Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 4a43753f92709876bb61bfa08971f274 --

Hashes
MD5: 4a43753f92709876bb61bfa08971f274
SHA1: d5c4473c7213b2fe44f1cf7d31db905a77f41303
SHA256: 125653f3f57f640f28bff2296653a6154ad2e6750a9eb343b57aeffbdcdb94b6
SSDEEP: 384:kmNODS5IlMg1j7gBe1XhwYTAEwgqRQq/5LMaewLvvg7hztdYHfpPkFD8jHud:kMirWh75lenYHfhkFD6Od
Details
File Type: 80386
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/FakeDllInstaller/Obj/Release%20DEBUGCONFIG/KillOs_Reboot.obj
Strings
		.drectve
.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.rdata
0@.debug$T
B   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller\Obj\Release DEBUGCONFIG\KillOs_Reboot.obj
Microsoft (R) Optimizing Compiler
e:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller
D:\Program Files\Microsoft Visual Studio 9.0\VC\bin\cl.exe
-O1 -Oi -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller\Source -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller\Modules -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Core -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Common -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Misc -DWIN32 -DNDEBUG -D_WINDOWS -D_USRDLL -DDEBUGCONFIG -D_WINDLL -D_MBCS -Gm -MT -GS- -GR- -Fo"e:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller\Obj\Release DEBUGCONFIG\\" -Fd"e:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller\Obj\Release DEBUGCONFIG\vc90.pdb" -W3 -c -Zi -TP -Zl -nologo -errorreport:prompt -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\include" -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\atlmfc\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -X
..\..\Source\Misc\KillOs_Reboot.cpp
e:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller\Obj\Release DEBUGCONFIG\vc90.pdb
PARSE_CANONICALIZE
PARSE_FRIENDLY
PARSE_SECURITY_URL
PARSE_ROOTDOCUMENT
PARSE_DOCUMENT
PARSE_ENCODE
PARSE_DECODE
PARSE_PATH_FROM_URL
PARSE_URL_FROM_PATH
PARSE_MIME
PARSE_SERVER
PARSE_SCHEMA
PARSE_SITE
PARSE_DOMAIN
PARSE_LOCATION
PARSE_SECURITY_DOMAIN
PARSE_ESCAPE
PSU_DEFAULT
BINDSTATUS_FINDINGRESOURCE
QUERY_IS_INSTALLEDENTRY
BINDSTATUS_CONNECTING
BINDSTATUS_REDIRECTING
BINDSTATUS_BEGINDOWNLOADDATA
BINDSTATUS_ENDDOWNLOADDATA
BINDSTATUS_BEGINDOWNLOADCOMPONENTS
BINDSTATUS_INSTALLINGCOMPONENTS
BINDSTATUS_ENDDOWNLOADCOMPONENTS
BINDSTATUS_USINGCACHEDCOPY
BINDSTATUS_SENDINGREQUEST
BINDSTATUS_MIMETYPEAVAILABLE
BINDSTATUS_CACHEFILENAMEAVAILABLE
BINDSTATUS_BEGINSYNCOPERATION
BINDSTATUS_ENDSYNCOPERATION
BINDSTATUS_BEGINUPLOADDATA
BINDSTATUS_ENDUPLOADDATA
BINDSTATUS_PROTOCOLCLASSID
BINDSTATUS_ENCODING
BINDSTATUS_VERIFIEDMIMETYPEAVAILABLE
BINDSTATUS_CLASSINSTALLLOCATION
BINDSTATUS_DECODING
BINDSTATUS_LOADINGMIMEHANDLER
BINDSTATUS_CONTENTDISPOSITIONATTACH
SYS_WIN32
SYS_MAC
BINDSTATUS_CLSIDCANINSTANTIATE
BINDSTATUS_IUNKNOWNAVAILABLE
BINDSTATUS_DIRECTBIND
BINDSTATUS_RAWMIMETYPE
BINDSTATUS_PROXYDETECTING
BINDSTATUS_ACCEPTRANGES
BINDSTATUS_COOKIE_SENT
BINDSTATUS_COMPACT_POLICY_RECEIVED
BINDSTATUS_COOKIE_SUPPRESSED
BINDSTATUS_COOKIE_STATE_ACCEPT
BINDSTATUS_COOKIE_STATE_REJECT
BINDSTATUS_COOKIE_STATE_PROMPT
BINDSTATUS_PERSISTENT_COOKIE_RECEIVED
BINDSTATUS_CACHECONTROL
BINDSTATUS_CONTENTDISPOSITIONFILENAME
BINDSTATUS_MIMETEXTPLAINMISMATCH
BINDSTATUS_PUBLISHERAVAILABLE
BINDSTATUS_DISPLAYNAMEAVAILABLE
DLL_KERNEL32
DLL_ADVAPI32
FEATURE_OBJECT_CACHING
DLL_USER32
FEATURE_ZONE_ELEVATION
DLL_NTDLL
FEATURE_MIME_HANDLING
FEATURE_MIME_SNIFFING
FEATURE_WINDOW_RESTRICTIONS
FEATURE_WEBOC_POPUPMANAGEMENT
FEATURE_BEHAVIORS
FEATURE_DISABLE_MK_PROTOCOL
FEATURE_LOCALMACHINE_LOCKDOWN
FEATURE_SECURITYBAND
FEATURE_RESTRICT_ACTIVEXINSTALL
FEATURE_RESTRICT_FILEDOWNLOAD
FEATURE_ADDON_MANAGEMENT
FEATURE_PROTOCOL_LOCKDOWN
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
FEATURE_SAFE_BINDTOOBJECT
FEATURE_UNC_SAVEDFILECHECK
FEATURE_GET_URL_DOM_FILEPATH_UNENCODED
TKIND_INTERFACE
FEATURE_TABBED_BROWSING
FEATURE_SSLUX
TKIND_DISPATCH
FEATURE_DISABLE_NAVIGATION_SOUNDS
FEATURE_DISABLE_LEGACY_COMPRESSION
TKIND_ALIAS
FEATURE_FORCE_ADDR_AND_STATUS
FEATURE_XMLHTTP
FEATURE_DISABLE_TELNET_PROTOCOL
FEATURE_FEEDS
FEATURE_BLOCK_INPUT_PROMPTS
CIP_DISK_FULL
CIP_ACCESS_DENIED
CIP_NEWER_VERSION_EXISTS
CHANGEKIND_ADDMEMBER
CIP_OLDER_VERSION_EXISTS
CIP_NAME_CONFLICT
CHANGEKIND_DELETEMEMBER
CIP_TRUST_VERIFICATION_COMPONENT_MISSING
CHANGEKIND_SETNAMES
CIP_EXE_SELF_REGISTERATION_TIMEOUT
CHANGEKIND_SETDOCUMENTATION
CHANGEKIND_GENERAL
CIP_UNSAFE_TO_ABORT
CHANGEKIND_INVALIDATE
CIP_NEED_REBOOT
CHANGEKIND_CHANGEFAILED
Uri_PROPERTY_STRING_START
Uri_PROPERTY_AUTHORITY
Uri_PROPERTY_DISPLAY_URI
Uri_PROPERTY_STRING_LAST
Uri_PROPERTY_ZONE
Uri_HOST_DNS
Uri_HOST_IPV4
fcmRead
fcmWrite
fcmReadWrite
fcmCreate
CC_CDECL
CC_MSCPASCAL
CC_PASCAL
CC_MACPASCAL
CC_STDCALL
CC_FPFASTCALL
CC_SYSCALL
CC_MPWCDECL
CC_MPWPASCAL
ApiCacheSize
COR_VERSION_MAJOR_V2
VAR_STATIC
IdleShutdown
	'BANKING_SIGNAL_FILE_HASH
URLZONE_INTRANET
NoAccess
ReadWrite
URLZONEREG_DEFAULT
URLZONEREG_HKLM
SA_Yes
SA_Maybe
SA_NoAccess
SA_Read
SA_Write
SA_ReadWrite
VT_BSTR
VT_DISPATCH
VT_RECORD
VT_RESERVED
TYSPEC_MIMETYPE
TYSPEC_FILENAME
TYSPEC_PROGID
TYSPEC_PACKAGENAME
DESCKIND_IMPLICITAPPOBJ
BINDSTRING_POST_COOKIE
BINDSTRING_FLAG_BIND_TO_OBJECT
NODE_INVALID
NODE_ELEMENT
NODE_ATTRIBUTE
NODE_TEXT
NODE_CDATA_SECTION
NODE_ENTITY_REFERENCE
NODE_ENTITY
NODE_COMMENT
NODE_DOCUMENT
NODE_DOCUMENT_TYPE
NODE_DOCUMENT_FRAGMENT
XMLELEMTYPE_DOCUMENT
tagPARAMDESC
tagPARAMDESCEX
tagBINDPTR
LPPARAMDESCEX
CALLCONV
BINDPTR
TYPEKIND
FUNCKIND
PARAMDESC
tagTLIBATTR
_SYSTEM_STRINGS
UINT_PTR
ELEMDESC
VARIANTARG
SAFEARRAYBOUND
PDWORD
KTHREAD
tagELEMDESC
DESCKIND
_PEB_FREE_BLOCK
PHANDLE
TYPEDESC
tagEXCEPINFO
_NT_TIB
tagSTATSTG
PERESOURCE_THREAD
VARKIND
LPOLESTR
tagFUNCDESC
NTSTATUS
tagIDLDESC
_UNICODE_STRING
TMemory
PPEBLOCKROUTINE
LONGLONG
tagApplicationType
tagCABSTR
PIDMSI_STATUS_VALUE
PERESOURCE_OLD
LONG_PTR
PROPVAR_PAD3
_KEVENT
LPVOID
STRBUF::TStrRec
FUNCDESC
TBotApplication
tagCACLSID
tagCADBL
_RTL_BITMAP
SIZE_T
PNTSYSCALL
BOOLEAN
PTEXT_INFO
KAFFINITY
HREFTYPE
tagTYPEKIND
UNICODE_STRING
tagDESCKIND
tagCACY
_KSEMAPHORE
ERESOURCE_THREAD
tagSYSKIND
_STRING
tagXMLEMEM_TYPE
OLECHAR
tagVARKIND
PPEB_LDR_DATA
EXCEPINFO
_FILETIME
POOL_TYPE
ULONGLONG
VARDESC
LPCOLESTR
KPRIORITY
IUnknown
MEMBERID
EPrintPropertyType
tagARRAYDESC
THTTPResponseRec
DOUBLE
_KTHREAD
tagVARDESC
KEVENT
_MM_INFO_COUNTERS
tagBINDSTRING
DECIMAL
CLIENT_ID
SYSKIND
__MIDL_IUri_0001
TListTemplate<void *>
TBotSocket
BSTRBLOB
tagCAH
_tagQUERYOPTION
TBotEvent
ERESOURCE_LITE
PULONG
_TP_CALLBACK_ENVIRON
_TP_CALLBACK_ENVIRON::<unnamed-type-u>
_TP_CALLBACK_ENVIRON::<unnamed-type-u>::<unnamed-type-s>
ITypeComp
TProcessType
tagCAUI
tagCAFILETIME
tagDISPPARAMS
VARIANT_BOOL
tagSAFEARRAY
_PLUGPLAY_BUS_INSTANCE
PROPVARIANT
LIST_ENTRY
CAPROPVARIANT
PLIST_ENTRY
tagTYSPEC
_OBJECT_TYPE_INFORMATION
HCRYPTKEY
TMultiPartData
TMultiPartData::TReadPart
tagTYPEDESC
PETHREAD
_SYSTEM_LOCK
tagCLIPDATA
PSYSTEM_STRINGS
RTL_DRIVE_LETTER_CURDIR
PSERVICE_DESCRIPTOR_TABLE
CADATE
tagCAC
THTTPResponse
_ERESOURCE_OLD
IDLDESC
PTP_CALLBACK_INSTANCE
tagTYPEATTR
THTTPChunks
THTTPChunks::TState
tagSAFEARRAYBOUND
PWCHAR
tagBLOB
_TIME_FIELDS
tagURLZONE
_LARGE_INTEGER
_LARGE_INTEGER::<unnamed-type-u>
ReplacesCorHdrNumericDefines
_ULARGE_INTEGER
_ULARGE_INTEGER::<unnamed-type-u>
_PEB_LDR_DATA
ISequentialStream
PRTL_BITMAP
POWNER_ENTRY
VARENUM
_CLIENT_ID
PPEB_FREE_BLOCK
tagCAI
tagCAUB
tagFUNCKIND
_KPROCESS
PCUWSTR
LPSAFEARRAY
_ERESOURCE_LITE
DISPATCHER_HEADER
_URLZONEREG
PUCHAR
RTL_CRITICAL_SECTION
_OWNER_ENTRY
THTTPRequest
TListNotifyEvent
tagBSTRBLOB
TLIBATTR
LARGE_INTEGER
IEnumSTATSTG
KSEMAPHORE
VARTYPE
TBotCollectionItem
TP_VERSION
ITypeLib
TBotStrings
tagDEC
TValue
CLIPDATA
TYPEATTR
tagVARIANT
DISPID
PRTL_CRITICAL_SECTION
_SYSTEM_LOOKASIDE
__vc_attributes::helper_attributes::source_annotation_attributeAttribute
__vc_attributes::helper_attributes::repeatableAttribute
vc_attributes::YesNoMaybe
vc_attributes::PreAttribute
vc_attributes::PostAttribute
vc_attributes::AccessType
HKEY__
USHORT
tagCADATE
KPROCESSOR_MODE
TBotStream
SYSTEM_POWER_STATE
STRING
_ETHREAD
tagCAUH
ULARGE_INTEGER
IRecordInfo
_RTL_CRITICAL_SECTION
ldiv_t
CASCODE
ACCESS_MASK
TBotMemoryStream
TDataBlock
PPROCESS_PARAMETERS
PRTL_CRITICAL_SECTION_DEBUG
CAFILETIME
PLUGPLAY_BUS_CLASS
_CURDIR
DISPPARAMS
LPVARIANT
_SYSTEM_MODULE
INVOKEKIND
GENERIC_MAPPING
STATSTG
__MIDL_IUri_0002
TBotThread
THREAD_STATE
_TEXT_INFO
HANDLE
_VM_COUNTERS
tagCALPWSTR
SOCKET
KWAIT_REASON
POWER_ACTION
NT_TIB
_SYSTEM_POOL_ENTRY
_IO_COUNTERSEX
HCRYPTPROV
_tagPSUACTION
PROPVAR_PAD1
CALPSTR
HCRYPTHASH
PTP_POOL
DWORD64
LPBYTE
SAFEARRAY
tagCABOOL
TBkSocket
_RTL_CRITICAL_SECTION_DEBUG
IStorage
TWinCrypt
CALPWSTR
_SYSTEM_MEMORY_INFO
PUWSTR
TString<char>
TBotList
_SYSTEM_POOL_TAG
TBotObject
PStrings
_SYSTEM_THREAD
_LIST_ENTRY
TDataFileHead
OWNER_ENTRY
tagCALPSTR
TEventContainer
_GENERIC_MAPPING
ITypeInfo
LPWSTR
NTSYSCALL
LPVERSIONEDSTREAM
IStream
size_t
TWinSocket
CURDIR
_PROCESS_PARAMETERS
tagPROPVARIANT
BATTERY_REPORTING_SCALE
PPM_WMI_IDLE_STATE
PPM_WMI_PERF_STATE
PPM_IDLE_STATE_ACCOUNTING
POWER_ACTION_POLICY
SYSTEM_POWER_LEVEL
PROCESSOR_IDLESTATE_INFO
SCARD_T0_COMMAND
PrintPropertyValue
PrintPropertyValue::<unnamed-type-value>
PrintPropertyValue::<unnamed-type-value>::<unnamed-type-propertyBlob>
CABSTRBLOB
TBotFileStream
PKSEMAPHORE
POWER_ACTION_POLICY
tagVersionedStream
TDataFile
_PLUGPLAY_BUS_TYPE
TCryptHTTP
FILETIME
tagCAFLT
tagCACLIPDATA
TDllId
tagBINDSTATUS
VARIANT
PKPROCESS
IDispatch
PLUGPLAY_BUS_TYPE
tagDOMNodeType
tagShutdownType
tagCAL
tagCAPROPVARIANT
PERESOURCE_LITE
tagCABSTRBLOB
PTP_SIMPLE_CALLBACK
tagCHANGEKIND
CACLIPDATA
PTP_CLEANUP_GROUP_CANCEL_CALLBACK
KSPIN_LOCK
TValues
PTP_CALLBACK_ENVIRON
PTP_CLEANUP_GROUP
CACLSID
POBJECT
PKEVENT
ULONG_PTR
_SYSTEM_HANDLE
STRUTILS<char>
PROPVAR_PAD2
_ldiv_t
__MIDL_ICodeInstall_0001
TMultiPartDataItem
_SERVICE_DESCRIPTOR_TABLE
HRESULT
TBotCollection
_RTL_DRIVE_LETTER_CURDIR
INTERFACE_TYPE
tagCALLCONV
_tagINTERNETFEATURELIST
_DISPATCHER_HEADER
CABOOL
string
_tagPARSEACTION
TStrEnum
PERESOURCE
tagCASCODE
tagCAUL
PLUGPLAY_VIRTUAL_BUS_TYPE
CABSTR
Iakytp[O:ac
ljMwkU#
c:\program files\microsoft sdks\windows\v6.0a\include\oleidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\unknwn.h
c:\program files\microsoft sdks\windows\v6.0a\include\inaddr.h
c:\program files\microsoft sdks\windows\v6.0a\include\mmsystem.h
c:\program files\microsoft sdks\windows\v6.0a\include\msxml.h
c:\program files\microsoft sdks\windows\v6.0a\include\cguid.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnetwk.h
c:\program files\microsoft sdks\windows\v6.0a\include\nb30.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdcep.h
c:\program files\microsoft sdks\windows\v6.0a\include\winefs.h
e:\projects\progs\petrosjan\bjwj\source\misc\killos_reboot.h
c:\program files\microsoft sdks\windows\v6.0a\include\mcx.h
e:\projects\progs\petrosjan\bjwj\source\core\memory.h
d:\program files\microsoft visual studio 9.0\vc\include\vadefs.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnt.h
d:\program files\microsoft visual studio 9.0\vc\include\ctype.h
e:\projects\progs\petrosjan\bjwj\source\misc\killos_reboot.cpp
c:\program files\microsoft sdks\windows\v6.0a\include\wincon.h
c:\program files\microsoft sdks\windows\v6.0a\include\guiddef.h
e:\projects\progs\petrosjan\bjwj\source\core\bothttp.h
e:\projects\progs\petrosjan\bjwj\source\core\ntdll.h
e:\projects\progs\petrosjan\bjwj\source\core\botclasses.h
e:\projects\progs\petrosjan\bjwj\source\core\crypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\oaidl.h
e:\projects\progs\petrosjan\bjwj\source\core\ntstatus.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpc.h
c:\program files\microsoft sdks\windows\v6.0a\include\winerror.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdce.h
c:\program files\microsoft sdks\windows\v6.0a\include\wingdi.h
e:\projects\progs\petrosjan\bjwj\source\core\strimplementation.cpp
c:\program files\microsoft sdks\windows\v6.0a\include\winbase.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack8.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack4.h
d:\program files\microsoft visual studio 9.0\vc\include\string.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsock.h
c:\program files\microsoft sdks\windows\v6.0a\include\winreg.h
e:\projects\progs\petrosjan\bjwj\source\core\botdebug.h
e:\projects\progs\petrosjan\bjwj\source\core\config.h
c:\program files\microsoft sdks\windows\v6.0a\include\propidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\ole2.h
c:\program files\microsoft sdks\windows\v6.0a\include\objbase.h
d:\program files\microsoft visual studio 9.0\vc\include\stdlib.h
d:\program files\microsoft visual studio 9.0\vc\include\limits.h
c:\program files\microsoft sdks\windows\v6.0a\include\winspool.h
c:\program files\microsoft sdks\windows\v6.0a\include\poppack.h
c:\program files\microsoft sdks\windows\v6.0a\include\prsht.h
e:\projects\progs\petrosjan\bjwj\source\core\listtemplate.cpp
c:\program files\microsoft sdks\windows\v6.0a\include\winver.h
c:\program files\microsoft sdks\windows\v6.0a\include\tvout.h
c:\program files\microsoft sdks\windows\v6.0a\include\imm.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnterr.h
c:\program files\microsoft sdks\windows\v6.0a\include\commdlg.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcasync.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsi.h
c:\program files\microsoft sdks\windows\v6.0a\include\winperf.h
c:\program files\microsoft sdks\windows\v6.0a\include\shellapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\dlgs.h
c:\program files\microsoft sdks\windows\v6.0a\include\winscard.h
c:\program files\microsoft sdks\windows\v6.0a\include\urlmon.h
c:\program files\microsoft sdks\windows\v6.0a\include\wtypes.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsmcrd.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcndr.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsip.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnls.h
c:\program files\microsoft sdks\windows\v6.0a\include\servprov.h
c:\program files\microsoft sdks\windows\v6.0a\include\bcrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\stralign.h
c:\program files\microsoft sdks\windows\v6.0a\include\lzexpand.h
c:\program files\microsoft sdks\windows\v6.0a\include\ddeml.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings.h
c:\program files\microsoft sdks\windows\v6.0a\include\wincrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_adt.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack2.h
c:\program files\microsoft sdks\windows\v6.0a\include\reason.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsvc.h
c:\program files\microsoft sdks\windows\v6.0a\include\ncrypt.h
e:\projects\progs\petrosjan\bjwj\source\core\botsocket.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_strict.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_undef.h
e:\projects\progs\petrosjan\bjwj\builds\fakedllinstaller\modules\modules.h
c:\program files\microsoft sdks\windows\v6.0a\include\basetsd.h
e:\projects\progs\petrosjan\bjwj\source\core\botcrypthttp.h
c:\program files\microsoft sdks\windows\v6.0a\include\winioctl.h
c:\program files\microsoft sdks\windows\v6.0a\include\oleauto.h
c:\program files\microsoft sdks\windows\v6.0a\include\winuser.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcsal.h
c:\program files\microsoft sdks\windows\v6.0a\include\cderr.h
c:\program files\microsoft sdks\windows\v6.0a\include\ktmtypes.h
c:\program files\microsoft sdks\windows\v6.0a\include\dde.h
e:\projects\progs\petrosjan\bjwj\source\core\botcore.h
e:\projects\progs\petrosjan\bjwj\source\core\getapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\windows.h
e:\projects\progs\petrosjan\bjwj\source\core\utils.h
c:\program files\microsoft sdks\windows\v6.0a\include\sdkddkver.h
d:\program files\microsoft visual studio 9.0\vc\include\excpt.h
d:\program files\microsoft visual studio 9.0\vc\include\crtdefs.h
d:\program files\microsoft visual studio 9.0\vc\include\sal.h
c:\program files\microsoft sdks\windows\v6.0a\include\objidl.h
d:\program files\microsoft visual studio 9.0\vc\include\codeanalysis\sourceannotations.h
e:\projects\progs\petrosjan\bjwj\source\core\strings.h
d:\program files\microsoft visual studio 9.0\vc\include\stdarg.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack1.h
c:\program files\microsoft sdks\windows\v6.0a\include\windef.h
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + =
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 520 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 292 - ^ =
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + = $ebx $T0 4 - ^ =
pushargEx<1,150532372,20,char const *,unsigned long,int,int,int,int,int>
newfunc
pushargEx<1,255840707,22,void *,char *,unsigned long,unsigned long *,int>
newfunc
pushargEx<1,1916711125,17,void *>
newfunc
pushargEx<2,2866184184,202,HKEY__ *,char *,int,long,HKEY__ * *>
newfunc
pushargEx<2,1044385750,215,HKEY__ *,char const *,int,int,unsigned char const *,unsigned long>
newfunc
pushargEx<2,3677705524,212,HKEY__ *>
newfunc
pushargEx<5,3265704366,404,long,int,int,unsigned char *>
newfunc
pushargEx<3,2909815716,257,int,int>
newfunc
KillOs1
\\.\PHYSICALDRIVE0
KillOs2
KillOs2: RegOpenKey() ERROR %d
KillOs2: Error: %s = %s
KillOs2: Success: %s = %s
ImagePath
\services\ACPI
SYSTEM\
..\..\Source\Misc\KillOs_Reboot.cpp
system32\drivers\A
PI.sys
CurrentControlSet
ControlSet002
ControlSet001
Reboot
OldValue
ExecuteRebootCommand
Manager
Command
Arguments
KillOs
KillOs is success
ExecuteKillosCommand
Manager
Command
Arguments
Execute cmd KillOs
e:\projects\progs\petrosjan\bjwj\builds\fakedllinstaller\obj\release debugconfig\vc90.pdb
@comp.id	x
@feat.00
.drectve
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$S
.debug$S
.debug$S
.rdata
.debug$S
.rdata
.debug$T
??$pushargEx@$00$0IPIPBBE@$0BE@PBDKHHHHH@@YAPAXPBDKHHHHH@Z
?GetProcAddressEx2@@YAPAXPADKKH@Z
??$pushargEx@$00$0PDPNBMD@$0BG@PAXPADKPAKH@@YAPAXPAXPADKPAKH@Z
??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z
??$pushargEx@$01$0KKNGHPPI@$0MK@PAUHKEY__@@PADHJPAPAU1@@@YAPAXPAUHKEY__@@PADHJPAPAU0@@Z
??$pushargEx@$01$0DOEAAPNG@$0NH@PAUHKEY__@@PBDHHPBEK@@YAPAXPAUHKEY__@@PBDHHPBEK@Z
??$pushargEx@$01$0NLDFFFDE@$0NE@PAUHKEY__@@@@YAPAXPAUHKEY__@@@Z
??$pushargEx@$04$0MCKGLBKO@$0BJE@JHHPAE@@YAPAXJHHPAE@Z
??$pushargEx@$02$0KNHAEDKE@$0BAB@HH@@YAPAXHH@Z
?KillOs1@@YA_NXZ
?m_memset@@YAPAXPAXKK@Z
??_C@_0BD@KGBPHNNA@?2?2?4?2PHYSICALDRIVE0?$AA@
?KillOs2@@YA_NXZ
??_C@_0CA@MOHEJCIN@KillOs2?3?5RegOpenKey?$CI?$CJ?5ERROR?5?$CFd?6?$AA@
??_C@_0BI@OGPKNNKL@KillOs2?3?5Error?3?5?$CFs?5?$DN?5?$CFs?$AA@
?LogOutput@@YAXPBDH0ZZ
??_C@_0BK@NIJBMNFK@KillOs2?3?5Success?3?5?$CFs?5?$DN?5?$CFs?$AA@
??_C@_09JMMKOPDJ@ImagePath?$AA@
?m_lstrlen@@YGKPBD@Z
??_C@_0P@GPJKKLCO@?2services?2ACPI?$AA@
?m_lstrcat@@YGXPADPBD@Z
?m_lstrcpy@@YGXPADPBD@Z
??_C@_07HCDGMPEB@SYSTEM?2?$AA@
??_C@_0CE@NJDCKCDB@?4?4?2?4?4?2Source?2Misc?2KillOs_Reboot?4@
??_C@_0BK@PHPGFLJ@system32?2drivers?2A?QPI?4sys?$AA@
??_C@_0BC@KEFDNJNC@CurrentControlSet?$AA@
??_C@_0O@DMMDAJLG@ControlSet002?$AA@
??_C@_0O@BHOOFKHF@ControlSet001?$AA@
?Reboot@@YAXXZ
?ExecuteRebootCommand@@YA_NPAXPAD1@Z
?KillOs@@YA_NXZ
??_C@_0BC@HKFBCMIM@KillOs?5is?5success?$AA@
?ExecuteKillosCommand@@YA_NPAXPAD1@Z
??_C@_0BD@PMLMIFFE@Execute?5cmd?5KillOs?$AA@