Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 9b03980fc64e940252b39aa9eb6f3af4 --

Hashes
MD5: 9b03980fc64e940252b39aa9eb6f3af4
SHA1: 9e6c139a3c3396fac98f63a6866a9696bacdbaea
SHA256: 5c17db7d1b741b3422a77f412e824699594c3de594ad3aa1b0159295a73774f6
SSDEEP: 1536:JMAIJ6CsBuyjWWzCSuH+pk1IC3+EnuJqkdSMf89u+GEm9xoJX1ISIdxPLwfGynEB:25J6CsBuyjWWzCSu+8p/GPxUqSmGt8
Details
File Type: 80386
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/Antivirus |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/BOT_PLUG/Objs/Release%20DEBUGCONFIG/DbgRpt.obj
Strings
		.drectve
.debug$S
B.rdata
0@.rdata
0@.bss
`.debug$S
B.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
@@.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
@@.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
@@.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.rdata
0@.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.debug$T
B   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"LIBCMT" /DEFAULTLIB:"OLDNAMES" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\DbgRpt.obj
Microsoft (R) Optimizing Compiler
e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG
D:\Program Files\Microsoft Visual Studio 9.0\VC\bin\cl.exe
-O1 -Oi -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitDropper -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Misc -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Common -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Core -Ie:\Projects\progs\Petrosjan\BJWJ\Source -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Modules -Ie:\Projects\progs\Petrosjan\BJWJ\include -Ie:\Projects\progs\Petrosjan\BJWJ\Source\RuBnk -DWIN32 -DNDEBUG -D_WINDOWS -D_USRDLL -DWHITE_JOE_DLL_EXPORTS -DDEBUGCONFIG -DBOTPLUG -D_WINDLL -FD -MT -GS- -Gy -GR- -Fo"e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\\" -Fd"e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\vc90.pdb" -W3 -c -Zi -TP -nologo -errorreport:prompt -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\include" -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\atlmfc\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -X
..\..\source\Common\DbgRpt.cpp
e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\vc90.pdb
MPOS_FULLCANCEL
MPOS_SELECTLEFT
Uri_PROPERTY_STRING_LAST
Uri_PROPERTY_ZONE
Uri_HOST_DNS
Uri_HOST_IPV4
fcmRead
fcmWrite
fcmReadWrite
fcmCreate
CC_CDECL
CC_MSCPASCAL
CC_PASCAL
CC_MACPASCAL
CC_STDCALL
CC_FPFASTCALL
ApiCacheSize
CC_SYSCALL
CC_MPWCDECL
CC_MPWPASCAL
DVEXTENT_CONTENT
VAR_STATIC
	'BANKING_SIGNAL_FILE_HASH
IdleShutdown
URLZONE_INTRANET
INTERNET_SCHEME_FTP
INTERNET_SCHEME_RES
URLZONEREG_DEFAULT
URLZONEREG_HKLM
HostCheckInterval
VIDEORECORD_DEFAULT_PORT
VIDEO_FULLSCREEN
VIDEO_ALWAYS
AL_MACHINE
AT_URLPROTOCOL
AT_STARTMENUCLIENT
COR_VERSION_MAJOR_V2
DESCKIND_IMPLICITAPPOBJ
CT_AND_CONDITION
NoAccess
hmUnknown
ReadWrite
BINDSTRING_POST_COOKIE
BINDSTRING_FLAG_BIND_TO_OBJECT
COP_VALUE_NOTCONTAINS
SQPE_NONE
SQPE_EXTRA_OPENING_PARENTHESIS
SQPE_IGNORED_MODIFIER
SQPE_IGNORED_CONNECTOR
SQPE_IGNORED_KEYWORD
ILK_NEGATIVE_INFINITY
QPMO_PRELOCALIZED_SCHEMA_BINARY_PATH
QPMO_LOCALIZED_SCHEMA_BINARY_PATH
QPMO_APPEND_LCID_TO_LOCALIZED_PATH
MARKUPSIZE_CALCWIDTH
MARKUPLINKTEXT_URL
MARKUPLINKTEXT_ID
MARKUPMESSAGE_KEYEXECUTE
NODE_INVALID
NODE_ELEMENT
NODE_ATTRIBUTE
NODE_TEXT
NODE_CDATA_SECTION
NODE_ENTITY_REFERENCE
NODE_ENTITY
NODE_COMMENT
NODE_DOCUMENT
NODE_DOCUMENT_TYPE
NODE_DOCUMENT_FRAGMENT
XMLELEMTYPE_DOCUMENT
SA_Yes
SA_Maybe
SA_NoAccess
SA_Read
SA_Write
SA_ReadWrite
COOKIE_STATE_REJECT
VT_BSTR
VT_DISPATCH
VT_RECORD
VT_RESERVED
PARSE_CANONICALIZE
PARSE_FRIENDLY
PARSE_SECURITY_URL
TYSPEC_MIMETYPE
PARSE_ROOTDOCUMENT
PARSE_DOCUMENT
TYSPEC_FILENAME
TYSPEC_PROGID
TYSPEC_PACKAGENAME
PARSE_ENCODE
PARSE_DECODE
PARSE_PATH_FROM_URL
PARSE_URL_FROM_PATH
PARSE_MIME
PARSE_SERVER
PARSE_SCHEMA
PARSE_SITE
PARSE_DOMAIN
PARSE_LOCATION
PARSE_SECURITY_DOMAIN
PARSE_ESCAPE
PSU_DEFAULT
FFFP_EXACTMATCH
BINDSTATUS_FINDINGRESOURCE
QUERY_IS_INSTALLEDENTRY
BINDSTATUS_CONNECTING
BINDSTATUS_REDIRECTING
BINDSTATUS_BEGINDOWNLOADDATA
BINDSTATUS_ENDDOWNLOADDATA
BINDSTATUS_BEGINDOWNLOADCOMPONENTS
BINDSTATUS_INSTALLINGCOMPONENTS
BINDSTATUS_ENDDOWNLOADCOMPONENTS
BINDSTATUS_USINGCACHEDCOPY
BINDSTATUS_SENDINGREQUEST
BINDSTATUS_MIMETYPEAVAILABLE
BINDSTATUS_CACHEFILENAMEAVAILABLE
BINDSTATUS_BEGINSYNCOPERATION
BINDSTATUS_ENDSYNCOPERATION
BINDSTATUS_BEGINUPLOADDATA
BINDSTATUS_ENDUPLOADDATA
BINDSTATUS_PROTOCOLCLASSID
BINDSTATUS_ENCODING
BINDSTATUS_VERIFIEDMIMETYPEAVAILABLE
BINDSTATUS_CLASSINSTALLLOCATION
BINDSTATUS_DECODING
BINDSTATUS_LOADINGMIMEHANDLER
BINDSTATUS_CONTENTDISPOSITIONATTACH
SYS_WIN32
SYS_MAC
BINDSTATUS_CLSIDCANINSTANTIATE
BINDSTATUS_IUNKNOWNAVAILABLE
BINDSTATUS_DIRECTBIND
BINDSTATUS_RAWMIMETYPE
BINDSTATUS_PROXYDETECTING
BINDSTATUS_ACCEPTRANGES
BINDSTATUS_COOKIE_SENT
BINDSTATUS_COMPACT_POLICY_RECEIVED
BINDSTATUS_COOKIE_SUPPRESSED
BINDSTATUS_COOKIE_STATE_ACCEPT
BINDSTATUS_COOKIE_STATE_REJECT
BINDSTATUS_COOKIE_STATE_PROMPT
BINDSTATUS_PERSISTENT_COOKIE_RECEIVED
BINDSTATUS_CACHECONTROL
BINDSTATUS_CONTENTDISPOSITIONFILENAME
BINDSTATUS_MIMETEXTPLAINMISMATCH
BINDSTATUS_PUBLISHERAVAILABLE
BINDSTATUS_DISPLAYNAMEAVAILABLE
NEC_MEDIUM
DLL_KERNEL32
DLL_ADVAPI32
DLL_USER32
DLL_SHELL32
SPACTION_NONE
SPACTION_MOVING
SPACTION_COPYING
SPACTION_RECYCLING
SPACTION_APPLYINGATTRIBS
SPACTION_DOWNLOADING
SPACTION_SEARCHING_INTERNET
SPACTION_CALCULATING
SPACTION_UPLOADING
SPACTION_SEARCHING_FILES
SPACTION_DELETING
SPACTION_RENAMING
FEATURE_OBJECT_CACHING
FEATURE_ZONE_ELEVATION
FEATURE_MIME_HANDLING
FEATURE_MIME_SNIFFING
FEATURE_WINDOW_RESTRICTIONS
FEATURE_WEBOC_POPUPMANAGEMENT
FEATURE_BEHAVIORS
FEATURE_DISABLE_MK_PROTOCOL
FEATURE_LOCALMACHINE_LOCKDOWN
FEATURE_SECURITYBAND
FEATURE_RESTRICT_ACTIVEXINSTALL
FEATURE_RESTRICT_FILEDOWNLOAD
FEATURE_ADDON_MANAGEMENT
FEATURE_PROTOCOL_LOCKDOWN
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
FEATURE_SAFE_BINDTOOBJECT
FEATURE_UNC_SAVEDFILECHECK
FEATURE_GET_URL_DOM_FILEPATH_UNENCODED
TKIND_INTERFACE
FEATURE_TABBED_BROWSING
FEATURE_SSLUX
TKIND_DISPATCH
FEATURE_DISABLE_NAVIGATION_SOUNDS
FEATURE_DISABLE_LEGACY_COMPRESSION
TKIND_ALIAS
FEATURE_FORCE_ADDR_AND_STATUS
FEATURE_XMLHTTP
FEATURE_DISABLE_TELNET_PROTOCOL
FEATURE_FEEDS
FEATURE_BLOCK_INPUT_PROMPTS
OFS_INACTIVE
OFS_ONLINE
OFS_OFFLINE
OFS_SERVERBACK
DbgRptCs
DbgRptSettingDefault
DbgRptSettings
CIP_DISK_FULL
CIP_ACCESS_DENIED
CIP_NEWER_VERSION_EXISTS
CHANGEKIND_ADDMEMBER
CIP_OLDER_VERSION_EXISTS
CIP_NAME_CONFLICT
CHANGEKIND_DELETEMEMBER
CIP_TRUST_VERIFICATION_COMPONENT_MISSING
CHANGEKIND_SETNAMES
CIP_EXE_SELF_REGISTERATION_TIMEOUT
CHANGEKIND_SETDOCUMENTATION
CHANGEKIND_GENERAL
CIP_UNSAFE_TO_ABORT
CHANGEKIND_INVALIDATE
CIP_NEED_REBOOT
CHANGEKIND_CHANGEFAILED
Uri_PROPERTY_STRING_START
Uri_PROPERTY_AUTHORITY
Uri_PROPERTY_DISPLAY_URI
tagPARAMDESC
tagPARAMDESCEX
tagBINDPTR
LPPARAMDESCEX
CALLCONV
STRING
BINDPTR
TYPEKIND
FUNCKIND
PARAMDESC
tagTLIBATTR
_SYSTEM_STRINGS
ELEMDESC
PMemBlockList
VARIANTARG
SAFEARRAYBOUND
PDWORD
tagELEMDESC
DESCKIND
_PEB_FREE_BLOCK
PHANDLE
TYPEDESC
KSPIN_LOCK
tagEXCEPINFO
PMemBlock
_NT_TIB
tagSTATSTG
VARKIND
_RTL_DRIVE_LETTER_CURDIR
LPOLESTR
tagFUNCDESC
NTSTATUS
tagIDLDESC
_UNICODE_STRING
TMemory
PPEBLOCKROUTINE
LONGLONG
tagApplicationType
HMEMORYMODULE
tagCABSTR
PIDMSI_STATUS_VALUE
TMultiPartItem
LONG_PTR
PROPVAR_PAD3
LPVOID
STRBUF::TStrRec
TRequest
FUNCDESC
tagCACLSID
tagCADBL
_RTL_BITMAP
SIZE_T
BOOLEAN
tagBANDSITECID
PTEXT_INFO
KAFFINITY
HREFTYPE
TRequestList
tagTYPEKIND
UNICODE_STRING
tagDESCKIND
tagCACY
tagSYSKIND
_STRING
tagXMLEMEM_TYPE
OLECHAR
tagVARKIND
PPEB_LDR_DATA
EXCEPINFO
PFNDACOMPARE
_FILETIME
ULONGLONG
VARDESC
LPCOLESTR
LPCRITICAL_SECTION
tagSTRUCTURED_QUERY_SINGLE_OPTION
IUnknown
MEMBERID
tagARRAYDESC
THTTPResponseRec
PMultiPartData
DOUBLE
tagVARDESC
TGrabber
tagBINDSTRING
DECIMAL
_OSVERSIONINFOEXA
CLIENT_ID
STARTUPINFOA
OSVERSIONINFOEXA
SYSKIND
__MIDL_IUri_0001
tagCONDITION_OPERATION
TListTemplate<void *>
TBotSocket
BSTRBLOB
tagCAH
_tagQUERYOPTION
TBotEvent
THTTPMethod
_TP_CALLBACK_ENVIRON
_TP_CALLBACK_ENVIRON::<unnamed-type-u>
_TP_CALLBACK_ENVIRON::<unnamed-type-u>::<unnamed-type-s>
ITypeComp
TProcessType
tagCAUI
tagCAFILETIME
LPITEMIDLIST
tagDISPPARAMS
VARIANT_BOOL
tagSAFEARRAY
PROPVARIANT
LIST_ENTRY
TMemBlock
CAPROPVARIANT
tagTYSPEC
HCRYPTKEY
TMultiPartData
TMultiPartData::TReadPart
TPlugin
tagTYPEDESC
FOLDERTYPEID
tagCLIPDATA
PSYSTEM_STRINGS
RTL_DRIVE_LETTER_CURDIR
CADATE
PFNDPAMERGE
tagPKA_FLAGS
tagCAC
THTTPResponse
KNOWNFOLDERID
IDLDESC
PTP_CALLBACK_INSTANCE
tagTYPEATTR
THTTPChunks
THTTPChunks::TState
tagSAFEARRAYBOUND
PWCHAR
HWND__
tagBLOB
THTMLInjectData
tagURLZONE
_LARGE_INTEGER
_LARGE_INTEGER::<unnamed-type-u>
ReplacesCorHdrNumericDefines
_ULARGE_INTEGER
_ULARGE_INTEGER::<unnamed-type-u>
_PEB_LDR_DATA
ISequentialStream
PRTL_BITMAP
tagSTRUCTURED_QUERY_MULTIOPTION
VARENUM
_CLIENT_ID
PPEB_FREE_BLOCK
tagCAI
tagCAUB
tagFUNCKIND
PCUWSTR
LPSAFEARRAY
tagFILE_USAGE_TYPE
tagQUERY_PARSER_MANAGER_OPTION
TRequestEvent
_URLZONEREG
RTL_CRITICAL_SECTION
VideoLog
THTTPRequest
TListNotifyEvent
tagBSTRBLOB
TLIBATTR
LARGE_INTEGER
IEnumSTATSTG
VARTYPE
TBotCollectionItem
TP_VERSION
ITypeLib
TBotStrings
_PROCESS_INFORMATION
tagDEC
PROCESS_INFORMATION
TValue
PFNDAENUMCALLBACK
CLIPDATA
TYPEATTR
tagVARIANT
DISPID
PRTL_CRITICAL_SECTION
vc_attributes::YesNoMaybe
vc_attributes::PreAttribute
vc_attributes::PostAttribute
vc_attributes::AccessType
HKEY__
TIfobsOnlineGrabber
USHORT
THTMLInject
tagCADATE
TBotStream
PRequestList
tagMARKUPMESSAGE
tagCAUH
ULARGE_INTEGER
IRecordInfo
_STARTUPINFOA
LPARAM
TKeyLogger
_RTL_CRITICAL_SECTION
ldiv_t
CASCODE
_SPTEXT
TDataBlock
PPROCESS_PARAMETERS
PRTL_CRITICAL_SECTION_DEBUG
tagASSOCIATIONTYPE
PRequest
CAFILETIME
_CURDIR
HIMAGELIST
TProcessPipe
KF_CATEGORY
DISPPARAMS
LPVARIANT
TMultiPartDataRec
va_list
TMemoryDLL
INVOKEKIND
ITEMIDLIST
tagFFFP_MODE
STATSTG
__MIDL_IUri_0002
_TEXT_INFO
HANDLE
tagCALPWSTR
NT_TIB
HCRYPTPROV
_tagPSUACTION
PROPVAR_PAD1
CALPSTR
HCRYPTHASH
PTP_POOL
tagINTERVAL_LIMIT_KIND
LPBYTE
SAFEARRAY
tagMARKUPSIZE
PProcessPipe
tagCABOOL
_RTL_CRITICAL_SECTION_DEBUG
IStorage
TWinCrypt
tagCONDITION_TYPE
tagSTRUCTURED_QUERY_PARSE_ERROR
tagKNOWNFOLDER_DEFINITION
CALPWSTR
PUWSTR
TString<char>
TBotList
TBotObject
PStrings
_LIST_ENTRY
tagMARKUPLINKTEXT
KF_DEFINITION_FLAGS
tagCALPSTR
TEventContainer
ITypeInfo
PMultiPartItem
LPWSTR
LPVERSIONEDSTREAM
IStream
CRITICAL_SECTION
size_t
PHTTPResponseRec
CURDIR
_PROCESS_PARAMETERS
tagPROPVARIANT
INTERNET_SCHEME
InternetCookieState
CABSTRBLOB
TBotFileStream
tagVersionedStream
tagASSOCIATIONLEVEL
tagMENUPOPUPSELECT
TCryptHTTP
FILETIME
tagCAFLT
tagCACLIPDATA
TDllId
tagBINDSTATUS
OfflineFolderStatus
VARIANT
IDispatch
tagDOMNodeType
tagShutdownType
_ITEMIDLIST
tagCAL
tagCAPROPVARIANT
tagExtentMode
tagCABSTRBLOB
SHITEMID
THTMLInjectList
PTP_SIMPLE_CALLBACK
tagCHANGEKIND
CACLIPDATA
PTP_CLEANUP_GROUP_CANCEL_CALLBACK
TValues
PTP_CALLBACK_ENVIRON
PTP_CLEANUP_GROUP
__MIDL___MIDL_itf_structuredquery_0000_0013_0001
CACLSID
ULONG_PTR
_SPACTION
STRUTILS<char>
PROPVAR_PAD2
_ldiv_t
PFNDACOMPARECONST
__MIDL_ICodeInstall_0001
TMultiPartDataItem
PFNDAENUMCALLBACKCONST
HRESULT
KNOWNFOLDER_DEFINITION
TBotCollection
tagCALLCONV
_tagINTERNETFEATURELIST
PFNDPAMERGECONST
CABOOL
string
_tagPARSEACTION
TStrEnum
tagCASCODE
DebugReportSettings
tagCAUL
_SHITEMID
CABSTR
Iakytp[O:ac
v>.kD0
Y./Pxx
YZz%.J	
wn:ph>
6rUo6A
e:\projects\progs\petrosjan\bjwj\source\misc\backconnect.h
c:\program files\microsoft sdks\windows\v6.0a\include\oaidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\inaddr.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack1.h
e:\projects\progs\petrosjan\bjwj\source\common\pipes.h
c:\program files\microsoft sdks\windows\v6.0a\include\mmsystem.h
d:\program files\microsoft visual studio 9.0\vc\include\io.h
e:\projects\progs\petrosjan\bjwj\source\core\listtemplate.cpp
c:\program files\microsoft sdks\windows\v6.0a\include\mcx.h
c:\program files\microsoft sdks\windows\v6.0a\include\comcat.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnetwk.h
e:\projects\progs\petrosjan\bjwj\source\misc\keylogsystems.h
c:\program files\microsoft sdks\windows\v6.0a\include\nb30.h
e:\projects\progs\petrosjan\bjwj\source\common\universalkeylogger.h
e:\projects\progs\petrosjan\bjwj\source\common\wndutils.h
e:\projects\progs\petrosjan\bjwj\source\common\dbgrpt.h
e:\projects\progs\petrosjan\bjwj\source\misc\bsssign.h
d:\program files\microsoft visual studio 9.0\vc\include\stdarg.h
c:\program files\microsoft sdks\windows\v6.0a\include\windef.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdcep.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\bsssendfile.h
c:\program files\microsoft sdks\windows\v6.0a\include\winefs.h
c:\program files\microsoft sdks\windows\v6.0a\include\propidl.h
e:\projects\progs\petrosjan\bjwj\source\core\botcrypthttp.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_adt.h
e:\projects\progs\petrosjan\bjwj\source\core\botdebug.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\yandex.h
c:\program files\microsoft sdks\windows\v6.0a\include\sherrors.h
c:\program files\microsoft sdks\windows\v6.0a\include\shtypes.h
e:\projects\progs\petrosjan\bjwj\source\misc\killos_reboot.h
e:\projects\progs\petrosjan\bjwj\source\misc\ddos.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\rafa.h
c:\program files\microsoft sdks\windows\v6.0a\include\knownfolders.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\azconfig.h
d:\program files\microsoft visual studio 9.0\vc\include\stdlib.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\bootkit.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\javaconfig.h
e:\projects\progs\petrosjan\bjwj\source\common\dbgrpt.cpp
d:\program files\microsoft visual studio 9.0\vc\include\limits.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_strict.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_undef.h
e:\projects\progs\petrosjan\bjwj\source\core\plugins.h
e:\projects\progs\petrosjan\bjwj\source\misc\grabber.h
c:\program files\microsoft sdks\windows\v6.0a\include\wincon.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\ibanksystem.h
e:\projects\progs\petrosjan\bjwj\source\common\task.h
e:\projects\progs\petrosjan\bjwj\source\common\keylogger.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\avangard.h
e:\projects\progs\petrosjan\bjwj\source\core\ntdll.h
e:\projects\progs\petrosjan\bjwj\source\core\ntstatus.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\ifobs.h
c:\program files\microsoft sdks\windows\v6.0a\include\commctrl.h
c:\program files\microsoft sdks\windows\v6.0a\include\objbase.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdce.h
e:\projects\progs\petrosjan\bjwj\source\core\botsocket.h
c:\program files\microsoft sdks\windows\v6.0a\include\shobjidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\wingdi.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpc.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\bbscbank.h
c:\program files\microsoft sdks\windows\v6.0a\include\urlmon.h
c:\program files\microsoft sdks\windows\v6.0a\include\windows.h
c:\program files\microsoft sdks\windows\v6.0a\include\guiddef.h
c:\program files\microsoft sdks\windows\v6.0a\include\sdkddkver.h
e:\projects\progs\petrosjan\bjwj\source\common\videorecorder.h
d:\program files\microsoft visual studio 9.0\vc\include\excpt.h
e:\projects\progs\petrosjan\bjwj\source\core\dllloader.h
c:\program files\microsoft sdks\windows\v6.0a\include\shldisp.h
d:\program files\microsoft visual studio 9.0\vc\include\crtdefs.h
e:\projects\progs\petrosjan\bjwj\source\core\utils.h
d:\program files\microsoft visual studio 9.0\vc\include\vadefs.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnt.h
c:\program files\microsoft sdks\windows\v6.0a\include\servprov.h
d:\program files\microsoft visual studio 9.0\vc\include\ctype.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\ifobsonline.h
e:\projects\progs\petrosjan\bjwj\source\misc\javaappletgrabbers.h
c:\program files\microsoft sdks\windows\v6.0a\include\winbase.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\finam.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\bss.h
e:\projects\progs\petrosjan\bjwj\source\core\botutils.h
e:\projects\progs\petrosjan\bjwj\source\core\strings.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsock.h
e:\projects\progs\petrosjan\bjwj\builds\bot_plug\modules\modules.h
e:\projects\progs\petrosjan\bjwj\source\common\internetexplorer.h
c:\program files\microsoft sdks\windows\v6.0a\include\winreg.h
c:\program files\microsoft sdks\windows\v6.0a\include\wininet.h
c:\program files\microsoft sdks\windows\v6.0a\include\imm.h
e:\projects\progs\petrosjan\bjwj\source\misc\hunter.h
e:\projects\progs\petrosjan\bjwj\source\core\dbgtemplates.h
c:\program files\microsoft sdks\windows\v6.0a\include\commdlg.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack4.h
d:\program files\microsoft visual studio 9.0\vc\include\string.h
e:\projects\progs\petrosjan\bjwj\source\misc\certgrab.h
c:\program files\microsoft sdks\windows\v6.0a\include\winspool.h
c:\program files\microsoft sdks\windows\v6.0a\include\prsht.h
c:\program files\microsoft sdks\windows\v6.0a\include\oleauto.h
e:\projects\progs\petrosjan\bjwj\source\core\bothosts.h
c:\program files\microsoft sdks\windows\v6.0a\include\winver.h
c:\program files\microsoft sdks\windows\v6.0a\include\tvout.h
c:\program files\microsoft sdks\windows\v6.0a\include\stralign.h
e:\projects\progs\petrosjan\bjwj\source\common\opera.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnterr.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcasync.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsi.h
c:\program files\microsoft sdks\windows\v6.0a\include\poppack.h
c:\program files\microsoft sdks\windows\v6.0a\include\winperf.h
c:\program files\microsoft sdks\windows\v6.0a\include\shellapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\isguids.h
c:\program files\microsoft sdks\windows\v6.0a\include\winscard.h
c:\program files\microsoft sdks\windows\v6.0a\include\dlgs.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsvc.h
c:\program files\microsoft sdks\windows\v6.0a\include\wtypes.h
e:\projects\progs\petrosjan\bjwj\source\common\keepalive.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsmcrd.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcndr.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsip.h
c:\program files\microsoft sdks\windows\v6.0a\include\exdisp.h
c:\program files\microsoft sdks\windows\v6.0a\include\objidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnls.h
e:\projects\progs\petrosjan\bjwj\source\common\botconfig.h
e:\projects\progs\petrosjan\bjwj\source\common\unhook.h
c:\program files\microsoft sdks\windows\v6.0a\include\propsys.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\rubnk.h
e:\projects\progs\petrosjan\bjwj\source\core\memory.h
c:\program files\microsoft sdks\windows\v6.0a\include\bcrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\oleidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\unknwn.h
c:\program files\microsoft sdks\windows\v6.0a\include\msxml.h
c:\program files\microsoft sdks\windows\v6.0a\include\cguid.h
c:\program files\microsoft sdks\windows\v6.0a\include\lzexpand.h
c:\program files\microsoft sdks\windows\v6.0a\include\ddeml.h
c:\program files\microsoft sdks\windows\v6.0a\include\wincrypt.h
e:\projects\progs\petrosjan\bjwj\source\core\botcore.h
e:\projects\progs\petrosjan\bjwj\source\core\getapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\reason.h
c:\program files\microsoft sdks\windows\v6.0a\include\ncrypt.h
e:\projects\progs\petrosjan\bjwj\source\core\bothttp.h
e:\projects\progs\petrosjan\bjwj\source\core\crypt.h
e:\projects\progs\petrosjan\bjwj\source\core\botclasses.h
e:\projects\progs\petrosjan\bjwj\source\core\md5.h
e:\projects\progs\petrosjan\bjwj\source\common\firefox.h
c:\program files\microsoft sdks\windows\v6.0a\include\propkeydef.h
e:\projects\progs\petrosjan\bjwj\source\misc\ftpsniffer.h
e:\projects\progs\petrosjan\bjwj\source\common\requests.h
c:\program files\microsoft sdks\windows\v6.0a\include\docobj.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack2.h
e:\projects\progs\petrosjan\bjwj\source\misc\coocksol.h
e:\projects\progs\petrosjan\bjwj\source\core\strimplementation.cpp
e:\projects\progs\petrosjan\bjwj\source\misc\cyberplatdll.h
c:\program files\microsoft sdks\windows\v6.0a\include\ocidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\winioctl.h
c:\program files\microsoft sdks\windows\v6.0a\include\winuser.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\sber.h
e:\projects\progs\petrosjan\bjwj\source\common\cabpacker.h
c:\program files\microsoft sdks\windows\v6.0a\include\fci.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcsal.h
c:\program files\microsoft sdks\windows\v6.0a\include\basetsd.h
c:\program files\microsoft sdks\windows\v6.0a\include\shlobj.h
c:\program files\microsoft sdks\windows\v6.0a\include\structuredquery.h
c:\program files\microsoft sdks\windows\v6.0a\include\cderr.h
e:\projects\progs\petrosjan\bjwj\source\core\splice.h
c:\program files\microsoft sdks\windows\v6.0a\include\dde.h
c:\program files\microsoft sdks\windows\v6.0a\include\ole2.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\tiny.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack8.h
c:\program files\microsoft sdks\windows\v6.0a\include\winerror.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings.h
e:\projects\progs\petrosjan\bjwj\source\common\hostsautoupdate.h
d:\program files\microsoft visual studio 9.0\vc\include\fcntl.h
d:\program files\microsoft visual studio 9.0\vc\include\sal.h
d:\program files\microsoft visual studio 9.0\vc\include\codeanalysis\sourceannotations.h
c:\program files\microsoft sdks\windows\v6.0a\include\ktmtypes.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\java_patcher.h
e:\projects\progs\petrosjan\bjwj\source\rubnk\javaclient2015saver.h
e:\projects\progs\petrosjan\bjwj\source\core\config.h
c:\program files\microsoft sdks\windows\v6.0a\include\shlguid.h
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 164 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 20 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 16 - ^ =
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + = $ebx $T0 4 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 40 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 1056 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 32 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 28 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 132 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 80 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 128 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 120 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 24 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 76 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 644 - ^ =
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + = $ebx $T0 16 - ^ =
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + = $ebp $T0 20 - ^ = $ebx $T0 16 - ^ =
TBotObject::~TBotObject
TBotObject::`scalar deleting destructor'
TBotObject::TBotObject
DebugReportAllocSettings
Enabled
StatPrefix
StatUrl
DebugReportFreeSettings
settings
TString<char>::TString<char>
TString<char>::t_str
STRUTILS<char>::Length
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,DebugReportSettings *>
Module
pushargEx<1,3665935448,143,_RTL_CRITICAL_SECTION *>
newfunc
pushargEx<2,2426443750,234,HKEY__ *,char *,int,int,int,long,int,HKEY__ * *,unsigned long *>
newfunc
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,char *>
Module
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,HKEY__ *>
Module
pushargEx<2,402843592,210,HKEY__ *,char *,int,unsigned long *,unsigned char *,unsigned long *>
newfunc
pushargEx<2,3677705524,212,HKEY__ *>
newfunc
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,unsigned long,unsigned long>
Module
pushargEx<2,1044385750,215,HKEY__ *,char *,int,int,unsigned char const *,unsigned long>
newfunc
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,unsigned long>
Module
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,bool,char *>
Module
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,char *,char *,char *>
Module
pushargEx<1,4088942341,144,_RTL_CRITICAL_SECTION *>
newfunc
h'`+9j
pushargEx<1,959143975,145,_RTL_CRITICAL_SECTION *>
newfunc
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *>
Module
pushargEx<1,1033466613,47,int>
newfunc
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,char const *>
Module
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,bool,char *,char *>
Module
pushargEx<3,1799024876,337,char *,char const *,char *>
newfunc
pushargEx<1,2024803454,135,char *,int>
newfunc
pushargEx<1,2621967908,62,_OSVERSIONINFOEXA *>
newfunc
pushargEx<7,3378349392,436,int,char *,int,bool>
newfunc
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,bool>
Module
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,char *,char *>
Module
pushargEx<1,1177651911,60,char *,char *,int,int,int,int,int,int,_STARTUPINFOA *,_PROCESS_INFORMATION *>
newfunc
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,int,void *,unsigned long>
Module
pushargEx<1,3309532403,46,void *,unsigned int>
newfunc
pushargEx<1,1916711125,17,void *>
newfunc
pushargEx<1,1196787639,84,char *>
newfunc
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,char *,unsigned long>
Module
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,void *>
Module
pushargEx<1,2180051167,35,char *>
newfunc
DBGRPTDEBGTEMPLATES::DBGOutMessage<char const *,char const *,char *,unsigned long,unsigned long>
Module
pushargEx<2,2426443760,233,HKEY__ *,wchar_t *,int,int,int,long,int,HKEY__ * *,unsigned long *>
newfunc
pushargEx<1,759216358,130,char *>
newfunc
pushargEx<2,1044385728,216,HKEY__ *,wchar_t const *,int,int,unsigned char const *,unsigned long>
newfunc
STRUTILS<char>::IsEmpty
STRBUF::Alloc<char>
STRBUF::GetRec<char>
DbgRptSprintfA
buffer
format
GetPathToMsInfo32
PathSuffix
msinfo32.exe
\Common Files\Microsoft Shared\MSInfo\
DebugReportSendSysInfo
Params
Buffer
HTTP::Post() result %d
DebugReportSendSysInfo
sending url='%s'
storefile
TString<char>::IsEmpty
STRBUF::CreateFromStr<char>
StrLen
ResultStrSize
STRBUF::AddRef<char>
STRBUF::Release<char>
STRBUF::Length<char>
STRBUF::Append<char>
SrcLen
TString<char>::TString<char>
copylen
TString<char>::TString<char>
TString<char>::TString<char>
TString<char>::~TString<char>
TString<char>::Length
TString<char>::operator=
Source
TString<char>::operator=
Source
TString<char>::operator+=
Source
TString<char>::operator+=
Source
GenerateUidAsString
Prefix
CreateGuidFromUid
CurPtr
wide_uid
CreateSettingKey
Software\Classes\CLSID\
GetValueName
Suffix
GetValueName
returning value_name='%s'
DebugReportLoadParamList
ParamList
ValueLength
query_value_result
Buffer
ValueType
Finished.(param_list='%s')
RegQueryValueEx() result=%u ValueType=%d
DebugReportLoadParamList
CreateSettingKey() result=0x%X
DebugReportSaveParamList
ParamList
EncodedString
RegSetValueEx() result=%u
DebugReportSaveParamList
DebugReportLoadSettings
ParamList
ParamListLoaded
StatUrl
PlugName
StatPrefix
Parsing arguments results: PlugName='%s' StatPrefix='%s' StatUrl='%s'
DebugReportLoadParamList() result=%d (ParamList='%s').
DebugReportLoadSettings
DebugReportUpdateSettingsThread
Arguments
DebugReportUpdateSettingsThread
Sleep 10 min
DebugReportSaveSettings
ParamsList
DebugReportSaveSettings
Started with ParamsList='%s'
DebugReportGetSettings
DebugReportStepByName
StepName
Params
Buffer
Fields
BotUid
go to url='%s'
DebugReportStepByName
Started with settings: Enabled='%d' StatPrefix='%s' StatUrl='%s'
CalcNtldrMd5
Buffer
BufferSize
DebugReportSystem
NtldrMd5Buffer
Params
OsInfo
Buffer
BotUid
NtldrMd5
beforerbt
DebugReportSystem
DebugReportBkInstallCode
BkInstallResult
Params
fwsprintfA
Buffer
BotUid
bkinstall
DebugReportBkInstallCode
DebugReportUpdateNtldrCheckSum
NtldrMd5Buffer
Params
Buffer
BotUid
NtldrMd5
DebugReportUpdateNtldrCheckSumm
DebugReportUpdateNtldrCheckSum
QSSSSSSW
DebugReportCreateConfigReportAndSend
ReportPath
MsInfoPath
settings
CabPath
BotUid
finished.
sysinfo report sent.
sending sysinfo report.
sysinfo.txt
CreateCab() return 0x%X.
'%s' attibutes 0x%X.
Waiting for msinfo32.
CreateProcess return %d.(ph=0x%X pid=%d)
CreateProcess('%s', '%s')
 /report "
GetTempNameA() for report file return '%s;
GetPathToMsInfo32() return '%s;
DebugReportCreateConfigReportAndSend
GetDriverUrl
UrlBuffer
UrlBufferSize
Params
BotUid
Url='%s':%u (buffer_size=%u)
170_dr
GetDriverUrl
DebugReportStep1
NtldrMd5Buffer
Params
OsInfo
BotUid
NtldrMd5
..\..\source\Common\DbgRpt.cpp
DebugReportStep1: sending url='%s'
DebugReportStep2
BkInstallResult
Params
fwsprintfA
BotUid
DebugReportStep2: sending url='%s'
DebugReportSaveUrlForBootkitDriver
key_path
Url key set (url=%s).
RegSetValueExW return 0x%X
DebugReportSaveUrlForBootkitDriver
RegCreateKeyExW return 0x%X
TString<char>::`scalar deleting destructor'
DebugReportInit
DebugReportInit
Start initialize debug reporting (DbgRptSettings=0x%X).
DebugReportRunTests
params
100_trtr
Settings: Enabled='%d' StatPrefix='%s' StatUrl='%s'
---------
DebugReportTest
BkDrop.plug
BkDrop.plug bktestt http://test.orh/gettes/tetst.php
param1 param2 param3
e:\projects\progs\petrosjan\bjwj\builds\bot_plug\objs\release debugconfig\vc90.pdb
@comp.id	x
@feat.00
.drectve
.debug$S
.rdata
.rdata
.debug$S
.rdata
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.rdata
.debug$S
.rdata
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.rdata
.rdata
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.rdata
.debug$S
.rdata
.rdata
.rdata
.debug$S
.rdata
.rdata
.debug$S
.rdata
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$S
.rdata
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.debug$S
.rdata
.rdata
.debug$S
.rdata
.rdata
.debug$S
.debug$S
.rdata
.rdata
.rdata
.rdata
.debug$S
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.debug$S
.rdata
.rdata
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$S
.rdata
.rdata
.rdata
.debug$S
.rdata
.rdata
.debug$S
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$S
.debug$S
.rdata
.rdata
.debug$S
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$T
?Hibernation@TVideoRecDLL@@2HB
?RunCallback@TVideoRecDLL@@2HB
_DbgRptSettings
??1TBotObject@@UAE@XZ
??_7TBotObject@@6B@
??_GTBotObject@@UAEPAXI@Z
??_ETBotObject@@UAEPAXI@Z
??_GTBotObject@@UAEPAXI@Z
??3TBotObject@@SAXPAX@Z
??0TBotObject@@QAE@XZ
?DebugReportAllocSettings@@YAPAUDebugReportSettings@@_NPBD1@Z
?New@STR@@YAPADPADK@Z
?Alloc@HEAP@@YAPAXK@Z
?DebugReportFreeSettings@@YAXPAUDebugReportSettings@@@Z
?Free@HEAP@@YAXPAX@Z
?Free@STR@@YAXPAD@Z
_DbgRptSettingDefault
??0?$TString@D@@QAE@XZ
??_7?$TString@D@@6B@
??_G?$TString@D@@UAEPAXI@Z
??_E?$TString@D@@UAEPAXI@Z
?t_str@?$TString@D@@QBEPADXZ
??_C@_11LOCGONAA@?$AA?$AA@
?Length@?$STRUTILS@D@@SAKPBD@Z
??$DBGOutMessage@PBDPBDPAUDebugReportSettings@@@DBGRPTDEBGTEMPLATES@@YAXPBD0PAUDebugReportSettings@@@Z
?MessageEx@Debug@@YAXPADK000ZZ
??$pushargEx@$00$0NKIBLMFI@$0IP@PAU_RTL_CRITICAL_SECTION@@@@YAPAXPAU_RTL_CRITICAL_SECTION@@@Z
?GetProcAddressEx2@@YAPAXPADKKH@Z
??$pushargEx@$01$0JAKAJHOG@$0OK@PAUHKEY__@@PADHHHJHPAPAU1@PAK@@YAPAXPAUHKEY__@@PADHHHJHPAPAU0@PAK@Z
??$DBGOutMessage@PBDPBDPAD@DBGRPTDEBGTEMPLATES@@YAXPBD0PAD@Z
??$DBGOutMessage@PBDPBDPAUHKEY__@@@DBGRPTDEBGTEMPLATES@@YAXPBD0PAUHKEY__@@@Z
??$pushargEx@$01$0BIACOHMI@$0NC@PAUHKEY__@@PADHPAKPAEPAK@@YAPAXPAUHKEY__@@PADHPAKPAE2@Z
??$pushargEx@$01$0NLDFFFDE@$0NE@PAUHKEY__@@@@YAPAXPAUHKEY__@@@Z
??$DBGOutMessage@PBDPBDKK@DBGRPTDEBGTEMPLATES@@YAXPBD0KK@Z
??$pushargEx@$01$0DOEAAPNG@$0NH@PAUHKEY__@@PADHHPBEK@@YAPAXPAUHKEY__@@PADHHPBEK@Z
??$DBGOutMessage@PBDPBDK@DBGRPTDEBGTEMPLATES@@YAXPBD0K@Z
??$DBGOutMessage@PBDPBD_NPAD@DBGRPTDEBGTEMPLATES@@YAXPBD0_NPAD@Z
??$DBGOutMessage@PBDPBDPADPADPAD@DBGRPTDEBGTEMPLATES@@YAXPBD0PAD11@Z
??$pushargEx@$00$0PDLIEPAF@$0JA@PAU_RTL_CRITICAL_SECTION@@@@YAPAXPAU_RTL_CRITICAL_SECTION@@@Z
??$pushargEx@$00$0DJCLGACH@$0JB@PAU_RTL_CRITICAL_SECTION@@@@YAPAXPAU_RTL_CRITICAL_SECTION@@@Z
??$DBGOutMessage@PBDPBD@DBGRPTDEBGTEMPLATES@@YAXPBD0@Z
??$pushargEx@$00$0DNJJHCPF@$0CP@H@@YAPAXH@Z
??$DBGOutMessage@PBDPBDPBD@DBGRPTDEBGTEMPLATES@@YAXPBD00@Z
??$DBGOutMessage@PBDPBD_NPADPAD@DBGRPTDEBGTEMPLATES@@YAXPBD0_NPAD2@Z
??$pushargEx@$02$0GLDKPAOM@$0BFB@PADPBDPAD@@YAPAXPADPBD0@Z
??$pushargEx@$00$0HILAAMHO@$0IH@PADH@@YAPAXPADH@Z
??$pushargEx@$00$0JMEIAOCE@$0DO@PAU_OSVERSIONINFOEXA@@@@YAPAXPAU_OSVERSIONINFOEXA@@@Z
??$pushargEx@$06$0MJFNIFFA@$0BLE@HPADH_N@@YAPAXHPADH_N@Z
??$DBGOutMessage@PBDPBD_N@DBGRPTDEBGTEMPLATES@@YAXPBD0_N@Z
??$DBGOutMessage@PBDPBDPADPAD@DBGRPTDEBGTEMPLATES@@YAXPBD0PAD1@Z
??$pushargEx@$00$0EGDBIKMH@$0DM@PADPADHHHHHHPAU_STARTUPINFOA@@PAU_PROCESS_INFORMATION@@@@YAPAXPAD0HHHHHHPAU_STARTUPINFOA@@PAU_PROCESS_INFORMATION@@@Z
??$DBGOutMessage@PBDPBDHPAXK@DBGRPTDEBGTEMPLATES@@YAXPBD0HPAXK@Z
??$pushargEx@$00$0MFEDHEPD@$0CO@PAXI@@YAPAXPAXI@Z
??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0EHFFIHLH@$0FE@PAD@@YAPAXPAD@Z
??$DBGOutMessage@PBDPBDPADK@DBGRPTDEBGTEMPLATES@@YAXPBD0PADK@Z
??$DBGOutMessage@PBDPBDPAX@DBGRPTDEBGTEMPLATES@@YAXPBD0PAX@Z
??$pushargEx@$00$0IBPAPANP@$0CD@PAD@@YAPAXPAD@Z
??$DBGOutMessage@PBDPBDPADKK@DBGRPTDEBGTEMPLATES@@YAXPBD0PADKK@Z
??$pushargEx@$01$0JAKAJHPA@$0OJ@PAUHKEY__@@PA_WHHHJHPAPAU1@PAK@@YAPAXPAUHKEY__@@PA_WHHHJHPAPAU0@PAK@Z
??$pushargEx@$00$0CNEALIOG@$0IC@PAD@@YAPAXPAD@Z
??$pushargEx@$01$0DOEAAPMA@$0NI@PAUHKEY__@@PB_WHHPBEK@@YAPAXPAUHKEY__@@PB_WHHPBEK@Z
?IsEmpty@?$STRUTILS@D@@SA_NPBD@Z
??$Alloc@D@STRBUF@@YAPADK@Z
??$GetRec@D@STRBUF@@YAAAUTStrRec@0@PAD@Z
?DbgRptSprintfA@@YAXPADPBDZZ
?GetPathToMsInfo32@@YAPADXZ
??_C@_0N@MINNKPCJ@msinfo32?4exe?$AA@
?m_lstrcat@@YGXPADPBD@Z
?Length@STR@@YAKPAD@Z
?Alloc@STR@@YAPADK@Z
??_C@_0CH@IOEBHBIP@?2Common?5Files?2Microsoft?5Shared?2M@
?m_memset@@YAPAXPAXKK@Z
??_C@_01KICIPPFI@?2?$AA@
?DebugReportSendSysInfo@@YAXPAD00@Z
?Free@Strings@@YAXPAX@Z
?Free@MultiPartData@@YAXPAUTMultiPartDataRec@@@Z
??_C@_0BH@IBOEMEOD@HTTP?3?3Post?$CI?$CJ?5result?5?$CFd?$AA@
?Post@HTTP@@YA_NPADPAUTMultiPartDataRec@@PAPADPAUTHTTPResponseRec@@@Z
?AddFileField@MultiPartData@@YAPAUTMultiPartItem@@PAUTMultiPartDataRec@@PAD11@Z
??_C@_03HOKODIMJ@rep?$AA@
?Create@MultiPartData@@YAPAUTMultiPartDataRec@@XZ
??_C@_0BH@MGKGEMJB@DebugReportSendSysInfo?$AA@
??_C@_0BB@MOGBJDKK@sending?5url?$DN?8?$CFs?8?$AA@
?New@STR@@YAPADKPADZZ
?GetText@Strings@@YAPADPAXPAD@Z
??_C@_01HNPIGOCE@?$CG?$AA@
??_C@_03MEMNCOEB@uid?$AA@
?AddURLParam@@YAXPAXPAD1K@Z
??_C@_03LGLGIONO@cmd?$AA@
??_C@_09IPFKEBPF@storefile?$AA@
?Create@Strings@@YAPAXXZ
?IsEmpty@?$TString@D@@QBE_NXZ
??$CreateFromStr@D@STRBUF@@YAPADPBDKK@Z
?m_memcpy@@YAPAXPAXPBXH@Z
??$AddRef@D@STRBUF@@YAPADPAD@Z
??$Release@D@STRBUF@@YAXAAPAD@Z
??$Length@D@STRBUF@@YAKPAD@Z
??$Append@D@STRBUF@@YAXAAPADPBDK@Z
??0?$TString@D@@QAE@PBDK@Z
??0?$TString@D@@QAE@PBD@Z
??0?$TString@D@@QAE@ABV0@@Z
??1?$TString@D@@UAE@XZ
?Length@?$TString@D@@QBEKXZ
??4?$TString@D@@QAEAAV0@PBD@Z
??4?$TString@D@@QAEAAV0@ABV0@@Z
??Y?$TString@D@@QAEAAV0@PBD@Z
??Y?$TString@D@@QAEAAV0@ABV0@@Z
?GenerateUidAsString@@YA?AV?$TString@D@@ABV1@@Z
??_C@_01GBGANLPD@0?$AA@
?m_lstrlen@@YGKPBD@Z
?MakeMachineID@@YAPADXZ
?CreateGuidFromUid@@YA?AV?$TString@D@@ABV1@@Z
??_C@_01CELHOKLL@?$HN?$AA@
??_C@_01JOAMLHOP@?9?$AA@
??_C@_01HCONENDN@?$HL?$AA@
?CreateSettingKey@@YAPAUHKEY__@@XZ
??_C@_00CNPNBAHC@?$AA@
??_C@_0BI@DDFHHBE@Software?2Classes?2CLSID?2?$AA@
?GetValueName@@YA?AV?$TString@D@@ABV1@@Z
??_C@_0N@GMJMBCEB@GetValueName?$AA@
??_C@_0BK@DMAAIPND@returning?5value_name?$DN?8?$CFs?8?$AA@
?DebugReportLoadParamList@@YA_NPAV?$TString@D@@@Z
??_C@_0BL@DOMNLNJP@Finished?4?$CIparam_list?$DN?8?$CFs?8?$CJ?$AA@
?Crypt@XORCrypt@@YAKPADPAEK@Z
??_C@_0CJ@MFOEILLB@RegQueryValueEx?$CI?$CJ?5result?$DN?$CFu?5Valu@
??_C@_02DAMOAIFE@PL?$AA@
??_C@_0BJ@JGGAFNKI@DebugReportLoadParamList?$AA@
??_C@_0BP@PEAMALPO@CreateSettingKey?$CI?$CJ?5result?$DN0x?$CFX?$AA@
?DebugReportSaveParamList@@YA_NABV?$TString@D@@@Z
??_C@_0BK@LMJLBNCE@RegSetValueEx?$CI?$CJ?5result?$DN?$CFu?$AA@
??_C@_0BJ@OFKOACDB@DebugReportSaveParamList?$AA@
?DebugReportLoadSettings@@YAXXZ
_DbgRptCs
??_C@_01OGPIMHDM@?$DP?$AA@
??_C@_0EG@ECPPPBOH@Parsing?5arguments?5results?3?5PlugN@
?GetCommandParamByIndex@@YA?AV?$TString@D@@PBDK@Z
??_C@_0DH@HCFIIEIA@DebugReportLoadParamList?$CI?$CJ?5resul@
??_C@_0BI@EGLEOLDN@DebugReportLoadSettings?$AA@
?DebugReportUpdateSettingsThread@@YAXPAX@Z
??_C@_0CA@GDIGCGHJ@DebugReportUpdateSettingsThread?$AA@
??_C@_0N@MIJAIIJB@Sleep?510?5min?$AA@
?DebugReportSaveSettings@@YAXPBD@Z
??_C@_0BI@FEPNPBLK@DebugReportSaveSettings?$AA@
??_C@_0BN@JMCGPHE@Started?5with?5ParamsList?$DN?8?$CFs?8?$AA@
?DebugReportGetSettings@@YAPAUDebugReportSettings@@XZ
?DebugReportStepByName@@YAXPBD@Z
?Get@HTTP@@YA_NPADPAPADPAUTHTTPResponseRec@@@Z
??_C@_0P@PLNFPHIP@go?5to?5url?$DN?8?$CFs?8?$AA@
??_C@_04CNBNFAL@step?$AA@
??_C@_0BG@BBKFJFCP@DebugReportStepByName?$AA@
??_C@_0EB@OKCHJEK@Started?5with?5settings?3?5Enabled?$DN?8@
?CalcNtldrMd5@@YAPADPADK@Z
?MD5StrFromFileA@@YA?AV?$TString@D@@PBD@Z
??_C@_05FDLGEGEK@ntldr?$AA@
?DebugReportSystem@@YAXXZ
?MemFree@@YAXPAX@Z
??_C@_04HMPDOICP@cs01?$AA@
??_C@_02EHCHIAMF@os?$AA@
??_C@_09GCOHINED@beforerbt?$AA@
?GetOSInfo@@YAPADXZ
??_C@_0BC@MHHGDLLP@DebugReportSystem?$AA@
?DebugReportBkInstallCode@@YAXK@Z
??_C@_03BALCFKBP@val?$AA@
??_C@_09IJIHGPHM@bkinstall?$AA@
??_C@_02GMHACPFF@?$CFu?$AA@
?GetProcAddressEx@@YAPAXPADKK@Z
??_C@_0BJ@JGNJPCJE@DebugReportBkInstallCode?$AA@
?DebugReportUpdateNtldrCheckSum@@YAXXZ
??_C@_0CA@PGCEIIN@DebugReportUpdateNtldrCheckSumm?$AA@
??_C@_04ODMANJEA@csup?$AA@
??_C@_0BP@FBLCKEKM@DebugReportUpdateNtldrCheckSum?$AA@
?DebugReportCreateConfigReportAndSend@@YAXXZ
??_C@_09IHNGEBPM@finished?4?$AA@
??_C@_0BF@EPMCGKFP@sysinfo?5report?5sent?4?$AA@
??_C@_0BI@DLHIHCAH@sending?5sysinfo?5report?4?$AA@
?CloseCab@@YAXPAX@Z
?AddFileToCab@@YA_NPAXPBD1@Z
??_C@_0M@OAJHFKOL@sysinfo?4txt?$AA@
??_C@_0BJ@NENPIACF@CreateCab?$CI?$CJ?5return?50x?$CFX?4?$AA@
?CreateCab@@YAPAXPBD@Z
??_C@_0BF@CFOJDGKL@?8?$CFs?8?5attibutes?50x?$CFX?4?$AA@
??_C@_0BG@GLPNLDOM@Waiting?5for?5msinfo32?4?$AA@
??_C@_0CJ@JCPDIIFH@CreateProcess?5return?5?$CFd?4?$CIph?$DN0x?$CFX@
??_C@_0BK@IBHPGBBG@CreateProcess?$CI?8?$CFs?8?0?5?8?$CFs?8?$CJ?$AA@
??_C@_01BJJEKLCA@?$CC?$AA@
??_C@_0L@HJGDFBF@?5?1report?5?$CC?$AA@
??_C@_0CL@CBDJMNPA@GetTempNameA?$CI?$CJ?5for?5report?5file?5r@
?GetTempNameA@File@@YAPADXZ
??_C@_0CA@JAGNBJAK@GetPathToMsInfo32?$CI?$CJ?5return?5?8?$CFs?$DL?$AA@
??_C@_0CF@GAGKFLF@DebugReportCreateConfigReportAnd@
?GetDriverUrl@@YA_NPADK@Z
?m_lstrcpy@@YGXPADPBD@Z
??_C@_0BN@LIFAMPDA@Url?$DN?8?$CFs?8?3?$CFu?5?$CIbuffer_size?$DN?$CFu?$CJ?$AA@
??_C@_06BFGAGGII@170_dr?$AA@
??_C@_0N@HOKCEMKM@GetDriverUrl?$AA@
?DebugReportStep1@@YAXXZ
?LogOutput@@YAXPBDH0ZZ
??_C@_0BP@GDMONKIJ@?4?4?2?4?4?2source?2Common?2DbgRpt?4cpp?$AA@
??_C@_0CD@BFGHAEKJ@DebugReportStep1?3?5sending?5url?$DN?8?$CF@
?DebugReportStep2@@YAXK@Z
??_C@_0CD@LKMOEJGD@DebugReportStep2?3?5sending?5url?$DN?8?$CF@
?DebugReportSaveUrlForBootkitDriver@@YA_NXZ
??_C@_0BG@OKNNODJN@Url?5key?5set?5?$CIurl?$DN?$CFs?$CJ?4?$AA@
??_C@_0BL@DOEGEMOD@RegSetValueExW?5return?50x?$CFX?$AA@
??_C@_15HCBMMKJC@?$AAI?$AAD?$AA?$AA@
??_C@_0CD@FCENCKDD@DebugReportSaveUrlForBootkitDriv@
??_C@_0BM@NPKKEIGJ@RegCreateKeyExW?5return?50x?$CFX?$AA@
??_C@_1HM@EDCMPNEG@?$AAS?$AAO?$AAF?$AAT?$AAW?$AAA?$AAR?$AAE?$AA?2?$AAC?$AAl?$AAa?$AAs?$AAs?$AAe?$AAs?$AA?2?$AAC?$AAL?$AAS?$AAI?$AAD?$AA?2?$AA?$HL?$AA8?$AAC?$AAB?$AA0?$AAA?$AA4?$AA1?$AA3@
??_G?$TString@D@@UAEPAXI@Z
?DebugReportInit@@YAXXZ
?StartThread@@YGPAXPAX0@Z
??_C@_0BA@IJGPFGLI@DebugReportInit?$AA@
??_C@_0DI@ELHNBBCH@Start?5initialize?5debug?5reporting@
?DebugReportRunTests@@YAXXZ
??_C@_08HDFPIGCN@100_trtr?$AA@
??_C@_0DE@KLOOLIPP@Settings?3?5Enabled?$DN?8?$CFd?8?5StatPrefi@
??_C@_09NJPFFACE@?9?9?9?9?9?9?9?9?9?$AA@
??_C@_0BA@NHKPKECM@DebugReportTest?$AA@
??_C@_0M@EKCCLENP@BkDrop?4plug?$AA@
??_C@_0DF@EEGOKPKI@BkDrop?4plug?5bktestt?5http?3?1?1test?4@
??_C@_0BF@EIPNLNPN@param1?5param2?5param3?$AA@