPXfile.exe
plugin.xtr
Xtreme RAT Plugin(*.xtr)|*.xtr
127.0.0.1:81
Ports
ActiveKeylogger
KeyDelBackspace
SendFTPLogs
FTPFreq
FTPDelLogs
Ports0
{5460C4DF-B266-909E-CB58-E32B79832EB2}
hXXp://VVV.webserver.com/plugin.xtr
checkip.dyndns.org
GET / HTTP/1.1
C:\Users\Rafael\Desktop\Xtreme RAT Unicode\Base64.pas
base64.pas :: Test fails!
members.dyndns.org
&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG HTTP/1.0
Host: members.dyndns.org
dynupdate.no-ip.com
GET /ducupdate.php?username=
&pass=
HTTP/1.0
User-Agent: DUC v2.2.1
Unable to retrieve folder details for "%s". Error code $%x
Error Setting Path : %s
%s: Missing call to LoadColumnDetails
Rename to %s failed
Error setting path: "%s"
%Windows%\
%System%\
Unknown SQLite Error Code "
Failed to open database "%s" : %s
Failed to open database "%s" : unknown error
Error [%d]: %s.
"%s": %s
Error executing SQL
Could not prepare SQL statement
Error executing SQL statement
Error executing prepared SQL statement
Could not bind integer to prepared SQL statement
Could not bind string to prepared SQL statement
Could not release prepared SQL statement
SQL must include a ? parameter
select [sql] from sqlite_master where [type] = 'table' and lower(name) = '
SQLite is Busy
sendkeyswindow|
%Program Files% (x86)\Embarcadero\RAD Studio\7.0\Componentes\Tms\AOBXPVS.pas
\Software\Microsoft\Windows\CurrentVersion\Run
c:\server.exe
\Software\Microsoft\Windows\CurrentVersion\Run\
HKEY_LOCAL_MACHINE\
HKEY_CURRENT_USER\
SetupApi.dll
SetupDiOpenClassRegKey
SetupDiOpenClassRegKeyExA
SetupDiOpenClassRegKeyExW
SetupDiCreateDeviceInterfaceRegKeyA
SetupDiCreateDeviceInterfaceRegKeyW
SetupDiOpenDeviceInterfaceRegKey
SetupDiDeleteDeviceInterfaceRegKey
SetupDiCreateDevRegKeyA
SetupDiCreateDevRegKeyW
SetupDiOpenDevRegKey
SetupDiDeleteDevRegKey
CM_DEVCAP_LOCKSUPPORTED
CM_DEVCAP_EJECTSUPPORTED
PDCAP_D0_SUPPORTED
PDCAP_D1_SUPPORTED
PDCAP_D2_SUPPORTED
PDCAP_D3_SUPPORTED
PDCAP_WAKE_FROM_D0_SUPPORTED
PDCAP_WAKE_FROM_D1_SUPPORTED
PDCAP_WAKE_FROM_D2_SUPPORTED
PDCAP_WAKE_FROM_D3_SUPPORTED
PDCAP_WARM_EJECT_SUPPORTED
##@@##&&
tecaladoexecutar|
XtremeAudioFile.audio
Xtreme Audio File(*.audio)|*.audio
webcamstart
webcamstart|
webcamstream
webcamconfig|
\WebcamImages
webcamstop
webcam|
ActivePorts
listadeportasativas
finalizarprocessoportas
listarportas|
listarportasdns|
finalizarprocessoportas|
Text files (*.txt)|*.txt
(Ex.: test@hotmail.com)
(*.txt)
GeoIP.dat
BuildImportTable: can't load library:
BuildImportTable: ReallocMemory failed
BuildImportTable: GetProcAddress failed
BTMemoryLoadLibary: BuildImportTable failed
BTMemoryGetProcAddress: no export table found
BTMemoryGetProcAddress: DLL doesn't export anything
BTMemoryGetProcAddress: exported symbol not found
%d days, %s
CHROME
OPERA
enviarlogskey|
.functions
sound.wav
Sound files (*.wav)|*.wav
ConnectionPass
port
Shell32.dll
Portugu
s.ini
Settings\Settings.ini
Garnet.asz
80|81|82|
hXXp://VVV.server.com/server.exe
explorer.exe c:\windows
hXXp://VVV.google.com
pass.txt
client.dyndns.org
dyndnspass
noippass
IMG.jpg
JPEG Images(*.jpg)|*.jpg
password_value
origin_url
All files( *.* )|*.*
webcamlist
uploadandexecuteyes
uploadandexecuteno
enviarlogskey
listarportas
webcam
keylogger
keyloggernew
chromepass
getpasswords
sqlite3.dll
SQLITE
sqlitefile
###@@@!!!
RAS Passwords
keysearch
C:\Users\Rafael\Desktop\Xtreme RAT Unicode\NewIOHandler\IdIOHandler.pas
%d Days %d Hs %d Min %d Sec
%d Hrs %d Min %d Secs
%d Min %d Secs
%d Secs
c:\program files (x86)\embarcadero\rad studio\7.0\Source\Indy\indy10\Core\IdIOHandlerStack.pas
Portable Network Graphics
Portable network graphics (AlphaControls)
user.info
You typed an incorrect password.
SQLITEFILE
TFORMACTIVEPORTS
TFORMEXECPARAM
TFORMFTPSETTINGS
TFORMKEYLOGGER
TFORMKEYLOGGERSETTINGS
TFORMKEYSEARCH
TFORMPASSWORDS
TFORMSELECTPORT
TFORMSENDKEYS
TFORMWEBCAM
TFORMWINDOWS
TLOGINDIALOG
TPASSWORDDIALOG
Add to custom colors set8Listbox (%s) style must be virtual in order to set Count
Error setting %s.Count
7Cannot change the scheduler while the server is Active.NUnable to retrieve a pointer to a running object registered with OLE for %s/%s
Transparent proxy cannot bind. UDP Not supported by this proxy.$Buffer terminator must be specified.!Buffer start position is invalid.$Cannot change a connected IOHandler.%No IOHandler of type %s is installed.
Reply Code is not valid: %s
Reply Code already exists: %s Thread must be specified for the scheduler.!You must have an OnExecute event.
Command not supported.
Address type not supported."%d: Circular links are not allowed"Not enough data in buffer. (%d/%d)
File "%s" not found
Object type not supported.
Data is too large for stream:The requested IPVersion / Address family is not supported.
Set Size Exceeded.)UDP is not support in this SOCKS version.
Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.
Stack already created.1Only one TIdAntiFreeze can exist per application.&Cannot change IPVersion when connected$Can not bind in port range (%d - %d)
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.
Invalid Port Range (%d - %d)
%s is not a valid service.
%s is not a valid IPv6 address
0Address family not supported by protocol family.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Operation would block.
Operation now in progress.
Operation already in progress.
Socket operation on non-socket.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.
Clipboard operation failed.SCannot set initial user data because there is not enough user data space allocated.-Error on call to Winsock2 library function %s&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Connecting to %s.
Socket Error # %d
Bad file number.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.]The program tried to add a existent critical chunk to the current image which is not allowed.IIt's not allowed to add a new chunk because the current image is invalid.7The png image could not be loaded from the resource ID.oSome operation could not be performed because the system is out of resources. Close some windows and try again.
Setting bit transparency color is not allowed for png images containing alpha value for each pixel (COLOR_RGBALPHA and COLOR_GRAYSCALEALPHA)OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.oThe "Portable Network Graphics" could not be created because invalid image type parameters have being provided.;Target node cannot be a child node of the node to be moved.3Unable to load tree structure, the format is wrong.6Unable to load tree structure, the version is unknown.
JPEG error #%d
JPEG Image FilejThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.
Description: BThe "Portable Network Graphics" image contains an invalid palette.
The file being read is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corrupted, try obtaining it againnThis "Portable Network Graphics" image is not supported or it might be invalid.
This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.
There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.
Delete all selected records?%Operation not allowed in a DBCtrlGrid(Property already defined by lookup field/Grid requested to display more than 256 columns
Remote Login
Execute not supported1Operation not allowed on a unidirectional dataset
%s is not a valid BCD value
Invalid format type for BCD$Could not parse SQL TimeStamp string
Invalid SQL date/time values
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Duplicate name '%s' in %s"Circular datalinks are not allowed/Lookup information for field '%s' is incomplete
DataSource cannot be changed0Cannot perform this operation on an open dataset"Dataset not in edit or insert mode1Cannot perform this operation on a closed dataset1Cannot perform this operation on an empty dataset!Cannot modify a read-only dataset#Nested dataset must inherit from %s
Parameter '%s' not found
Unable to load bind parameters$Field '%s' is of an unsupported type
SQL not supported
Invalid value for field '%s'E%g is not a valid value for field '%s'. The allowed range is %g to %gE%s is not a valid value for field '%s'. The allowed range is %s to %s0'%s' is not a valid integer value for field '%s'0'%s' is not a valid boolean value for field '%s'7'%s' is not a valid floating point value for field '%s'6Type mismatch for field '%s', expecting: %s actual: %s6Size mismatch for field '%s', expecting: %d actual: %d Invalid variant type or size for field '%s'#Value of field '%s' is out of range
Field '%s' must have a value
Field '%s' has no dataset1Field '%s' cannot be a calculated or lookup field
Duplicate index name '%s'
No index for fields '%s'
Index '%s' not found
Failed to Save Stream %s is already associated with %sE%d is an invalid PageIndex value. PageIndex must be between 0 and %d=This control requires version 4.70 or greater of COMCTL32.DLL
Invalid FieldKind Field '%s' is of an unknown type
Duplicate field name '%s'
Field '%s' not found#Cannot access field '%s' as type %sÊnnot remove shell notification icon"PageControl must first be assigned"%s requires Windows Vista or later %s requires themes to be enabled
Button%d
RadioButton%d
Failed to clear tab control Failed to delete tab at index %d"Failed to retrieve tab at index %d Failed to get object at index %d"Failed to set tab "%s" at index %d Failed to set object at index %d<MultiLine must be True when TabPosition is tpLeft or tpRight
Invalid item level assignment Invalid level (%d) for item "%s"
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.,Multiselect mode must be on for this feature
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned
Value must be between %d and %d
Invalid clipboard format Clipboard does not support Icons
Cannot open clipboard: %s
Text exceeds memo capacity Operation not supported on selected printer.There is no default printer currently selected/Menu '%s' is already being used by another form
Invalid input value7Invalid input value. Use escape key to abandon changes
Grid too large for operation Too many rows or columns deleted
%s on %s@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active0Can only modify an image if it contains a bitmap*A control cannot have itself as its parent
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'
%s property out of range
Scan line index out of range!Cannot change the size of an iconÊnnot change the size of a WIC Image Invalid operation on TOleGraphic$Unknown picture file extension (.%s)
Unsupported clipboard format
Invalid image size The specified file was not found$No help viewer that supports filters
Invalid Timeout value: %s
''%s'' is not a valid date#''%s'' is not a valid date and time#''%s'' is not a valid integer value
''%s'' is not a valid time
No help found for %s*Can't write to a read-only resource stream
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)-Cannot terminate an externally created thread,Cannot wait for an externally created thread2Cannot call Start on a running or suspended thread'Parameter %s cannot be a negative value*Input buffer exceeded for %s = %d, %s = %d
The specified path is too long The specified path was not found The path format is not supported
Invalid property type: %s
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream)%s has not been registered as a COM class
Error reading %s%s%s: %s
Failed to create key %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Unable to write to %s
Invalid file name - %s
Invalid stream format$''%s'' is not a valid component name
Invalid property element: %s
Invalid destination array"Character index out of bounds (%d)
Start index out of bounds (%d)
Invalid count (%d)
Invalid destination index (%d)
Ancestor for '%s' not found
Cannot assign a %s to a %s
Operation not supported
External exception %x
Interface not supported
Object lock not owned(Monitor support function not initialized
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s,Custom variant type (%s%.4x) is out of range/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
('%s' is not a valid floating point value '%d.%d' is not a valid timestamp
'%s' is not a valid GUID value
I/O error %d
Integer overflow Invalid floating point operation
HKEY_CLASSES_ROOT@
HKEY_CURRENT_USERB
HKEY_LOCAL_MACHINE2
HKEY_USERSD

%original file name%.exe_3724_rwx_01C50000_0004E000:

<"<(<&=0=6=
6$7(7,70747
0"0&0*0.02060:0>0
1#2)252@2
= =$=(=,=0=4=8=
p"4B×e
wp"4B×44x
?$%&'()* ,-./0123456789:;<=
Íl$vn
Ii]%d
ry file: %s
change rv mode %d ->%d
<APIF/VFS> failed to create section object for file '%s\%s', status x
<APIF/VFS> failed to read PE HEADERS file '%s\%s'
reading %d bytes
<APIF/VFS> failed to read section %d from file '%s\%s'
<APIF/VFS> failed to read from file '%s\%s'
<APIF/VFS> failed to commit memory for file '%s\%s', status x
<APIF/VFS> failed to allocate swap area for file '%s\%s', status x
found %s
nonexecutable
appname: '%s'
cmdline: '%s'
Catalog offset x
failed to open storage file '%s'
bad password
%s is oldstyle package
%s%s%s
[%s(%d)]
unexpected(x)
z:\home\_buildbot\projects\yoyo\core.hc
error(x): %s
error(%d): %s
z:\home\_buildbot\projects\yoyo\array.hc
z:\home\_buildbot\projects\molebox4\core\../YoYo.Ext/regimport.hc
failed to set value '%S': error x
regimport.c
failed to create registry key '%S': error x
registry key '%S' doesn't exist
failed to delete registry key '%S': error x
%s {%s} %s
]ms|x|
. . . . . . . . . . . . . . . .
... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ...
user32.dll
%ls: %ls, at '%s':%d
X-X-X-XX-XXXXXX
x-x-x-xx-xxxxxx
01234567
could not create file mapping, %s
could not map file, %s
1.1.4
deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly
exception x at x
dbghelp.dll
<EXELOAD> failed to read section %d from file '%s\%s'
<EXELOAD> failed to read from file '%s\%s'
Z:\home\_buildbot\Projects\molebox4\cor1rel.pdb
t.WPV
v<SSSh
Fd t%f
Fd@t%f
j.hT7
MSVCRT.dll
c:/%original file name%.exe
'ArrayT<T>.Reserve_(newCount)' error: out of range
%s_CLASSES
{%USID%}
{%USIDCLASSES%}
'ArrayT<T>.At(idx)' error: out of range
%s.%s.Manifest
%s.Manifest
.Manifest
%s.%s.Config
%s.Config
.Config
HKEY_CLASSES_ROOT\
HKEY_LOCAL_MACHINE\
HKEY_CURRENT_USER\
%s.%d
l.dmp

iexplore.exe_3644:

.text
`.data
.rsrc
@.reloc
>.uzf
.us;}
IEFRAME.dll
MLANG.dll
iertutil.dll
urlmon.dll
ole32.dll
SHELL32.dll
SHLWAPI.dll
msvcrt.dll
USER32.dll
KERNEL32.dll
ADVAPI32.dll
RegOpenKeyExW
RegCloseKey
GetWindowsDirectoryW
_amsg_exit
_wcmdln
UrlApplySchemeW
PathIsURLW
UrlCanonicalizeW
UrlCreateFromPathW
iexplore.pdb
KEYW
KEYWh
KEYWD
.ENNNG.
a.ry.v
l.igM4
?1%SGf
xh.JW^
.97777"7" " " !
3.... )) 
8888888888888
8888888888
.lPV)
úW1
.ApX/
H.ZAf
ð[U
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
Y.hilkRROMLK=C,
..(((($$
3...((((%
3....(.''$
3.2...((((%
33.2....(,'
55323222...
(%&'00443445?
00.,,,4(
000.,,9(
0020..9(
003200;(
(#'( (''''!'!
Microsoft.InternetExplorer.Default
user32.dll
Kernel32.DLL
xfire.exe
wlmail.exe
winamp.exe
waol.exe
sidebar.exe
psocdesigner.exe
np.exe
netscape.exe
netcaptor.exe
neoplanet.exe
msn.exe
mshtmpad.exe
mshta.exe
loader42.exe
infopath.exe
iexplore.exe
iepreview.exe
groove.exe
explorer.exe
dreamweaver.exe
contribute.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
Kernel32.dll
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
{00000000-0000-0000-0000-000000000000}
\\?\Volume
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Imaging_CreateWebPagePreview
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
Windows
9.00.8112.16421

%original file name%.exe_3724_rwx_01D00000_00010000:

,.eO7

%original file name%.exe_3724_rwx_01F00000_00001000:

.idata
.edata
P.reloc
P.rsrc

%original file name%.exe_3724_rwx_01F14000_00003000:

kernel32.dll
user32.dll
GetKeyboardType
advapi32.dll
RegOpenKeyExA
RegCloseKey
oleaut32.dll
GetCPInfo
shell32.dll
ShellExecuteA

%original file name%.exe_3724_rwx_02150000_00080000:

<requestedExecutionLevel
.microsoft.com/SMI/2005/WindowsSettings">
</asmv3:windowsSettings>
version="5.1.0.0"
name="Microsoft.Windows.Shell.cscui"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
hook.dll
ISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LANGUAGEPACK\SURROGATEFALLBACK
C:\Windows\WinSxS\manifests\x86_microsoft.windows.c..-controls.resources
ISTRY\USER\S-1-5-21-732923889-1296844034-1208581001-1000_CLASSES\EXEFILE
ISTRY\USER\S-1-5-21-732923889-1296844034-1208581001-1000_CLASSES\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}
DEEXEC
??\c:\Skins\Garnet (internal).asz
KINS\GARNET (INTERNAL)\OPTIONS.DAT
D4F14D21C7544611DBF220E513.EN
"INDOWS\WINSXS\X86_MICROSOFT.WINDOWS.C..-CONTROLS.RESOURCES_6595B64144CCF1DF_6.0.7600.16385_EN-US_581CD2BF5825DDE9
B??\C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9
"LSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\INPROCSERVER32
2.DLL
OWS\ASSEMBLY\GAC_32\MICROSOFT.WINDOWS.COMMON
BROLS.MUI\6.0.7601.17514_EN_6595B64144CCF1DF\MICROSOFT.WINDO
RMMON-CONTROLS.MUI.DLL
OFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
*OFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LANGUAGEPACK\SURROGATEFALLBACK
>REGISTRY\USER\S-1-5-21-732923889-1296844034-1208581001-1000_CLASSES\.EXE
RUS_581CD2BF5825DDE9.MANIFEST
%oftware\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HOFTWARE\MICROSOFT\CTF\TIP\{0000897B-83DF-4B96-BE07-0FB58B01C4A4}\LANGUAGEPROFILE\0X00000000\{0001BEA3-ED56-483D-A2E2-AEAE25577436}
KINS\GARNET (INTERNAL).ASZ
S.C..-CONTROLS.RESOURCES_65
144CCF1DF_6.0.7600.16385_EN
81CD2BF5825DDE9.MANIFEST
&OFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FONTLINK\SYSTEMLINK
OFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
95B64144CCF1DF\MICROSOFT.WINDOW
&MON-CONTROLS.MUI.DLL
Registry\Machine\Software\Classes\Applications\Explorer.exe\Drives\C\DefaultIcon
.REGISTRY\MACHINE\SOFTWARE\CLASSES\APPLICATIONS\EXPLORER.EXE\DRIVES\C\DEFAULTICON
c:\%original file name%.exe
3.exe

iexplore.exe_3644_rwx_00050000_00004000:

p"4B×e
wp"4B×44x
?$%&'()* ,-./0123456789:;<=
c:\%original file name%.exe
"%Program Files%\Internet Explorer\iexplore.exe" -nohome

iexplore.exe_3644_rwx_00102000_00001000:

Kernel32.DLL
xfire.exe
wlmail.exe
winamp.exe
waol.exe
sidebar.exe
psocdesigner.exe
np.exe
netscape.exe
netcaptor.exe
neoplanet.exe
msn.exe
mshtmpad.exe
mshta.exe
loader42.exe
infopath.exe
iexplore.exe
iepreview.exe
groove.exe
explorer.exe
dreamweaver.exe
contribute.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}

iexplore.exe_3644_rwx_015B0000_00080000:

name="Microsoft.Windows.Shell.shell32"
version="5.1.0.0"
<description>Windows Shell</description>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
<windowsSettings>
<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
hook.dll
ISTRY\USER\S-1-5-21-732923889-1296844034-1208581001-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD\{4AE6FCD0-212D-417D-82A8-CFA05ACC2876}
IR4YGN2\FAVICON[1].ICO
OSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\TIR4YGN2
WINDOWS.COMMON-CONTROLS.MUI.MANIFEST
??\C:\Windows\system32\en-US
??\C:\Windows\WinSxS\manifests
/NIFESTS\X86_MICROSOFT.WINDOWS.C
A17514_NONE_41E6975E2BD6F2B2.MAN
&SERS\ADM\APPDATA\ROAMING\MICROSOFT\WINDOWS\IECOMPATCACHE\INDEX.DAT
8??\C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\IECompatCache
??\C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\IECompatCache
J514_EN-US_6595B64144CCF1DF\MICROSOFT.WINDOWS.COMMON-CONTROLS.MUI.DL
OWS\ASSEMBLY\GAC_32\MICROSOFT.WINDOWS.COMMON-CONTROL
n\6.0.7601.17514_EN-US_6595B64144CCF1DF\MICROSOFT.WINDOWS.COMMON-CON
.MUI.DLL
ISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\
C:\Windows\system32
WINDOWS\SYSTEM32
RAM FILES\INTERNET EXPLORER\VM3DUM.DLL
UM.DLL
*INDOWS\SYSTEM32\VM3DUM.DLL
jTWARE\MICROSOFT\WINDOWS\CUR
zCROSOFT.WINDOWS.C..-CONTROL
OFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION
ROGRAM FILES\INTERNET EXPLORER\VM3DUM.DLL
oftware\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
$OFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FONTSUBSTITUTES
REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}
,REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}
AREGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}
ISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SIDEBYSIDE\W
S\X86_MICROSOFT.WINDOWS.C..-CONTROLS.RESOURCES_6595B64144CCF1DF_EN-US_0C410FC56
570F-4A9B-8D69-199F
#00020430-0000-0000-C000-000000000046}
#REGISTRY\USER\S-1-5-21-732923889-1296844034-1208581001-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WPAD
DREGISTRY\USER\S-1-5-21-732923889-1296844034-1208581001-1000_CLASSES\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}\INPROCHANDLER
2??\%Program Files%\Internet Explorer\iexplore.exe.Local
SERS\ADM\APPDATA\ROAMING\MICROSOFT\WINDOWS\IECOMPATCACHE
BYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\WINSOCK
@??\C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TIR4YGN2\IE9CompatViewList[1].xml
"REGISTRY\USER\S-1-5-21-732923889-1296844034-1208581001-1000_Classes\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}\TreatAs
BREGISTRY\USER\S-1-5-21-732923889-1296844034-1208581001-1000_CLASSES\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}\TREATAS
>REGISTRY\USER\S-1-5-21-732923889-1296844034-1208581001-1000_CLASSES\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}
REGISTRY\USER\S-1-5-21-732923889-1296844034-1208581001-1000_CLASSES\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}
\REGISTRY\USER\S-1-5-21-732923889-1296844034-1208581001-1000_CLASSES\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}
SERS\ADM\APPDATA\ROAMING\MICROSOFT\WINDOWS\IECOMPATCACHE\INDEX.DAT
EX.DAT
*??\C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
%REGISTRY\USER\S-1-5-21-732923889-1296844034-1208581001-1000_Classes\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}\InprocHandler32
HREGISTRY\USER\S-1-5-21-732923889-1296844034-1208581001-1000_CLASSES\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}\INPROCHANDLER32
c:\%original file name%.exe
texe

iexplore.exe_3644_rwx_6F880000_0003E000:

<"<(<&=0=6=
6$7(7,70747
0"0&0*0.02060:0>0
1#2)252@2
= =$=(=,=0=4=8=
p"4B×e
wp"4B×44x
?$%&'()* ,-./0123456789:;<=
Íl$vn
Ii]%d
ry file: %s
ochange rv mode %d ->%d
<APIF/VFS> failed to create section object for file '%s\%s', status x
<APIF/VFS> failed to read PE HEADERS file '%s\%s'
oreading %d bytes
<APIF/VFS> failed to read section %d from file '%s\%s'
<APIF/VFS> failed to read from file '%s\%s'
<APIF/VFS> failed to commit memory for file '%s\%s', status x
<APIF/VFS> failed to allocate swap area for file '%s\%s', status x
ofound %s
nonexecutable
appname: '%s'
cmdline: '%s'
Catalog offset x
failed to open storage file '%s'
bad password
%s is oldstyle package
%s%s%s
[%s(%d)]
unexpected(x)
z:\home\_buildbot\projects\yoyo\core.hc
error(x): %s
error(%d): %s
z:\home\_buildbot\projects\yoyo\array.hc
z:\home\_buildbot\projects\molebox4\core\../YoYo.Ext/regimport.hc
failed to set value '%S': error x
regimport.c
failed to create registry key '%S': error x
registry key '%S' doesn't exist
failed to delete registry key '%S': error x
%s {%s} %s
]ms|x|
. . . . . . . . . . . . . . . .
... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ...
user32.dll
%ls: %ls, at '%s':%d
X-X-X-XX-XXXXXX
x-x-x-xx-xxxxxx
01234567
could not create file mapping, %s
could not map file, %s
1.1.4
deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly
exception x at x
dbghelp.dll
<EXELOAD> failed to read section %d from file '%s\%s'
<EXELOAD> failed to read from file '%s\%s'
Z:\home\_buildbot\Projects\molebox4\cor1rel.pdb
t.WPV
v<SSSh
Fd t%f
Fd@t%f
j.hT7
MSVCRT.dll
C:/Program Files/Internet Explorer/iexplore.exe
'ArrayT<T>.Reserve_(newCount)' error: out of range
%s_CLASSES
{%USID%}
{%USIDCLASSES%}
'ArrayT<T>.At(idx)' error: out of range
%s.%s.Manifest
%s.Manifest
.Manifest
%s.%s.Config
%s.Config
.Config
HKEY_CLASSES_ROOT\
HKEY_LOCAL_MACHINE\
HKEY_CURRENT_USER\
%s.%d
l.dmp

iexplore.exe_3900:

.text
`.data
.rsrc
@.reloc
>.uzf
.us;}
IEFRAME.dll
MLANG.dll
iertutil.dll
urlmon.dll
ole32.dll
SHELL32.dll
SHLWAPI.dll
msvcrt.dll
USER32.dll
KERNEL32.dll
ADVAPI32.dll
RegOpenKeyExW
RegCloseKey
GetWindowsDirectoryW
_amsg_exit
_wcmdln
UrlApplySchemeW
PathIsURLW
UrlCanonicalizeW
UrlCreateFromPathW
iexplore.pdb
KEYW
KEYWh
KEYWD
.ENNNG.
a.ry.v
l.igM4
?1%SGf
xh.JW^
.97777"7" " " !
3.... )) 
8888888888888
8888888888
.lPV)
úW1
.ApX/
H.ZAf
ð[U
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
Y.hilkRROMLK=C,
..(((($$
3...((((%
3....(.''$
3.2...((((%
33.2....(,'
55323222...
(%&'00443445?
00.,,,4(
000.,,9(
0020..9(
003200;(
(#'( (''''!'!
Microsoft.InternetExplorer.Default
user32.dll
Kernel32.DLL
xfire.exe
wlmail.exe
winamp.exe
waol.exe
sidebar.exe
psocdesigner.exe
np.exe
netscape.exe
netcaptor.exe
neoplanet.exe
msn.exe
mshtmpad.exe
mshta.exe
loader42.exe
infopath.exe
iexplore.exe
iepreview.exe
groove.exe
explorer.exe
dreamweaver.exe
contribute.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
Kernel32.dll
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
{00000000-0000-0000-0000-000000000000}
\\?\Volume
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Imaging_CreateWebPagePreview
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
Windows
9.00.8112.16421


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
  2. Delete the original Backdoor file.
  3. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  4. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2025 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now