.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------. ! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV ! `-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
6b2fac8331e4b3e108aa829b297347f686ade233b24d94d881dc4eff81b9eb30
Date...........: 2020-01-09
Family.........: Alice
File name......: taskmngr.exe
File size......: 116.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Entropy:
Binary Histogram:
=== SCREENSHOT ===
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 144 0x90
blocks_in_file: 3 3
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 0 0
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 0 0
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 224 0xe0
=== DOS STUB ===
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
=== RICH Header ===
LIB_ID VERSION TIMES_USED
4 4 8447 20ff 2 2
19 13 8078 1f8e 26 1a
1 1 0 0 16 10
19 13 9049 2359 3 3
18 12 8444 20fc 1 1
6 6 1735 6c7 1 1
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 3 3
TimeDateStamp: "2014-10-06 00:17:31"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 271 0x10f RELOCS_STRIPPED, EXECUTABLE_IMAGE
LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED
32BIT_MACHINE
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 5.12
SizeOfCode: 3584 0xe00
SizeOfInitializedData: 114176 0x1be00
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 7233 0x1c41
BaseOfCode: 4096 0x1000
BaseOfData: 8192 0x2000
ImageBase: 4194304 0x400000
SectionAlignment: 4096 0x1000
FileAlignment: 512 0x200
OperatingSystemVersion: 4.0
ImageVersion: 0.0
SubsystemVersion: 4.0
Reserved1: 0 0
SizeOfImage: 126976 0x1f000
SizeOfHeaders: 1024 0x400
CheckSum: 152180 0x25274
Subsystem: 2 2 WINDOWS_GUI
DllCharacteristics: 0 0
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 4096 0x1000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x 20a4 size:0x 78
RESOURCE rva:0x 3000 size:0x 1b728
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x 0 size:0x 0
DEBUG rva:0x 0 size:0x 0
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 0 size:0x 0
LOAD_CONFIG rva:0x 0 size:0x 0
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 2000 size:0x a4
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
.text 1000 d56 e00 400 0 0 0 0 e0000020 RWX CODE
.rdata 2000 424 600 1200 0 0 0 0 40000040 R-- IDATA
.rsrc 3000 1b728 1b800 1800 0 0 0 0 c0000040 RW- IDATA
[?] ignoring invalid PEdump::BITMAPINFOHEADER
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0x1a98 0 0x409 9640 ICON #1
0x4040 1200 0x409 9862 ICON #2
0x66c8 1200 0x409 67624 ICON #3
0x16ef0 1200 0x409 16936 ICON #4
0x1b118 1200 0x409 4264 ICON #5
0x1c1c0 1200 0x409 1128 ICON #6
0x1c628 0 0x409 342 DIALOG #1000
0x1c780 0 0x409 346 DIALOG #2000
0x1c8dc 0 0x409 90 GROUP_ICON #20
0x1c938 0 0x409 820 VERSION #1
0x1cc6c 0 0x409 689 MANIFEST #1
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
ntdll.dll 15b RtlCaptureStackBackTrace
ntdll.dll 229 RtlMoveMemory
ntdll.dll 298 RtlUnwind
ntdll.dll 2b1 RtlZeroMemory
ntdll.dll 2bf VerSetConditionMask
ntdll.dll 1c5 RtlFillMemory
user32.dll 15b GetWindowTextLengthA
user32.dll fa GetDlgItem
user32.dll 18a IsWindow
user32.dll 90 DialogBoxParamA
user32.dll 4 AnimateWindow
user32.dll 27d wsprintfA
user32.dll 1b1 MessageBoxA
user32.dll 1f8 SendDlgItemMessageA
user32.dll 1fd SendMessageA
user32.dll 216 SetFocus
user32.dll 23d SetWindowTextA
user32.dll b4 EndDialog
kernel32.dll 317 lstrcmpiA
kernel32.dll 1f9 LocalSize
kernel32.dll 1f4 LocalFree
kernel32.dll 1f0 LocalAlloc
kernel32.dll 1dc IsBadWritePtr
kernel32.dll 134 GetModuleHandleA
kernel32.dll 9b ExitProcess
comctl32.dll 54 InitCommonControls
MSXFS.dll 14 WFSCleanUp
MSXFS.dll 1f WFSOpen
MSXFS.dll 1b WFSGetInfo
MSXFS.dll 19 WFSExecute
MSXFS.dll 1e WFSLock
MSXFS.dll 20 WFSRegister
MSXFS.dll 1a WFSFreeResult
MSXFS.dll 24 WFSUnlock
MSXFS.dll 15 WFSClose
MSXFS.dll 22 WFSStartUp
=== VERSION INFO ===
# VS_FIXEDFILEINFO:
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
StrucVersion : 0x10000
FileFlagsMask : 0
FileFlags : 0
FileOS : 4
FileType : 1
FileSubtype : 0
# StringTable 040904E3:
FileVersion : "1.0.0.0"
ProductVersion : "1.0.0.0"
CompanyName : "Sanctions Group"
FileDescription : "Project Alice"
InternalName : "Sanctions"
ProductName : "Sanctions"
LegalCopyright : "Sanctions group"
Comments : "Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com"
VarFileInfo : [ 0x409, 0x4e3 ]
=== Packer / Compiler ===
MS Visual C# v7.0 / Basic .NET
=== Strings ===
File pos Mem pos ID Text
======== ======= == ====
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001D8 0000004001D8 0 .text
000000000200 000000400200 0 .rdata
000000000227 000000400227 0 @.rsrc
000000000400 000000401000 0 CurrencyDispenser1
00000000041F 00000040101F 0 Project Alice
000000000660 000000401260 0 Selected cassette is unavailable !
000000000683 000000401283 0 Can't dispense requested amount. Error %d ocurred !
00000000082F 00000040142F 0 t@Wj@
0000000008A9 0000004014A9 0 Bills count
0000000008B5 0000004014B5 0 Bill value
0000000008C0 0000004014C0 0 Currency
0000000008C9 0000004014C9 0 Result
0000000008D3 0000004014D3 0 Total :
000000000D50 000000401950 0 j!j!h6
000000000D68 000000401968 0 t2j7h
0000000013C2 0000004021C2 0 RtlCaptureStackBackTrace
0000000013DE 0000004021DE 0 RtlFillMemory
0000000013EE 0000004021EE 0 RtlMoveMemory
0000000013FE 0000004021FE 0 RtlUnwind
00000000140A 00000040220A 0 RtlZeroMemory
00000000141A 00000040221A 0 VerSetConditionMask
00000000142E 00000040222E 0 ntdll.dll
00000000143A 00000040223A 0 wsprintfA
000000001446 000000402246 0 AnimateWindow
000000001456 000000402256 0 DialogBoxParamA
000000001468 000000402268 0 EndDialog
000000001474 000000402274 0 GetDlgItem
000000001482 000000402282 0 GetWindowTextLengthA
00000000149A 00000040229A 0 IsWindow
0000000014A6 0000004022A6 0 MessageBoxA
0000000014B4 0000004022B4 0 SendDlgItemMessageA
0000000014CA 0000004022CA 0 SendMessageA
0000000014DA 0000004022DA 0 SetFocus
0000000014E6 0000004022E6 0 SetWindowTextA
0000000014F6 0000004022F6 0 user32.dll
000000001504 000000402304 0 ExitProcess
000000001512 000000402312 0 GetModuleHandleA
000000001526 000000402326 0 IsBadWritePtr
000000001536 000000402336 0 LocalAlloc
000000001544 000000402344 0 LocalFree
000000001550 000000402350 0 LocalSize
00000000155C 00000040235C 0 lstrcmpiA
000000001566 000000402366 0 kernel32.dll
000000001576 000000402376 0 InitCommonControls
00000000158A 00000040238A 0 comctl32.dll
00000000159A 00000040239A 0 WFSStartUp
0000000015A8 0000004023A8 0 WFSClose
0000000015B4 0000004023B4 0 WFSUnlock
0000000015C0 0000004023C0 0 WFSFreeResult
0000000015D0 0000004023D0 0 WFSRegister
0000000015DE 0000004023DE 0 WFSLock
0000000015E8 0000004023E8 0 WFSExecute
0000000015F6 0000004023F6 0 WFSGetInfo
000000001604 000000402404 0 WFSOpen
00000000160E 00000040240E 0 WFSCleanUp
00000000161A 00000040241A 0 MSXFS.dll
000000002711 000000403F11 0 !! 9<<
000000003929 000000405129 0 !djj
000000004063 000000405863 0 &MIDATx
File pos Mem pos ID Text
======== ======= == ====
0000000040F0 0000004058F0 0 x0AN)u
00000000463D 000000405E3D 0 MD\KD
00000000469C 000000405E9C 0 XLR(p
000000004766 000000405F66 0 XL3#
000000004888 000000406088 0 Y]6;[
00000000491F 00000040611F 0 32.m9
0000000049D5 0000004061D5 0 R77~"
0000000049E9 0000004061E9 0 CCC{u
000000004B06 000000406306 0 Tsmf.@[
000000004CFB 0000004064FB 0 MOOCJ
000000004F33 000000406733 0 ?";W"2
0000000050F9 0000004068F9 0 (hAD*
0000000051A9 0000004069A9 0 e333w
0000000052C0 000000406AC0 0 dY~-&
0000000052F9 000000406AF9 0 bEA[E]
000000005325 000000406B25 0 Rj_[$
0000000053D7 000000406BD7 0 *fM/#
0000000054F8 000000406CF8 0 04t''
00000000556F 000000406D6F 0 >{Sut
000000005711 000000406F11 0 rF:r>
000000005734 000000406F34 0 .n|~J
0000000058E8 0000004070E8 0 ,]"".
000000005A2C 00000040722C 0 ,jQ.W
000000005A34 000000407234 0 HyDq#@
000000005C1D 00000040741D 0 GDt]W
000000005C7A 00000040747A 0 XLR(p
000000005F57 000000407757 0 Tk=77G
000000005F67 000000407767 0 a]6==
000000005F99 000000407799 0 Tsmf.@[
000000006057 000000407857 0 !]6:z4
00000000624C 000000407A4C 0 %]FDW
00000000629F 000000407A9F 0 pGv7m
00000000635A 000000407B5A 0 K]V.W.
000000006632 000000407E32 0 TEDDCW)e
000000006652 000000407E52 0 EF6o>
00000001BF69 00000041D769 0 TXX
00000001CC6C 00000041E46C 0 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
00000001CCA5 00000041E4A5 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
00000001CCF0 00000041E4F0 0 <assemblyIdentity
00000001CD03 00000041E503 0 version="1.0.0.0"
00000001CD1A 00000041E51A 0 processorArchitecture="X86"
00000001CD3B 00000041E53B 0 name="CompanyName.ProductName.YourApp"
00000001CD67 00000041E567 0 type="win32"
00000001CD7D 00000041E57D 0 <description>Your application description here.</description>
00000001CDBC 00000041E5BC 0 <dependency>
00000001CDCA 00000041E5CA 0 <dependentAssembly>
00000001CDDF 00000041E5DF 0 <assemblyIdentity
00000001CDFA 00000041E5FA 0 type="win32"
00000001CE14 00000041E614 0 name="Microsoft.Windows.Common-Controls"
00000001CE4A 00000041E64A 0 version="6.0.0.0"
00000001CE69 00000041E669 0 processorArchitecture="X86"
00000001CE92 00000041E692 0 publicKeyToken="6595b64144ccf1df"
00000001CEC1 00000041E6C1 0 language="*"
00000001CEDB 00000041E6DB 0 />
00000001CEE7 00000041E6E7 0 </dependentAssembly>
00000001CF01 00000041E701 0 </dependency>
00000001CF10 00000041E710 0 </assembly>
00000001C646 00000041DE46 0 Operator panel
00000001C66B 00000041DE6B 0 Times New Roman
00000001C6A8 00000041DEA8 0 ATM update manager
File pos Mem pos ID Text
======== ======= == ====
00000001C6E8 00000041DEE8 0 SysListView32
00000001C764 00000041DF64 0 Update ID:
00000001C79E 00000041DF9E 0 Input PIN-code for access !
00000001C7DD 00000041DFDD 0 MS Sans Serif
00000001C814 00000041E014 0 ATM Update manager
00000001C858 00000041E058 0 Supervisor ID
00000001C93E 00000041E13E 0 VS_VERSION_INFO
00000001C99A 00000041E19A 0 StringFileInfo
00000001C9BE 00000041E1BE 0 040904E3
00000001C9D6 00000041E1D6 0 FileVersion
00000001C9F0 00000041E1F0 0 1.0.0.0
00000001CA06 00000041E206 0 ProductVersion
00000001CA24 00000041E224 0 1.0.0.0
00000001CA3A 00000041E23A 0 CompanyName
00000001CA54 00000041E254 0 Sanctions Group
00000001CA7A 00000041E27A 0 FileDescription
00000001CA9C 00000041E29C 0 Project Alice
00000001CABE 00000041E2BE 0 InternalName
00000001CAD8 00000041E2D8 0 Sanctions
00000001CAF2 00000041E2F2 0 ProductName
00000001CB0C 00000041E30C 0 Sanctions
00000001CB26 00000041E326 0 LegalCopyright
00000001CB44 00000041E344 0 Sanctions group
00000001CB6A 00000041E36A 0 Comments
00000001CB7C 00000041E37C 0 Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com
00000001CC2E 00000041E42E 0 VarFileInfo
00000001CC4E 00000041E44E 0 Translation
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001D8 0000004001D8 0 .text
000000000200 000000400200 0 .rdata
000000000227 000000400227 0 @.rsrc
000000000400 000000401000 0 CurrencyDispenser1
00000000041F 00000040101F 0 Project Alice
000000000660 000000401260 0 Selected cassette is unavailable !
000000000683 000000401283 0 Can't dispense requested amount. Error %d ocurred !
00000000082F 00000040142F 0 t@Wj@
0000000008A9 0000004014A9 0 Bills count
0000000008B5 0000004014B5 0 Bill value
0000000008C0 0000004014C0 0 Currency
0000000008C9 0000004014C9 0 Result
0000000008D3 0000004014D3 0 Total :
000000000D50 000000401950 0 j!j!h6
000000000D68 000000401968 0 t2j7h
0000000013C2 0000004021C2 0 RtlCaptureStackBackTrace
0000000013DE 0000004021DE 0 RtlFillMemory
0000000013EE 0000004021EE 0 RtlMoveMemory
0000000013FE 0000004021FE 0 RtlUnwind
00000000140A 00000040220A 0 RtlZeroMemory
00000000141A 00000040221A 0 VerSetConditionMask
00000000142E 00000040222E 0 ntdll.dll
00000000143A 00000040223A 0 wsprintfA
000000001446 000000402246 0 AnimateWindow
000000001456 000000402256 0 DialogBoxParamA
000000001468 000000402268 0 EndDialog
000000001474 000000402274 0 GetDlgItem
000000001482 000000402282 0 GetWindowTextLengthA
00000000149A 00000040229A 0 IsWindow
0000000014A6 0000004022A6 0 MessageBoxA
0000000014B4 0000004022B4 0 SendDlgItemMessageA
0000000014CA 0000004022CA 0 SendMessageA
File pos Mem pos ID Text
======== ======= == ====
0000000014DA 0000004022DA 0 SetFocus
0000000014E6 0000004022E6 0 SetWindowTextA
0000000014F6 0000004022F6 0 user32.dll
000000001504 000000402304 0 ExitProcess
000000001512 000000402312 0 GetModuleHandleA
000000001526 000000402326 0 IsBadWritePtr
000000001536 000000402336 0 LocalAlloc
000000001544 000000402344 0 LocalFree
000000001550 000000402350 0 LocalSize
00000000155C 00000040235C 0 lstrcmpiA
000000001566 000000402366 0 kernel32.dll
000000001576 000000402376 0 InitCommonControls
00000000158A 00000040238A 0 comctl32.dll
00000000159A 00000040239A 0 WFSStartUp
0000000015A8 0000004023A8 0 WFSClose
0000000015B4 0000004023B4 0 WFSUnlock
0000000015C0 0000004023C0 0 WFSFreeResult
0000000015D0 0000004023D0 0 WFSRegister
0000000015DE 0000004023DE 0 WFSLock
0000000015E8 0000004023E8 0 WFSExecute
0000000015F6 0000004023F6 0 WFSGetInfo
000000001604 000000402404 0 WFSOpen
00000000160E 00000040240E 0 WFSCleanUp
00000000161A 00000040241A 0 MSXFS.dll
000000002711 000000403F11 0 !! 9<<
000000003929 000000405129 0 !djj
000000004063 000000405863 0 &MIDATx
0000000040F0 0000004058F0 0 x0AN)u
00000000463D 000000405E3D 0 MD\KD
00000000469C 000000405E9C 0 XLR(p
000000004766 000000405F66 0 XL3#
000000004888 000000406088 0 Y]6;[
00000000491F 00000040611F 0 32.m9
0000000049D5 0000004061D5 0 R77~"
0000000049E9 0000004061E9 0 CCC{u
000000004B06 000000406306 0 Tsmf.@[
000000004CFB 0000004064FB 0 MOOCJ
000000004F33 000000406733 0 ?";W"2
0000000050F9 0000004068F9 0 (hAD*
0000000051A9 0000004069A9 0 e333w
0000000052C0 000000406AC0 0 dY~-&
0000000052F9 000000406AF9 0 bEA[E]
000000005325 000000406B25 0 Rj_[$
0000000053D7 000000406BD7 0 *fM/#
0000000054F8 000000406CF8 0 04t''
00000000556F 000000406D6F 0 >{Sut
000000005711 000000406F11 0 rF:r>
000000005734 000000406F34 0 .n|~J
0000000058E8 0000004070E8 0 ,]"".
000000005A2C 00000040722C 0 ,jQ.W
000000005A34 000000407234 0 HyDq#@
000000005C1D 00000040741D 0 GDt]W
000000005C7A 00000040747A 0 XLR(p
000000005F57 000000407757 0 Tk=77G
000000005F67 000000407767 0 a]6==
000000005F99 000000407799 0 Tsmf.@[
000000006057 000000407857 0 !]6:z4
00000000624C 000000407A4C 0 %]FDW
00000000629F 000000407A9F 0 pGv7m
00000000635A 000000407B5A 0 K]V.W.
File pos Mem pos ID Text
======== ======= == ====
000000006632 000000407E32 0 TEDDCW)e
000000006652 000000407E52 0 EF6o>
00000001BF69 00000041D769 0 TXX
00000001CC6C 00000041E46C 0 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
00000001CCA5 00000041E4A5 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
00000001CCF0 00000041E4F0 0 <assemblyIdentity
00000001CD03 00000041E503 0 version="1.0.0.0"
00000001CD1A 00000041E51A 0 processorArchitecture="X86"
00000001CD3B 00000041E53B 0 name="CompanyName.ProductName.YourApp"
00000001CD67 00000041E567 0 type="win32"
00000001CD7D 00000041E57D 0 <description>Your application description here.</description>
00000001CDBC 00000041E5BC 0 <dependency>
00000001CDCA 00000041E5CA 0 <dependentAssembly>
00000001CDDF 00000041E5DF 0 <assemblyIdentity
00000001CDFA 00000041E5FA 0 type="win32"
00000001CE14 00000041E614 0 name="Microsoft.Windows.Common-Controls"
00000001CE4A 00000041E64A 0 version="6.0.0.0"
00000001CE69 00000041E669 0 processorArchitecture="X86"
00000001CE92 00000041E692 0 publicKeyToken="6595b64144ccf1df"
00000001CEC1 00000041E6C1 0 language="*"
00000001CEDB 00000041E6DB 0 />
00000001CEE7 00000041E6E7 0 </dependentAssembly>
00000001CF01 00000041E701 0 </dependency>
00000001CF10 00000041E710 0 </assembly>
00000001C646 00000041DE46 0 Operator panel
00000001C66B 00000041DE6B 0 Times New Roman
00000001C6A8 00000041DEA8 0 ATM update manager
00000001C6E8 00000041DEE8 0 SysListView32
00000001C764 00000041DF64 0 Update ID:
00000001C79E 00000041DF9E 0 Input PIN-code for access !
00000001C7DD 00000041DFDD 0 MS Sans Serif
00000001C814 00000041E014 0 ATM Update manager
00000001C858 00000041E058 0 Supervisor ID
00000001C93E 00000041E13E 0 VS_VERSION_INFO
00000001C99A 00000041E19A 0 StringFileInfo
00000001C9BE 00000041E1BE 0 040904E3
00000001C9D6 00000041E1D6 0 FileVersion
00000001C9F0 00000041E1F0 0 1.0.0.0
00000001CA06 00000041E206 0 ProductVersion
00000001CA24 00000041E224 0 1.0.0.0
00000001CA3A 00000041E23A 0 CompanyName
00000001CA54 00000041E254 0 Sanctions Group
00000001CA7A 00000041E27A 0 FileDescription
00000001CA9C 00000041E29C 0 Project Alice
00000001CABE 00000041E2BE 0 InternalName
00000001CAD8 00000041E2D8 0 Sanctions
00000001CAF2 00000041E2F2 0 ProductName
00000001CB0C 00000041E30C 0 Sanctions
00000001CB26 00000041E326 0 LegalCopyright
00000001CB44 00000041E344 0 Sanctions group
00000001CB6A 00000041E36A 0 Comments
00000001CB7C 00000041E37C 0 Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com
00000001CC2E 00000041E42E 0 VarFileInfo
00000001CC4E 00000041E44E 0 Translation
=== DOWNLOAD ===
Mirror provided by vx-underground.org, thx!