.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------. ! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV ! `-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
6c9e9f78963ab3e7acb43826906af22571250dc025f9e7116e0201b805dc1196
Date...........: 2020-08-14
Family.........: ATM.Loup
File name......: kernel inj.exe
File size......: 40.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
PDB Path found.: C:\Users\muham\source\repos\loup\Debug\loup.pdb
Documentation..: https://twitter.com/s4tan/status/1294292919747252230
Entropy:
Binary Histogram:
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 144 0x90
blocks_in_file: 3 3
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 0 0
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 0 0
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 248 0xf8
=== DOS STUB ===
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
=== RICH Header ===
LIB_ID VERSION TIMES_USED
257 101 28619 6fcb 2 2
261 105 28619 6fcb 25 19
260 104 28619 6fcb 13 d
4 4 8447 20ff 3 3
257 101 26715 685b 4 4
1 1 0 0 73 49
261 105 28806 7086 1 1
255 ff 28806 7086 1 1
258 102 28806 7086 1 1
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 9 9
TimeDateStamp: "2020-07-11 13:45:33"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 14.26
SizeOfCode: 23552 0x5c00
SizeOfInitializedData: 17408 0x4400
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 70287 0x1128f
BaseOfCode: 4096 0x1000
BaseOfData: 4096 0x1000
ImageBase: 4194304 0x400000
SectionAlignment: 4096 0x1000
FileAlignment: 512 0x200
OperatingSystemVersion: 6.0
ImageVersion: 0.0
SubsystemVersion: 6.0
Reserved1: 0 0
SizeOfImage: 131072 0x20000
SizeOfHeaders: 1024 0x400
CheckSum: 0 0
Subsystem: 2 2 WINDOWS_GUI
DllCharacteristics: 33088 0x8140 DYNAMIC_BASE, NX_COMPAT
TERMINAL_SERVER_AWARE
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 4096 0x1000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x 1b204 size:0x 64
RESOURCE rva:0x 1e000 size:0x 43c
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x 1f000 size:0x 3cc
DEBUG rva:0x 184fc size:0x 38
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 0 size:0x 0
LOAD_CONFIG rva:0x 18538 size:0x 40
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 1b000 size:0x 204
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
.textbss 1000 10000 0 0 0 0 0 0 e00000a0 RWX CODE UDATA
.text 11000 5b1e 5c00 400 0 0 0 0 60000020 R-X CODE
.rdata 17000 2039 2200 6000 0 0 0 0 40000040 R-- IDATA
.data 1a000 5a0 200 8200 0 0 0 0 c0000040 RW- IDATA
.idata 1b000 bab c00 8400 0 0 0 0 40000040 R-- IDATA
.msvcjmc 1c000 148 200 9000 0 0 0 0 c0000040 RW- IDATA
.00cfg 1d000 109 200 9200 0 0 0 0 40000040 R-- IDATA
.rsrc 1e000 43c 600 9400 0 0 0 0 40000040 R-- IDATA
.reloc 1f000 5be 600 9a00 0 0 0 0 42000040 R-- IDATA DISCARDABLE
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0x9570 0 0x409 381 MANIFEST #1
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
MSXFS.dll 1f WFSOpen
MSXFS.dll 1e WFSLock
MSXFS.dll 1a WFSFreeResult
MSXFS.dll 19 WFSExecute
MSXFS.dll 15 WFSClose
MSXFS.dll 22 WFSStartUp
MSXFS.dll 24 WFSUnlock
MSXFS.dll 14 WFSCleanUp
VCRUNTIME140D.dll 1d __current_exception_context
VCRUNTIME140D.dll 48 memset
VCRUNTIME140D.dll 35 _except_handler4_common
VCRUNTIME140D.dll 2e __vcrt_GetModuleFileNameW
VCRUNTIME140D.dll 2f __vcrt_GetModuleHandleW
VCRUNTIME140D.dll 31 __vcrt_LoadLibraryExW
VCRUNTIME140D.dll 1c __current_exception
VCRUNTIME140D.dll 25 __std_type_info_destroy_list
ucrtbased.dll 197 _initialize_onexit_table
ucrtbased.dll 2e2 _register_onexit_function
ucrtbased.dll 10c _execute_onexit_table
ucrtbased.dll e8 _crt_atexit
ucrtbased.dll e7 _crt_at_quick_exit
ucrtbased.dll e0 _controlfp_s
ucrtbased.dll 566 terminate
ucrtbased.dll 3c9 _wmakepath_s
ucrtbased.dll 3e5 _wsplitpath_s
ucrtbased.dll 57f wcscpy_s
ucrtbased.dll 8e __stdio_common_vsprintf_s
ucrtbased.dll 545 strcat_s
ucrtbased.dll 476 exit
ucrtbased.dll 19a _initterm_e
ucrtbased.dll 199 _initterm
ucrtbased.dll 165 _get_narrow_winmain_command_line
ucrtbased.dll 196 _initialize_narrow_environment
ucrtbased.dll dc _configure_narrow_argv
ucrtbased.dll 81 __setusermatherr
ucrtbased.dll 2f2 _set_app_type
ucrtbased.dll 2ef _seh_filter_exe
ucrtbased.dll 15 _CrtDbgReportW
ucrtbased.dll 14 _CrtDbgReport
ucrtbased.dll 552 strncpy
ucrtbased.dll 2ee _seh_filter_dll
ucrtbased.dll 2f7 _set_fmode
ucrtbased.dll 73 __p__commode
ucrtbased.dll 2fa _set_new_mode
ucrtbased.dll db _configthreadlocale
ucrtbased.dll 2e3 _register_thread_local_exe_atexit_callback
ucrtbased.dll c5 _c_exit
ucrtbased.dll 111 _exit
ucrtbased.dll ca _cexit
ucrtbased.dll 549 strcpy_s
KERNEL32.dll 278 GetModuleHandleW
KERNEL32.dll 37f IsDebuggerPresent
KERNEL32.dll 462 RaiseException
KERNEL32.dll 3ef MultiByteToWideChar
KERNEL32.dll 5fe WideCharToMultiByte
KERNEL32.dll 5ad UnhandledExceptionFilter
KERNEL32.dll 56d SetUnhandledExceptionFilter
KERNEL32.dll 217 GetCurrentProcess
KERNEL32.dll 2ae GetProcAddress
KERNEL32.dll 1ab FreeLibrary
KERNEL32.dll 5ce VirtualQuery
KERNEL32.dll 2b4 GetProcessHeap
KERNEL32.dll 349 HeapFree
KERNEL32.dll 345 HeapAlloc
KERNEL32.dll 261 GetLastError
KERNEL32.dll 21c GetCurrentThreadId
KERNEL32.dll 2d0 GetStartupInfoW
KERNEL32.dll 363 InitializeSListHead
KERNEL32.dll 2e9 GetSystemTimeAsFileTime
KERNEL32.dll 218 GetCurrentProcessId
KERNEL32.dll 44d QueryPerformanceCounter
KERNEL32.dll 386 IsProcessorFeaturePresent
KERNEL32.dll 58c TerminateProcess
=== Packer / Compiler ===
MS Visual C++ v8.0
=== Strings ===
File pos Mem pos ID Text
======== ======= == ====
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001F0 0000004001F0 0 .textbss
000000000218 000000400218 0 .text
000000000240 000000400240 0 .rdata
000000000267 000000400267 0 @.data
000000000290 000000400290 0 .idata
0000000002B7 0000004002B7 0 @.msvcjmcH
0000000002E0 0000004002E0 0 .00cfg
000000000307 000000400307 0 @.rsrc
00000000032F 00000040032F 0 @.reloc
000000000E6C 000000411A6C 0 ulaValues
000000000E76 000000411A76 0 lpResult
000000000E7F 000000411A7F 0 tDenomination
000000000E8D 000000411A8D 0 tDispense
000000000F80 000000411B80 0 lpResult
0000000010E4 000000411CE4 0 szLogicalName
0000000010F2 000000411CF2 0 SpiVersion
0000000010FD 000000411CFD 0 SvcVersion
000000001208 000000411E08 0 WfsVersion
000000001458 000000412058 0 hService
000000001544 000000412144 0 9:~IS3
00000000164D 00000041224D 0 93~AW3
000000001E7C 000000412A7C 0 t.RPQ
000000001F0D 000000412B0D 0 wIh|{A
000000003B61 000000414761 0 WuyWWh
000000004481 000000415081 0 5ineI
000000004493 000000415093 0 5ntel
000000006B30 000000417B30 0 CurrencyDispenser1
000000006B7C 000000417B7C 0 Stack around the variable '
000000006B98 000000417B98 0 ' was corrupted.
000000006BAC 000000417BAC 0 The variable '
000000006BBC 000000417BBC 0 ' is being used without being initialized.
000000006C08 000000417C08 0 The value of ESP was not properly saved across a function call. This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
000000006D18 000000417D18 0 A cast to a smaller data type has caused a loss of data. If this was intentional, you should mask the source of the cast with the appropriate bitmask. For example:
000000006DC1 000000417DC1 0 char c = (i & 0xFF);
000000006DD8 000000417DD8 0 Changing the code in this way will not affect the quality of the resulting optimized code.
000000006E70 000000417E70 0 Stack memory was corrupted
000000006E94 000000417E94 0 A local variable was used before it was initialized
000000006ED4 000000417ED4 0 Stack memory around _alloca was corrupted
000000006F08 000000417F08 0 Unknown Runtime Check Error
000000007004 000000418004 0 Unknown Filename
000000007018 000000418018 0 Unknown Module Name
000000007030 000000418030 0 Run-Time Check Failure #%d - %s
000000007058 000000418058 0 Stack corrupted near unknown variable
000000007088 000000418088 0 %.2X
000000007090 000000418090 0 Stack area around _alloca memory reserved by this function is corrupted
0000000070F1 0000004180F1 0 Data: <
0000000070FD 0000004180FD 0 Allocation number within this function:
000000007131 000000418131 0 Size:
00000000713D 00000041813D 0 Address: 0x
000000007150 000000418150 0 Stack area around _alloca memory reserved by this function is corrupted
0000000071A8 0000004181A8 0 %s%s%p%s%zd%s%d%s%s%s%s%s
0000000071C8 0000004181C8 0 A variable is being used without being initialized.
00000000722C 00000041822C 0 Stack pointer corruption
00000000724C 00000041824C 0 Cast to smaller type causing loss of data
000000007280 000000418280 0 Stack memory corruption
00000000729C 00000041829C 0 Local variable used before initialization
0000000072D0 0000004182D0 0 Stack around _alloca corrupted
0000000073C8 0000004183C8 0 RegOpenKeyExW
0000000073D8 0000004183D8 0 RegQueryValueExW
File pos Mem pos ID Text
======== ======= == ====
0000000073EC 0000004183EC 0 RegCloseKey
0000000074E4 0000004184E4 0 PDBOpenValidate5
000000007755 000000418755 0 [>2es
000000007760 000000418760 0 C:\Users\muham\source\repos\loup\Debug\loup.pdb
00000000886E 00000041B46E 0 WFSCleanUp
00000000887C 00000041B47C 0 WFSClose
000000008888 00000041B488 0 WFSExecute
000000008896 00000041B496 0 WFSFreeResult
0000000088A6 00000041B4A6 0 WFSLock
0000000088B0 00000041B4B0 0 WFSOpen
0000000088BA 00000041B4BA 0 WFSStartUp
0000000088C8 00000041B4C8 0 WFSUnlock
0000000088D2 00000041B4D2 0 MSXFS.dll
0000000088DE 00000041B4DE 0 __std_type_info_destroy_list
0000000088FE 00000041B4FE 0 __current_exception
000000008914 00000041B514 0 __current_exception_context
000000008932 00000041B532 0 memset
00000000893C 00000041B53C 0 _except_handler4_common
000000008956 00000041B556 0 __vcrt_GetModuleFileNameW
000000008972 00000041B572 0 __vcrt_GetModuleHandleW
00000000898C 00000041B58C 0 __vcrt_LoadLibraryExW
0000000089A2 00000041B5A2 0 VCRUNTIME140D.dll
0000000089B6 00000041B5B6 0 strncpy
0000000089C0 00000041B5C0 0 _CrtDbgReport
0000000089D0 00000041B5D0 0 _CrtDbgReportW
0000000089E2 00000041B5E2 0 _seh_filter_exe
0000000089F4 00000041B5F4 0 _set_app_type
000000008A04 00000041B604 0 __setusermatherr
000000008A18 00000041B618 0 _configure_narrow_argv
000000008A32 00000041B632 0 _initialize_narrow_environment
000000008A54 00000041B654 0 _get_narrow_winmain_command_line
000000008A78 00000041B678 0 _initterm
000000008A84 00000041B684 0 _initterm_e
000000008A9A 00000041B69A 0 _exit
000000008AA2 00000041B6A2 0 _set_fmode
000000008AB0 00000041B6B0 0 _cexit
000000008ABA 00000041B6BA 0 _c_exit
000000008AC4 00000041B6C4 0 _register_thread_local_exe_atexit_callback
000000008AF2 00000041B6F2 0 _configthreadlocale
000000008B08 00000041B708 0 _set_new_mode
000000008B18 00000041B718 0 __p__commode
000000008B28 00000041B728 0 strcpy_s
000000008B34 00000041B734 0 strcat_s
000000008B40 00000041B740 0 __stdio_common_vsprintf_s
000000008B5C 00000041B75C 0 _seh_filter_dll
000000008B6E 00000041B76E 0 _initialize_onexit_table
000000008B8A 00000041B78A 0 _register_onexit_function
000000008BA6 00000041B7A6 0 _execute_onexit_table
000000008BBE 00000041B7BE 0 _crt_atexit
000000008BCC 00000041B7CC 0 _crt_at_quick_exit
000000008BE2 00000041B7E2 0 _controlfp_s
000000008BF2 00000041B7F2 0 terminate
000000008BFE 00000041B7FE 0 _wmakepath_s
000000008C0E 00000041B80E 0 _wsplitpath_s
000000008C1E 00000041B81E 0 wcscpy_s
000000008C28 00000041B828 0 ucrtbased.dll
000000008C38 00000041B838 0 GetCurrentThreadId
000000008C4E 00000041B84E 0 IsDebuggerPresent
000000008C62 00000041B862 0 RaiseException
000000008C74 00000041B874 0 MultiByteToWideChar
File pos Mem pos ID Text
======== ======= == ====
000000008C8A 00000041B88A 0 WideCharToMultiByte
000000008CA0 00000041B8A0 0 UnhandledExceptionFilter
000000008CBC 00000041B8BC 0 SetUnhandledExceptionFilter
000000008CDA 00000041B8DA 0 GetCurrentProcess
000000008CEE 00000041B8EE 0 TerminateProcess
000000008D02 00000041B902 0 IsProcessorFeaturePresent
000000008D1E 00000041B91E 0 QueryPerformanceCounter
000000008D38 00000041B938 0 GetCurrentProcessId
000000008D4E 00000041B94E 0 GetSystemTimeAsFileTime
000000008D68 00000041B968 0 InitializeSListHead
000000008D7E 00000041B97E 0 GetStartupInfoW
000000008D90 00000041B990 0 GetModuleHandleW
000000008DA4 00000041B9A4 0 GetLastError
000000008DB4 00000041B9B4 0 HeapAlloc
000000008DC0 00000041B9C0 0 HeapFree
000000008DCC 00000041B9CC 0 GetProcessHeap
000000008DDE 00000041B9DE 0 VirtualQuery
000000008DEE 00000041B9EE 0 FreeLibrary
000000008DFC 00000041B9FC 0 GetProcAddress
000000008E0C 00000041BA0C 0 KERNEL32.dll
000000009570 00000041E170 0 <?xml version='1.0' encoding='UTF-8' standalone='yes'?>
0000000095A9 00000041E1A9 0 <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
0000000095F4 00000041E1F4 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
00000000962C 00000041E22C 0 <security>
00000000963C 00000041E23C 0 <requestedPrivileges>
000000009659 00000041E259 0 <requestedExecutionLevel level='asInvoker' uiAccess='false' />
0000000096A1 00000041E2A1 0 </requestedPrivileges>
0000000096BF 00000041E2BF 0 </security>
0000000096D0 00000041E2D0 0 </trustInfo>
0000000096E0 00000041E2E0 0 </assembly>
000000009A13 00000041F013 0 9 :8:D:P:\:h:
000000009A23 00000041F023 0 :B;p;|;
000000009A35 00000041F035 0 <#<0<
000000009A61 00000041F061 0 0H0T0
000000009A7B 00000041F07B 0 3B3a3q3
000000009A8D 00000041F08D 0 5-5p5
000000009AA3 00000041F0A3 0 8J9]9u9
000000009AB9 00000041F0B9 0 9n:u:
000000009AC5 00000041F0C5 0 ;8;Y;
000000009AE3 00000041F0E3 0 >->>>
000000009B0B 00000041F10B 0 1<1B1H1N1T1Z1a1h1o1v1}1
000000009B65 00000041F165 0 3!3+3@3E3
000000009B8F 00000041F18F 0 4!4'414c4t4
000000009BA1 00000041F1A1 0 5.5T5]5c5
000000009BC7 00000041F1C7 0 :0:9:A:G:
000000009BD7 00000041F1D7 0 :+<F<
000000009BEB 00000041F1EB 0 =6>A>N>V>
000000009BF7 00000041F1F7 0 >4?:?T?
000000009C08 00000041F208 0 60d0t0\1
000000009C17 00000041F217 0 243:3
000000009C1D 00000041F21D 0 4"4)4:4E4b4i4z4
000000009C31 00000041F231 0 4E5R5
000000009C3F 00000041F23F 0 6E6W6
000000009C45 00000041F245 0 7.7G7[7g7z7
000000009C61 00000041F261 0 8 888A8
000000009C7D 00000041F27D 0 :R:l:7;
000000009C91 00000041F291 0 <(<R<r<|<
000000009CA5 00000041F2A5 0 =e=t=
000000009CC9 00000041F2C9 0 0C1K1
000000009CF3 00000041F2F3 0 4%4+41474=4C4I4O4U4[4a4g4m4s4y4
File pos Mem pos ID Text
======== ======= == ====
000000009D47 00000041F347 0 5!5'5-53595?5E5K5Q5W5]5c5i5o5u5{5
000000009D85 00000041F385 0 5L;P;T;X;\;
000000009DA5 00000041F3A5 0 2 2$2t5
000000009DB9 00000041F3B9 0 ?$?(?
000000006F5C 000000417F5C 0 Unable to display RTC Message.
000000006FB8 000000417FB8 0 Run-Time Check Failure #%d - %s
0000000072F8 0000004182F8 0 bin\MSPDB140.DLL
00000000731C 00000041831C 0 VCRUNTIME140D.dll
000000007350 000000418350 0 api-ms-win-core-registry-l1-1-0.dll
0000000073A8 0000004183A8 0 advapi32.dll
000000007400 000000418400 0 SOFTWARE\Wow6432Node\Microsoft\VisualStudio\14.0\Setup\VC
00000000748C 00000041848C 0 ProductDir
0000000074B4 0000004184B4 0 MSPDB140
0000000074CC 0000004184CC 0 MSPDB140
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001F0 0000004001F0 0 .textbss
000000000218 000000400218 0 .text
000000000240 000000400240 0 .rdata
000000000267 000000400267 0 @.data
000000000290 000000400290 0 .idata
0000000002B7 0000004002B7 0 @.msvcjmcH
0000000002E0 0000004002E0 0 .00cfg
000000000307 000000400307 0 @.rsrc
00000000032F 00000040032F 0 @.reloc
000000000E6C 000000411A6C 0 ulaValues
000000000E76 000000411A76 0 lpResult
000000000E7F 000000411A7F 0 tDenomination
000000000E8D 000000411A8D 0 tDispense
000000000F80 000000411B80 0 lpResult
0000000010E4 000000411CE4 0 szLogicalName
0000000010F2 000000411CF2 0 SpiVersion
0000000010FD 000000411CFD 0 SvcVersion
000000001208 000000411E08 0 WfsVersion
000000001458 000000412058 0 hService
000000001544 000000412144 0 9:~IS3
00000000164D 00000041224D 0 93~AW3
000000001E7C 000000412A7C 0 t.RPQ
000000001F0D 000000412B0D 0 wIh|{A
000000003B61 000000414761 0 WuyWWh
000000004481 000000415081 0 5ineI
000000004493 000000415093 0 5ntel
000000006B30 000000417B30 0 CurrencyDispenser1
000000006B7C 000000417B7C 0 Stack around the variable '
000000006B98 000000417B98 0 ' was corrupted.
000000006BAC 000000417BAC 0 The variable '
000000006BBC 000000417BBC 0 ' is being used without being initialized.
000000006C08 000000417C08 0 The value of ESP was not properly saved across a function call. This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
000000006D18 000000417D18 0 A cast to a smaller data type has caused a loss of data. If this was intentional, you should mask the source of the cast with the appropriate bitmask. For example:
000000006DC1 000000417DC1 0 char c = (i & 0xFF);
000000006DD8 000000417DD8 0 Changing the code in this way will not affect the quality of the resulting optimized code.
000000006E70 000000417E70 0 Stack memory was corrupted
000000006E94 000000417E94 0 A local variable was used before it was initialized
000000006ED4 000000417ED4 0 Stack memory around _alloca was corrupted
000000006F08 000000417F08 0 Unknown Runtime Check Error
000000007004 000000418004 0 Unknown Filename
000000007018 000000418018 0 Unknown Module Name
000000007030 000000418030 0 Run-Time Check Failure #%d - %s
000000007058 000000418058 0 Stack corrupted near unknown variable
000000007088 000000418088 0 %.2X
000000007090 000000418090 0 Stack area around _alloca memory reserved by this function is corrupted
File pos Mem pos ID Text
======== ======= == ====
0000000070F1 0000004180F1 0 Data: <
0000000070FD 0000004180FD 0 Allocation number within this function:
000000007131 000000418131 0 Size:
00000000713D 00000041813D 0 Address: 0x
000000007150 000000418150 0 Stack area around _alloca memory reserved by this function is corrupted
0000000071A8 0000004181A8 0 %s%s%p%s%zd%s%d%s%s%s%s%s
0000000071C8 0000004181C8 0 A variable is being used without being initialized.
00000000722C 00000041822C 0 Stack pointer corruption
00000000724C 00000041824C 0 Cast to smaller type causing loss of data
000000007280 000000418280 0 Stack memory corruption
00000000729C 00000041829C 0 Local variable used before initialization
0000000072D0 0000004182D0 0 Stack around _alloca corrupted
0000000073C8 0000004183C8 0 RegOpenKeyExW
0000000073D8 0000004183D8 0 RegQueryValueExW
0000000073EC 0000004183EC 0 RegCloseKey
0000000074E4 0000004184E4 0 PDBOpenValidate5
000000007755 000000418755 0 [>2es
000000007760 000000418760 0 C:\Users\muham\source\repos\loup\Debug\loup.pdb
00000000886E 00000041B46E 0 WFSCleanUp
00000000887C 00000041B47C 0 WFSClose
000000008888 00000041B488 0 WFSExecute
000000008896 00000041B496 0 WFSFreeResult
0000000088A6 00000041B4A6 0 WFSLock
0000000088B0 00000041B4B0 0 WFSOpen
0000000088BA 00000041B4BA 0 WFSStartUp
0000000088C8 00000041B4C8 0 WFSUnlock
0000000088D2 00000041B4D2 0 MSXFS.dll
0000000088DE 00000041B4DE 0 __std_type_info_destroy_list
0000000088FE 00000041B4FE 0 __current_exception
000000008914 00000041B514 0 __current_exception_context
000000008932 00000041B532 0 memset
00000000893C 00000041B53C 0 _except_handler4_common
000000008956 00000041B556 0 __vcrt_GetModuleFileNameW
000000008972 00000041B572 0 __vcrt_GetModuleHandleW
00000000898C 00000041B58C 0 __vcrt_LoadLibraryExW
0000000089A2 00000041B5A2 0 VCRUNTIME140D.dll
0000000089B6 00000041B5B6 0 strncpy
0000000089C0 00000041B5C0 0 _CrtDbgReport
0000000089D0 00000041B5D0 0 _CrtDbgReportW
0000000089E2 00000041B5E2 0 _seh_filter_exe
0000000089F4 00000041B5F4 0 _set_app_type
000000008A04 00000041B604 0 __setusermatherr
000000008A18 00000041B618 0 _configure_narrow_argv
000000008A32 00000041B632 0 _initialize_narrow_environment
000000008A54 00000041B654 0 _get_narrow_winmain_command_line
000000008A78 00000041B678 0 _initterm
000000008A84 00000041B684 0 _initterm_e
000000008A9A 00000041B69A 0 _exit
000000008AA2 00000041B6A2 0 _set_fmode
000000008AB0 00000041B6B0 0 _cexit
000000008ABA 00000041B6BA 0 _c_exit
000000008AC4 00000041B6C4 0 _register_thread_local_exe_atexit_callback
000000008AF2 00000041B6F2 0 _configthreadlocale
000000008B08 00000041B708 0 _set_new_mode
000000008B18 00000041B718 0 __p__commode
000000008B28 00000041B728 0 strcpy_s
000000008B34 00000041B734 0 strcat_s
000000008B40 00000041B740 0 __stdio_common_vsprintf_s
000000008B5C 00000041B75C 0 _seh_filter_dll
000000008B6E 00000041B76E 0 _initialize_onexit_table
File pos Mem pos ID Text
======== ======= == ====
000000008B8A 00000041B78A 0 _register_onexit_function
000000008BA6 00000041B7A6 0 _execute_onexit_table
000000008BBE 00000041B7BE 0 _crt_atexit
000000008BCC 00000041B7CC 0 _crt_at_quick_exit
000000008BE2 00000041B7E2 0 _controlfp_s
000000008BF2 00000041B7F2 0 terminate
000000008BFE 00000041B7FE 0 _wmakepath_s
000000008C0E 00000041B80E 0 _wsplitpath_s
000000008C1E 00000041B81E 0 wcscpy_s
000000008C28 00000041B828 0 ucrtbased.dll
000000008C38 00000041B838 0 GetCurrentThreadId
000000008C4E 00000041B84E 0 IsDebuggerPresent
000000008C62 00000041B862 0 RaiseException
000000008C74 00000041B874 0 MultiByteToWideChar
000000008C8A 00000041B88A 0 WideCharToMultiByte
000000008CA0 00000041B8A0 0 UnhandledExceptionFilter
000000008CBC 00000041B8BC 0 SetUnhandledExceptionFilter
000000008CDA 00000041B8DA 0 GetCurrentProcess
000000008CEE 00000041B8EE 0 TerminateProcess
000000008D02 00000041B902 0 IsProcessorFeaturePresent
000000008D1E 00000041B91E 0 QueryPerformanceCounter
000000008D38 00000041B938 0 GetCurrentProcessId
000000008D4E 00000041B94E 0 GetSystemTimeAsFileTime
000000008D68 00000041B968 0 InitializeSListHead
000000008D7E 00000041B97E 0 GetStartupInfoW
000000008D90 00000041B990 0 GetModuleHandleW
000000008DA4 00000041B9A4 0 GetLastError
000000008DB4 00000041B9B4 0 HeapAlloc
000000008DC0 00000041B9C0 0 HeapFree
000000008DCC 00000041B9CC 0 GetProcessHeap
000000008DDE 00000041B9DE 0 VirtualQuery
000000008DEE 00000041B9EE 0 FreeLibrary
000000008DFC 00000041B9FC 0 GetProcAddress
000000008E0C 00000041BA0C 0 KERNEL32.dll
000000009570 00000041E170 0 <?xml version='1.0' encoding='UTF-8' standalone='yes'?>
0000000095A9 00000041E1A9 0 <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
0000000095F4 00000041E1F4 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
00000000962C 00000041E22C 0 <security>
00000000963C 00000041E23C 0 <requestedPrivileges>
000000009659 00000041E259 0 <requestedExecutionLevel level='asInvoker' uiAccess='false' />
0000000096A1 00000041E2A1 0 </requestedPrivileges>
0000000096BF 00000041E2BF 0 </security>
0000000096D0 00000041E2D0 0 </trustInfo>
0000000096E0 00000041E2E0 0 </assembly>
000000009A13 00000041F013 0 9 :8:D:P:\:h:
000000009A23 00000041F023 0 :B;p;|;
000000009A35 00000041F035 0 <#<0<
000000009A61 00000041F061 0 0H0T0
000000009A7B 00000041F07B 0 3B3a3q3
000000009A8D 00000041F08D 0 5-5p5
000000009AA3 00000041F0A3 0 8J9]9u9
000000009AB9 00000041F0B9 0 9n:u:
000000009AC5 00000041F0C5 0 ;8;Y;
000000009AE3 00000041F0E3 0 >->>>
000000009B0B 00000041F10B 0 1<1B1H1N1T1Z1a1h1o1v1}1
000000009B65 00000041F165 0 3!3+3@3E3
000000009B8F 00000041F18F 0 4!4'414c4t4
000000009BA1 00000041F1A1 0 5.5T5]5c5
000000009BC7 00000041F1C7 0 :0:9:A:G:
000000009BD7 00000041F1D7 0 :+<F<
File pos Mem pos ID Text
======== ======= == ====
000000009BEB 00000041F1EB 0 =6>A>N>V>
000000009BF7 00000041F1F7 0 >4?:?T?
000000009C08 00000041F208 0 60d0t0\1
000000009C17 00000041F217 0 243:3
000000009C1D 00000041F21D 0 4"4)4:4E4b4i4z4
000000009C31 00000041F231 0 4E5R5
000000009C3F 00000041F23F 0 6E6W6
000000009C45 00000041F245 0 7.7G7[7g7z7
000000009C61 00000041F261 0 8 888A8
000000009C7D 00000041F27D 0 :R:l:7;
000000009C91 00000041F291 0 <(<R<r<|<
000000009CA5 00000041F2A5 0 =e=t=
000000009CC9 00000041F2C9 0 0C1K1
000000009CF3 00000041F2F3 0 4%4+41474=4C4I4O4U4[4a4g4m4s4y4
000000009D47 00000041F347 0 5!5'5-53595?5E5K5Q5W5]5c5i5o5u5{5
000000009D85 00000041F385 0 5L;P;T;X;\;
000000009DA5 00000041F3A5 0 2 2$2t5
000000009DB9 00000041F3B9 0 ?$?(?
000000006F5C 000000417F5C 0 Unable to display RTC Message.
000000006FB8 000000417FB8 0 Run-Time Check Failure #%d - %s
0000000072F8 0000004182F8 0 bin\MSPDB140.DLL
00000000731C 00000041831C 0 VCRUNTIME140D.dll
000000007350 000000418350 0 api-ms-win-core-registry-l1-1-0.dll
0000000073A8 0000004183A8 0 advapi32.dll
000000007400 000000418400 0 SOFTWARE\Wow6432Node\Microsoft\VisualStudio\14.0\Setup\VC
00000000748C 00000041848C 0 ProductDir
0000000074B4 0000004184B4 0 MSPDB140
0000000074CC 0000004184CC 0 MSPDB140
=== DOWNLOAD ===
Mirror provided by vx-underground.org, thx!