.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV                                                      !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    1065502d7171df7be3776b839410a227c540cd977e5e856bbbcd837b0872bdb6
 
Date...........: 2016-06-27
Family.........: ATMitch
File name......: 
File size......: 12.50 KB
Type file......: EXE/Windows
Virscan........: VT - HA
PDB Path found.: d:\helper\Helper\Release\!a.pdb

Entropy:


Binary Histogram:



=== SCREENSHOT === 



=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 144 0x90 blocks_in_file: 3 3 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 0 0 max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 0 0 reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 240 0xf0 === DOS STUB === 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| === RICH Header === LIB_ID VERSION TIMES_USED 123 7b 50727 c627 2 2 149 95 21022 521e 1 1 131 83 21022 521e 20 14 132 84 21022 521e 2 2 147 93 21022 521e 5 5 1 1 0 0 68 44 138 8a 21022 521e 1 1 145 91 21022 521e 1 1 === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 5 5 TimeDateStamp: "2016-05-27 13:20:00" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 9.0 SizeOfCode: 5120 0x1400 SizeOfInitializedData: 6656 0x1a00 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 7282 0x1c72 BaseOfCode: 4096 0x1000 BaseOfData: 12288 0x3000 ImageBase: 4194304 0x400000 SectionAlignment: 4096 0x1000 FileAlignment: 512 0x200 OperatingSystemVersion: 5.0 ImageVersion: 0.0 SubsystemVersion: 5.0 Reserved1: 0 0 SizeOfImage: 28672 0x7000 SizeOfHeaders: 1024 0x400 CheckSum: 45340 0xb11c Subsystem: 3 3 WINDOWS_CUI DllCharacteristics: 33088 0x8140 DYNAMIC_BASE, NX_COMPAT TERMINAL_SERVER_AWARE SizeOfStackReserve: 1048576 0x100000 SizeOfStackCommit: 4096 0x1000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x 34d4 size:0x 50 RESOURCE rva:0x 5000 size:0x 2b0 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x 6000 size:0x 268 DEBUG rva:0x 3140 size:0x 1c ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 0 size:0x 0 LOAD_CONFIG rva:0x 3318 size:0x 40 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 3000 size:0x 11c Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS .text 1000 125a 1400 400 0 0 0 0 60000020 R-X CODE .rdata 3000 f5a 1000 1800 0 0 0 0 40000040 R-- IDATA .data 4000 38c 200 2800 0 0 0 0 c0000040 RW- IDATA .rsrc 5000 2b0 400 2a00 0 0 0 0 40000040 R-- IDATA .reloc 6000 2e0 400 2e00 0 0 0 0 42000040 R-- IDATA DISCARDABLE === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0x2a58 1252 0x409 598 MANIFEST #1 === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME MSVCP90.dll 316 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z MSVCP90.dll 31d ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z MSVCP90.dll a97 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ MSVCP90.dll b44 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z MSVCP90.dll 405 ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ MSVCP90.dll 7a4 ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z MSVCP90.dll c07 ?width@ios_base@std@@QAEHH@Z MSVCP90.dll 821 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ MSVCP90.dll 820 ?flags@ios_base@std@@QBEHXZ MSVCP90.dll 88a ?good@ios_base@std@@QBE_NXZ MSVCP90.dll 7aa ?eof@?$char_traits@D@std@@SAHXZ MSVCP90.dll 7c4 ?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z MSVCP90.dll 958 ?length@?$char_traits@D@std@@SAIPBD@Z MSVCP90.dll 152 ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ MSVCP90.dll 939 ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ MSVCP90.dll 9ea ?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z MSVCP90.dll 654 ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ MSVCP90.dll b73 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z MSVCP90.dll 5d0 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ MSVCP90.dll 7db ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ MSVCP90.dll 682 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A MSVCP90.dll 557 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ MSVCP90.dll bbd ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ MSVCP90.dll 57c ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ MSVCP90.dll b76 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z MSVCP90.dll be4 ?uncaught_exception@std@@YA_NXZ MSVCP90.dll c08 ?width@ios_base@std@@QBEHXZ MSVCR90.dll cf __p__fmode MSVCR90.dll 16a _encode_pointer MSVCR90.dll e0 __set_app_type MSVCR90.dll 14b _crt_debugger_hook MSVCR90.dll 43 ?terminate@@YAXXZ MSVCR90.dll 3e6 _unlock MSVCR90.dll 96 __dllonexit MSVCR90.dll 276 _lock MSVCR90.dll 31c _onexit MSVCR90.dll 160 _decode_pointer MSVCR90.dll 173 _except_handler4_common MSVCR90.dll 20b _invoke_watson MSVCR90.dll 13f _controlfp_s MSVCR90.dll cb __p__commode MSVCR90.dll 10b _adjust_fdiv MSVCR90.dll e3 __setusermatherr MSVCR90.dll 13c _configthreadlocale MSVCR90.dll 205 _initterm_e MSVCR90.dll 204 _initterm MSVCR90.dll 4cc exit MSVCR90.dll 66 _XcptFilter MSVCR90.dll 17c _exit MSVCR90.dll 12c _cexit MSVCR90.dll 9f __getmainargs MSVCR90.dll 115 _amsg_exit MSVCR90.dll 4bf atoi MSVCR90.dll a0 __initenv MSVCR90.dll 73 __CxxFrameHandler3 KERNEL32.dll 421 Sleep KERNEL32.dll 2ba InterlockedCompareExchange KERNEL32.dll 42d TerminateProcess KERNEL32.dll 1a9 GetCurrentProcess KERNEL32.dll 43e UnhandledExceptionFilter KERNEL32.dll 415 SetUnhandledExceptionFilter KERNEL32.dll 2d1 IsDebuggerPresent KERNEL32.dll 354 QueryPerformanceCounter KERNEL32.dll 266 GetTickCount KERNEL32.dll 1ad GetCurrentThreadId KERNEL32.dll 1aa GetCurrentProcessId KERNEL32.dll 24f GetSystemTimeAsFileTime KERNEL32.dll 2bd InterlockedExchange === Packer / Compiler === MS Visual C++ v8.0
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000001E8 0000004001E8 0 .text 000000000210 000000400210 0 .rdata 000000000237 000000400237 0 @.data 000000000260 000000400260 0 .rsrc 000000000287 000000400287 0 @.reloc 000000000448 000000401048 0 Pht1@ 00000000061D 00000040121D 0 Qh02@ 0000000006F3 0000004012F3 0 Rhd2@ 0000000006FF 0000004012FF 0 Phh2@ 00000000070B 00000040130B 0 Qhl2@ 000000000769 000000401369 0 Php2@ 0000000014E6 0000004020E6 0 VVVVV 000000001964 000000403164 0 bad allocation 000000001974 000000403174 0 calling with non params. Exiting. 000000001998 000000403198 0 Info command founded 0000000019B0 0000004031B0 0 command.txt 0000000019C0 0000004031C0 0 Can't open commandfile, exiting 0000000019E0 0000004031E0 0 Dispense command found 0000000019F8 0000004031F8 0 params. Exiting. 000000001A0C 00000040320C 0 params. But receive 000000001A24 000000403224 0 wait for 000000001A30 000000403230 0 Non valid args count for that command. 000000001A58 000000403258 0 command.txt 000000001A70 000000403270 0 Can't open commandfile, exiting 000000001A90 000000403290 0 End session command detected. Stop main Library. 000000001AC4 0000004032C4 0 command.txt 000000001AD4 0000004032D4 0 Can't open commandfile, exiting 000000001AF4 0000004032F4 0 Unknown command, repeat please. 000000001B78 000000403378 0 d:\helper\Helper\Release\!a.pdb 000000001E42 000000403642 0 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A 000000001E7E 00000040367E 0 ?uncaught_exception@std@@YA_NXZ 000000001EA0 0000004036A0 0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z 000000001EE4 0000004036E4 0 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ 000000001F22 000000403722 0 ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ 000000001F86 000000403786 0 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ 000000001FC6 0000004037C6 0 ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ 000000001FFE 0000004037FE 0 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ 000000002040 000000403840 0 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z 000000002080 000000403880 0 ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ 0000000020BD 0000004038BD 0 ?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z 0000000020FE 0000004038FE 0 9 ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ 000000002142 000000403942 0 ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ 00000000217C 00000040397C 0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ 0000000021BE 0000004039BE 0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z 0000000021FE 0000004039FE 0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z 00000000224E 000000403A4E 0 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ 0000000022B6 000000403AB6 0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z 0000000022F6 000000403AF6 0 ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ 000000002332 000000403B32 0 ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z 000000002378 000000403B78 0 ?width@ios_base@std@@QAEHH@Z 000000002398 000000403B98 0 ?width@ios_base@std@@QBEHXZ 0000000023B6 000000403BB6 0 ?flags@ios_base@std@@QBEHXZ 0000000023D4 000000403BD4 0 ?good@ios_base@std@@QBE_NXZ 0000000023F2 000000403BF2 0 ?eof@?$char_traits@D@std@@SAHXZ 000000002414 000000403C14 0 ?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z 000000002442 000000403C42 0 X ?length@?$char_traits@D@std@@SAIPBD@Z 00000000246A 000000403C6A 0 MSVCP90.dll 00000000247E 000000403C7E 0 MSVCR90.dll 00000000248C 000000403C8C 0 _amsg_exit File pos Mem pos ID Text ======== ======= == ==== 00000000249A 000000403C9A 0 __getmainargs 0000000024AA 000000403CAA 0 _cexit 0000000024B4 000000403CB4 0 _exit 0000000024BC 000000403CBC 0 _XcptFilter 0000000024D2 000000403CD2 0 __initenv 0000000024DE 000000403CDE 0 _initterm 0000000024EA 000000403CEA 0 _initterm_e 0000000024F8 000000403CF8 0 _configthreadlocale 00000000250E 000000403D0E 0 __setusermatherr 000000002522 000000403D22 0 _adjust_fdiv 000000002532 000000403D32 0 __p__commode 000000002542 000000403D42 0 __p__fmode 000000002550 000000403D50 0 _encode_pointer 000000002562 000000403D62 0 __set_app_type 000000002574 000000403D74 0 _crt_debugger_hook 00000000258A 000000403D8A 0 ?terminate@@YAXXZ 00000000259E 000000403D9E 0 _unlock 0000000025A8 000000403DA8 0 __dllonexit 0000000025B6 000000403DB6 0 _lock 0000000025BE 000000403DBE 0 _onexit 0000000025C8 000000403DC8 0 _decode_pointer 0000000025DA 000000403DDA 0 _except_handler4_common 0000000025F4 000000403DF4 0 _invoke_watson 000000002606 000000403E06 0 _controlfp_s 000000002616 000000403E16 0 InterlockedExchange 00000000262C 000000403E2C 0 Sleep 000000002634 000000403E34 0 InterlockedCompareExchange 000000002652 000000403E52 0 TerminateProcess 000000002666 000000403E66 0 GetCurrentProcess 00000000267A 000000403E7A 0 UnhandledExceptionFilter 000000002696 000000403E96 0 SetUnhandledExceptionFilter 0000000026B4 000000403EB4 0 IsDebuggerPresent 0000000026C8 000000403EC8 0 QueryPerformanceCounter 0000000026E2 000000403EE2 0 GetTickCount 0000000026F2 000000403EF2 0 GetCurrentThreadId 000000002708 000000403F08 0 GetCurrentProcessId 00000000271E 000000403F1E 0 GetSystemTimeAsFileTime 000000002736 000000403F36 0 KERNEL32.dll 000000002746 000000403F46 0 __CxxFrameHandler3 000000002A58 000000405058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 000000002AA3 0000004050A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> 000000002ADB 0000004050DB 0 <security> 000000002AEB 0000004050EB 0 <requestedPrivileges> 000000002B08 000000405108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel> 000000002B68 000000405168 0 </requestedPrivileges> 000000002B86 000000405186 0 </security> 000000002B97 000000405197 0 </trustInfo> 000000002BA7 0000004051A7 0 <dependency> 000000002BB7 0000004051B7 0 <dependentAssembly> 000000002BD0 0000004051D0 0 <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity> 000000002C78 000000405278 0 </dependentAssembly> 000000002C92 000000405292 0 </dependency> 000000002CA3 0000004052A3 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING 000000002E0B 00000040600B 0 020D0J0P0a0~0 000000002E29 000000406029 0 161B1N1V1\1b1s1 000000002E4F 00000040604F 0 2%262G2X2i2 000000002E6D 00000040606D 0 3$353F3R3 000000002E77 000000406077 0 3e3k3q3 000000002E95 000000406095 0 4(444<4B4H4Y4v4 000000002EB7 0000004060B7 0 5u5}5 File pos Mem pos ID Text ======== ======= == ==== 000000002ED3 0000004060D3 0 6 7)7@7W7o7 000000002EE3 0000004060E3 0 8$838J8 000000002EF7 0000004060F7 0 9O9h9t9 000000002F17 000000406117 0 :9:B:]:g:z: 000000002F41 000000406141 0 ;!;.;4;=;\;d;m;s;{; 000000002F69 000000406169 0 <!<'<.<5<E<M<S<_<j< 000000002FA5 0000004061A5 0 ="=-=9=>=N=S=Y=_=u=|= 000000002FC9 0000004061C9 0 > >8>N>[> 000000002FF0 0000004061F0 0 @0F0M0j0 000000002FFD 0000004061FD 0 1$111=1E1M1Y1}1 000000003023 000000406223 0 282Q2 000000003030 000000406230 0 1,101\1 000000003039 000000406239 0 1T3X3 000000003047 000000406247 0 4 4,4L4l4 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000001E8 0000004001E8 0 .text 000000000210 000000400210 0 .rdata 000000000237 000000400237 0 @.data 000000000260 000000400260 0 .rsrc 000000000287 000000400287 0 @.reloc 000000000448 000000401048 0 Pht1@ 00000000061D 00000040121D 0 Qh02@ 0000000006F3 0000004012F3 0 Rhd2@ 0000000006FF 0000004012FF 0 Phh2@ 00000000070B 00000040130B 0 Qhl2@ 000000000769 000000401369 0 Php2@ 0000000014E6 0000004020E6 0 VVVVV 000000001964 000000403164 0 bad allocation 000000001974 000000403174 0 calling with non params. Exiting. 000000001998 000000403198 0 Info command founded 0000000019B0 0000004031B0 0 command.txt 0000000019C0 0000004031C0 0 Can't open commandfile, exiting 0000000019E0 0000004031E0 0 Dispense command found 0000000019F8 0000004031F8 0 params. Exiting. 000000001A0C 00000040320C 0 params. But receive 000000001A24 000000403224 0 wait for 000000001A30 000000403230 0 Non valid args count for that command. 000000001A58 000000403258 0 command.txt 000000001A70 000000403270 0 Can't open commandfile, exiting 000000001A90 000000403290 0 End session command detected. Stop main Library. 000000001AC4 0000004032C4 0 command.txt 000000001AD4 0000004032D4 0 Can't open commandfile, exiting 000000001AF4 0000004032F4 0 Unknown command, repeat please. 000000001B78 000000403378 0 d:\helper\Helper\Release\!a.pdb 000000001E42 000000403642 0 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A 000000001E7E 00000040367E 0 ?uncaught_exception@std@@YA_NXZ 000000001EA0 0000004036A0 0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z 000000001EE4 0000004036E4 0 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ 000000001F22 000000403722 0 ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ 000000001F86 000000403786 0 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ 000000001FC6 0000004037C6 0 ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ 000000001FFE 0000004037FE 0 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ 000000002040 000000403840 0 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z 000000002080 000000403880 0 ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ 0000000020BD 0000004038BD 0 ?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z 0000000020FE 0000004038FE 0 9 ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ 000000002142 000000403942 0 ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ 00000000217C 00000040397C 0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ 0000000021BE 0000004039BE 0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z 0000000021FE 0000004039FE 0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z File pos Mem pos ID Text ======== ======= == ==== 00000000224E 000000403A4E 0 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ 0000000022B6 000000403AB6 0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z 0000000022F6 000000403AF6 0 ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ 000000002332 000000403B32 0 ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z 000000002378 000000403B78 0 ?width@ios_base@std@@QAEHH@Z 000000002398 000000403B98 0 ?width@ios_base@std@@QBEHXZ 0000000023B6 000000403BB6 0 ?flags@ios_base@std@@QBEHXZ 0000000023D4 000000403BD4 0 ?good@ios_base@std@@QBE_NXZ 0000000023F2 000000403BF2 0 ?eof@?$char_traits@D@std@@SAHXZ 000000002414 000000403C14 0 ?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z 000000002442 000000403C42 0 X ?length@?$char_traits@D@std@@SAIPBD@Z 00000000246A 000000403C6A 0 MSVCP90.dll 00000000247E 000000403C7E 0 MSVCR90.dll 00000000248C 000000403C8C 0 _amsg_exit 00000000249A 000000403C9A 0 __getmainargs 0000000024AA 000000403CAA 0 _cexit 0000000024B4 000000403CB4 0 _exit 0000000024BC 000000403CBC 0 _XcptFilter 0000000024D2 000000403CD2 0 __initenv 0000000024DE 000000403CDE 0 _initterm 0000000024EA 000000403CEA 0 _initterm_e 0000000024F8 000000403CF8 0 _configthreadlocale 00000000250E 000000403D0E 0 __setusermatherr 000000002522 000000403D22 0 _adjust_fdiv 000000002532 000000403D32 0 __p__commode 000000002542 000000403D42 0 __p__fmode 000000002550 000000403D50 0 _encode_pointer 000000002562 000000403D62 0 __set_app_type 000000002574 000000403D74 0 _crt_debugger_hook 00000000258A 000000403D8A 0 ?terminate@@YAXXZ 00000000259E 000000403D9E 0 _unlock 0000000025A8 000000403DA8 0 __dllonexit 0000000025B6 000000403DB6 0 _lock 0000000025BE 000000403DBE 0 _onexit 0000000025C8 000000403DC8 0 _decode_pointer 0000000025DA 000000403DDA 0 _except_handler4_common 0000000025F4 000000403DF4 0 _invoke_watson 000000002606 000000403E06 0 _controlfp_s 000000002616 000000403E16 0 InterlockedExchange 00000000262C 000000403E2C 0 Sleep 000000002634 000000403E34 0 InterlockedCompareExchange 000000002652 000000403E52 0 TerminateProcess 000000002666 000000403E66 0 GetCurrentProcess 00000000267A 000000403E7A 0 UnhandledExceptionFilter 000000002696 000000403E96 0 SetUnhandledExceptionFilter 0000000026B4 000000403EB4 0 IsDebuggerPresent 0000000026C8 000000403EC8 0 QueryPerformanceCounter 0000000026E2 000000403EE2 0 GetTickCount 0000000026F2 000000403EF2 0 GetCurrentThreadId 000000002708 000000403F08 0 GetCurrentProcessId 00000000271E 000000403F1E 0 GetSystemTimeAsFileTime 000000002736 000000403F36 0 KERNEL32.dll 000000002746 000000403F46 0 __CxxFrameHandler3 000000002A58 000000405058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 000000002AA3 0000004050A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> 000000002ADB 0000004050DB 0 <security> 000000002AEB 0000004050EB 0 <requestedPrivileges> 000000002B08 000000405108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel> 000000002B68 000000405168 0 </requestedPrivileges> 000000002B86 000000405186 0 </security> File pos Mem pos ID Text ======== ======= == ==== 000000002B97 000000405197 0 </trustInfo> 000000002BA7 0000004051A7 0 <dependency> 000000002BB7 0000004051B7 0 <dependentAssembly> 000000002BD0 0000004051D0 0 <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity> 000000002C78 000000405278 0 </dependentAssembly> 000000002C92 000000405292 0 </dependency> 000000002CA3 0000004052A3 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING 000000002E0B 00000040600B 0 020D0J0P0a0~0 000000002E29 000000406029 0 161B1N1V1\1b1s1 000000002E4F 00000040604F 0 2%262G2X2i2 000000002E6D 00000040606D 0 3$353F3R3 000000002E77 000000406077 0 3e3k3q3 000000002E95 000000406095 0 4(444<4B4H4Y4v4 000000002EB7 0000004060B7 0 5u5}5 000000002ED3 0000004060D3 0 6 7)7@7W7o7 000000002EE3 0000004060E3 0 8$838J8 000000002EF7 0000004060F7 0 9O9h9t9 000000002F17 000000406117 0 :9:B:]:g:z: 000000002F41 000000406141 0 ;!;.;4;=;\;d;m;s;{; 000000002F69 000000406169 0 <!<'<.<5<E<M<S<_<j< 000000002FA5 0000004061A5 0 ="=-=9=>=N=S=Y=_=u=|= 000000002FC9 0000004061C9 0 > >8>N>[> 000000002FF0 0000004061F0 0 @0F0M0j0 000000002FFD 0000004061FD 0 1$111=1E1M1Y1}1 000000003023 000000406223 0 282Q2 000000003030 000000406230 0 1,101\1 000000003039 000000406239 0 1T3X3 000000003047 000000406247 0 4 4,4L4l4
=== DOWNLOAD === Mirror provided by vx-underground.org, thx!