Analysis Date2015-05-03 17:52:18
MD5740ee2f9db0e4b87726f21970cf9736b
SHA15e0db9c6049ebd598fee42a424578056a5802d79

Static Details:

File typeMS-DOS executable
Section_FLAT md5: ffd8c1a4c22460049379a98a91f22b23 sha1: 61376f7cb6e969ea5366ee3ef849dd1379ea8fa4 size: 200704
Section.imports md5: 90870a9a08583bfd0b6b0b5db8710ba9 sha1: 4b65eb522044506fc01ae9288bf4f7dbdaf5dad3 size: 8192
Timestamp1970-01-01 00:00:00
PEhash1b46033d74f491b8afef14bd52a942f4272faa04
IMPhash0e5b99bfd0497774aaa44aef3e0e4a7a
AVAd-AwareGen:Variant.Kazy.551846
AVAlwil (avast)no_virus
AVArcabit (arcavir)Gen:Variant.Kazy.551846
AVAuthentiumW32/Kazy.CW.gen!Eldorado
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVBitDefenderGen:Variant.Kazy.551846
AVBullGuardGen:Variant.Kazy.551846
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Malware.Generic.Lld621115.heur
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Kazy.551846
AVEset (nod32)Win32/Korplug.A
AVFortinetW32/Generic.A!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.551846
AVGrisoft (avg)no_virus
AVIkarusTrojan-Downloader.Win32.Thoper
AVK7Trojan ( 003db13d1 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security EssentialsBackdoor:Win32/Plugx.A
AVMicroWorld (escan)Gen:Variant.Kazy.551846
AVPadvishno_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVTwisterTrojan.Generic.jxvr
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Network Details:


Raw Pcap

Strings
\??\
1234
%16.16X
%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X
2. G4
%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d
%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d: 
6239
{6360E80C-E9A7-4fe1-B190-A4B65CDDF69D}
%ALLUSERSPROFILE%
%ALLUSERSPROFILE%\LS360
%ALLUSERSPROFILE%\SxS
 ASP
  ASPX
\BaseNamedObjects\%s
boot.cfg
\bug.log
 CASH JIW8 AJ4U0F6U,3J16Y94EJ/ N  JNI3U3
 CASH K27J;3504YJI4VU0454 53S/61P3RU 2J0 JHP6FZ;3JP4 5K4U;4
Chrome
CLSID
CMD.EXE
cn@123.58.188.252:22286 - FileZilla
CompanyName
comserv.dll
comserv.dll.url
CONIN$
CONOUT$
ConsentPromptBehaviorAdmin
[C:\Program Files (x86)\Tencent\QQ\bin\QQ.exe
CRYPTBASE.DLL
\Device\Floppy
DISPLAY
EnableLUA
ezilla.exe
FileDescription
FileVersion
FTPG;4U3RU6XU04Z/ 2K7
Global\DelSelf(%8.8X)
HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0
J162JO4
J941J4DK3U2K7CJJB6EJI3U35/4TXGuiFoundation
JI3JE0 U2L4SU3K278 Q84FUV6EJ04M/4K27S84K27
JI4U/ U.3E/ VUP 2;3  U32U. Y94
jjjj
JWP G62K7U.3EJI4FM4 J06AO3K27AO6U.3?
LNULL
LS360
l%s\sysprep\CRYPTBASE.DLL
 MainForm
~MHZ
Mozilla/4.0 (compatible; MSIE 
NJI3U3...JI3OA6GJIHJI4~
NvSmart.hlp
{OKRISING-1173-4e51-BFC6-886666886868}RIS
p.0.1bb715_r36_ad1
\Parameters
PI[%8.8X]
\\.\pipe\a%d
\\.\pipe\b%d
\\.\PIPE\RUN_AS_USER(%d)
ProductName
ProductVersion
pUAC.TMP
QQXK7
RemoteDesktopManager.exe
RsTray.exe
RU, BJ4K27PB6X96EP W
RUNAS
S-1-16-12288
%s %d %d
%s\%d.plg
SeDebugPrivilege
ServiceDll
SeShutdownPrivilege
\Sessions\%d\BaseNamedObjects\%s
SeTcbPrivilege
%s\msiexec.exe %d %d
%s\msiexec.exe UAC
sNT AUTHORITY
Software\CLASSES\FAST
Software\CLASSES\FAST\PROXY
SOFTWARE\Microsoft\Internet Explorer\Version Vector
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Software\Microsoft\Windows\CurrentVersion\Run
%s\sysprep
%s\sysprep\sysprep.exe
static
\StringFileInfo\%4.4X%4.4X\%s
\SxS
System
SYSTEM
System\CurrentControlSet\Services
SYSTEM\CurrentControlSet\Services\
\SystemRoot\
%SystemRoot%\system32\svchost.exe
tSystem Idle Process
U, BJ4K27
UJI3DK3U3JP4 204GD04D04
\VarFileInfo\Translation
VG7Hnc-nY/viewform?c=0&w=1&usp=send_form - Google Chrome
%windir%\explorer.exe
%WINDIR%\SYSTEM32\SERVICES.EXE
Windows LS360 Services
; Windows NT %d.%d
WINSTA0
 WJP G6U U;48A7
zjjj
;	<,<;<
0.0.0.0
0$0)0G0Z0~0
0"0=0S0\0a0~0
0#010C0O0d0v0
0%020M0`0e0~0
0 050G0h0
0/0A0_0
0,0R0W0`0i0o0t0y0
0'0T0d0
011@1M1c1i1
0!1C1e1
030U0w0
041=1F1L1Q1V1]1b1t1
050C0a0i0x0}0
> >&>+>0>7><>l>z>
081L1r1~1
=0=B={=
=0O0l0
0P1`1v1
0T0[0n0
0t<It#ItFIu
1 1$1(1,141@1I1O1T1Y1`1e1q1
1%1.1:1\1p1
1#1^1m1
1$141P1j1z1
1*191H1c1r1
1:1A1I1Y1b1i1n1v1
1-1C1[1j1
1%1f1u1
1'1J1`1m1
1!1L1d1
1,1P1s1
1.1S1_1m1
1&20282D2
121.14.103.194
1%212f2
1+222C2Q2]2p2
1 222Q2q2~2
1.2=2a2~2
1	2+2a2k2
1)262X2c2r2
1"292J2Y2
131S1`1f1
151C1O1n1
162<2C2I2V2\2f2l2v2|2
="=+=1=6=;=B=G=h=
=&=,=1=6===B=K=k=
=1=7=@=V=h=n=w=
192.168.0.100
<1<9<D<
>!>1><>C>I>T>[>a>h>o>x>~>
1D1H1L1P1T1X1\1`1d1h1l1p1t1x1
1U1\1}1
2#2-2>2s2
2-2@2E2^2
2$2*2F2N2T2p2x2~2
2.2?2S2r2
223Q3W3]3b3{3
2%242K2
2+272K2U2_2n2}2
2,292C2
2,292X2{2
2 292y2
2.2M2S2[2`2o2}2
232=2X2f2
2.373^3g3l3r3y3~3
2H2Q2Z2`2e2j2q2v2
2I2R2W2~2
<%<2<M<`<e<~<
?%?2?N?g?v?
?$?2?P?_?
<2=?=W=
324N4_4p4
3'30393@3E3M3
3#3*3/3
3!3'3,31383=3q3
3+3:3?3E3L3Q3b3j3y3
3 3$3(3O3V3]3d3k3r3
3%3/393H3W3g3
3'3/3B3`3q3
3-3@3E3^3
3#3;3S3
3	3*3S3d3v3
3'363S3]3m3
3*393`3!404
3.3D3e3
3(3D3O3q3}3
3-3K3`3f3o3
3/3T3n3t3y3
3'444c4p4y4
3-474W4a4
3\4c4k4
3!4D4V4_4f4w4
383j3o3u3
;$;-;3;8;=;D;I;\;z;
:":':,:3:8:J:
:,;3;:;A;H;O;
=&=3=B=
;3;B;P;Y;h;w;
3G4[4l4
3K7]7l7
<3<;<K<X<
>3>:>N>X>d>
:+:3:<:Q:^:}:
>3>T>g>v>
=$>3>@>[>u>{>
404\4a4x4
4,424A4G4V4\4k4p4
4$434C4
4'4-42474>4C4b4g4r4
4"4`4|4
4%4<4I4^4m4
444X4`4k4y4
4'464;4E4S4]4l4x4
4+494H4
4,4D4W4
4"4G4^4
4:4N4o4~4
4!5/5A5L5[5
4<5[5j5
4	5G5N5r5
464B4u4
495G5U5
>#>(>->4>9>a>
4C4a4v4
=(=4===C=H=M=T=Y=t=y=
:$;4;D;d;
< <$<(<4<@<E<K<R<W<
?4?=?F?L?Q?V?]?b?
;4;F;O;V;g;v;
=4=F=Q=k=}=
?)?4?H?S?
505=5L5Q5W5^5c5t5|5
50T0m0
545J5Y5
5+555?5J5Z5x5
5 555Y5c5m5|5
5'5;5D5J5O5T5[5`5{5
5.5@5G5M5Z5d5k5u5
5.5@5K5_5q5|5
5'5>5M5
5#5*5y5
556N6Y6{6
5&595H5r5
5-666?6E6J6O6V6[6u6
5,666B7H7M7T7Z7_7k7q7z7
5*6_6i6w6
5<6_6v6{6
5)6c6y6
5,6T6_6m6
<#<)<.<5<;<B<Q<W<\<
<,<5<><D<I<N<V<e<z<
5U6Z6`6k6
60U0p0
626H6N6V6u6
636B6c6
647`7w7
6+646=6D6I6P6U6
6%6<6]6t6
6)666X6
6/6>6M6\6u6
667Y7^7g7l7r7y7~7
6=6D6J6{6
6+6P6d6
6*6W6o6
6`7g7y7
;&;6;\;a;g;p;y;
;+<6<M<X<
6P6Y6b6h6m6r6y6~6
=)>6>X>r>
707=7_7
70H0W0
717Z7i7w7
758;8F8[8p8
7+707@7J7h7
7!707:7x7
7"727B7R7a7k7
7&7-72797>7u7
7$7-7J7^7e7n7}7
7'7>7M7_7n7
7"7=7P7U7n7
7#797E7R7m7
7/797T7v7
7:7B7Z7g7~7
7,7Y7c7q7
7	838C8n8x8
787G7[7|7
788e8v8{8
7%898B8H8M8R8Y8^8v8
7=8D8K8R8Y8v8
7&8I8p8
>.>7>=>B>G>N>S>w>
>	?+?7?C?l?
:%:*:/:7:L:g:v:
>%>7>O>V>]>d>k>r>y>
:7:Y:e:
82878C8Y8e8r8
8+878T8l8
8$8)80858
8 8)80858=8S8`8i8r8y8~8
8!8.8<8C8O8^8
8%8?8E8J8]8
8,8?8I8O8b8i8u8
8%8>8K8T8]8d8i8q8
8,8=8R8d8
8/8<8S8l8
8$8@8T8p8
888Z8k8u8
8,8J8g8
8 8K8^8d8s8
8'949=9C9H9M9T9Y9
8;9A9K9^9y9
8$9F9Y9q9
8F8R8`8o8}8
<8<G<L<R<Y<^<l<s<
=8=G=L=R=Y=^=l=s=
>8>G>L>R>Y>^>l>s>
8GULPt
8GULPu#
:):8:K:~:
8K9X9e9~9
8l9p9t9x9|9
?8?^?x?
<8<@<Z<h<
92979C9Y9e9r9
9$:2:D:`:q:
94999K9X9g9
9!929A9[9v9
9#959G9W9
9"9'939<9B9G9L9S9X9x9
9"9'9.939T9j9
9 9&999F9L9_9l9r9
999G9w9
9$9,9J9V9_9h9n9s9x9
9"9=9P9U9n9
9:9K9\9
9-9K9l9*:\:r:x:}:
9;9x9|9
9D9M9V9\9a9f9m9r9
=#=9=E=R=m=
9,:L:q:
>,>9>R>_>
9W9k9t9z9
9W:h:q:z:
AdjustTokenPrivileges
advapi32
advapi32.dll
ADVAPI32.dll
>+>A>J>O>c>
AllocateAndGetTcpExTableFromStack
AllocateAndGetUdpExTableFromStack
AllocateAndInitializeSid
AllocConsole
>A?N?V?_?
? ?/?A?P?
:.:A:P:x:
AttachConsole
>$>)>B>]>b>n>|>
>&>B>d>p>
<$<b<i<n<z<
BitBlt
bootProc
>B>U>b>|>
<'<B<X<a<k<{<
<"<)<c<
CallNextHookEx
ChangeServiceConfig2W
ChangeServiceConfigW
:C:K:c:t:
CloseDesktop
CloseHandle
CloseServiceHandle
closesocket
CloseWindowStation
CoCreateInstance
CoInitializeEx
CommandLineToArgvW
connect
ConnectNamedPipe
CONNECT %s:%d HTTP/1.1
Content-length: 0
Content-Type: text/html
ControlService
ConvertStringSidToSidW
CoUninitialize
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDesktopW
CreateDIBSection
CreateDirectoryW
CreateEnvironmentBlock
CreateEventW
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateNamedPipeW
CreateProcessAsUserW
CreateProcessW
CreateRemoteThread
CreateServiceW
CreateThread
CreateWindowExW
:':c:t:
; ;/;C;Y;z;
D$4PhH
D$8PSS
;D;b;};
DefWindowProcW
DeleteCriticalSection
DeleteDC
DeleteFileW
DeleteObject
DeleteService
DestroyEnvironmentBlock
DestroyIcon
DisconnectNamedPipe
DispatchMessageW
dl.202668.com
 dllmain.cpp
<.<;<D<M<S<X<]<d<i<
= =D=M=V=\=a=f=m=r=
dnsapi
DnsFree
DnsQuery_A
<%<?<_<d<o<{<
DoImpUserProc
<D<S<g<m<
D$tPSh
DuplicateTokenEx
d:\work\plug6.0(360)(rstray)(xyzreg)(7.0)(scldr3.0)\shellcode\shellcode\XPlug.h
d:\work\plug6.0(360)(rstray)(xyzreg)(7.0)(scldr3.0)\shellcode\shellcode\XSetting.h
D$<WPW
=)=D=x=
;E;c;k;
EName:%s,EAddr:0x%p,ECode:0x%p,EAX:%p,EBX:%p,ECX:%p,EDX:%p,ESI:%p,EDI:%p,EBP:%p,ESP:%p,EIP:%p
EnterCriticalSection
EnumProcesses
EnumProcessModules
EnumServicesStatusExW
EqualSid
ExitProcess
ExitThread
ExitWindowsEx
ExpandEnvironmentStringsW
ExtractIconExW
f9~4t"
file: %s, line: %d, error: [%d]%s
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
<;<f<n<
FormatMessageA
:#:+:F:P:\:e:l:q:y:
FreeConsole
FreeSid
;;;];f;u;
>F>U>t>
gdi32.dll
GDI32.dll
GdiFlush
:(;G;e;M<g<
GenerateConsoleCtrlEvent
GetAdaptersInfo
GetAsyncKeyState
GetClassNameW
GetCommandLineW
GetComputerNameW
GetConsoleCP
GetConsoleCursorInfo
GetConsoleDisplayMode
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDeviceCaps
GetDIBits
GetDiskFreeSpaceExW
GetDriveTypeW
GetExitCodeThread
GetExtendedTcpTable
GetExtendedUdpTable
GetFileAttributesW
GetFileSize
GetFileTime
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetForegroundWindow
gethostbyname
GetIconInfo
GetKeyState
GetLastError
GetLengthSid
GetLocalTime
GetMessageW
GetModuleFileNameExW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetModuleInformation
GetNativeSystemInfo
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetQueuedCompletionStatus
GetRawInputData
getsockname
GetStdHandle
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemMetrics
GetSystemTime
GetTcpTable
GetThreadDesktop
GetTickCount
GetTokenInformation
GetUdpTable
GetUserNameW
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GetWindowTextW
GetWindowThreadProcessId
<&=G=]=f=k=
GlobalMemoryStatus
GlobalMemoryStatusEx
;GULPt
HeapFree
>*>H>h>
:.;:;H;k;
>$>H>o>
Ht)Ht&Ht
HTTP://
HTTP/1.0 200 
HTTP/1.1 200 
HttpAddRequestHeadersA
HttpEndRequestA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestExA
ImpersonateLoggedOnUser
.imports
inet_addr
inet_ntoa
InitializeCriticalSection
InitiateSystemShutdownA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
InternetWriteFile
iphlpapi
IsWow64Process
JoProc
JoProcAccept
JoProcBroadcast
JoProcBroadcastRecv
JoProcListen
>\?j?o?t?|?
:j;t;E=`=f=
JtnJtTJtAJt
jWX_^[
jWX_^[]
kernel32
kernel32.dll
KERNEL32.dll
	keybd_event
keybd_event
KeyLog
KillTimer
KLProc
; ;&;k;z;
<#=.=l={=
>	?l?{?
:<;L;{;
?;?L?b?o?}?
LdrLoadShellcode
LeaveCriticalSection
;+;=;L;];m;|;
LoadCursorW
LoadLibraryA
LocalAlloc
LocalFree
LocalLock
LocalReAlloc
LocalUnlock
LockWorkStation
LookupAccountSidW
LookupPrivilegeValueW
:	;%;L;q;v;
lstrcatW
lstrcmpA
lstrcmpiW
lstrcmpW
lstrcpyA
lstrcpynA
lstrcpynW
lstrcpyW
lstrlenA
lstrlenW
L$tQSh
:%:l:z:
</<M<|<
MapViewOfFile
memcmp
memcpy
memset
MessageBoxW
: ;M;n;u;
	mouse_event
mouse_event
msvcrt.dll
MultiByteToWideChar
="=*=N=[=
Nethood
Netstat
>#?/?;?N?]?o?
ntdll.dll
NtQueryObject
?@?O?]?
odbc32.dll
ODBC32.dll
ole32.dll
OlProc
OlProcManager
OlProcNotify
OpenFileMappingW
OpenInputDesktop
OpenProcess
OpenProcessToken
OpenSCManagerW
OpenServiceW
OpenWindowStationW
Option
:':O:t:
OutputDebugStringA
OutputDebugStringW
:%:*:`:p:
PlugProc
PortMap
PostMessageA
PostQueuedCompletionStatus
PostQuitMessage
@PPRWSPP
Process
ProcessIdToSessionId
Protocol:[%4s], Host: [%s:%d], Proxy: [%d:%s:%d:%s:%s]
Proxy-Authorization: Basic %s
Proxy-Connection: Keep-Alive
psapi.dll
PSSSSSSWS
PVVVVVVh 
?:?Q?l?x?
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryServiceConfig2W
QueryServiceConfigW
QueryServiceStatusEx
QueueUserAPC
QWWPWW
;`;r;{;
:,;;;r;
;);:;R;b;k;q;v;{;
ReadConsoleOutputW
ReadFile
ReadProcessMemory
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEdit
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegisterRawInputDevices
RegOpenCurrentUser
RegOpenKeyExW
RegOverridePredefKey
RegQueryValueExW
RegSetValueExW
RemoveDirectoryW
ResetEvent
ResumeThread
RevertToSelf
<R=i=w=
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
RtlMessageBoxProc
RtlNtStatusToDosError
;,;:;[;s;
Screen
ScreenT1
ScreenT2
%s: %d
SelectObject
Service
SetCapture
SetConsoleCtrlHandler
SetConsoleScreenBufferSize
SetCursorPos
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetProcessWindowStation
setsockopt
SetTcpEntry
SetThreadDesktop
SetTimer
SetTokenInformation
SetUnhandledExceptionFilter
SetWindowLongW
SetWindowsHookExW
SfcIsFileProtected
SHCopyKeyW
SHCreateItemFromParsingName
SHDeleteKeyW
SHDeleteValueW
shell32.dll
SHELL32.dll
ShellExecuteExW
ShellT1
ShellT2
SHEnumKeyExW
SHEnumValueW
SHFileOperationW
SHGetValueW
shlwapi
ShowWindow
SiProc
socket
SQLAllocEnv
SQLAllocHandle
SQLColAttributeW
SQLDataSourcesW
SQLDisconnect
SQLDriverConnectW
SQLDriversW
SQLExecDirectW
SQLFetch
SQLFreeHandle
SQLGetData
SQLGetDiagRecW
SQLMoreResults
SQLNumResultCols
SQLSetEnvAttr
:@:S:s:
SSSSQSj
SSSVSQ
StartServiceW
SVSSSPQ
|SVWhD
 SVWP3
SxWorkProc
;_<t<}<
\$T9\$<u
T$DRWWW
Telnet
TelnetT1
TelnetT2
TerminateProcess
TerminateThread
t>f9Q*u8
>	?(?T?_?f?o?t?~?
=T=f=o=v=
t*Ht=Ht:Ht7Sh/
T$<hTWz
t'jhWV
tLHtI-
?;?T?m?~?
tMHt=Ht/Ht"j
TranslateMessage
t$ WPVj
tXHtU-
>(???[?u?{?
uEh|`z
:u_f9G
=U>^>g>m>r>w>~>
u h,fz
u(hP_z
u hx]z
u h`]z
UnhookWindowsHookEx
/update?id=%8.8x
user32
user32.dll
USER32.dll
userenv
<$=V=~=
VerQueryValueW
version
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQueryEx
;?;V;`;k;
VkKRaR2
Vt9It"It
Vt;Ht$Ht
VVPQVR
WaitForMultipleObjects
WaitForSingleObject
?#?-?W?e?
?&?W?h?
~ Wh<fz
WideCharToMultiByte
WindowFromPoint
	WindowFromPoint
wininet
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
_wopen
WriteConsoleInputW
WriteFile
WriteProcessMemory
ws2_32
ws2_32.dll
WS2_32.dll
WSACleanup
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketA
WSAStartup
wsprintfA
	wsprintfA
wsprintfW
	wsprintfW
wtsapi32
Wtsapi32
WTSEnumerateProcessesW
WTSFreeMemory
WTSGetActiveConsoleSessionId
WTSQueryUserToken
<w\u(3
XBase64.cpp
XBoot.cpp
XBuffer.cpp
XDList.cpp
XException.cpp
>)>X>g>x>
XHide.cpp
XInstall.cpp
XInstallUAC.cpp
XJoin.cpp
XOnline.cpp
XPacket.cpp
XPlgLoader.cpp
XPlug.cpp
XPlugDisk.cpp
XPlugKeyLogger.cpp
XPlugNethood.cpp
XPlugNetstat.cpp
XPlugOption.cpp
XPlugPortMap.cpp
XPlugProcess.cpp
XPlugRegedit.cpp
XPlugScreen.cpp
XPlugService.cpp
XPlugShell.cpp
XPlugSQL.cpp
XPlugTelnet.cpp
XRTL.cpp
X-Session
XSessionImpersonate.cpp
XSetting.cpp
X-Size
XSo.cpp
XSoPipe.cpp
XSoTcp.cpp
XSoTcpHttp.cpp
XSoUdp.cpp
X-Status
XThreadManager.cpp
>Y>k>p>x>
= =.=<=Z=b=l=s=z=
ZwQueryObject