.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS                                                            !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    265f7a2ae7c931db0da8598ebb496d9e308be549b48909115039120b326ce50e
 
Date...........: 2013-05-21
Family.........: Trojan.Skimer.38
File name......: netncr.dll
File size......: 47.50 KB
Type file......: EXE/Windows
Virscan........: VT - HA

Entropy:


Binary Histogram:


=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 80 0x50 blocks_in_file: 2 2 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 15 0xf max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 26 0x1a reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 256 0x100 === DOS STUB === 00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..| 00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus| 00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W| 00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........| 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 6 6 TimeDateStamp: "1992-06-19 22:22:17" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 41358 0xa18e EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO 32BIT_MACHINE, DLL, BYTES_REVERSED_HI # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 2.25 SizeOfCode: 36864 0x9000 SizeOfInitializedData: 10752 0x2a00 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 40188 0x9cfc BaseOfCode: 4096 0x1000 BaseOfData: 40960 0xa000 ImageBase: 33554432 0x2000000 SectionAlignment: 4096 0x1000 FileAlignment: 512 0x200 OperatingSystemVersion: 4.0 ImageVersion: 0.0 SubsystemVersion: 4.0 Reserved1: 0 0 SizeOfImage: 65536 0x10000 SizeOfHeaders: 1024 0x400 CheckSum: 80135 0x13907 Subsystem: 2 2 WINDOWS_GUI DllCharacteristics: 1 1 0x01 SizeOfStackReserve: 0 0 SizeOfStackCommit: 0 0 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x d000 size:0x d48 RESOURCE rva:0x f000 size:0x a10 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x e000 size:0x 89c DEBUG rva:0x 0 size:0x 0 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 0 size:0x 0 LOAD_CONFIG rva:0x 0 size:0x 0 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 0 size:0x 0 Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS CODE 1000 8ef4 9000 400 0 0 0 0 60000020 R-X CODE DATA a000 41c 600 9400 0 0 0 0 c0000040 RW- IDATA BSS b000 19bd 0 9a00 0 0 0 0 c0000000 RW- .idata d000 d48 e00 9a00 0 0 0 0 c0000040 RW- IDATA .reloc e000 89c a00 a800 0 0 0 0 50000040 R-- IDATA SHARED .rsrc f000 a10 c00 b200 0 0 0 0 50000040 R-- IDATA SHARED [?] ignoring invalid PEdump::BITMAPINFOHEADER === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0xb258 1252 0 2487 ICON #1 === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME kernel32.dll 0 DeleteCriticalSection kernel32.dll 0 LeaveCriticalSection kernel32.dll 0 EnterCriticalSection kernel32.dll 0 InitializeCriticalSection kernel32.dll 0 VirtualFree kernel32.dll 0 VirtualAlloc kernel32.dll 0 LocalFree kernel32.dll 0 LocalAlloc kernel32.dll 0 GetVersion kernel32.dll 0 GetCurrentThreadId kernel32.dll 0 GetThreadLocale kernel32.dll 0 GetStartupInfoA kernel32.dll 0 GetLocaleInfoA kernel32.dll 0 GetCommandLineA kernel32.dll 0 FreeLibrary kernel32.dll 0 ExitProcess kernel32.dll 0 WriteFile kernel32.dll 0 UnhandledExceptionFilter kernel32.dll 0 RtlUnwind kernel32.dll 0 RaiseException kernel32.dll 0 GetStdHandle user32.dll 0 GetKeyboardType user32.dll 0 MessageBoxA advapi32.dll 0 RegQueryValueExA advapi32.dll 0 RegOpenKeyExA advapi32.dll 0 RegCloseKey kernel32.dll 0 TlsSetValue kernel32.dll 0 TlsGetValue kernel32.dll 0 TlsFree kernel32.dll 0 TlsAlloc kernel32.dll 0 LocalFree kernel32.dll 0 LocalAlloc advapi32.dll 0 RegQueryValueExA advapi32.dll 0 RegOpenKeyExA advapi32.dll 0 RegEnumKeyExA advapi32.dll 0 RegCloseKey advapi32.dll 0 OpenProcessToken advapi32.dll 0 LookupPrivilegeValueA advapi32.dll 0 InitiateSystemShutdownA advapi32.dll 0 AdjustTokenPrivileges kernel32.dll 0 lstrlenA kernel32.dll 0 lstrcpyA kernel32.dll 0 lstrcmpiW kernel32.dll 0 lstrcmpiA kernel32.dll 0 lstrcmpA kernel32.dll 0 lstrcatA kernel32.dll 0 WriteFile kernel32.dll 0 WaitForSingleObject kernel32.dll 0 VirtualProtect kernel32.dll 0 TerminateThread kernel32.dll 0 TerminateProcess kernel32.dll 0 SuspendThread kernel32.dll 0 Sleep kernel32.dll 0 SizeofResource kernel32.dll 0 SetFilePointer kernel32.dll 0 ResumeThread kernel32.dll 0 ReadFile kernel32.dll 0 OpenProcess kernel32.dll 0 MultiByteToWideChar kernel32.dll 0 LocalFree kernel32.dll 0 LocalAlloc kernel32.dll 0 LoadResource kernel32.dll 0 LoadLibraryA kernel32.dll 0 GetVolumeInformationA kernel32.dll 0 GetTickCount kernel32.dll 0 GetSystemTimeAsFileTime kernel32.dll 0 GetProcAddress kernel32.dll 0 GetModuleHandleA kernel32.dll 0 GetModuleFileNameA kernel32.dll 0 GetLastError kernel32.dll 0 GetFileSize kernel32.dll 0 GetFileAttributesA kernel32.dll 0 GetExitCodeThread kernel32.dll 0 GetCurrentThreadId kernel32.dll 0 GetCurrentProcess kernel32.dll 0 FormatMessageA kernel32.dll 0 FindResourceA kernel32.dll 0 FileTimeToLocalFileTime kernel32.dll 0 DeleteFileA kernel32.dll 0 CreateProcessA kernel32.dll 0 CreateMutexA kernel32.dll 0 CreateFileA kernel32.dll 0 CloseHandle gdi32.dll 0 SelectObject gdi32.dll 0 Rectangle gdi32.dll 0 GetTextMetricsA gdi32.dll 0 GetDeviceCaps gdi32.dll 0 DeleteObject gdi32.dll 0 DeleteDC gdi32.dll 0 CreateSolidBrush gdi32.dll 0 CreateDCA user32.dll 0 CreateWindowExA user32.dll 0 UnregisterClassA user32.dll 0 TranslateMessage user32.dll 0 SetTimer user32.dll 0 SetFocus user32.dll 0 SendMessageA user32.dll 0 RegisterClassA user32.dll 0 PostMessageA user32.dll 0 PeekMessageA user32.dll 0 MessageBoxA user32.dll 0 LoadIconA user32.dll 0 LoadCursorA user32.dll 0 InvalidateRect user32.dll 0 GetWindowTextA user32.dll 0 GetWindowDC user32.dll 0 GetMessageA user32.dll 0 GetDesktopWindow user32.dll 0 GetClientRect user32.dll 0 DrawTextA user32.dll 0 DispatchMessageA user32.dll 0 DestroyWindow user32.dll 0 DefWindowProcA msxfs.dll 0 WFSCancelAsyncRequest msxfs.dll 0 WFSDeregister msxfs.dll 0 WFSRegister msxfs.dll 0 WFSGetInfo msxfs.dll 0 WFSAsyncExecute msxfs.dll 0 WFSExecute msxfs.dll 0 WFSUnlock msxfs.dll 0 WFSFreeResult msxfs.dll 0 WFSLock msxfs.dll 0 WFSClose msxfs.dll 0 WFSOpen msxfs.dll 0 WFSStartUp uladi2.dll 0 AdiLookupName uladi2.dll 0 AdiTerminate uladi2.dll 0 AdiInitialise uladi2x.dll 0 AdiFreeResponseHandle uladi2x.dll 0 AdiGetTdata uladi2x.dll 0 AdiGetTlength uladi2x.dll 0 AdiExTimedReceiveResponse uladi2x.dll 0 AdiExSend imagehlp.dll 0 CheckSumMappedFile ntdll.dll 0 NtQueryInformationThread kernel32.dll 0 OpenThread user32.dll 0 wsprintfA === Packer / Compiler === Borland Delphi v3.0
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 000000000050 000002000050 0 This program must be run under Win32 000000000270 000002000270 0 .idata 000000000298 000002000298 0 .reloc 0000000002BF 0000020002BF 0 P.rsrc 00000000087C 00000200147C 0 wE;\$ 000000001E37 000002002A37 0 ~KxI[) 000000001F60 000002002B60 0 SOFTWARE\Borland\Delphi\RTL 000000001F7C 000002002B7C 0 FPUMaskValue 000000001FC9 000002002BC9 0 PPRTj 000000002143 000002002D43 0 YZXtp 0000000022BA 000002002EBA 0 t=HtN 0000000026DC 0000020032DC 0 SVWUQ 000000002958 000002003558 0 SVWRP 000000002A74 000002003674 0 USVW1 0000000034A6 0000020040A6 0 6d%8? 0000000034AD 0000020040AD 0 >=Hr=* 00000000351E 00000200411E 0 7M]z< 0000000035FD 0000020041FD 0 -T3z6 00000000364A 00000200424A 0 )!{sRB 0000000039D0 0000020045D0 0 D$1PV 000000003A04 000002004604 0 .DEFAULT\XFS\LOGICAL_SERVICES 000000003A24 000002004624 0 class 000000003A90 000002004690 0 CreateFile 000000003AD8 0000020046D8 0 WFSStartUp %d 000000003C5C 00000200485C 0 t find EPP 000000003C68 000002004868 0 WFSOpen(%s) %d 000000003C78 000002004878 0 WFSLock %d 000000003C84 000002004884 0 WFSRegister %d 000000003C94 000002004894 0 WFSExecute %d 000000003E0F 000002004A0F 0 D$PxD 000000003EA8 000002004AA8 0 D$TPSj 000000003F45 000002004B45 0 D$tPj 000000004010 000002004C10 0 ATMDialog 00000000401C 000002004C1C 0 hello 000000004024 000002004C24 0 STATIC 00000000406C 000002004C6C 0 Error 000000004208 000002004E08 0 ADI cmd: 000000004234 000002004E34 0 Error: 000000004298 000002004E98 0 Error 0000000042F0 000002004EF0 0 Error 000000004358 000002004F58 0 Error 0000000044C8 0000020050C8 0 WFSOpen( %s ) = %d 0000000044DC 0000020050DC 0 WFSLock(%s)=%d 0000000044EC 0000020050EC 0 WFSExecute(%s,%d)=%d 00000000452C 00000200512C 0 $PShdQ 00000000456C 00000200516C 0 Error 00000000459F 00000200519F 0 $PVSh 0000000045D8 0000020051D8 0 %s %s 0000000045E4 0000020051E4 0 Error 000000004654 000002005254 0 t find SIU 0000000049A8 0000020055A8 0 %s%.2X 0000000049B0 0000020055B0 0 ExchangeKey 000000004B2C 00000200572C 0 t4j*j 000000004CEC 0000020058EC 0 Incorrect COM Key name 000000004D34 000002005934 0 =t AJu 000000004EC4 000002005AC4 0 SVWUQ 000000005585 000002006185 0 ;C&v= 00000000585C 00000200645C 0 t find CardReader 000000005870 000002006470 0 WFSOpen %d 00000000587C 00000200647C 0 STATIC File pos Mem pos ID Text ======== ======= == ==== 000000005884 000002006484 0 WFSRegister %d 000000005894 000002006494 0 WFSLock %d 00000000590C 00000200650C 0 WFSExecute(WFS_CMD_IDC_READ_RAW_DATA) %d 0000000059D8 0000020065D8 0 WFSExecute %d 000000005AC0 0000020066C0 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) %d 000000005AE4 0000020066E4 0 Select:Invalid ResCode Len 000000005BF4 0000020067F4 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) Error=%d 000000005C20 000002006820 0 Select:Invalid ResCode Len 000000005D44 000002006944 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) %d 000000005D68 000002006968 0 WriteRec:Invalid ResCode Len 000000005E88 000002006A88 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) %d 000000005EAC 000002006AAC 0 ReadRec:Invalid ResCode Len 000000006068 000002006C68 0 Select Err: %.4X 00000000607C 000002006C7C 0 GetResponce Err: %.4X 000000006094 000002006C94 0 WriteRec Err: %.4X 0000000060A8 000002006CA8 0 ReadRec Err: %.4X 0000000065B8 0000020071B8 0 DISPLAY 0000000068F0 0000020074F0 0 ItemVersion 000000006954 000002007554 0 Deco mode %d 000000006965 000002007565 0 Key mode %d 000000006976 000002007576 0 Use locals %d 000000006987 000002007587 0 Auto delete %d 000000006AD4 0000020076D4 0 %d - %.2X%2X%2X 000000006BDC 0000020077DC 0 OpenProcessToken 000000006BF0 0000020077F0 0 LookupPrivilegeValue 000000006C08 000002007808 0 AdjustTokenPrivileges 000000006DBC 0000020079BC 0 getProcessEntry: %s 000000006DD0 0000020079D0 0 SeDebugPrivilege 000000006DE4 0000020079E4 0 OpenProcess 000000006DF0 0000020079F0 0 LoadLibraryA 000000006E00 000002007A00 0 kernel32.dll 000000006E10 000002007A10 0 GetExitCodeThread 000000006E24 000002007A24 0 VirtualFreeEx 000000006E60 000002007A60 0 SeShutdownPrivilege 000000006E78 000002007A78 0 InitiateSystemShutdown 000000006FD8 000002007BD8 0 Invalid Data Size 000000006FEC 000002007BEC 0 Error 000000007330 000002007F30 0 GetProcAddress 000000007340 000002007F40 0 hook.VirtualProtect 00000000740C 00000200800C 0 ApplicationCore.EXE 0000000075D8 0000020081D8 0 kernel32 0000000075E4 0000020081E4 0 DeleteFileA 0000000075F0 0000020081F0 0 FreeLibrary 0000000075FC 0000020081FC 0 GetModuleHandleA 000000007610 000002008210 0 CreateFileA 00000000761C 00000200821C 0 Sleep 000000007624 000002008224 0 WriteFile 000000007630 000002008230 0 CloseHandle 00000000763C 00000200823C 0 LocalFree 000000007648 000002008248 0 LoadLibraryA 000000007658 000002008258 0 user32 000000007660 000002008260 0 ExitWindowsEx 000000007670 000002008270 0 SeShutdownPrivilege 000000007768 000002008368 0 Check sum erro r 00000000777C 00000200837C 0 Not executable file ! 0000000079B8 0000020085B8 0 %d - 0000000079CC 0000020085CC 0 SpaceTable 000000007BDC 0000020087DC 0 Raport error enabled 000000007C5C 00000200885C 0 suspendthread 000000007C6C 00000200886C 0 resumethread File pos Mem pos ID Text ======== ======= == ==== 000000007C7C 00000200887C 0 Openthread 000000007D00 000002008900 0 D$ PU 000000007DE5 0000020089E5 0 t<;t$ 000000007EC0 000002008AC0 0 ApplicationCore.EXE 000000007F90 000002008B90 0 ApplicationCore.EXE 000000007FA8 000002008BA8 0 Enter Command: 0000000085E3 0000020091E3 0 ,'ta, 0000000086A0 0000020092A0 0 UlySxExec %d - %.2X 000000008850 000002009450 0 UlySxExecCommandAsync 000000008868 000002009468 0 ulcorcom.dll 000000008878 000002009478 0 UlySxRetrieveMessage 000000008962 000002009562 0 8NTFS 000000008AD8 0000020096D8 0 Bound Import %s 000000008AE8 0000020096E8 0 LoadLibrary %s 000000008AF8 0000020096F8 0 GetProcAddress %s 000000008B22 000002009722 0 Pj@SV 000000008B84 000002009784 0 VProtect1 000000008B94 000002009794 0 SVWUQ 000000008C8D 00000200988D 0 33333 000000008CAF 0000020098AF 0 UUUU3 000000008E01 000002009A01 0 VWUSQ 000000008E49 000002009A49 0 33333 000000008E6B 000002009A6B 0 UUUU3 000000008F1F 000002009B1F 0 UUUU3 000000008F7D 000002009B7D 0 VWUSQ 000000009034 000002009C34 0 UUUU3 00000000929C 000002009E9C 0 rtl32syss 0000000092A8 000002009EA8 0 ApplicationCore.EXE 0000000092C0 000002009EC0 0 rtl32syss2 0000000092CC 000002009ECC 0 UlySxExecCommandAsync 0000000092E4 000002009EE4 0 ulcorcom.dll 00000000944C 00000200A04C 0 Error 000000009454 00000200A054 0 Runtime error at 00000000 000000009474 00000200A074 0 0123456789ABCDEF 0000000094CF 00000200A0CF 0 ESeTtInGs3.03.05 0000000094E0 00000200A0E0 0 russian federat 0000000096D0 00000200A2D0 0 <4,$?7/' 000000009716 00000200A316 0 !"#$%&'()*+,-./012345678 000000009761 00000200A361 0 (3-!0 000000009768 00000200A368 0 ,1'8"5 000000009DA0 00000200D3A0 0 kernel32.dll 000000009DB0 00000200D3B0 0 DeleteCriticalSection 000000009DC8 00000200D3C8 0 LeaveCriticalSection 000000009DE0 00000200D3E0 0 EnterCriticalSection 000000009DF8 00000200D3F8 0 InitializeCriticalSection 000000009E14 00000200D414 0 VirtualFree 000000009E22 00000200D422 0 VirtualAlloc 000000009E32 00000200D432 0 LocalFree 000000009E3E 00000200D43E 0 LocalAlloc 000000009E4C 00000200D44C 0 GetVersion 000000009E5A 00000200D45A 0 GetCurrentThreadId 000000009E70 00000200D470 0 GetThreadLocale 000000009E82 00000200D482 0 GetStartupInfoA 000000009E94 00000200D494 0 GetLocaleInfoA 000000009EA6 00000200D4A6 0 GetCommandLineA 000000009EB8 00000200D4B8 0 FreeLibrary 000000009EC6 00000200D4C6 0 ExitProcess 000000009ED4 00000200D4D4 0 WriteFile 000000009EE0 00000200D4E0 0 UnhandledExceptionFilter 000000009EFC 00000200D4FC 0 RtlUnwind File pos Mem pos ID Text ======== ======= == ==== 000000009F08 00000200D508 0 RaiseException 000000009F1A 00000200D51A 0 GetStdHandle 000000009F28 00000200D528 0 user32.dll 000000009F36 00000200D536 0 GetKeyboardType 000000009F48 00000200D548 0 MessageBoxA 000000009F54 00000200D554 0 advapi32.dll 000000009F64 00000200D564 0 RegQueryValueExA 000000009F78 00000200D578 0 RegOpenKeyExA 000000009F88 00000200D588 0 RegCloseKey 000000009F94 00000200D594 0 kernel32.dll 000000009FA4 00000200D5A4 0 TlsSetValue 000000009FB2 00000200D5B2 0 TlsGetValue 000000009FC0 00000200D5C0 0 TlsFree 000000009FCA 00000200D5CA 0 TlsAlloc 000000009FD6 00000200D5D6 0 LocalFree 000000009FE2 00000200D5E2 0 LocalAlloc 000000009FEE 00000200D5EE 0 advapi32.dll 000000009FFE 00000200D5FE 0 RegQueryValueExA 00000000A012 00000200D612 0 RegOpenKeyExA 00000000A022 00000200D622 0 RegEnumKeyExA 00000000A032 00000200D632 0 RegCloseKey 00000000A040 00000200D640 0 OpenProcessToken 00000000A054 00000200D654 0 LookupPrivilegeValueA 00000000A06C 00000200D66C 0 InitiateSystemShutdownA 00000000A086 00000200D686 0 AdjustTokenPrivileges 00000000A09C 00000200D69C 0 kernel32.dll 00000000A0AC 00000200D6AC 0 lstrlenA 00000000A0B8 00000200D6B8 0 lstrcpyA 00000000A0C4 00000200D6C4 0 lstrcmpiW 00000000A0D0 00000200D6D0 0 lstrcmpiA 00000000A0DC 00000200D6DC 0 lstrcmpA 00000000A0E8 00000200D6E8 0 lstrcatA 00000000A0F4 00000200D6F4 0 WriteFile 00000000A100 00000200D700 0 WaitForSingleObject 00000000A116 00000200D716 0 VirtualProtect 00000000A128 00000200D728 0 TerminateThread 00000000A13A 00000200D73A 0 TerminateProcess 00000000A14E 00000200D74E 0 SuspendThread 00000000A15E 00000200D75E 0 Sleep 00000000A166 00000200D766 0 SizeofResource 00000000A178 00000200D778 0 SetFilePointer 00000000A18A 00000200D78A 0 ResumeThread 00000000A19A 00000200D79A 0 ReadFile 00000000A1A6 00000200D7A6 0 OpenProcess 00000000A1B4 00000200D7B4 0 MultiByteToWideChar 00000000A1CA 00000200D7CA 0 LocalFree 00000000A1D6 00000200D7D6 0 LocalAlloc 00000000A1E4 00000200D7E4 0 LoadResource 00000000A1F4 00000200D7F4 0 LoadLibraryA 00000000A204 00000200D804 0 GetVolumeInformationA 00000000A21C 00000200D81C 0 GetTickCount 00000000A22C 00000200D82C 0 GetSystemTimeAsFileTime 00000000A246 00000200D846 0 GetProcAddress 00000000A258 00000200D858 0 GetModuleHandleA 00000000A26C 00000200D86C 0 GetModuleFileNameA 00000000A282 00000200D882 0 GetLastError 00000000A292 00000200D892 0 GetFileSize 00000000A2A0 00000200D8A0 0 GetFileAttributesA 00000000A2B6 00000200D8B6 0 GetExitCodeThread 00000000A2CA 00000200D8CA 0 GetCurrentThreadId File pos Mem pos ID Text ======== ======= == ==== 00000000A2E0 00000200D8E0 0 GetCurrentProcess 00000000A2F4 00000200D8F4 0 FormatMessageA 00000000A306 00000200D906 0 FindResourceA 00000000A316 00000200D916 0 FileTimeToLocalFileTime 00000000A330 00000200D930 0 DeleteFileA 00000000A33E 00000200D93E 0 CreateProcessA 00000000A350 00000200D950 0 CreateMutexA 00000000A360 00000200D960 0 CreateFileA 00000000A36E 00000200D96E 0 CloseHandle 00000000A37A 00000200D97A 0 gdi32.dll 00000000A386 00000200D986 0 SelectObject 00000000A396 00000200D996 0 Rectangle 00000000A3A2 00000200D9A2 0 GetTextMetricsA 00000000A3B4 00000200D9B4 0 GetDeviceCaps 00000000A3C4 00000200D9C4 0 DeleteObject 00000000A3D4 00000200D9D4 0 DeleteDC 00000000A3E0 00000200D9E0 0 CreateSolidBrush 00000000A3F4 00000200D9F4 0 CreateDCA 00000000A3FE 00000200D9FE 0 user32.dll 00000000A40C 00000200DA0C 0 CreateWindowExA 00000000A41E 00000200DA1E 0 UnregisterClassA 00000000A432 00000200DA32 0 TranslateMessage 00000000A446 00000200DA46 0 SetTimer 00000000A452 00000200DA52 0 SetFocus 00000000A45E 00000200DA5E 0 SendMessageA 00000000A46E 00000200DA6E 0 RegisterClassA 00000000A480 00000200DA80 0 PostMessageA 00000000A490 00000200DA90 0 PeekMessageA 00000000A4A0 00000200DAA0 0 MessageBoxA 00000000A4AE 00000200DAAE 0 LoadIconA 00000000A4BA 00000200DABA 0 LoadCursorA 00000000A4C8 00000200DAC8 0 InvalidateRect 00000000A4DA 00000200DADA 0 GetWindowTextA 00000000A4EC 00000200DAEC 0 GetWindowDC 00000000A4FA 00000200DAFA 0 GetMessageA 00000000A508 00000200DB08 0 GetDesktopWindow 00000000A51C 00000200DB1C 0 GetClientRect 00000000A52C 00000200DB2C 0 DrawTextA 00000000A538 00000200DB38 0 DispatchMessageA 00000000A54C 00000200DB4C 0 DestroyWindow 00000000A55C 00000200DB5C 0 DefWindowProcA 00000000A56C 00000200DB6C 0 msxfs.dll 00000000A578 00000200DB78 0 WFSCancelAsyncRequest 00000000A590 00000200DB90 0 WFSDeregister 00000000A5A0 00000200DBA0 0 WFSRegister 00000000A5AE 00000200DBAE 0 WFSGetInfo 00000000A5BC 00000200DBBC 0 WFSAsyncExecute 00000000A5CE 00000200DBCE 0 WFSExecute 00000000A5DC 00000200DBDC 0 WFSUnlock 00000000A5E8 00000200DBE8 0 WFSFreeResult 00000000A5F8 00000200DBF8 0 WFSLock 00000000A602 00000200DC02 0 WFSClose 00000000A60E 00000200DC0E 0 WFSOpen 00000000A618 00000200DC18 0 WFSStartUp 00000000A624 00000200DC24 0 uladi2.dll 00000000A632 00000200DC32 0 AdiLookupName 00000000A642 00000200DC42 0 AdiTerminate 00000000A652 00000200DC52 0 AdiInitialise 00000000A660 00000200DC60 0 uladi2x.dll 00000000A66E 00000200DC6E 0 AdiFreeResponseHandle File pos Mem pos ID Text ======== ======= == ==== 00000000A686 00000200DC86 0 AdiGetTdata 00000000A694 00000200DC94 0 AdiGetTlength 00000000A6A4 00000200DCA4 0 AdiExTimedReceiveResponse 00000000A6C0 00000200DCC0 0 AdiExSend 00000000A6CA 00000200DCCA 0 imagehlp.dll 00000000A6DA 00000200DCDA 0 CheckSumMappedFile 00000000A6EE 00000200DCEE 0 ntdll.dll 00000000A6FA 00000200DCFA 0 NtQueryInformationThread 00000000A714 00000200DD14 0 kernel32.dll 00000000A724 00000200DD24 0 OpenThread 00000000A730 00000200DD30 0 user32.dll 00000000A73E 00000200DD3E 0 wsprintfA 00000000A80F 00000200E00F 0 0"0*020:0B0J0R0Z0b0j0r0z0 00000000A853 00000200E053 0 6S6b6 00000000A867 00000200E067 0 9$9.989N9T9b9w9 00000000A891 00000200E091 0 :?:I:S:]:g:z: 00000000A8B9 00000200E0B9 0 ;H<h< 00000000A8C3 00000200E0C3 0 =Q>]> 00000000A8F5 00000200E0F5 0 081A1[1 00000000A907 00000200E107 0 2O2X2h2p2v2 00000000A927 00000200E127 0 3 383D3L3m3|3 00000000A941 00000200E141 0 4B4v4 00000000A94D 00000200E14D 0 4$5,52585E5K5 00000000A985 00000200E185 0 858F8[8h8 00000000A99F 00000200E19F 0 ;+;B;W; 00000000A9B3 00000200E1B3 0 ;2<N<Z<n<x< 00000000A9C5 00000200E1C5 0 <#=,=a=h= 00000000A9D3 00000200E1D3 0 =G?o?v? 00000000A9FB 00000200E1FB 0 1"1'1-161F1K1P1U1Z1h1r1 00000000AA1F 00000200E21F 0 2$2.2S2]2g2o2u2 00000000AA3F 00000200E23F 0 3)3B3 00000000AA4D 00000200E24D 0 3=7N7 00000000AA5F 00000200E25F 0 708y8 00000000AA81 00000200E281 0 979@9I9U9_9 00000000AAA1 00000200E2A1 0 :M:k:u: 00000000AAB9 00000200E2B9 0 ;!;-;;;E;c;h;{; 00000000AAE5 00000200E2E5 0 <&<.<6< 00000000AAED 00000200E2ED 0 <f<n<v<~< 00000000AB1D 00000200E31D 0 =&=.=6=>=F=N=V= 00000000AB2D 00000200E32D 0 =f=n=v=~= 00000000AB5D 00000200E35D 0 >&>.>6>>>F>N>V> 00000000AB6D 00000200E36D 0 >f>n>v>~> 00000000AB77 00000200E377 0 >S?_?l?~? 00000000ABA9 00000200E3A9 0 0#0/0<0N0V0 00000000ABB5 00000200E3B5 0 0f0n0v0~0 00000000ABD7 00000200E3D7 0 4 5g5}6 00000000ABED 00000200E3ED 0 777L7Z7_7 00000000AC1D 00000200E41D 0 ;><O<]< 00000000AC27 00000200E427 0 =O=Z=w=|= 00000000AC43 00000200E443 0 ?*?E?v? 00000000AC59 00000200E459 0 001F1 00000000AC6B 00000200E46B 0 292q2 00000000AC75 00000200E475 0 3(3.3Y4 00000000AC7D 00000200E47D 0 5F5h5v5 00000000AC95 00000200E495 0 7.8S8a8 00000000ACBB 00000200E4BB 0 3e3j3u3}3 00000000ACD3 00000200E4D3 0 4z5e6 00000000AD11 00000200E511 0 1!1=1H1R1Y1d1k1v1 00000000AD45 00000200E545 0 4D4S4 00000000AD55 00000200E555 0 5"5(5<5 File pos Mem pos ID Text ======== ======= == ==== 00000000AD6B 00000200E56B 0 707d7 00000000AD83 00000200E583 0 9F9s9 00000000AD8B 00000200E58B 0 95:V: 00000000AD93 00000200E593 0 ;!;(;-; 00000000AD9B 00000200E59B 0 ;"<7<<<G<Z<z< 00000000ADD0 00000200E5D0 0 :0K0X0 00000000ADED 00000200E5ED 0 1#1/1B1U1 00000000AE0D 00000200E60D 0 4/444D4e4}4 00000000AE19 00000200E619 0 4#5Q5r5 00000000AE2B 00000200E62B 0 6j6n6r6v6z6~6 00000000AE51 00000200E651 0 7C7S7c7s7 00000000AE69 00000200E669 0 7!888D8 00000000AE7D 00000200E67D 0 :N:j:p: 00000000AEB1 00000200E6B1 0 =&=1=>=S=o= 00000000AED9 00000200E6D9 0 >.>4>g> 00000000AEF5 00000200E6F5 0 1)161t1y1 00000000AF0D 00000200E70D 0 2#202=2B2P2Y2h2w2 00000000AF47 00000200E747 0 4$4)43484=4 00000000AF65 00000200E765 0 505P5j5p5x5 00000000AF83 00000200E783 0 63787 00000000AF9D 00000200E79D 0 9$939=9F9Q9Z9c9o9}9 00000000B013 00000200E813 0 =&=5=:=J=V=[= 00000000B03B 00000200E83B 0 > >8>>>C>H>M>\>g> 00000000B058 00000200E858 0 $0(0,0 00000000B073 00000200E873 0 1 1$1(1,1014181<1@1D1H1L1P1T1X1\1d1 00000000B902 00000200F702 0 ,C._%a 00000000B90D 00000200F70D 0 Gv;-@ 00000000BC0F 00000200FA0F 0 PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING 0000000046BD 0000020052BD 0 MyProg 000000004774 000002005374 0 MyProg 000000004874 000002005474 0 MyProg 000000004994 000002005594 0 MyProg 000000004AA4 0000020056A4 0 MyProg 000000004B7C 00000200577C 0 MyProg 000000006AC0 0000020076C0 0 MyProg 000000007818 000002008418 0 MyProg 0000000079D8 0000020085D8 0 MyProg 000000008550 000002009150 0 MyProg 000000000050 000002000050 0 This program must be run under Win32 000000000270 000002000270 0 .idata 000000000298 000002000298 0 .reloc 0000000002BF 0000020002BF 0 P.rsrc 00000000087C 00000200147C 0 wE;\$ 000000001E37 000002002A37 0 ~KxI[) 000000001F60 000002002B60 0 SOFTWARE\Borland\Delphi\RTL 000000001F7C 000002002B7C 0 FPUMaskValue 000000001FC9 000002002BC9 0 PPRTj 000000002143 000002002D43 0 YZXtp 0000000022BA 000002002EBA 0 t=HtN 0000000026DC 0000020032DC 0 SVWUQ 000000002958 000002003558 0 SVWRP 000000002A74 000002003674 0 USVW1 0000000034A6 0000020040A6 0 6d%8? 0000000034AD 0000020040AD 0 >=Hr=* 00000000351E 00000200411E 0 7M]z< 0000000035FD 0000020041FD 0 -T3z6 00000000364A 00000200424A 0 )!{sRB 0000000039D0 0000020045D0 0 D$1PV 000000003A04 000002004604 0 .DEFAULT\XFS\LOGICAL_SERVICES 000000003A24 000002004624 0 class File pos Mem pos ID Text ======== ======= == ==== 000000003A90 000002004690 0 CreateFile 000000003AD8 0000020046D8 0 WFSStartUp %d 000000003C5C 00000200485C 0 t find EPP 000000003C68 000002004868 0 WFSOpen(%s) %d 000000003C78 000002004878 0 WFSLock %d 000000003C84 000002004884 0 WFSRegister %d 000000003C94 000002004894 0 WFSExecute %d 000000003E0F 000002004A0F 0 D$PxD 000000003EA8 000002004AA8 0 D$TPSj 000000003F45 000002004B45 0 D$tPj 000000004010 000002004C10 0 ATMDialog 00000000401C 000002004C1C 0 hello 000000004024 000002004C24 0 STATIC 00000000406C 000002004C6C 0 Error 000000004208 000002004E08 0 ADI cmd: 000000004234 000002004E34 0 Error: 000000004298 000002004E98 0 Error 0000000042F0 000002004EF0 0 Error 000000004358 000002004F58 0 Error 0000000044C8 0000020050C8 0 WFSOpen( %s ) = %d 0000000044DC 0000020050DC 0 WFSLock(%s)=%d 0000000044EC 0000020050EC 0 WFSExecute(%s,%d)=%d 00000000452C 00000200512C 0 $PShdQ 00000000456C 00000200516C 0 Error 00000000459F 00000200519F 0 $PVSh 0000000045D8 0000020051D8 0 %s %s 0000000045E4 0000020051E4 0 Error 000000004654 000002005254 0 t find SIU 0000000049A8 0000020055A8 0 %s%.2X 0000000049B0 0000020055B0 0 ExchangeKey 000000004B2C 00000200572C 0 t4j*j 000000004CEC 0000020058EC 0 Incorrect COM Key name 000000004D34 000002005934 0 =t AJu 000000004EC4 000002005AC4 0 SVWUQ 000000005585 000002006185 0 ;C&v= 00000000585C 00000200645C 0 t find CardReader 000000005870 000002006470 0 WFSOpen %d 00000000587C 00000200647C 0 STATIC 000000005884 000002006484 0 WFSRegister %d 000000005894 000002006494 0 WFSLock %d 00000000590C 00000200650C 0 WFSExecute(WFS_CMD_IDC_READ_RAW_DATA) %d 0000000059D8 0000020065D8 0 WFSExecute %d 000000005AC0 0000020066C0 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) %d 000000005AE4 0000020066E4 0 Select:Invalid ResCode Len 000000005BF4 0000020067F4 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) Error=%d 000000005C20 000002006820 0 Select:Invalid ResCode Len 000000005D44 000002006944 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) %d 000000005D68 000002006968 0 WriteRec:Invalid ResCode Len 000000005E88 000002006A88 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) %d 000000005EAC 000002006AAC 0 ReadRec:Invalid ResCode Len 000000006068 000002006C68 0 Select Err: %.4X 00000000607C 000002006C7C 0 GetResponce Err: %.4X 000000006094 000002006C94 0 WriteRec Err: %.4X 0000000060A8 000002006CA8 0 ReadRec Err: %.4X 0000000065B8 0000020071B8 0 DISPLAY 0000000068F0 0000020074F0 0 ItemVersion 000000006954 000002007554 0 Deco mode %d 000000006965 000002007565 0 Key mode %d 000000006976 000002007576 0 Use locals %d 000000006987 000002007587 0 Auto delete %d File pos Mem pos ID Text ======== ======= == ==== 000000006AD4 0000020076D4 0 %d - %.2X%2X%2X 000000006BDC 0000020077DC 0 OpenProcessToken 000000006BF0 0000020077F0 0 LookupPrivilegeValue 000000006C08 000002007808 0 AdjustTokenPrivileges 000000006DBC 0000020079BC 0 getProcessEntry: %s 000000006DD0 0000020079D0 0 SeDebugPrivilege 000000006DE4 0000020079E4 0 OpenProcess 000000006DF0 0000020079F0 0 LoadLibraryA 000000006E00 000002007A00 0 kernel32.dll 000000006E10 000002007A10 0 GetExitCodeThread 000000006E24 000002007A24 0 VirtualFreeEx 000000006E60 000002007A60 0 SeShutdownPrivilege 000000006E78 000002007A78 0 InitiateSystemShutdown 000000006FD8 000002007BD8 0 Invalid Data Size 000000006FEC 000002007BEC 0 Error 000000007330 000002007F30 0 GetProcAddress 000000007340 000002007F40 0 hook.VirtualProtect 00000000740C 00000200800C 0 ApplicationCore.EXE 0000000075D8 0000020081D8 0 kernel32 0000000075E4 0000020081E4 0 DeleteFileA 0000000075F0 0000020081F0 0 FreeLibrary 0000000075FC 0000020081FC 0 GetModuleHandleA 000000007610 000002008210 0 CreateFileA 00000000761C 00000200821C 0 Sleep 000000007624 000002008224 0 WriteFile 000000007630 000002008230 0 CloseHandle 00000000763C 00000200823C 0 LocalFree 000000007648 000002008248 0 LoadLibraryA 000000007658 000002008258 0 user32 000000007660 000002008260 0 ExitWindowsEx 000000007670 000002008270 0 SeShutdownPrivilege 000000007768 000002008368 0 Check sum erro r 00000000777C 00000200837C 0 Not executable file ! 0000000079B8 0000020085B8 0 %d - 0000000079CC 0000020085CC 0 SpaceTable 000000007BDC 0000020087DC 0 Raport error enabled 000000007C5C 00000200885C 0 suspendthread 000000007C6C 00000200886C 0 resumethread 000000007C7C 00000200887C 0 Openthread 000000007D00 000002008900 0 D$ PU 000000007DE5 0000020089E5 0 t<;t$ 000000007EC0 000002008AC0 0 ApplicationCore.EXE 000000007F90 000002008B90 0 ApplicationCore.EXE 000000007FA8 000002008BA8 0 Enter Command: 0000000085E3 0000020091E3 0 ,'ta, 0000000086A0 0000020092A0 0 UlySxExec %d - %.2X 000000008850 000002009450 0 UlySxExecCommandAsync 000000008868 000002009468 0 ulcorcom.dll 000000008878 000002009478 0 UlySxRetrieveMessage 000000008962 000002009562 0 8NTFS 000000008AD8 0000020096D8 0 Bound Import %s 000000008AE8 0000020096E8 0 LoadLibrary %s 000000008AF8 0000020096F8 0 GetProcAddress %s 000000008B22 000002009722 0 Pj@SV 000000008B84 000002009784 0 VProtect1 000000008B94 000002009794 0 SVWUQ 000000008C8D 00000200988D 0 33333 000000008CAF 0000020098AF 0 UUUU3 000000008E01 000002009A01 0 VWUSQ 000000008E49 000002009A49 0 33333 File pos Mem pos ID Text ======== ======= == ==== 000000008E6B 000002009A6B 0 UUUU3 000000008F1F 000002009B1F 0 UUUU3 000000008F7D 000002009B7D 0 VWUSQ 000000009034 000002009C34 0 UUUU3 00000000929C 000002009E9C 0 rtl32syss 0000000092A8 000002009EA8 0 ApplicationCore.EXE 0000000092C0 000002009EC0 0 rtl32syss2 0000000092CC 000002009ECC 0 UlySxExecCommandAsync 0000000092E4 000002009EE4 0 ulcorcom.dll 00000000944C 00000200A04C 0 Error 000000009454 00000200A054 0 Runtime error at 00000000 000000009474 00000200A074 0 0123456789ABCDEF 0000000094CF 00000200A0CF 0 ESeTtInGs3.03.05 0000000094E0 00000200A0E0 0 russian federat 0000000096D0 00000200A2D0 0 <4,$?7/' 000000009716 00000200A316 0 !"#$%&'()*+,-./012345678 000000009761 00000200A361 0 (3-!0 000000009768 00000200A368 0 ,1'8"5 000000009DA0 00000200D3A0 0 kernel32.dll 000000009DB0 00000200D3B0 0 DeleteCriticalSection 000000009DC8 00000200D3C8 0 LeaveCriticalSection 000000009DE0 00000200D3E0 0 EnterCriticalSection 000000009DF8 00000200D3F8 0 InitializeCriticalSection 000000009E14 00000200D414 0 VirtualFree 000000009E22 00000200D422 0 VirtualAlloc 000000009E32 00000200D432 0 LocalFree 000000009E3E 00000200D43E 0 LocalAlloc 000000009E4C 00000200D44C 0 GetVersion 000000009E5A 00000200D45A 0 GetCurrentThreadId 000000009E70 00000200D470 0 GetThreadLocale 000000009E82 00000200D482 0 GetStartupInfoA 000000009E94 00000200D494 0 GetLocaleInfoA 000000009EA6 00000200D4A6 0 GetCommandLineA 000000009EB8 00000200D4B8 0 FreeLibrary 000000009EC6 00000200D4C6 0 ExitProcess 000000009ED4 00000200D4D4 0 WriteFile 000000009EE0 00000200D4E0 0 UnhandledExceptionFilter 000000009EFC 00000200D4FC 0 RtlUnwind 000000009F08 00000200D508 0 RaiseException 000000009F1A 00000200D51A 0 GetStdHandle 000000009F28 00000200D528 0 user32.dll 000000009F36 00000200D536 0 GetKeyboardType 000000009F48 00000200D548 0 MessageBoxA 000000009F54 00000200D554 0 advapi32.dll 000000009F64 00000200D564 0 RegQueryValueExA 000000009F78 00000200D578 0 RegOpenKeyExA 000000009F88 00000200D588 0 RegCloseKey 000000009F94 00000200D594 0 kernel32.dll 000000009FA4 00000200D5A4 0 TlsSetValue 000000009FB2 00000200D5B2 0 TlsGetValue 000000009FC0 00000200D5C0 0 TlsFree 000000009FCA 00000200D5CA 0 TlsAlloc 000000009FD6 00000200D5D6 0 LocalFree 000000009FE2 00000200D5E2 0 LocalAlloc 000000009FEE 00000200D5EE 0 advapi32.dll 000000009FFE 00000200D5FE 0 RegQueryValueExA 00000000A012 00000200D612 0 RegOpenKeyExA 00000000A022 00000200D622 0 RegEnumKeyExA 00000000A032 00000200D632 0 RegCloseKey 00000000A040 00000200D640 0 OpenProcessToken File pos Mem pos ID Text ======== ======= == ==== 00000000A054 00000200D654 0 LookupPrivilegeValueA 00000000A06C 00000200D66C 0 InitiateSystemShutdownA 00000000A086 00000200D686 0 AdjustTokenPrivileges 00000000A09C 00000200D69C 0 kernel32.dll 00000000A0AC 00000200D6AC 0 lstrlenA 00000000A0B8 00000200D6B8 0 lstrcpyA 00000000A0C4 00000200D6C4 0 lstrcmpiW 00000000A0D0 00000200D6D0 0 lstrcmpiA 00000000A0DC 00000200D6DC 0 lstrcmpA 00000000A0E8 00000200D6E8 0 lstrcatA 00000000A0F4 00000200D6F4 0 WriteFile 00000000A100 00000200D700 0 WaitForSingleObject 00000000A116 00000200D716 0 VirtualProtect 00000000A128 00000200D728 0 TerminateThread 00000000A13A 00000200D73A 0 TerminateProcess 00000000A14E 00000200D74E 0 SuspendThread 00000000A15E 00000200D75E 0 Sleep 00000000A166 00000200D766 0 SizeofResource 00000000A178 00000200D778 0 SetFilePointer 00000000A18A 00000200D78A 0 ResumeThread 00000000A19A 00000200D79A 0 ReadFile 00000000A1A6 00000200D7A6 0 OpenProcess 00000000A1B4 00000200D7B4 0 MultiByteToWideChar 00000000A1CA 00000200D7CA 0 LocalFree 00000000A1D6 00000200D7D6 0 LocalAlloc 00000000A1E4 00000200D7E4 0 LoadResource 00000000A1F4 00000200D7F4 0 LoadLibraryA 00000000A204 00000200D804 0 GetVolumeInformationA 00000000A21C 00000200D81C 0 GetTickCount 00000000A22C 00000200D82C 0 GetSystemTimeAsFileTime 00000000A246 00000200D846 0 GetProcAddress 00000000A258 00000200D858 0 GetModuleHandleA 00000000A26C 00000200D86C 0 GetModuleFileNameA 00000000A282 00000200D882 0 GetLastError 00000000A292 00000200D892 0 GetFileSize 00000000A2A0 00000200D8A0 0 GetFileAttributesA 00000000A2B6 00000200D8B6 0 GetExitCodeThread 00000000A2CA 00000200D8CA 0 GetCurrentThreadId 00000000A2E0 00000200D8E0 0 GetCurrentProcess 00000000A2F4 00000200D8F4 0 FormatMessageA 00000000A306 00000200D906 0 FindResourceA 00000000A316 00000200D916 0 FileTimeToLocalFileTime 00000000A330 00000200D930 0 DeleteFileA 00000000A33E 00000200D93E 0 CreateProcessA 00000000A350 00000200D950 0 CreateMutexA 00000000A360 00000200D960 0 CreateFileA 00000000A36E 00000200D96E 0 CloseHandle 00000000A37A 00000200D97A 0 gdi32.dll 00000000A386 00000200D986 0 SelectObject 00000000A396 00000200D996 0 Rectangle 00000000A3A2 00000200D9A2 0 GetTextMetricsA 00000000A3B4 00000200D9B4 0 GetDeviceCaps 00000000A3C4 00000200D9C4 0 DeleteObject 00000000A3D4 00000200D9D4 0 DeleteDC 00000000A3E0 00000200D9E0 0 CreateSolidBrush 00000000A3F4 00000200D9F4 0 CreateDCA 00000000A3FE 00000200D9FE 0 user32.dll 00000000A40C 00000200DA0C 0 CreateWindowExA 00000000A41E 00000200DA1E 0 UnregisterClassA 00000000A432 00000200DA32 0 TranslateMessage File pos Mem pos ID Text ======== ======= == ==== 00000000A446 00000200DA46 0 SetTimer 00000000A452 00000200DA52 0 SetFocus 00000000A45E 00000200DA5E 0 SendMessageA 00000000A46E 00000200DA6E 0 RegisterClassA 00000000A480 00000200DA80 0 PostMessageA 00000000A490 00000200DA90 0 PeekMessageA 00000000A4A0 00000200DAA0 0 MessageBoxA 00000000A4AE 00000200DAAE 0 LoadIconA 00000000A4BA 00000200DABA 0 LoadCursorA 00000000A4C8 00000200DAC8 0 InvalidateRect 00000000A4DA 00000200DADA 0 GetWindowTextA 00000000A4EC 00000200DAEC 0 GetWindowDC 00000000A4FA 00000200DAFA 0 GetMessageA 00000000A508 00000200DB08 0 GetDesktopWindow 00000000A51C 00000200DB1C 0 GetClientRect 00000000A52C 00000200DB2C 0 DrawTextA 00000000A538 00000200DB38 0 DispatchMessageA 00000000A54C 00000200DB4C 0 DestroyWindow 00000000A55C 00000200DB5C 0 DefWindowProcA 00000000A56C 00000200DB6C 0 msxfs.dll 00000000A578 00000200DB78 0 WFSCancelAsyncRequest 00000000A590 00000200DB90 0 WFSDeregister 00000000A5A0 00000200DBA0 0 WFSRegister 00000000A5AE 00000200DBAE 0 WFSGetInfo 00000000A5BC 00000200DBBC 0 WFSAsyncExecute 00000000A5CE 00000200DBCE 0 WFSExecute 00000000A5DC 00000200DBDC 0 WFSUnlock 00000000A5E8 00000200DBE8 0 WFSFreeResult 00000000A5F8 00000200DBF8 0 WFSLock 00000000A602 00000200DC02 0 WFSClose 00000000A60E 00000200DC0E 0 WFSOpen 00000000A618 00000200DC18 0 WFSStartUp 00000000A624 00000200DC24 0 uladi2.dll 00000000A632 00000200DC32 0 AdiLookupName 00000000A642 00000200DC42 0 AdiTerminate 00000000A652 00000200DC52 0 AdiInitialise 00000000A660 00000200DC60 0 uladi2x.dll 00000000A66E 00000200DC6E 0 AdiFreeResponseHandle 00000000A686 00000200DC86 0 AdiGetTdata 00000000A694 00000200DC94 0 AdiGetTlength 00000000A6A4 00000200DCA4 0 AdiExTimedReceiveResponse 00000000A6C0 00000200DCC0 0 AdiExSend 00000000A6CA 00000200DCCA 0 imagehlp.dll 00000000A6DA 00000200DCDA 0 CheckSumMappedFile 00000000A6EE 00000200DCEE 0 ntdll.dll 00000000A6FA 00000200DCFA 0 NtQueryInformationThread 00000000A714 00000200DD14 0 kernel32.dll 00000000A724 00000200DD24 0 OpenThread 00000000A730 00000200DD30 0 user32.dll 00000000A73E 00000200DD3E 0 wsprintfA 00000000A80F 00000200E00F 0 0"0*020:0B0J0R0Z0b0j0r0z0 00000000A853 00000200E053 0 6S6b6 00000000A867 00000200E067 0 9$9.989N9T9b9w9 00000000A891 00000200E091 0 :?:I:S:]:g:z: 00000000A8B9 00000200E0B9 0 ;H<h< 00000000A8C3 00000200E0C3 0 =Q>]> 00000000A8F5 00000200E0F5 0 081A1[1 00000000A907 00000200E107 0 2O2X2h2p2v2 00000000A927 00000200E127 0 3 383D3L3m3|3 00000000A941 00000200E141 0 4B4v4 File pos Mem pos ID Text ======== ======= == ==== 00000000A94D 00000200E14D 0 4$5,52585E5K5 00000000A985 00000200E185 0 858F8[8h8 00000000A99F 00000200E19F 0 ;+;B;W; 00000000A9B3 00000200E1B3 0 ;2<N<Z<n<x< 00000000A9C5 00000200E1C5 0 <#=,=a=h= 00000000A9D3 00000200E1D3 0 =G?o?v? 00000000A9FB 00000200E1FB 0 1"1'1-161F1K1P1U1Z1h1r1 00000000AA1F 00000200E21F 0 2$2.2S2]2g2o2u2 00000000AA3F 00000200E23F 0 3)3B3 00000000AA4D 00000200E24D 0 3=7N7 00000000AA5F 00000200E25F 0 708y8 00000000AA81 00000200E281 0 979@9I9U9_9 00000000AAA1 00000200E2A1 0 :M:k:u: 00000000AAB9 00000200E2B9 0 ;!;-;;;E;c;h;{; 00000000AAE5 00000200E2E5 0 <&<.<6< 00000000AAED 00000200E2ED 0 <f<n<v<~< 00000000AB1D 00000200E31D 0 =&=.=6=>=F=N=V= 00000000AB2D 00000200E32D 0 =f=n=v=~= 00000000AB5D 00000200E35D 0 >&>.>6>>>F>N>V> 00000000AB6D 00000200E36D 0 >f>n>v>~> 00000000AB77 00000200E377 0 >S?_?l?~? 00000000ABA9 00000200E3A9 0 0#0/0<0N0V0 00000000ABB5 00000200E3B5 0 0f0n0v0~0 00000000ABD7 00000200E3D7 0 4 5g5}6 00000000ABED 00000200E3ED 0 777L7Z7_7 00000000AC1D 00000200E41D 0 ;><O<]< 00000000AC27 00000200E427 0 =O=Z=w=|= 00000000AC43 00000200E443 0 ?*?E?v? 00000000AC59 00000200E459 0 001F1 00000000AC6B 00000200E46B 0 292q2 00000000AC75 00000200E475 0 3(3.3Y4 00000000AC7D 00000200E47D 0 5F5h5v5 00000000AC95 00000200E495 0 7.8S8a8 00000000ACBB 00000200E4BB 0 3e3j3u3}3 00000000ACD3 00000200E4D3 0 4z5e6 00000000AD11 00000200E511 0 1!1=1H1R1Y1d1k1v1 00000000AD45 00000200E545 0 4D4S4 00000000AD55 00000200E555 0 5"5(5<5 00000000AD6B 00000200E56B 0 707d7 00000000AD83 00000200E583 0 9F9s9 00000000AD8B 00000200E58B 0 95:V: 00000000AD93 00000200E593 0 ;!;(;-; 00000000AD9B 00000200E59B 0 ;"<7<<<G<Z<z< 00000000ADD0 00000200E5D0 0 :0K0X0 00000000ADED 00000200E5ED 0 1#1/1B1U1 00000000AE0D 00000200E60D 0 4/444D4e4}4 00000000AE19 00000200E619 0 4#5Q5r5 00000000AE2B 00000200E62B 0 6j6n6r6v6z6~6 00000000AE51 00000200E651 0 7C7S7c7s7 00000000AE69 00000200E669 0 7!888D8 00000000AE7D 00000200E67D 0 :N:j:p: 00000000AEB1 00000200E6B1 0 =&=1=>=S=o= 00000000AED9 00000200E6D9 0 >.>4>g> 00000000AEF5 00000200E6F5 0 1)161t1y1 00000000AF0D 00000200E70D 0 2#202=2B2P2Y2h2w2 00000000AF47 00000200E747 0 4$4)43484=4 00000000AF65 00000200E765 0 505P5j5p5x5 00000000AF83 00000200E783 0 63787 00000000AF9D 00000200E79D 0 9$939=9F9Q9Z9c9o9}9 00000000B013 00000200E813 0 =&=5=:=J=V=[= File pos Mem pos ID Text ======== ======= == ==== 00000000B03B 00000200E83B 0 > >8>>>C>H>M>\>g> 00000000B058 00000200E858 0 $0(0,0 00000000B073 00000200E873 0 1 1$1(1,1014181<1@1D1H1L1P1T1X1\1d1 00000000B902 00000200F702 0 ,C._%a 00000000B90D 00000200F70D 0 Gv;-@ 00000000BC0F 00000200FA0F 0 PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING 0000000046BD 0000020052BD 0 MyProg 000000004774 000002005374 0 MyProg 000000004874 000002005474 0 MyProg 000000004994 000002005594 0 MyProg 000000004AA4 0000020056A4 0 MyProg 000000004B7C 00000200577C 0 MyProg 000000006AC0 0000020076C0 0 MyProg 000000007818 000002008418 0 MyProg 0000000079D8 0000020085D8 0 MyProg 000000008550 000002009150 0 MyProg
=== DOWNLOAD ===