Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 5753109b9c7cc4c4771f091089cd009b --

Hashes
MD5: 5753109b9c7cc4c4771f091089cd009b
SHA1: ddb10b9b4c7983540610947d7bed690b6b80e637
SHA256: 4c2cf1113675eb7eadd11bd1aaae0b8a4c2433b1f158ad4d2a78ac8f8a8375c7
SSDEEP: 1536:L9pt82liSd+SM4nnPlQjfUQ14k3PdjwwEb3rxMFx88k8SAEZ6hNmAkxZG6:hpt82QSd+gnPlQrU8XCwEb3z9
Details
File Type: 80386
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_win_api | YRP/maldoc_find_kernel32_base_method_1 | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/CRC32_poly_Constant |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/BootkitDropper/Objs/Release%20DEBUGCONFIG/Utils.obj
Strings
		.drectve
.debug$S
.rdata
@@.text
`.rdata
0@.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.text
`.rdata
0@.rdata
0@.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.text
`.text
`.text
`.text
`.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.text
`.debug$F
B.text
`.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.rdata
0@.rdata
0@.debug$F
B.text
`.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$F
B.text
`.text
`.text
`.rdata
0@.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.text
`.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.rdata
0@.text
`.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.text
`.text
`.text
`.text
`.rdata
@.text
`.text
`.text
`.text
`.rdata
0@.text
`.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.text
`.text
`.text
`.text
`.rdata
0@.text
`.text
`.rdata
0@.rdata
0@.debug$F
B.text
`.rdata
0@.debug$F
B.text
`.text
`.text
`.text
`.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$F
B.text
`.rdata
0@.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.text
`.text
`.rdata
0@.debug$F
B.text
`.text
`.text
`.text
`.text
`.text
`.text
`.debug$F
B.text
`.rdata
0@.text
`.text
`.text
`.text
`.rdata
0@.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.text
`.text
`.text
`.debug$F
B.text
`.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitDropper\Objs\Release DEBUGCONFIG\Utils.obj
Microsoft (R) Optimizing Compiler
hD$C2j
hA;=Sj
t	AA@f
%08X%08X
InstallDate
DigitalProductId
SOFTWARE\Microsoft\Windows NT\CurrentVersion
SeBackupPrivilege
In progress...
KERNEL32
ExitProcess
%ALLUSERSPROFILE%
Chrome_WidgetWin_0
OperaWindowClass
MozillaWindowClass
IEFrame
Global\
QVVVVVVh 
ekrn.exe
	Have Wins: No
		Secondary Wins Server: 	%s
		Primary Wins Server: 	%s
	Have Wins: Yes
	DHCP Enabled: No
	Lease Obtained: %ld
		DHCP Server: 	%s
	DHCP Enabled: Yes
	MAC Address: %2X-%2X-%2X-%2X-%2X-%2X
	Gateway: 	%s
	IP Mask: 	%s
	IP Address: 	%s
	Adapter Addr: 	%ld
	Adapter Desc: 	%s
	Adapter Name: 	%s
@comp.id	x
@feat.00
.drectve
.debug$S
.rdata
.rdata
.debug$F
.debug$F
.debug$F
.rdata
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.rdata
.debug$F
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$F
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.rdata
.rdata
.rdata
.debug$F
.rdata
.debug$F
.rdata
.rdata
.rdata
.rdata
.debug$F
.rdata
.debug$F
.debug$F
.rdata
.debug$F
.debug$F
.rdata
.rdata
.debug$F
.debug$F
.debug$F
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.debug$F
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
?MachineID@@3PADA
_AV_HASHES
_Random_State
_Random_Index
??1TBotObject@@UAE@XZ
??_7TBotObject@@6B@
??_GTBotObject@@UAEPAXI@Z
??_ETBotObject@@UAEPAXI@Z
??_GTBotObject@@UAEPAXI@Z
??3TBotObject@@SAXPAX@Z
?myHashData@@YAHKK@Z
?GetCurrentSessionId@@YAKXZ
?GetVirtualFreeAddr@@YAKXZ
?GetProcAddressEx@@YAPAXPADKK@Z
?DecryptPlugin@@YAPAXPAEK@Z
?Crypt@XORCrypt@@YAKPADPAEK@Z
?m_memcpy@@YAPAXPAXPBXH@Z
?MemAlloc@@YAPAXK@Z
?MemFree@@YAXPAX@Z
?m_memcmp@@YAHPBX0I@Z
?InvalidPath@@YA_NPAD@Z
??_C@_02DJGKEECL@?4?4?$AA@
?StrSame@@YA_NPAD0_NK@Z
??_C@_01LFCBOECM@?4?$AA@
?RecursuveSearchCallBack@@YAXPAU_WIN32_FIND_DATAA@@PADPAXAA_N@Z
?ChangeFileExt@File@@YAPADPAD0@Z
?Copy@STR@@YAXPAD0KK@Z
?Alloc@STR@@YAPADK@Z
?StrCalcLength@@YAKPBD@Z
?New@STR@@YAPADKPADZZ
?End@STR@@YAPADPAD@Z
?IsEmpty@STR@@YA_NQAD@Z
?ExtractFileNameA@File@@YAPADPAD_N@Z
?New@STR@@YAPADPADK@Z
?ExtractFileNameW@File@@YAPA_WPA_W_N@Z
?New@WSTR@@YAPA_WPA_WK@Z
?IsEmpty@WSTR@@YA_NPA_W@Z
?ExtractFilePathA@File@@YAPADPAD@Z
?GetNameHashW@File@@YAKPA_W_N@Z
?GetHash@WSTR@@YAKQA_WK_N@Z
?IsExecutableFile@@YA_NPAX@Z
?Get_wsprintfA@@YAP6AHPADPBDZZXZ
?Get_wsprintfW@@YAP6AHPA_WPB_WZZXZ
?GetCRC32@@YAKPADH@Z
?FuncForSizeFolderLess@@YAXPAU_WIN32_FIND_DATAA@@PADPAXAA_N@Z
?ProcessIsAntiVirus@@YA_NK@Z
?IsDelimiterChar@@YA_ND@Z
??0?$MemPtr@$0BAE@@@QAE@XZ
??1?$MemPtr@$0BAE@@@QAE@XZ
??B?$MemPtr@$0BAE@@@QAEPADXZ
?str@?$MemPtr@$0BAE@@@QAEPADXZ
??0TBotObject@@QAE@XZ
??$pushargEx@$00$0BCJHIBCM@$0ME@@@YAPAXXZ
?GetProcAddressEx2@@YAPAXPADKKH@Z
?t_str@?$TString@D@@QBEPADXZ
??_C@_11LOCGONAA@?$AA?$AA@
??$pushargEx@$00$0GPLIJKPA@$0EA@HHP6GKPAX@ZPAXHPAK@@YAPAXHHP6GKPAX@Z0HPAK@Z
??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0JMEIAOCE@$0DO@PAU_OSVERSIONINFOA@@@@YAPAXPAU_OSVERSIONINFOA@@@Z
??$pushargEx@$02$0IOLOPFLB@$0BAM@H@@YAPAXH@Z
??$pushargEx@$01$0KKNGHPPI@$0MO@PAUHKEY__@@PBDHJPAPAU1@@@YAPAXPAUHKEY__@@PBDHJPAPAU0@@Z
??$pushargEx@$01$0BIACOHMI@$0NG@PAUHKEY__@@PBDHHPAEPAK@@YAPAXPAUHKEY__@@PBDHHPAEPAK@Z
??$pushargEx@$00$0GJCGABFC@$0GN@@@YAPAXXZ
??$pushargEx@$01$0NLDFFFDE@$0NI@PAUHKEY__@@@@YAPAXPAUHKEY__@@@Z
??$pushargEx@$01$0DOEAAPNG@$0NL@PAUHKEY__@@PBDHHPAEH@@YAPAXPAUHKEY__@@PBDHHPAEH@Z
??$pushargEx@$00$0CNEALIOG@$0IC@PBD@@YAPAXPBD@Z
??$pushargEx@$00$0DNOPJBLK@$0HB@PADPAK@@YAPAXPADPAK@Z
??$pushargEx@$00$0CNEALIOG@$0IC@PAD@@YAPAXPAD@Z
??$pushargEx@$04$0LMEEKBDB@$0BJN@W4_SYSTEMINFOCLASS@@PAXKH@@YAPAXW4_SYSTEMINFOCLASS@@PAXKH@Z
?Hash@?$STRUTILS@_W@@SAKPB_WK_N@Z
??$pushargEx@$04$0JMAKMJJN@$0BKE@PAPAXHPAU_OBJECT_ATTRIBUTES@@PAU_CLIENT_ID@@@@YAPAXPAPAXHPAU_OBJECT_ATTRIBUTES@@PAU_CLIENT_ID@@@Z
??$pushargEx@$04$0KGDIMOFP@$0BLB@PAXW4_PROCESSINFOCLASS@@PAU_UNICODE_STRING@@KPAK@@YAPAXPAXW4_PROCESSINFOCLASS@@PAU_UNICODE_STRING@@KPAK@Z
??$pushargEx@$04$0DNJKJCFJ@$0BKG@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0EGDBIKNB@$0DN@HPB_WHHHKHHPAU_STARTUPINFOW@@PAU_PROCESS_INFORMATION@@@@YAPAXHPB_WHHHKHHPAU_STARTUPINFOW@@PAU_PROCESS_INFORMATION@@@Z
??$pushargEx@$00$0EGDBIKMH@$0DM@HPADHHHKHHPAU_STARTUPINFOA@@PAU_PROCESS_INFORMATION@@@@YAPAXHPADHHHKHHPAU_STARTUPINFOA@@PAU_PROCESS_INFORMATION@@@Z
??$pushargEx@$00$0MFEDHEPD@$0CO@PAXI@@YAPAXPAXI@Z
??$pushargEx@$04$0MCKGLBKO@$0BJJ@JHHPAE@@YAPAXJHHPAE@Z
??$pushargEx@$00$0NIJKNAF@$0EL@@@YAPAXXZ
??$pushargEx@$01$0IANLLOAH@$0MK@PAXHPAPAX@@YAPAXPAXHPAPAX@Z
??$pushargEx@$01$0NEOMMHFJ@$0OG@PAXW4_TOKEN_INFORMATION_CLASS@@PAU_TOKEN_USER@@HPAK@@YAPAXPAXW4_TOKEN_INFORMATION_CLASS@@PAU_TOKEN_USER@@HPAK@Z
??$pushargEx@$01$0LIFDIKFC@$0OH@PAU_SECURITY_DESCRIPTOR@@H@@YAPAXPAU_SECURITY_DESCRIPTOR@@H@Z
??$pushargEx@$01$0NKNNFJJE@$0OI@PAU_SECURITY_DESCRIPTOR@@PAX_N@@YAPAXPAU_SECURITY_DESCRIPTOR@@PAX_N@Z
??$pushargEx@$01$0FKJLCPNN@$0OK@PA_WJPAU_SECURITY_DESCRIPTOR@@@@YAPAXPA_WJPAU_SECURITY_DESCRIPTOR@@@Z
??$pushargEx@$00$0HHEDJDPO@$0DD@HPA_WH@@YAPAXHPA_WH@Z
??$pushargEx@$04$0MKCLPGFC@$0BLA@PAXW4_PROCESSINFOCLASS@@PAKH@@YAPAXPAXW4_PROCESSINFOCLASS@@PAKH@Z
??$pushargEx@$02$0CFCLFDL@$0BAL@PADH@@YAPAXPADH@Z
??$pushargEx@$02$0GMHPHBGP@$0BAK@PAXPAK@@YAPAXPAXPAK@Z
??$pushargEx@$00$0DNJJHCPF@$0CP@H@@YAPAXH@Z
??$pushargEx@$00$0EHFFIHLH@$0FE@PAD@@YAPAXPAD@Z
??$pushargEx@$00$0EHFFIHKB@$0FF@PA_W@@YAPAXPA_W@Z
??$pushargEx@$0BD@$0PIGKKBPG@$0CBD@PADPAD@@YAPAXPAD0@Z
??$pushargEx@$00$0DCEDCEEE@$0IJ@PADPAU_WIN32_FIND_DATAA@@@@YAPAXPADPAU_WIN32_FIND_DATAA@@@Z
??$pushargEx@$00$0CHJNOKNH@$0IL@PAXPAU_WIN32_FIND_DATAA@@@@YAPAXPAXPAU_WIN32_FIND_DATAA@@@Z
??$pushargEx@$00$0HLEIECMB@$0IN@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0EPLKJBGM@$0JJ@@@YAPAXXZ
??$pushargEx@$04$0PKONPDKK@$0BKD@PAXW4_THREADINFOCLASS@@PAU_THREAD_BASIC_INFORMATION@@IPAK@@YAPAXPAXW4_THREADINFOCLASS@@PAU_THREAD_BASIC_INFORMATION@@IPAK@Z
??$pushargEx@$00$0FLMBNBEP@$0FO@HH@@YAPAXHH@Z
??$pushargEx@$00$0PLMGEIFL@$0LL@PAXPAUtagPROCESSENTRY32W@@@@YAPAXPAXPAUtagPROCESSENTRY32W@@@Z
??$pushargEx@$00$0JIHFAPDD@$0LM@PAXPAUtagPROCESSENTRY32W@@@@YAPAXPAXPAUtagPROCESSENTRY32W@@@Z
??$pushargEx@$0BE@$0OGJKBMNH@$0CBK@PAU_IP_ADAPTER_INFO@@PAK@@YAPAXPAU_IP_ADAPTER_INFO@@PAK@Z
??$pushargEx@$00$0IPIPBBE@$0BE@PADJHHHHH@@YAPAXPADJHHHHH@Z
??$pushargEx@$00$0PDPNBMD@$0BG@PAXPADKPAKH@@YAPAXPAXPADKPAKH@Z
??$pushargEx@$00$0CMKFPDHA@$0IB@PA_WPA_W@@YAPAXPA_W0@Z
??$pushargEx@$04$0GPBMIAJO@$0BLE@H@@YAPAXH@Z
??$pushargEx@$01$0KKNGHPPI@$0MO@PAUHKEY__@@PADHJPAPAU1@@@YAPAXPAUHKEY__@@PADHJPAPAU0@@Z
??$pushargEx@$01$0KOJOECIG@$0OM@PAUHKEY__@@PADPAPAU1@@@YAPAXPAUHKEY__@@PADPAPAU0@@Z
??$pushargEx@$01$0DOEAAPNG@$0NL@PAUHKEY__@@PADHHPAEK@@YAPAXPAUHKEY__@@PADHHPAEK@Z
??$pushargEx@$01$0DOEAAPNG@$0NL@PAUHKEY__@@PADHHPBEI@@YAPAXPAUHKEY__@@PADHHPBEI@Z
??$pushargEx@$01$0BIACOHMI@$0NG@PAUHKEY__@@PADHPAKHPAK@@YAPAXPAUHKEY__@@PADHPAKH2@Z
??$pushargEx@$01$0BIACOHMI@$0NG@PAUHKEY__@@PADHPAKPAEPAK@@YAPAXPAUHKEY__@@PADHPAKPAE2@Z
??$pushargEx@$01$0JAKAJHOG@$0OO@PAUHKEY__@@PADHPBDJJHPAPAU1@H@@YAPAXPAUHKEY__@@PADHPBDJJHPAPAU0@H@Z
??$pushargEx@$01$0BLDNBCLJ@$0ML@HPBDPAU_LUID@@@@YAPAXHPBDPAU_LUID@@@Z
??$pushargEx@$01$0HKCBGHNM@$0MN@PAXHPAU_TOKEN_PRIVILEGES@@HPAU1@H@@YAPAXPAXHPAU_TOKEN_PRIVILEGES@@H1H@Z
??$pushargEx@$00$0IBPAPANP@$0CD@PAD@@YAPAXPAD@Z
??$pushargEx@$01$0LLPAFDPG@$0PB@PAUHKEY__@@PADHH@@YAPAXPAUHKEY__@@PADHH@Z
??$pushargEx@$00$0IPIPBBE@$0BE@PBDJHHHHH@@YAPAXPBDJHHHHH@Z
??$pushargEx@$00$0PDPNBMD@$0BG@PAXPAXKPAKH@@YAPAXPAX0KPAKH@Z
??$pushargEx@$00$0IPIPBAC@$0BF@PB_WJHHHHH@@YAPAXPB_WJHHHHH@Z
??$pushargEx@$00$0KOPHMLPB@$0CF@PAXPAK@@YAPAXPAXPAK@Z
??$pushargEx@$00$0EIHPOBGL@$0BK@PAXPAEKPAKH@@YAPAXPAXPAEKPAKH@Z
??$pushargEx@$00$0IPIPBBE@$0BE@PBDKHHHHH@@YAPAXPBDKHHHHH@Z
??$pushargEx@$00$0IPIPBAC@$0BF@PB_WKHHHHH@@YAPAXPB_WKHHHHH@Z
??$pushargEx@$00$0FIPOHKLO@$0DG@HPAD@@YAPAXHPAD@Z
??$pushargEx@$00$0PKEPFAC@$0GG@PADPADHPAD@@YAPAXPAD0H0@Z
??$pushargEx@$00$0FIPOHKKI@$0DH@HPA_W@@YAPAXHPA_W@Z
??$pushargEx@$00$0PKEPFBE@$0GH@PA_WPA_WHPA_W@@YAPAXPA_W0H0@Z
?IsEmpty@?$STRUTILS@D@@SA_NPBD@Z
?Hash@?$STRUTILS@D@@SAKPBDK_N@Z
??$pushargEx@$0BD@$0PIGKKBPG@$0CBD@PADPBD@@YAPAXPADPBD@Z
??$pushargEx@$00$0ENFFIHLH@$0DK@PADK@@YAPAXPADK@Z
??$pushargEx@$00$0EKOHFHCL@$0IO@PBD@@YAPAXPBD@Z
??$pushargEx@$06$0ILGNACAL@$0BMH@PAU_SHFILEOPSTRUCTA@@@@YAPAXPAU_SHFILEOPSTRUCTA@@@Z
??$pushargEx@$00$0HAPGPODB@$0LA@KPAD@@YAPAXKPAD@Z
??$pushargEx@$00$0DJJDFEMO@$0LB@PAD@@YAPAXPAD@Z
??$pushargEx@$00$0IPIPBAC@$0BF@PA_WKHHHHH@@YAPAXPA_WKHHHHH@Z
??$pushargEx@$00$0OPAKCFKB@$0CH@PAXHHHKH@@YAPAXPAXHHHKH@Z
??$pushargEx@$00$0FMNJEDA@$0CI@PAXHHHH@@YAPAXPAXHHHH@Z
??$pushargEx@$00$0HHMNJFGH@$0CN@PAE@@YAPAXPAE@Z
??$pushargEx@$06$0NOKKJFFH@$0BMA@HHHW4SHGFP_TYPE@@PA_W@@YAPAXHHHW4SHGFP_TYPE@@PA_W@Z
??$pushargEx@$00$0CMKBLFPA@$0HP@PA_WPB_W@@YAPAXPA_WPB_W@Z
??$pushargEx@$00$0CMKBLFPA@$0HP@PA_WPA_W@@YAPAXPA_W0@Z
??$DBGOutMessage@PBDPBD@Utils_Debug@@YAXPBD0@Z
??$pushargEx@$00$0JJKECJJN@$0FK@HHK@@YAPAXHHK@Z
??$pushargEx@$00$0JOGPKIEC@$07PAXH@@YAPAXPAXH@Z
??$DBGOutMessage@PBDPAD@Utils_Debug@@YAXPBDPAD@Z
??$pushargEx@$00$0FLMBNBEP@$0FO@HK@@YAPAXHK@Z
??$pushargEx@$00$0IJLJGINC@$0IE@PAXPAUtagTHREADENTRY32@@@@YAPAXPAXPAUtagTHREADENTRY32@@@Z
??$pushargEx@$00$0EMBAHHNG@$0IF@PAXPAUtagTHREADENTRY32@@@@YAPAXPAXPAUtagTHREADENTRY32@@@Z
??$pushargEx@$00$0JJKECJJN@$0FK@JHK@@YAPAXJHK@Z
??$pushargEx@$00$0KEFLDHAK@$0JI@@@YAPAXXZ
??$pushargEx@$00$0HOJCMKGF@$0IG@HHK@@YAPAXHHK@Z
??$pushargEx@$00$0OOLKFOLK@$0HA@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0KKBNOACP@$0HC@PAXPAU_CONTEXT@@@@YAPAXPAXPAU_CONTEXT@@@Z
??$pushargEx@$00$0KEINGHGC@$0CL@PBD@@YAPAXPBD@Z
??$pushargEx@$00$0BPMAOKOO@$06PAXPBD@@YAPAXPAXPBD@Z
??$pushargEx@$00$0JKLPLIKG@$09PAXPAXIHH@@YAPAXPAX0IHH@Z
??$pushargEx@$00$0LOKALPDF@$0BI@PAXPAXPAPAXIPAK@@YAPAXPAX0PAPAXIPAK@Z
??$pushargEx@$00$0HLIILPDL@$0HE@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0MFEDHEPD@$0CO@PAXK@@YAPAXPAXK@Z
??$pushargEx@$00$0CDOLOJIL@$0KB@PBDPADH@@YAPAXPBDPADH@Z
??$pushargEx@$00$0JJKECJJN@$0FK@HHH@@YAPAXHHH@Z
??$pushargEx@$0BC@$0OEPLCBJB@$0CAJ@PAXHPADI@@YAPAXPAXHPADI@Z
??$pushargEx@$02$0CFCLFDL@$0BAL@PBDH@@YAPAXPBDH@Z
??$pushargEx@$02$0GMHPHBGP@$0BAK@PAUHWND__@@PAK@@YAPAXPAUHWND__@@PAK@Z
??$pushargEx@$06$0MJFNIFFA@$0BLL@HPADHH@@YAPAXHPADHH@Z
?t_str@?$TString@_W@@QBEPA_WXZ
??$pushargEx@$06$0MJFNIFEG@$0BLM@HPA_WHH@@YAPAXHPA_WHH@Z
??$pushargEx@$05$0KGAMFPAF@$0BLK@HKJ@@YAPAXHKJ@Z
??$pushargEx@$01$0MMNADMDK@$0OJ@PAU_SECURITY_DESCRIPTOR@@HHH@@YAPAXPAU_SECURITY_DESCRIPTOR@@HHH@Z
??$pushargEx@$00$0LPHIJGJM@$0EC@PAU_SECURITY_ATTRIBUTES@@HPAD@@YAPAXPAU_SECURITY_ATTRIBUTES@@HPAD@Z
??$pushargEx@$00$0KOBHMAHB@$0CJ@PAXPAU_FILETIME@@PAU1@PAU1@@@YAPAXPAXPAU_FILETIME@@11@Z
??$pushargEx@$00$0GJFBOJCK@$0KL@PAU_FILETIME@@@@YAPAXPAU_FILETIME@@@Z
??$pushargEx@$01$0CIOJOCJB@$0BAC@PAU_SID_IDENTIFIER_AUTHORITY@@HJJHHHHHHPAPAX@@YAPAXPAU_SID_IDENTIFIER_AUTHORITY@@HJJHHHHHHPAPAX@Z
??$pushargEx@$01$0IHPONLFA@$0BAD@HPAXPAH@@YAPAXHPAXPAH@Z
??$pushargEx@$01$0FMLFOPHC@$0BAE@PAX@@YAPAXPAX@Z
??$pushargEx@$01$0IANLLOAH@$0MK@PAXJPAPAX@@YAPAXPAXJPAPAX@Z
??$pushargEx@$01$0NEOMMHFJ@$0OG@PAXW4_TOKEN_INFORMATION_CLASS@@PAEIPAK@@YAPAXPAXW4_TOKEN_INFORMATION_CLASS@@PAEIPAK@Z
??$pushargEx@$00$0GLEBGHIG@$0FL@@@YAPAXXZ
??$pushargEx@$04$0PHLKELH@$0BLD@PAXPAU_IO_STATUS_BLOCK@@PAU_FILE_NAME_INFORMATION@@IW4_FILE_INFORMATION_CLASS@@@@YAPAXPAXPAU_IO_STATUS_BLOCK@@PAU_FILE_NAME_INFORMATION@@IW4_FILE_INFORMATION_CLASS@@@Z
??$pushargEx@$00$0GPLIJKPA@$0EA@HHP6GKPAX@ZPAU_NM_INFO@@HH@@YAPAXHHP6GKPAX@ZPAU_NM_INFO@@HH@Z
??$pushargEx@$00$0MFEDHEPD@$0CO@PAXH@@YAPAXPAXH@Z
??$pushargEx@$00$0MAJNFNGG@$0HK@PAXH@@YAPAXPAXH@Z
??$pushargEx@$00$0EOFKBALB@$0LI@PAXPAK@@YAPAXPAXPAK@Z
??$pushargEx@$00$0OHEPFHOO@$0DA@HHPA_WKPADHHH@@YAPAXHHPA_WKPADHHH@Z
??$pushargEx@$00$0FDDNDLEB@$0LH@PAXPAXPAXPAPAXHHH@@YAPAXPAX00PAPAXHHH@Z
??$pushargEx@$00$0BJPHIMJA@$0FM@PAXPAUtagPROCESSENTRY32@@@@YAPAXPAXPAUtagPROCESSENTRY32@@@Z
??$pushargEx@$00$0MJDAOKBO@$0FN@PAXPAUtagPROCESSENTRY32@@@@YAPAXPAXPAUtagPROCESSENTRY32@@@Z
??$pushargEx@$04$0DIFMHAPC@$0BLH@PAXHHHPAU_IO_STATUS_BLOCK@@IPAEIPAEI@@YAPAXPAXHHHPAU_IO_STATUS_BLOCK@@IPAEI2I@Z
??$pushargEx@$04$0LAEEKBBJ@$0BLG@W4_SYSTEMINFOCLASS@@PAXKH@@YAPAXW4_SYSTEMINFOCLASS@@PAXKH@Z
??$pushargEx@$0BJ@$0PDEBNFMP@$0CCM@H@@YAPAXH@Z
??$pushargEx@$0BJ@$0DGIEDFLO@$0CCP@PBU_GUID@@HW4tagCLSCTX@@PBU1@PAPAX@@YAPAXPBU_GUID@@HW4tagCLSCTX@@0PAPAX@Z
??$pushargEx@$00$0FKKHOHAL@$0DB@HHPBDHPA_WH@@YAPAXHHPBDHPA_WH@Z
??$pushargEx@$0BJ@$0ONLDBFJN@$0CCO@@@YAPAXXZ
??$pushargEx@$00$0HELGCELO@$0MH@PAU_SYSTEM_INFO@@@@YAPAXPAU_SYSTEM_INFO@@@Z
??$pushargEx@$00$0FCKMBJM@$0MG@PAXPAH@@YAPAXPAXPAH@Z
??$Alloc@D@STRBUF@@YAPADK@Z
?Alloc@HEAP@@YAPAXK@Z
??$GetRec@D@STRBUF@@YAAAUTStrRec@0@PAD@Z
?Length@?$STRUTILS@D@@SAKPBD@Z
?Length@?$STRUTILS@_W@@SAKPB_W@Z
??$Alloc@_W@STRBUF@@YAPA_WK@Z
??$GetRec@_W@STRBUF@@YAAAUTStrRec@0@PA_W@Z
?IsEmpty@?$STRUTILS@_W@@SA_NPB_W@Z
??$Length@_W@STRBUF@@YAKPA_W@Z
??$CreateFromStr@_W@STRBUF@@YAPA_WPB_WKK@Z
?pGetLastError@@YAKXZ
?StartThread@@YGPAXPAX0@Z
?RunThread@@YAXPAX0@Z
?GetOSInfo@@YAPADXZ
??_C@_02DKCKIIND@?$CFs?$AA@
??_C@_05DNIIFBMG@?$CFs?5?$CFs?$AA@
?m_lstrlen@@YGKPBD@Z
?MakeMachineID@@YAPADXZ
??_C@_08IOBMCFMO@?$CF08X?$CF08X?$AA@
?Free@STR@@YAXPAD@Z
??_C@_06MDAJJOA@RegId?$AA?$AA@
??_C@_0N@IJACKCDN@InstallDate?$AA?$AA@
??_C@_0BC@OEBKFPM@DigitalProductId?$AA?$AA@
??_C@_0CO@GAEHACH@SOFTWARE?2Microsoft?2Windows?5NT?2Cu@
?m_memset@@YAXPBXEI@Z
?GetInfoTable@@YAPAXK@Z
?GetProcessIdByHash@@YAKK@Z
?GetProcessHashOfId@@YAKK@Z
?GetProcessList@@YAPADXZ
?m_lstrcat@@YGXPADPBD@Z
??_C@_01IHBHIGKO@?0?$AA@
?MemRealloc@@YAPAXPAXK@Z
?m_lstrcpy@@YGXPADPBD@Z
?m_lstrlwr@@YGXPAD@Z
?ToAnsi@WSTR@@YAPADPB_WK@Z
?OpenProcessEx@@YAPAXK@Z
?InternalRunFile@@YA_N_NPADKPAPAX2@Z
?RunFileEx@@YA_NPA_WKPAPAX1@Z
?RunFileW@@YA_NPA_W@Z
?RunFileA@@YA_NPAD_N1@Z
?GodmodeOnFile@@YA_NPA_W@Z
?GetProcessHash@@YAKXZ
?DisableDEP@@YAXXZ
?GetExplorerPid@@YAKXZ
?GetIExplorerPid@@YAKXZ
?Initialize@Random@@YAXXZ
?Generate@Random@@YAKXZ
?Generate@Random@@YAKKK@Z
?FillChars@Random@@YAXPADKDD@Z
?RandomString@Random@@YAPADKDD@Z
?DirExists@@YA_NPAD@Z
?FileExistsA@@YA_NQAD@Z
?FileExistsW@@YA_NQA_W@Z
?SearchFiles@@YA_NPAD0_NKPAXP6AXPAU_WIN32_FIND_DATAA@@02AA_N@Z@Z
??_C@_01KICIPPFI@?2?$AA@
??_C@_03EMIMMIHL@?$CK?4?$CK?$AA@
?GetUniquePID@@YAKPAK@Z
?GetUniquePID@@YAKXZ
?GetParentPID@@YAKK@Z
?GetParentPID@@YAKXZ
?IsProcessLeave@@YA_NH@Z
?IsNewProcess@@YA_NAAKPAK@Z
?GetFileFormat@@YAKPA_W@Z
?m_wcslen@@YGKPB_W@Z
?m_wcslwr@@YAPA_WPA_W@Z
?MakeShutdown@@YAXXZ
?CreateKey@Registry@@YA_NPAUHKEY__@@PAD1@Z
?SetValueString@Registry@@YA_NPAUHKEY__@@PAD11@Z
?SetValueDWORD@Registry@@YA_NPAUHKEY__@@PAD1K@Z
?GetStringValue@Registry@@YAPADPAUHKEY__@@PAD1@Z
?Free2@STR@@YAXAAPAD@Z
?CreateValueString@Registry@@YA_NPAUHKEY__@@PAD11@Z
??_C@_00CNPNBAHC@?$AA@
?CreateValueREGMULTI_SZ@Registry@@YA_NPAUHKEY__@@PAD11K@Z
?SetPrivilege@Registry@@YA_NPBDH@Z
?IsKeyExist@Registry@@YA_NPAUHKEY__@@PBD@Z
?SaveRegKeyPath@Registry@@YA_NPAUHKEY__@@PAD1@Z
??_C@_0BC@GFNPOOJC@SeBackupPrivilege?$AA@
?WriteBufferA@File@@YAKPBDQAXK@Z
?WriteBufferW@File@@YAKPB_WPAXK@Z
?FileRealReadToBuffer@@YAPAEPAXAAK@Z
?ReadToBufferA@File@@YAPAEPBDAAK@Z
?ReadToBufferW@File@@YAPAEPB_WAAK@Z
?GetTempName@File@@YAPADPADQAD@Z
?GetTempName@File@@YAPA_WPA_WQA_W@Z
?GetNameHashA@File@@YAKPAD_N@Z
?Clear@Directory@@YA_NPBD_N@Z
?IsExists@Directory@@YA_NQAD@Z
?IsExists@Directory@@YA_NQA_W@Z
?CopyFileANdFolder@@YA_NPAD0@Z
??_C@_0P@IHHBHCBE@In?5progress?4?4?4?$AA@
?Length@STR@@YAKPAD@Z
?DeleteFolders@@YA_NPAD@Z
?EnumDrives@@YAXKP6AXPADPAXAA_N@Z1@Z
?GetFileData@@YAPAEPA_WPAK@Z
?isFileExists@@YA_NHPA_W@Z
??_C@_13FPGAJAPJ@?$AA?2?$AA?$AA@
?FileCreateInFolder@@YA_NHPA_WPAXH@Z
?KillProcess@@YAHKK@Z
??_C@_08CPNIBGIE@KERNEL32?$AA@
??_C@_0M@LPAKIOHO@ExitProcess?$AA@
?StrLongToString@@YAPADK@Z
?GetAllUsersProfile@@YAPADPADH@Z
??_C@_0BC@CEKDMMCF@?$CFALLUSERSPROFILE?$CF?$AA@
?GetAllUsersProfile@@YAPADPADHPBD@Z
?GetHashForPid@@YAKH@Z
?SizeFolderLess@@YA_NPBDKPAK@Z
?KillAllBrowsers@@YAXXZ
??_C@_0BD@EBAKEBCI@Chrome_WidgetWin_0?$AA@
??_C@_0BB@FCIBEJBC@OperaWindowClass?$AA@
??_C@_0BD@HKKGICH@MozillaWindowClass?$AA@
??_C@_07DLDAKOKH@IEFrame?$AA@
?KillOutpost@@YAXXZ
?TryCreateSingleInstance@@YAPAXPBD@Z
??_C@_07DLJKOECL@Global?2?$AA@
?WaitCaptureMutex@@YA_NPBDH@Z
?CaptureMutex@@YAPAXPBDH@Z
?LastWriteTime@File@@YAKPAX@Z
?CheckSidCurrentProcess@@YAHPAU_SID_IDENTIFIER_AUTHORITY@@@Z
?IsUserAdmin@@YAHXZ
?IsUserLocalSystem@@YA_NXZ
?GetFileHandleType@@YAEXZ
??_C@_03JDMLODLP@NUL?$AA@
?GetFileNameThread@@YGKPAX@Z
?GetFileName@@YAXPAXPAD@Z
?FindBlockingProcesses@@YAHPBDPAKH@Z
?m_strstr@@YGPADPBD0@Z
?StrLowerCase@@YAXPAD@Z
?KillBlockingProcesses@@YAXPBD@Z
?GetProcessIdByName@@YAKPAD@Z
?m_lstrcmp@@YGKPBD0@Z
?SendCmdOffNOD32@@YAXPAX@Z
?GetSystemInformation@@YAPAXW4_SYSTEMINFOCLASS@@@Z
?OffNOD32@@YAXXZ
??_C@_08PLOLAMCB@ekrn?4exe?$AA@
?CreateLink@@YAXPBD0000@Z
_IID_IPersistFile
_CLSID_ShellLink
_IID_IShellLinkA
?IsWIN64@@YA_NXZ
?IsWOW64@@YA_NK@Z
__imp__GetCurrentProcess@0
??0?$TString@D@@QAE@XZ
??_7?$TString@D@@6B@
??_G?$TString@D@@UAEPAXI@Z
??_E?$TString@D@@UAEPAXI@Z
??0?$TString@D@@QAE@K@Z
?IsEmpty@?$TString@D@@QBE_NXZ
??0?$TString@_W@@QAE@K@Z
??_7?$TString@_W@@6B@
??_G?$TString@_W@@UAEPAXI@Z
??_E?$TString@_W@@UAEPAXI@Z
??$CreateFromStr@D@STRBUF@@YAPADPBDKK@Z
??$AddRef@D@STRBUF@@YAPADPAD@Z
??$Release@D@STRBUF@@YAXAAPAD@Z
?Free@HEAP@@YAXPAX@Z
??$Length@D@STRBUF@@YAKPAD@Z
??$Append@D@STRBUF@@YAXAAPADPBDK@Z
?Length@?$TString@_W@@QBEKXZ
??$AddRef@_W@STRBUF@@YAPA_WPA_W@Z
??$Release@_W@STRBUF@@YAXAAPA_W@Z
??$Append@_W@STRBUF@@YAXAAPA_WPB_WK@Z
??$Unique@D@STRBUF@@YAXAAPAD@Z
?GetTempNameA@File@@YAPADXZ
?GetTempNameW@File@@YAPA_WXZ
?Alloc@WSTR@@YAPA_WK@Z
??0?$TString@D@@QAE@PBD@Z
??0?$TString@D@@QAE@ABV0@@Z
??1?$TString@D@@UAE@XZ
?Length@?$TString@D@@QBEKXZ
?CalcLength@?$TString@D@@QAEKXZ
?SetLength@?$TString@D@@QAEXK@Z
?Clear@?$TString@D@@QAEXXZ
??4?$TString@D@@QAEAAV0@ABV0@@Z
??Y?$TString@D@@QAEAAV0@PBD@Z
??0?$TString@_W@@QAE@ABV0@@Z
??1?$TString@_W@@UAE@XZ
?CalcLength@?$TString@_W@@QAEKXZ
?Clear@?$TString@_W@@QAEXXZ
??Y?$TString@_W@@QAEAAV0@PB_W@Z
??_G?$TString@_W@@UAEPAXI@Z
?Unique@?$TString@D@@QAEXXZ
?GenerateBotID2@@YA?AV?$TString@D@@PBD@Z
??_C@_01GBGANLPD@0?$AA@
?GetPrefix@@YA?AV?$TString@D@@_N@Z
?GenerateUid@@YAXPAD@Z
?RandomString2@Random@@YA?AV?$TString@D@@KDD@Z
?GenerateBotID@@YAPADXZ
?GetNetInfo@@YAPADXZ
??_C@_0BB@FPEJJJLB@?7Have?5Wins?3?5No?$AN?6?$AA@
??_C@_0BP@ODMCHENH@?7?7Secondary?5Wins?5Server?3?5?7?$CFs?$AN?6?$AA@
??_C@_0BN@MKMAEBNF@?7?7Primary?5Wins?5Server?3?5?7?$CFs?$AN?6?$AA@
??_C@_0BC@JMBKMJKB@?7Have?5Wins?3?5Yes?$AN?6?$AA@
??_C@_0BE@DBKKDFJM@?7DHCP?5Enabled?3?5No?$AN?6?$AA@
??_C@_0BH@BGKILBGK@?7Lease?5Obtained?3?5?$CFld?$AN?6?$AA@
??_C@_0BF@LKHLHNMN@?7?7DHCP?5Server?3?5?7?$CFs?$AN?6?$AA@
??_C@_0BF@NJKLHGHI@?7DHCP?5Enabled?3?5Yes?$AN?6?$AA@
??_C@_0P@CNLLFMHA@?7?$AN?6?$AN?6?$CK?$CK?$CK?$AN?6?$AN?6?$AN?6?$AA@
??_C@_0CG@NCMFGLCB@?7MAC?5Address?3?5?$CF2X?9?$CF2X?9?$CF2X?9?$CF2X?9?$CF2@
??_C@_0BA@IPLEADMI@?7Gateway?3?5?7?$CFs?$AN?6?$AA@
??_C@_0BA@GEDOHLDE@?7IP?5Mask?3?5?7?$CFs?$AN?6?$AA@
??_C@_0BD@IPKIEDPP@?7IP?5Address?3?5?7?$CFs?$AN?6?$AA@
??_C@_0BG@HCKMCKNL@?7Adapter?5Addr?3?5?7?$CFld?$AN?6?$AA@
??_C@_0BF@GMEBPCAK@?7Adapter?5Desc?3?5?7?$CFs?$AN?6?$AA@
??_C@_0BF@HMNCKBDI@?7Adapter?5Name?3?5?7?$CFs?$AN?6?$AA@
?GetTempName2A@File@@YA?AV?$TString@D@@XZ
?ExtractFileNameA@File@@YA?AV?$TString@D@@PBD@Z
?GetSpecialFolderPathA@@YA?AV?$TString@D@@HPBD@Z
?GetSpecialFolderPathW@@YA?AV?$TString@_W@@HPB_W@Z
?GetAntiVirusProcessName@@YA?AV?$TString@D@@XZ
?UnicodeToAnsi@@YA?AV?$TString@D@@PB_WK@Z
?GetCommandParamByIndex@@YA?AV?$TString@D@@PBDK@Z
??_G?$TString@D@@UAEPAXI@Z
??A?$TString@D@@QAEAADK@Z
?CombineFileName@@YA?AV?$TString@D@@PBD0@Z