.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV                                                      !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    622d7489208578eaaaae054a07e16b4b8c91a3fde6e61d082a09aee5a1b1f829
 
Date...........: 2017-03-02
Family.........: ATM.DispCash.3
File name......: CDM_TOOL_EUR.exe
File size......: 42.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
PDB Path found.: C:\Users\MacGyver\Documents\Visual Studio 2008\Projects\COUNTER_STRIKE\Release\CDM_TOOL_EUR.pdb
Additional note: Believed to be test tools made by bankomatchik.ru forum user MacGyver1100101

Entropy:


Binary Histogram:


=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 144 0x90 blocks_in_file: 3 3 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 0 0 max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 0 0 reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 224 0xe0 === DOS STUB === 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| === RICH Header === LIB_ID VERSION TIMES_USED 132 84 30729 7809 26 1a 149 95 30729 7809 17 11 131 83 30729 7809 73 49 4 4 8447 20ff 3 3 123 7b 50727 c627 2 2 1 1 0 0 81 51 137 89 30729 7809 1 1 145 91 30729 7809 1 1 === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 5 5 TimeDateStamp: "2012-09-17 08:06:01" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 9.0 SizeOfCode: 26624 0x6800 SizeOfInitializedData: 15360 0x3c00 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 5563 0x15bb BaseOfCode: 4096 0x1000 BaseOfData: 32768 0x8000 ImageBase: 4194304 0x400000 SectionAlignment: 4096 0x1000 FileAlignment: 512 0x200 OperatingSystemVersion: 5.0 ImageVersion: 0.0 SubsystemVersion: 5.0 Reserved1: 0 0 SizeOfImage: 57344 0xe000 SizeOfHeaders: 1024 0x400 CheckSum: 94893 0x172ad Subsystem: 2 2 WINDOWS_GUI DllCharacteristics: 33088 0x8140 DYNAMIC_BASE, NX_COMPAT TERMINAL_SERVER_AWARE SizeOfStackReserve: 1048576 0x100000 SizeOfStackCommit: 4096 0x1000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x 9644 size:0x 3c RESOURCE rva:0x c000 size:0x 1b4 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x d000 size:0x 6d4 DEBUG rva:0x 8140 size:0x 1c ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 0 size:0x 0 LOAD_CONFIG rva:0x 92d0 size:0x 40 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 8000 size:0x 10c Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS .text 1000 6614 6800 400 0 0 0 0 60000020 R-X CODE .rdata 8000 1c2a 1e00 6c00 0 0 0 0 40000040 R-- IDATA .data a000 17dc e00 8a00 0 0 0 0 c0000040 RW- IDATA .rsrc c000 1b4 200 9800 0 0 0 0 40000040 R-- IDATA .reloc d000 c62 e00 9a00 0 0 0 0 42000040 R-- IDATA DISCARDABLE === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0x9858 1252 0x409 346 MANIFEST #1 === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME MSXFS.dll 14 WFSCleanUp MSXFS.dll 19 WFSExecute MSXFS.dll 15 WFSClose MSXFS.dll 1f WFSOpen MSXFS.dll 1e WFSLock MSXFS.dll 24 WFSUnlock MSXFS.dll 1a WFSFreeResult MSXFS.dll 22 WFSStartUp KERNEL32.dll 29f HeapCreate KERNEL32.dll 16f GetCommandLineA KERNEL32.dll 239 GetStartupInfoA KERNEL32.dll 42d TerminateProcess KERNEL32.dll 1a9 GetCurrentProcess KERNEL32.dll 43e UnhandledExceptionFilter KERNEL32.dll 415 SetUnhandledExceptionFilter KERNEL32.dll 2d1 IsDebuggerPresent KERNEL32.dll 1f9 GetModuleHandleW KERNEL32.dll 421 Sleep KERNEL32.dll 220 GetProcAddress KERNEL32.dll 104 ExitProcess KERNEL32.dll 48d WriteFile KERNEL32.dll 23b GetStdHandle KERNEL32.dll 1f4 GetModuleFileNameA KERNEL32.dll 14a FreeEnvironmentStringsA KERNEL32.dll 1bf GetEnvironmentStrings KERNEL32.dll 14b FreeEnvironmentStringsW KERNEL32.dll 47a WideCharToMultiByte KERNEL32.dll 1e6 GetLastError KERNEL32.dll 1c1 GetEnvironmentStringsW KERNEL32.dll 3e8 SetHandleCount KERNEL32.dll 1d7 GetFileType KERNEL32.dll be DeleteCriticalSection KERNEL32.dll 434 TlsGetValue KERNEL32.dll 432 TlsAlloc KERNEL32.dll 435 TlsSetValue KERNEL32.dll 433 TlsFree KERNEL32.dll 2c0 InterlockedIncrement KERNEL32.dll 3ec SetLastError KERNEL32.dll 1ad GetCurrentThreadId KERNEL32.dll 2bc InterlockedDecrement KERNEL32.dll 457 VirtualFree KERNEL32.dll 2a1 HeapFree KERNEL32.dll 354 QueryPerformanceCounter KERNEL32.dll 266 GetTickCount KERNEL32.dll 1aa GetCurrentProcessId KERNEL32.dll 24f GetSystemTimeAsFileTime KERNEL32.dll 2ef LeaveCriticalSection KERNEL32.dll d9 EnterCriticalSection KERNEL32.dll 2f1 LoadLibraryA KERNEL32.dll 2b5 InitializeCriticalSectionAndSpinCount KERNEL32.dll 15b GetCPInfo KERNEL32.dll 152 GetACP KERNEL32.dll 213 GetOEMCP KERNEL32.dll 2db IsValidCodePage KERNEL32.dll 29d HeapAlloc KERNEL32.dll 454 VirtualAlloc KERNEL32.dll 2a4 HeapReAlloc KERNEL32.dll 392 RtlUnwind KERNEL32.dll 2a6 HeapSize KERNEL32.dll 1e8 GetLocaleInfoA KERNEL32.dll 2e1 LCMapStringA KERNEL32.dll 31a MultiByteToWideChar KERNEL32.dll 2e3 LCMapStringW KERNEL32.dll 23d GetStringTypeA KERNEL32.dll 240 GetStringTypeW === Packer / Compiler === MS Visual C++ v8.0
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000001D8 0000004001D8 0 .text 000000000200 000000400200 0 .rdata 000000000227 000000400227 0 @.data 000000000250 000000400250 0 .rsrc 000000000277 000000400277 0 @.reloc 0000000004CB 0000004010CB 0 D$<VW3 000000000549 000000401149 0 D$Xh. 000000000942 000000401542 0 YQPVh 000000000ED5 000000401AD5 0 VVVVV 000000000F19 000000401B19 0 PPPPP 000000000F5C 000000401B5C 0 VVVVV 000000000F80 000000401B80 0 VVVVV 000000000FA5 000000401BA5 0 VVVVV 0000000011C6 000000401DC6 0 t$<"u 3 00000000125B 000000401E5B 0 >=Yt1j 00000000126E 000000401E6E 0 tNVSP 000000001281 000000401E81 0 PPPPP 0000000013FB 000000401FFB 0 < tK< tG 0000000015B5 0000004021B5 0 @PWSS 000000001712 000000402312 0 [j@j 0000000028A3 0000004034A3 0 PPPPP 000000002C1D 00000040381D 0 0SSSSS 000000002CA6 0000004038A6 0 0SSSSS 000000002DDC 0000004039DC 0 0SSSSS 000000002E55 000000403A55 0 VVVVV 00000000340E 00000040400E 0 0A@@Ju 00000000490F 00000040550F 0 URPQQh 000000004C11 000000405811 0 WWWWW 000000004CD5 0000004058D5 0 u8SS3 000000004D6D 00000040596D 0 9]$SS 000000004EB4 000000405AB4 0 t"SS9] 00000000512D 000000405D2D 0 9] SS 0000000053E4 000000405FE4 0 WWWWW 000000005545 000000406145 0 wIVSP 000000005B86 000000406786 0 PPPPPPPP 000000005C66 000000406866 0 PPPPPPPP 00000000600B 000000406C0B 0 SVWUj 0000000060AC 000000406CAC 0 ;t$,v- 000000006131 000000406D31 0 UQPXY]Y[ 00000000649B 00000040709B 0 WWWWV 0000000064BE 0000004070BE 0 t+WWVPV 0000000065B7 0000004071B7 0 WWWWW 0000000068CB 0000004074CB 0 v N+D$ 000000006D64 000000408164 0 CorExitProcess 000000006D8C 00000040818C 0 runtime error 000000006DA0 0000004081A0 0 TLOSS error 000000006DB0 0000004081B0 0 SING error 000000006DC0 0000004081C0 0 DOMAIN error 000000006DD0 0000004081D0 0 R6034 000000006DD7 0000004081D7 0 An application has made an attempt to load the C runtime library incorrectly. 000000006E25 000000408225 0 Please contact the application's support team for more information. 000000006E70 000000408270 0 R6033 000000006E77 000000408277 0 - Attempt to use MSIL code from this assembly during native code initialization 000000006EC7 0000004082C7 0 This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. 000000006F68 000000408368 0 R6032 000000006F6F 00000040836F 0 - not enough space for locale information 000000006FA0 0000004083A0 0 R6031 000000006FA7 0000004083A7 0 - Attempt to initialize the CRT more than once. 000000006FD7 0000004083D7 0 This indicates a bug in your application. File pos Mem pos ID Text ======== ======= == ==== 000000007004 000000408404 0 R6030 00000000700B 00000040840B 0 - CRT not initialized 000000007024 000000408424 0 R6028 00000000702B 00000040842B 0 - unable to initialize heap 00000000704C 00000040844C 0 R6027 000000007053 000000408453 0 - not enough space for lowio initialization 000000007084 000000408484 0 R6026 00000000708B 00000040848B 0 - not enough space for stdio initialization 0000000070BC 0000004084BC 0 R6025 0000000070C3 0000004084C3 0 - pure virtual function call 0000000070E4 0000004084E4 0 R6024 0000000070EB 0000004084EB 0 - not enough space for _onexit/atexit table 00000000711C 00000040851C 0 R6019 000000007123 000000408523 0 - unable to open console device 000000007148 000000408548 0 R6018 00000000714F 00000040854F 0 - unexpected heap error 00000000716C 00000040856C 0 R6017 000000007173 000000408573 0 - unexpected multithread lock error 00000000719C 00000040859C 0 R6016 0000000071A3 0000004085A3 0 - not enough space for thread data 0000000071CA 0000004085CA 0 This application has requested the Runtime to terminate it in an unusual way. 000000007218 000000408618 0 Please contact the application's support team for more information. 000000007260 000000408660 0 R6009 000000007267 000000408667 0 - not enough space for environment 00000000728C 00000040868C 0 R6008 000000007293 000000408693 0 - not enough space for arguments 0000000072B8 0000004086B8 0 R6002 0000000072BF 0000004086BF 0 - floating point support not loaded 0000000072E8 0000004086E8 0 Microsoft Visual C++ Runtime Library 000000007318 000000408718 0 <program name unknown> 000000007330 000000408730 0 Runtime Error! 000000007340 000000408740 0 Program: 0000000073CC 0000004087CC 0 EncodePointer 0000000073F8 0000004087F8 0 DecodePointer 000000007408 000000408808 0 FlsFree 000000007410 000000408810 0 FlsSetValue 00000000741C 00000040881C 0 FlsGetValue 000000007428 000000408828 0 FlsAlloc 000000007434 000000408834 0 GetProcessWindowStation 00000000744C 00000040884C 0 GetUserObjectInformationA 000000007468 000000408868 0 GetLastActivePopup 00000000747C 00000040887C 0 GetActiveWindow 00000000748C 00000040888C 0 MessageBoxA 000000007498 000000408898 0 USER32.DLL 0000000074C7 0000004088C7 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 000000007508 000000408908 0 abcdefghijklmnopqrstuvwxyz{|}~ 000000007AD8 000000408ED8 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\] 000000007B19 000000408F19 0 abcdefghijklmnopqrstuvwxyz{|}~ 000000007C58 000000409058 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 000000007C99 000000409099 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 000000007D38 000000409138 0 HH:mm:ss 000000007D44 000000409144 0 dddd, MMMM dd, yyyy 000000007D58 000000409158 0 MM/dd/yy 000000007D6C 00000040916C 0 December 000000007D78 000000409178 0 November 000000007D84 000000409184 0 October 000000007D8C 00000040918C 0 September 000000007D98 000000409198 0 August 000000007DB0 0000004091B0 0 April 000000007DB8 0000004091B8 0 March File pos Mem pos ID Text ======== ======= == ==== 000000007DC0 0000004091C0 0 February 000000007DCC 0000004091CC 0 January 000000007E04 000000409204 0 Saturday 000000007E10 000000409210 0 Friday 000000007E18 000000409218 0 Thursday 000000007E24 000000409224 0 Wednesday 000000007E30 000000409230 0 Tuesday 000000007E38 000000409238 0 Monday 000000007E40 000000409240 0 Sunday 000000007E64 000000409264 0 SunMonTueWedThuFriSat 000000007E7C 00000040927C 0 JanFebMarAprMayJunJulAugSepOctNovDec 000000007EA4 0000004092A4 0 CurrencyDispenser1 000000007EB8 0000004092B8 0 CDM_TOOL_EUR 000000007F30 000000409330 0 C:\Users\MacGyver\Documents\Visual Studio 2008\Projects\COUNTER_STRIKE\Release\CDM_TOOL_EUR.pdb 00000000838E 00000040978E 0 WFSStartUp 00000000839C 00000040979C 0 WFSFreeResult 0000000083AC 0000004097AC 0 WFSUnlock 0000000083B8 0000004097B8 0 WFSLock 0000000083C2 0000004097C2 0 WFSOpen 0000000083CC 0000004097CC 0 WFSClose 0000000083D8 0000004097D8 0 WFSExecute 0000000083E6 0000004097E6 0 WFSCleanUp 0000000083F2 0000004097F2 0 MSXFS.dll 0000000083FE 0000004097FE 0 GetCommandLineA 000000008410 000000409810 0 GetStartupInfoA 000000008422 000000409822 0 TerminateProcess 000000008436 000000409836 0 GetCurrentProcess 00000000844A 00000040984A 0 UnhandledExceptionFilter 000000008466 000000409866 0 SetUnhandledExceptionFilter 000000008484 000000409884 0 IsDebuggerPresent 000000008498 000000409898 0 GetModuleHandleW 0000000084AC 0000004098AC 0 Sleep 0000000084B4 0000004098B4 0 GetProcAddress 0000000084C6 0000004098C6 0 ExitProcess 0000000084D4 0000004098D4 0 WriteFile 0000000084E0 0000004098E0 0 GetStdHandle 0000000084F0 0000004098F0 0 GetModuleFileNameA 000000008506 000000409906 0 FreeEnvironmentStringsA 000000008520 000000409920 0 GetEnvironmentStrings 000000008538 000000409938 0 FreeEnvironmentStringsW 000000008552 000000409952 0 WideCharToMultiByte 000000008568 000000409968 0 GetLastError 000000008578 000000409978 0 GetEnvironmentStringsW 000000008592 000000409992 0 SetHandleCount 0000000085A4 0000004099A4 0 GetFileType 0000000085B2 0000004099B2 0 DeleteCriticalSection 0000000085CA 0000004099CA 0 TlsGetValue 0000000085D8 0000004099D8 0 TlsAlloc 0000000085E4 0000004099E4 0 TlsSetValue 0000000085F2 0000004099F2 0 TlsFree 0000000085FC 0000004099FC 0 InterlockedIncrement 000000008614 000000409A14 0 SetLastError 000000008624 000000409A24 0 GetCurrentThreadId 00000000863A 000000409A3A 0 InterlockedDecrement 000000008652 000000409A52 0 HeapCreate 000000008660 000000409A60 0 VirtualFree 00000000866E 000000409A6E 0 HeapFree 00000000867A 000000409A7A 0 QueryPerformanceCounter 000000008694 000000409A94 0 GetTickCount 0000000086A4 000000409AA4 0 GetCurrentProcessId File pos Mem pos ID Text ======== ======= == ==== 0000000086BA 000000409ABA 0 GetSystemTimeAsFileTime 0000000086D4 000000409AD4 0 LeaveCriticalSection 0000000086EC 000000409AEC 0 EnterCriticalSection 000000008704 000000409B04 0 LoadLibraryA 000000008714 000000409B14 0 InitializeCriticalSectionAndSpinCount 00000000873C 000000409B3C 0 GetCPInfo 000000008748 000000409B48 0 GetACP 000000008752 000000409B52 0 GetOEMCP 00000000875E 000000409B5E 0 IsValidCodePage 000000008770 000000409B70 0 HeapAlloc 00000000877C 000000409B7C 0 VirtualAlloc 00000000878C 000000409B8C 0 HeapReAlloc 00000000879A 000000409B9A 0 RtlUnwind 0000000087A6 000000409BA6 0 HeapSize 0000000087B2 000000409BB2 0 GetLocaleInfoA 0000000087C4 000000409BC4 0 LCMapStringA 0000000087D4 000000409BD4 0 MultiByteToWideChar 0000000087EA 000000409BEA 0 LCMapStringW 0000000087FA 000000409BFA 0 GetStringTypeA 00000000880C 000000409C0C 0 GetStringTypeW 00000000881C 000000409C1C 0 KERNEL32.dll 000000008E5E 00000040A45E 0 000000008F3E 00000040A53E 0 abcdefghijklmnopqrstuvwxyz 000000008F5E 00000040A55E 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 000000009062 00000040A662 0 000000009149 00000040A749 0 abcdefghijklmnopqrstuvwxyz 000000009169 00000040A769 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 000000009858 00000040C058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 0000000098A3 00000040C0A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> 0000000098DB 00000040C0DB 0 <security> 0000000098EB 00000040C0EB 0 <requestedPrivileges> 000000009908 00000040C108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel> 000000009968 00000040C168 0 </requestedPrivileges> 000000009986 00000040C186 0 </security> 000000009997 00000040C197 0 </trustInfo> 0000000099A7 00000040C1A7 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD 000000009A0B 00000040D00B 0 0#010?0f0z0 000000009A31 00000040D031 0 4@4T4f4m4s4 000000009A61 00000040D061 0 6 6(60686D6M6R6X6b6k6v6 000000009A8B 00000040D08B 0 7)727_7z7 000000009A9F 00000040D09F 0 8,878<8L8V8]8h8q8 000000009ABD 00000040D0BD 0 8%929\9a9l9q9 000000009ACB 00000040D0CB 0 9@:M:j: 000000009ADF 00000040D0DF 0 ;A;F;n; 000000009B05 00000040D105 0 >@>J> 000000009B2B 00000040D12B 0 101;1R1 000000009B33 00000040D133 0 1k1r1 000000009B3D 00000040D13D 0 2=2V2d2x2 000000009B4B 00000040D14B 0 2(303p3z3 000000009B59 00000040D159 0 3,4>4 000000009B6F 00000040D16F 0 5&5;5B5V5]5 000000009B93 00000040D193 0 6#6,686F6L6X6 000000009BA1 00000040D1A1 0 6k6u6|6 000000009BB5 00000040D1B5 0 7U7[7 000000009BD1 00000040D1D1 0 989=9E9K9R9X9_9e9m9t9y9 000000009C0D 00000040D20D 0 :":0:6:C:c:i: 000000009C29 00000040D229 0 <$<<<T< 000000009C3F 00000040D23F 0 =A=I=T=]= 000000009C59 00000040D259 0 >$>=>Q>W> 000000009C67 00000040D267 0 >,?L?\?n? File pos Mem pos ID Text ======== ======= == ==== 000000009C78 00000040D278 0 @0J0W0r0y0 000000009C9F 00000040D29F 0 3=3Q3W3 000000009CB1 00000040D2B1 0 4"4i4n4 000000009CC3 00000040D2C3 0 4?5H5N5 000000009CD3 00000040D2D3 0 6D6e6r6 000000009CEF 00000040D2EF 0 7(717@7E7O7]7 000000009D01 00000040D301 0 7=:D:J: 000000009D25 00000040D325 0 >@>K>U>n>x> 000000009D51 00000040D351 0 1"141O1W1_1v1 000000009D6D 00000040D36D 0 1'282F2X2 000000009D81 00000040D381 0 373@3L3 000000009D91 00000040D391 0 4(4/474<4@4D4m4 000000009DB5 00000040D3B5 0 5$5(5,505 000000009DCF 00000040D3CF 0 6M6T6X6\6 000000009DD9 00000040D3D9 0 6d6h6l6p6 000000009E01 00000040D401 0 :A:F: 000000009E1D 00000040D41D 0 ="=(=-=6=S=Y=d=i=q=w= 000000009E5C 00000040D45C 0 "2.2a2 000000009E6F 00000040D46F 0 5!5-6_6j6 000000009E81 00000040D481 0 7%8h8n8 000000009E95 00000040D495 0 979g9 000000009E9F 00000040D49F 0 :O; < 000000009ED5 00000040D4D5 0 0)0o0u0 000000009EDF 00000040D4DF 0 0 1A1 000000009EE9 00000040D4E9 0 2 2-2P2 000000009F05 00000040D505 0 7'797K7]7o7 000000009F17 00000040D517 0 9'9,90949]9 000000009F51 00000040D551 0 ;=;D;H;L;P;T;X;\; 000000009FA3 00000040D5A3 0 1 1$1\1 000000009FC5 00000040D5C5 0 404<4X4d4|4 000000009FDD 00000040D5DD 0 5 5@5 000000009FED 00000040D5ED 0 6 6<6@6 00000000A001 00000040D601 0 0$0,040<0D0L0T0\0d0l0t0|0 00000000A043 00000040D643 0 9h9x9 00000000A069 00000040D669 0 : :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\: 00000000A08B 00000040D68B 0 :d:h:l:p:t:x:|: 000000006D74 000000408174 0 mscoree.dll 0000000073DC 0000004087DC 0 KERNEL32.DLL 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000001D8 0000004001D8 0 .text 000000000200 000000400200 0 .rdata 000000000227 000000400227 0 @.data 000000000250 000000400250 0 .rsrc 000000000277 000000400277 0 @.reloc 0000000004CB 0000004010CB 0 D$<VW3 000000000549 000000401149 0 D$Xh. 000000000942 000000401542 0 YQPVh 000000000ED5 000000401AD5 0 VVVVV 000000000F19 000000401B19 0 PPPPP 000000000F5C 000000401B5C 0 VVVVV 000000000F80 000000401B80 0 VVVVV 000000000FA5 000000401BA5 0 VVVVV 0000000011C6 000000401DC6 0 t$<"u 3 00000000125B 000000401E5B 0 >=Yt1j 00000000126E 000000401E6E 0 tNVSP 000000001281 000000401E81 0 PPPPP 0000000013FB 000000401FFB 0 < tK< tG 0000000015B5 0000004021B5 0 @PWSS 000000001712 000000402312 0 [j@j 0000000028A3 0000004034A3 0 PPPPP File pos Mem pos ID Text ======== ======= == ==== 000000002C1D 00000040381D 0 0SSSSS 000000002CA6 0000004038A6 0 0SSSSS 000000002DDC 0000004039DC 0 0SSSSS 000000002E55 000000403A55 0 VVVVV 00000000340E 00000040400E 0 0A@@Ju 00000000490F 00000040550F 0 URPQQh 000000004C11 000000405811 0 WWWWW 000000004CD5 0000004058D5 0 u8SS3 000000004D6D 00000040596D 0 9]$SS 000000004EB4 000000405AB4 0 t"SS9] 00000000512D 000000405D2D 0 9] SS 0000000053E4 000000405FE4 0 WWWWW 000000005545 000000406145 0 wIVSP 000000005B86 000000406786 0 PPPPPPPP 000000005C66 000000406866 0 PPPPPPPP 00000000600B 000000406C0B 0 SVWUj 0000000060AC 000000406CAC 0 ;t$,v- 000000006131 000000406D31 0 UQPXY]Y[ 00000000649B 00000040709B 0 WWWWV 0000000064BE 0000004070BE 0 t+WWVPV 0000000065B7 0000004071B7 0 WWWWW 0000000068CB 0000004074CB 0 v N+D$ 000000006D64 000000408164 0 CorExitProcess 000000006D8C 00000040818C 0 runtime error 000000006DA0 0000004081A0 0 TLOSS error 000000006DB0 0000004081B0 0 SING error 000000006DC0 0000004081C0 0 DOMAIN error 000000006DD0 0000004081D0 0 R6034 000000006DD7 0000004081D7 0 An application has made an attempt to load the C runtime library incorrectly. 000000006E25 000000408225 0 Please contact the application's support team for more information. 000000006E70 000000408270 0 R6033 000000006E77 000000408277 0 - Attempt to use MSIL code from this assembly during native code initialization 000000006EC7 0000004082C7 0 This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. 000000006F68 000000408368 0 R6032 000000006F6F 00000040836F 0 - not enough space for locale information 000000006FA0 0000004083A0 0 R6031 000000006FA7 0000004083A7 0 - Attempt to initialize the CRT more than once. 000000006FD7 0000004083D7 0 This indicates a bug in your application. 000000007004 000000408404 0 R6030 00000000700B 00000040840B 0 - CRT not initialized 000000007024 000000408424 0 R6028 00000000702B 00000040842B 0 - unable to initialize heap 00000000704C 00000040844C 0 R6027 000000007053 000000408453 0 - not enough space for lowio initialization 000000007084 000000408484 0 R6026 00000000708B 00000040848B 0 - not enough space for stdio initialization 0000000070BC 0000004084BC 0 R6025 0000000070C3 0000004084C3 0 - pure virtual function call 0000000070E4 0000004084E4 0 R6024 0000000070EB 0000004084EB 0 - not enough space for _onexit/atexit table 00000000711C 00000040851C 0 R6019 000000007123 000000408523 0 - unable to open console device 000000007148 000000408548 0 R6018 00000000714F 00000040854F 0 - unexpected heap error 00000000716C 00000040856C 0 R6017 000000007173 000000408573 0 - unexpected multithread lock error 00000000719C 00000040859C 0 R6016 0000000071A3 0000004085A3 0 - not enough space for thread data 0000000071CA 0000004085CA 0 This application has requested the Runtime to terminate it in an unusual way. 000000007218 000000408618 0 Please contact the application's support team for more information. File pos Mem pos ID Text ======== ======= == ==== 000000007260 000000408660 0 R6009 000000007267 000000408667 0 - not enough space for environment 00000000728C 00000040868C 0 R6008 000000007293 000000408693 0 - not enough space for arguments 0000000072B8 0000004086B8 0 R6002 0000000072BF 0000004086BF 0 - floating point support not loaded 0000000072E8 0000004086E8 0 Microsoft Visual C++ Runtime Library 000000007318 000000408718 0 <program name unknown> 000000007330 000000408730 0 Runtime Error! 000000007340 000000408740 0 Program: 0000000073CC 0000004087CC 0 EncodePointer 0000000073F8 0000004087F8 0 DecodePointer 000000007408 000000408808 0 FlsFree 000000007410 000000408810 0 FlsSetValue 00000000741C 00000040881C 0 FlsGetValue 000000007428 000000408828 0 FlsAlloc 000000007434 000000408834 0 GetProcessWindowStation 00000000744C 00000040884C 0 GetUserObjectInformationA 000000007468 000000408868 0 GetLastActivePopup 00000000747C 00000040887C 0 GetActiveWindow 00000000748C 00000040888C 0 MessageBoxA 000000007498 000000408898 0 USER32.DLL 0000000074C7 0000004088C7 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 000000007508 000000408908 0 abcdefghijklmnopqrstuvwxyz{|}~ 000000007AD8 000000408ED8 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\] 000000007B19 000000408F19 0 abcdefghijklmnopqrstuvwxyz{|}~ 000000007C58 000000409058 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 000000007C99 000000409099 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 000000007D38 000000409138 0 HH:mm:ss 000000007D44 000000409144 0 dddd, MMMM dd, yyyy 000000007D58 000000409158 0 MM/dd/yy 000000007D6C 00000040916C 0 December 000000007D78 000000409178 0 November 000000007D84 000000409184 0 October 000000007D8C 00000040918C 0 September 000000007D98 000000409198 0 August 000000007DB0 0000004091B0 0 April 000000007DB8 0000004091B8 0 March 000000007DC0 0000004091C0 0 February 000000007DCC 0000004091CC 0 January 000000007E04 000000409204 0 Saturday 000000007E10 000000409210 0 Friday 000000007E18 000000409218 0 Thursday 000000007E24 000000409224 0 Wednesday 000000007E30 000000409230 0 Tuesday 000000007E38 000000409238 0 Monday 000000007E40 000000409240 0 Sunday 000000007E64 000000409264 0 SunMonTueWedThuFriSat 000000007E7C 00000040927C 0 JanFebMarAprMayJunJulAugSepOctNovDec 000000007EA4 0000004092A4 0 CurrencyDispenser1 000000007EB8 0000004092B8 0 CDM_TOOL_EUR 000000007F30 000000409330 0 C:\Users\MacGyver\Documents\Visual Studio 2008\Projects\COUNTER_STRIKE\Release\CDM_TOOL_EUR.pdb 00000000838E 00000040978E 0 WFSStartUp 00000000839C 00000040979C 0 WFSFreeResult 0000000083AC 0000004097AC 0 WFSUnlock 0000000083B8 0000004097B8 0 WFSLock 0000000083C2 0000004097C2 0 WFSOpen 0000000083CC 0000004097CC 0 WFSClose 0000000083D8 0000004097D8 0 WFSExecute 0000000083E6 0000004097E6 0 WFSCleanUp File pos Mem pos ID Text ======== ======= == ==== 0000000083F2 0000004097F2 0 MSXFS.dll 0000000083FE 0000004097FE 0 GetCommandLineA 000000008410 000000409810 0 GetStartupInfoA 000000008422 000000409822 0 TerminateProcess 000000008436 000000409836 0 GetCurrentProcess 00000000844A 00000040984A 0 UnhandledExceptionFilter 000000008466 000000409866 0 SetUnhandledExceptionFilter 000000008484 000000409884 0 IsDebuggerPresent 000000008498 000000409898 0 GetModuleHandleW 0000000084AC 0000004098AC 0 Sleep 0000000084B4 0000004098B4 0 GetProcAddress 0000000084C6 0000004098C6 0 ExitProcess 0000000084D4 0000004098D4 0 WriteFile 0000000084E0 0000004098E0 0 GetStdHandle 0000000084F0 0000004098F0 0 GetModuleFileNameA 000000008506 000000409906 0 FreeEnvironmentStringsA 000000008520 000000409920 0 GetEnvironmentStrings 000000008538 000000409938 0 FreeEnvironmentStringsW 000000008552 000000409952 0 WideCharToMultiByte 000000008568 000000409968 0 GetLastError 000000008578 000000409978 0 GetEnvironmentStringsW 000000008592 000000409992 0 SetHandleCount 0000000085A4 0000004099A4 0 GetFileType 0000000085B2 0000004099B2 0 DeleteCriticalSection 0000000085CA 0000004099CA 0 TlsGetValue 0000000085D8 0000004099D8 0 TlsAlloc 0000000085E4 0000004099E4 0 TlsSetValue 0000000085F2 0000004099F2 0 TlsFree 0000000085FC 0000004099FC 0 InterlockedIncrement 000000008614 000000409A14 0 SetLastError 000000008624 000000409A24 0 GetCurrentThreadId 00000000863A 000000409A3A 0 InterlockedDecrement 000000008652 000000409A52 0 HeapCreate 000000008660 000000409A60 0 VirtualFree 00000000866E 000000409A6E 0 HeapFree 00000000867A 000000409A7A 0 QueryPerformanceCounter 000000008694 000000409A94 0 GetTickCount 0000000086A4 000000409AA4 0 GetCurrentProcessId 0000000086BA 000000409ABA 0 GetSystemTimeAsFileTime 0000000086D4 000000409AD4 0 LeaveCriticalSection 0000000086EC 000000409AEC 0 EnterCriticalSection 000000008704 000000409B04 0 LoadLibraryA 000000008714 000000409B14 0 InitializeCriticalSectionAndSpinCount 00000000873C 000000409B3C 0 GetCPInfo 000000008748 000000409B48 0 GetACP 000000008752 000000409B52 0 GetOEMCP 00000000875E 000000409B5E 0 IsValidCodePage 000000008770 000000409B70 0 HeapAlloc 00000000877C 000000409B7C 0 VirtualAlloc 00000000878C 000000409B8C 0 HeapReAlloc 00000000879A 000000409B9A 0 RtlUnwind 0000000087A6 000000409BA6 0 HeapSize 0000000087B2 000000409BB2 0 GetLocaleInfoA 0000000087C4 000000409BC4 0 LCMapStringA 0000000087D4 000000409BD4 0 MultiByteToWideChar 0000000087EA 000000409BEA 0 LCMapStringW 0000000087FA 000000409BFA 0 GetStringTypeA 00000000880C 000000409C0C 0 GetStringTypeW 00000000881C 000000409C1C 0 KERNEL32.dll 000000008E5E 00000040A45E 0 File pos Mem pos ID Text ======== ======= == ==== 000000008F3E 00000040A53E 0 abcdefghijklmnopqrstuvwxyz 000000008F5E 00000040A55E 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 000000009062 00000040A662 0 000000009149 00000040A749 0 abcdefghijklmnopqrstuvwxyz 000000009169 00000040A769 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 000000009858 00000040C058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 0000000098A3 00000040C0A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> 0000000098DB 00000040C0DB 0 <security> 0000000098EB 00000040C0EB 0 <requestedPrivileges> 000000009908 00000040C108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel> 000000009968 00000040C168 0 </requestedPrivileges> 000000009986 00000040C186 0 </security> 000000009997 00000040C197 0 </trustInfo> 0000000099A7 00000040C1A7 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD 000000009A0B 00000040D00B 0 0#010?0f0z0 000000009A31 00000040D031 0 4@4T4f4m4s4 000000009A61 00000040D061 0 6 6(60686D6M6R6X6b6k6v6 000000009A8B 00000040D08B 0 7)727_7z7 000000009A9F 00000040D09F 0 8,878<8L8V8]8h8q8 000000009ABD 00000040D0BD 0 8%929\9a9l9q9 000000009ACB 00000040D0CB 0 9@:M:j: 000000009ADF 00000040D0DF 0 ;A;F;n; 000000009B05 00000040D105 0 >@>J> 000000009B2B 00000040D12B 0 101;1R1 000000009B33 00000040D133 0 1k1r1 000000009B3D 00000040D13D 0 2=2V2d2x2 000000009B4B 00000040D14B 0 2(303p3z3 000000009B59 00000040D159 0 3,4>4 000000009B6F 00000040D16F 0 5&5;5B5V5]5 000000009B93 00000040D193 0 6#6,686F6L6X6 000000009BA1 00000040D1A1 0 6k6u6|6 000000009BB5 00000040D1B5 0 7U7[7 000000009BD1 00000040D1D1 0 989=9E9K9R9X9_9e9m9t9y9 000000009C0D 00000040D20D 0 :":0:6:C:c:i: 000000009C29 00000040D229 0 <$<<<T< 000000009C3F 00000040D23F 0 =A=I=T=]= 000000009C59 00000040D259 0 >$>=>Q>W> 000000009C67 00000040D267 0 >,?L?\?n? 000000009C78 00000040D278 0 @0J0W0r0y0 000000009C9F 00000040D29F 0 3=3Q3W3 000000009CB1 00000040D2B1 0 4"4i4n4 000000009CC3 00000040D2C3 0 4?5H5N5 000000009CD3 00000040D2D3 0 6D6e6r6 000000009CEF 00000040D2EF 0 7(717@7E7O7]7 000000009D01 00000040D301 0 7=:D:J: 000000009D25 00000040D325 0 >@>K>U>n>x> 000000009D51 00000040D351 0 1"141O1W1_1v1 000000009D6D 00000040D36D 0 1'282F2X2 000000009D81 00000040D381 0 373@3L3 000000009D91 00000040D391 0 4(4/474<4@4D4m4 000000009DB5 00000040D3B5 0 5$5(5,505 000000009DCF 00000040D3CF 0 6M6T6X6\6 000000009DD9 00000040D3D9 0 6d6h6l6p6 000000009E01 00000040D401 0 :A:F: 000000009E1D 00000040D41D 0 ="=(=-=6=S=Y=d=i=q=w= 000000009E5C 00000040D45C 0 "2.2a2 000000009E6F 00000040D46F 0 5!5-6_6j6 000000009E81 00000040D481 0 7%8h8n8 000000009E95 00000040D495 0 979g9 000000009E9F 00000040D49F 0 :O; < File pos Mem pos ID Text ======== ======= == ==== 000000009ED5 00000040D4D5 0 0)0o0u0 000000009EDF 00000040D4DF 0 0 1A1 000000009EE9 00000040D4E9 0 2 2-2P2 000000009F05 00000040D505 0 7'797K7]7o7 000000009F17 00000040D517 0 9'9,90949]9 000000009F51 00000040D551 0 ;=;D;H;L;P;T;X;\; 000000009FA3 00000040D5A3 0 1 1$1\1 000000009FC5 00000040D5C5 0 404<4X4d4|4 000000009FDD 00000040D5DD 0 5 5@5 000000009FED 00000040D5ED 0 6 6<6@6 00000000A001 00000040D601 0 0$0,040<0D0L0T0\0d0l0t0|0 00000000A043 00000040D643 0 9h9x9 00000000A069 00000040D669 0 : :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\: 00000000A08B 00000040D68B 0 :d:h:l:p:t:x:|: 000000006D74 000000408174 0 mscoree.dll 0000000073DC 0000004087DC 0 KERNEL32.DLL
=== DOWNLOAD === Mirror provided by vx-underground.org, thx!