.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS                                                            !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    4035d977202b44666885f9781ac8755c799350a03838ff782eb730c0d7069958
 
Date...........: 2016-08-02
Family.........: ATMSpitter
File name......: cngdisp.exe
File size......: 51.50 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Documentation..: https://usa.visa.com/dam/VCOM/global/partner-with-us/documents/visa-technical-analysis-atm-jackpottingmalware.pdf
Additional note: Date check (2016) at 0x408729 and 0x408735

Entropy:


Binary Histogram:



=== SCREENSHOT === 



=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 144 0x90 blocks_in_file: 3 3 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 0 0 max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 0 0 reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 240 0xf0 === DOS STUB === 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| === RICH Header === LIB_ID VERSION TIMES_USED 171 ab 30319 766f 23 17 158 9e 30319 766f 17 11 170 aa 30319 766f 87 57 147 93 30729 7809 4 4 4 4 8447 20ff 3 3 1 1 0 0 85 55 174 ae 30319 766f 1 1 157 9d 30319 766f 1 1 === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 5 5 TimeDateStamp: "2015-11-08 18:33:21" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 10.0 SizeOfCode: 31744 0x7c00 SizeOfInitializedData: 19968 0x4e00 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 5355 0x14eb BaseOfCode: 4096 0x1000 BaseOfData: 36864 0x9000 ImageBase: 4194304 0x400000 SectionAlignment: 4096 0x1000 FileAlignment: 512 0x200 OperatingSystemVersion: 5.1 ImageVersion: 0.0 SubsystemVersion: 5.1 Reserved1: 0 0 SizeOfImage: 69632 0x11000 SizeOfHeaders: 1024 0x400 CheckSum: 104745 0x19929 Subsystem: 3 3 WINDOWS_CUI DllCharacteristics: 33088 0x8140 DYNAMIC_BASE, NX_COMPAT TERMINAL_SERVER_AWARE SizeOfStackReserve: 1048576 0x100000 SizeOfStackCommit: 4096 0x1000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x b854 size:0x 50 RESOURCE rva:0x f000 size:0x 1b4 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x 10000 size:0x 7e4 DEBUG rva:0x 0 size:0x 0 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 0 size:0x 0 LOAD_CONFIG rva:0x b530 size:0x 40 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 9000 size:0x 134 Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS .text 1000 7a57 7c00 400 0 0 0 0 60000020 R-X CODE .rdata 9000 2eca 3000 8000 0 0 0 0 40000040 R-- IDATA .data c000 2ba4 e00 b000 0 0 0 0 c0000040 RW- IDATA .rsrc f000 1b4 200 be00 0 0 0 0 40000040 R-- IDATA .reloc 10000 cb6 e00 c000 0 0 0 0 42000040 R-- IDATA DISCARDABLE === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0xbe58 1252 0x409 346 MANIFEST #1 === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME CSCWCNG.dll 15 CSCWCNG.dll 16 CSCWCNG.dll 1a CSCWCNG.dll 2b CSCWCNG.dll 2a CSCWCNG.dll 1b KERNEL32.dll 88 CreateFileA KERNEL32.dll 466 SetFilePointer KERNEL32.dll 54d lstrlenA KERNEL32.dll 525 WriteFile KERNEL32.dll 52 CloseHandle KERNEL32.dll 277 GetSystemTime KERNEL32.dll 157 FlushFileBuffers KERNEL32.dll 202 GetLastError KERNEL32.dll 2cf HeapFree KERNEL32.dll 2cb HeapAlloc KERNEL32.dll 186 GetCommandLineA KERNEL32.dll 2d3 HeapSetInformation KERNEL32.dll ca DecodePointer KERNEL32.dll 4d3 UnhandledExceptionFilter KERNEL32.dll 4a5 SetUnhandledExceptionFilter KERNEL32.dll 300 IsDebuggerPresent KERNEL32.dll ea EncodePointer KERNEL32.dll 4c0 TerminateProcess KERNEL32.dll 1c0 GetCurrentProcess KERNEL32.dll 2cd HeapCreate KERNEL32.dll 245 GetProcAddress KERNEL32.dll 218 GetModuleHandleW KERNEL32.dll 119 ExitProcess KERNEL32.dll 264 GetStdHandle KERNEL32.dll 214 GetModuleFileNameW KERNEL32.dll ee EnterCriticalSection KERNEL32.dll 339 LeaveCriticalSection KERNEL32.dll 213 GetModuleFileNameA KERNEL32.dll 161 FreeEnvironmentStringsW KERNEL32.dll 511 WideCharToMultiByte KERNEL32.dll 1da GetEnvironmentStringsW KERNEL32.dll 46f SetHandleCount KERNEL32.dll 2e3 InitializeCriticalSectionAndSpinCount KERNEL32.dll 1f3 GetFileType KERNEL32.dll 263 GetStartupInfoW KERNEL32.dll d1 DeleteCriticalSection KERNEL32.dll 4c5 TlsAlloc KERNEL32.dll 4c7 TlsGetValue KERNEL32.dll 4c8 TlsSetValue KERNEL32.dll 4c6 TlsFree KERNEL32.dll 2ef InterlockedIncrement KERNEL32.dll 473 SetLastError KERNEL32.dll 1c5 GetCurrentThreadId KERNEL32.dll 2eb InterlockedDecrement KERNEL32.dll 3a7 QueryPerformanceCounter KERNEL32.dll 293 GetTickCount KERNEL32.dll 1c1 GetCurrentProcessId KERNEL32.dll 279 GetSystemTimeAsFileTime KERNEL32.dll 19a GetConsoleCP KERNEL32.dll 1ac GetConsoleMode KERNEL32.dll 172 GetCPInfo KERNEL32.dll 168 GetACP KERNEL32.dll 237 GetOEMCP KERNEL32.dll 30a IsValidCodePage KERNEL32.dll 4b2 Sleep KERNEL32.dll 33f LoadLibraryW KERNEL32.dll 418 RtlUnwind KERNEL32.dll 487 SetStdHandle KERNEL32.dll 524 WriteConsoleW KERNEL32.dll 367 MultiByteToWideChar KERNEL32.dll 32d LCMapStringW KERNEL32.dll 269 GetStringTypeW KERNEL32.dll 2d2 HeapReAlloc KERNEL32.dll 304 IsProcessorFeaturePresent KERNEL32.dll 2d4 HeapSize KERNEL32.dll 8f CreateFileW USER32.dll 334 wvsprintfA USER32.dll 332 wsprintfA === Packer / Compiler === MS Visual C++ v8.0
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000001E8 0000004001E8 0 .text 000000000210 000000400210 0 .rdata 000000000237 000000400237 0 @.data 000000000260 000000400260 0 .rsrc 000000000287 000000400287 0 @.reloc 000000000D3D 00000040193D 0 t%HHt 000000000F7F 000000401B7F 0 HHtXHHt 00000000106F 000000401C6F 0 HHty+ 0000000014D5 0000004020D5 0 ?If90t 0000000018BF 0000004024BF 0 PPPPP 000000001A61 000000402661 0 uTVWh 000000001D47 000000402947 0 PPPPP 000000001DC9 0000004029C9 0 SSSSS 000000002860 000000403460 0 t?VSP 0000000028BA 0000004034BA 0 PPPPP 0000000029EB 0000004035EB 0 < tK< tG 000000002B35 000000403735 0 wf93t 000000002B5A 00000040375A 0 @PSVV 000000002C2A 00000040382A 0 SWf9M 000000004A02 000000405602 0 QSWVj 000000004B4B 00000040574B 0 v N+D$ 0000000057BA 0000004063BA 0 ~,WPV 00000000593F 00000040653F 0 URPQQh 000000005A5A 00000040665A 0 Rhff@ 000000005F23 000000406B23 0 9](SS 000000006069 000000406C69 0 t"SS9] u 000000006129 000000406D29 0 9] SS 0000000065EB 0000004071EB 0 v4;5\ 0000000066E9 0000004072E9 0 vL;5t 000000006DE6 0000004079E6 0 PPPPPPPP 000000006EC6 000000407AC6 0 PPPPPPPP 0000000070C3 000000407CC3 0 SVWUj 000000007164 000000407D64 0 ;t$,v- 0000000071E9 000000407DE9 0 UQPXY]Y[ 000000007742 000000408342 0 wctO 00000000774E 00000040834E 0 t3It 0000000078B8 0000004084B8 0 w9t(- 0000000078C4 0000004084C4 0 Hu7hL 0000000078F8 0000004084F8 0 (t%Ht 0000000078FF 0000004084FF 0 E$Ph0 0000000079B8 0000004085B8 0 000000007A1A 00000040861A 0 D$<120 000000007B24 000000408724 0 f9L$P 000000007D3B 00000040893B 0 L$LPQhX 000000008180 000000409180 0 (null) 0000000081A9 0000004091A9 0 ( 8PX 0000000081B1 0000004091B1 0 700WP 0000000081C9 0000004091C9 0 xpxxxx 0000000081E4 0000004091E4 0 CorExitProcess 000000008CBC 000000409CBC 0 FlsFree 000000008CC4 000000409CC4 0 FlsSetValue 000000008CD0 000000409CD0 0 FlsGetValue 000000008CDC 000000409CDC 0 FlsAlloc 000000008F0C 000000409F0C 0 HH:mm:ss 000000008F18 000000409F18 0 dddd, MMMM dd, yyyy 000000008F2C 000000409F2C 0 MM/dd/yy 000000008F40 000000409F40 0 December 000000008F4C 000000409F4C 0 November 000000008F58 000000409F58 0 October File pos Mem pos ID Text ======== ======= == ==== 000000008F60 000000409F60 0 September 000000008F6C 000000409F6C 0 August 000000008F84 000000409F84 0 April 000000008F8C 000000409F8C 0 March 000000008F94 000000409F94 0 February 000000008FA0 000000409FA0 0 January 000000008FD8 000000409FD8 0 Saturday 000000008FE4 000000409FE4 0 Friday 000000008FEC 000000409FEC 0 Thursday 000000008FF8 000000409FF8 0 Wednesday 000000009004 00000040A004 0 Tuesday 00000000900C 00000040A00C 0 Monday 000000009014 00000040A014 0 Sunday 00000000905D 00000040A05D 0 ('8PW 000000009066 00000040A066 0 700PP 000000009081 00000040A081 0 xppwpp 000000009094 00000040A094 0 GetProcessWindowStation 0000000090AC 00000040A0AC 0 GetUserObjectInformationW 0000000090C8 00000040A0C8 0 GetLastActivePopup 0000000090DC 00000040A0DC 0 GetActiveWindow 0000000090EC 00000040A0EC 0 MessageBoxW 00000000912F 00000040A12F 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 000000009170 00000040A170 0 abcdefghijklmnopqrstuvwxyz{|}~ 000000009738 00000040A738 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\] 000000009779 00000040A779 0 abcdefghijklmnopqrstuvwxyz{|}~ 0000000098B8 00000040A8B8 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 0000000098F9 00000040A8F9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0000000099B0 00000040A9B0 0 StClass = 0000000099C0 00000040A9C0 0 STCLASS_OK 0000000099CC 00000040A9CC 0 STCLASS_ERROR_COMM 0000000099E0 00000040A9E0 0 STCLASS_ERROR_CNG 0000000099F4 00000040A9F4 0 STCLASS_ERROR_EDS 000000009A08 00000040AA08 0 STCLASS_ERROR_INI 000000009A1C 00000040AA1C 0 STCLASS_ERROR_LDR 000000009A34 00000040AA34 0 StCode = 000000009A44 00000040AA44 0 CSC_INVALID_SPEC 000000009A58 00000040AA58 0 CSC_INVALID_HANDLE 000000009A6C 00000040AA6C 0 CSC_INVALID_LOGICAL_ID 000000009A84 00000040AA84 0 CSC_INVALID_PINDATA 000000009A9C 00000040AA9C 0 CSC_INVALID_INLEN 000000009AB0 00000040AAB0 0 CSC_INVALID_OUTLEN 000000009AC4 00000040AAC4 0 CSC_INVALID_POUTDATA 000000009ADC 00000040AADC 0 CSC_DEVICE_ALREADY_OPENED 000000009AF8 00000040AAF8 0 CNG_INVALID_VARIANT 000000009B10 00000040AB10 0 CNG_INVALID_RESPONSE 000000009B28 00000040AB28 0 CNG_INVALID_RECOVERY 000000009B40 00000040AB40 0 CNG_FIRMWARE_INCOMPLETE 000000009B60 00000040AB60 0 CNG_FRM_CONTEXT (<nSTA>!=R --> cassette error; <TF>=N --> transport path is not free; <SHERR>=B --> shutter error; <TER>=M --> possible manipulation) 000000009BF8 00000040ABF8 0 CNG_FRM_SYNTAX (Invalid cassette ID; Too many tries to dispense (> 10); Number of notes > maximum value (standard CNG: 60; ProCash Compact: 20)) 000000009C8C 00000040AC8C 0 CNG_FRM_SW_MISSING (Firmware not loaded) 000000009CB8 00000040ACB8 0 CNG_FRM_ACCESS_ERROR 000000009CD0 00000040ACD0 0 CNG_FRM_ACCESS_CONTEXT 000000009CE8 00000040ACE8 0 CNG_FRM_SCOP 000000009CF8 00000040ACF8 0 CNG_FRM_ACCESS_DEVICE_NOT_READY 000000009D20 00000040AD20 0 CNG_FRM_DEVICE_NOT_READY (<S_SW>=O --> safety switch open; <DLOC>=Y --> device lock activated; <CAS>=N --> minimum configuration (reject box + cash-out cassette); <SR>=R --> single reject switch defective (is in reject direction); <TER>=J --> banknote jam; <OR>=Y --> operator request; <TST>=Y --> self-test active) 000000009E60 00000040AE60 0 CNG_FRM_ERROR (<nSTA>=E --> the cassette is empty; <DIS>=M --> too many banknotes with wrong size; <nSTA>=R --> timeout: no receipts for dispensing available (for printing cassette only); <DIS>=S --> too many multiple-banknote dispensing operations; <DIS>=N --> banknote dispensing is not possible*; <DIS>=J --> banknote jam has occurred during dispensing; <DIS>=E --> too many bundle rejects) 000000009FEC 00000040AFEC 0 CNG_FRM_ERROR_DECRYPTION 00000000A008 00000040B008 0 StWarn = 00000000A018 00000040B018 0 CNG_WARN_MONEY_NOT_REMOVED 00000000A034 00000040B034 0 CNG_WARN_MONEY_REMOVED File pos Mem pos ID Text ======== ======= == ==== 00000000A04C 00000040B04C 0 CNG_NO_FIRMWARE 00000000A060 00000040B060 0 CNG_NO_ACTUAL_FIRMWARE 00000000A078 00000040B078 0 CNG_WARN_LED 00000000A088 00000040B088 0 displog.txt 00000000A098 00000040B098 0 Congratulations! You are very skilled in reverse engineering! :) 00000000A0DC 00000040B0DC 0 CSCCNG 00000000A0E4 00000040B0E4 0 Usage: %s <Cassette Slot Number (D)> <Banknotes Count (DD)> 00000000A128 00000040B128 0 Invalid Parameter: Cassette Slot Number. Must be a digit from 1 to 9 00000000A170 00000040B170 0 Invalid Parameter: Banknotes Count. Must be a digit from 1 to 60 00000000A1B4 00000040B1B4 0 %s,%s; 00000000A1BC 00000040B1BC 0 Connecting to the CNG... 00000000A1D8 00000040B1D8 0 CscCngOpen/CscCdmOpen failed with error: 00000000A204 00000040B204 0 CscCngOpen/CscCdmOpen failed with error: 00000000A22D 00000040B22D 0 System Failure 00000000A240 00000040B240 0 Successfully connected! 00000000A25C 00000040B25C 0 Locking device for exclusive access... 00000000A284 00000040B284 0 CscCngLock/CscCdmLock failed with error: 00000000A2B0 00000040B2B0 0 Device successfully locked! 00000000A2D0 00000040B2D0 0 Dispensing cash to collection tray... 00000000A2F8 00000040B2F8 0 CscCngDispense/CscCdmDispense failed with error: 00000000A32C 00000040B32C 0 Dispensed Successfully! Raw Response: %s 00000000A358 00000040B358 0 Transporting cash to wait pos... 00000000A37C 00000040B37C 0 CscCngTransport failed with error: 00000000A3A0 00000040B3A0 0 Cash successfully transported to the wait pos. 00000000A3D0 00000040B3D0 0 Transporting cash to customer... 00000000A3F4 00000040B3F4 0 CscCngTransport/CscCdmTransport failed with error: 00000000A428 00000040B428 0 Cash successfully transported to the customer! 00000000A458 00000040B458 0 %s:%s 00000000A460 00000040B460 0 Unlocking device... 00000000A478 00000040B478 0 CscCngUnlock/CscCdmUnlock failed with error: 00000000A4A8 00000040B4A8 0 Device successfully unlocked. 00000000A4C8 00000040B4C8 0 Disconnecting from CNG... 00000000A4E4 00000040B4E4 0 CscCngClose/CscCdmClose failed with error: 00000000A510 00000040B510 0 Successfully disconnected. 00000000A9D8 00000040B9D8 0 CSCWCNG.dll 00000000A9E6 00000040B9E6 0 CreateFileA 00000000A9F4 00000040B9F4 0 SetFilePointer 00000000AA06 00000040BA06 0 lstrlenA 00000000AA12 00000040BA12 0 WriteFile 00000000AA1E 00000040BA1E 0 CloseHandle 00000000AA2C 00000040BA2C 0 GetSystemTime 00000000AA3A 00000040BA3A 0 KERNEL32.dll 00000000AA4A 00000040BA4A 0 wvsprintfA 00000000AA58 00000040BA58 0 wsprintfA 00000000AA62 00000040BA62 0 USER32.dll 00000000AA70 00000040BA70 0 GetLastError 00000000AA80 00000040BA80 0 HeapFree 00000000AA8C 00000040BA8C 0 HeapAlloc 00000000AA98 00000040BA98 0 GetCommandLineA 00000000AAAA 00000040BAAA 0 HeapSetInformation 00000000AAC0 00000040BAC0 0 DecodePointer 00000000AAD0 00000040BAD0 0 UnhandledExceptionFilter 00000000AAEC 00000040BAEC 0 SetUnhandledExceptionFilter 00000000AB0A 00000040BB0A 0 IsDebuggerPresent 00000000AB1E 00000040BB1E 0 EncodePointer 00000000AB2E 00000040BB2E 0 TerminateProcess 00000000AB42 00000040BB42 0 GetCurrentProcess 00000000AB56 00000040BB56 0 HeapCreate 00000000AB64 00000040BB64 0 GetProcAddress 00000000AB76 00000040BB76 0 GetModuleHandleW File pos Mem pos ID Text ======== ======= == ==== 00000000AB8A 00000040BB8A 0 ExitProcess 00000000AB98 00000040BB98 0 GetStdHandle 00000000ABA8 00000040BBA8 0 GetModuleFileNameW 00000000ABBE 00000040BBBE 0 EnterCriticalSection 00000000ABD6 00000040BBD6 0 LeaveCriticalSection 00000000ABEE 00000040BBEE 0 GetModuleFileNameA 00000000AC04 00000040BC04 0 FreeEnvironmentStringsW 00000000AC1E 00000040BC1E 0 WideCharToMultiByte 00000000AC34 00000040BC34 0 GetEnvironmentStringsW 00000000AC4E 00000040BC4E 0 SetHandleCount 00000000AC60 00000040BC60 0 InitializeCriticalSectionAndSpinCount 00000000AC88 00000040BC88 0 GetFileType 00000000AC96 00000040BC96 0 GetStartupInfoW 00000000ACA8 00000040BCA8 0 DeleteCriticalSection 00000000ACC0 00000040BCC0 0 TlsAlloc 00000000ACCC 00000040BCCC 0 TlsGetValue 00000000ACDA 00000040BCDA 0 TlsSetValue 00000000ACE8 00000040BCE8 0 TlsFree 00000000ACF2 00000040BCF2 0 InterlockedIncrement 00000000AD0A 00000040BD0A 0 SetLastError 00000000AD1A 00000040BD1A 0 GetCurrentThreadId 00000000AD30 00000040BD30 0 InterlockedDecrement 00000000AD48 00000040BD48 0 QueryPerformanceCounter 00000000AD62 00000040BD62 0 GetTickCount 00000000AD72 00000040BD72 0 GetCurrentProcessId 00000000AD88 00000040BD88 0 GetSystemTimeAsFileTime 00000000ADA2 00000040BDA2 0 GetConsoleCP 00000000ADB2 00000040BDB2 0 GetConsoleMode 00000000ADC4 00000040BDC4 0 GetCPInfo 00000000ADD0 00000040BDD0 0 GetACP 00000000ADDA 00000040BDDA 0 GetOEMCP 00000000ADE6 00000040BDE6 0 IsValidCodePage 00000000ADF8 00000040BDF8 0 Sleep 00000000AE00 00000040BE00 0 LoadLibraryW 00000000AE10 00000040BE10 0 RtlUnwind 00000000AE1C 00000040BE1C 0 SetStdHandle 00000000AE2C 00000040BE2C 0 WriteConsoleW 00000000AE3C 00000040BE3C 0 MultiByteToWideChar 00000000AE52 00000040BE52 0 LCMapStringW 00000000AE62 00000040BE62 0 GetStringTypeW 00000000AE74 00000040BE74 0 HeapReAlloc 00000000AE82 00000040BE82 0 IsProcessorFeaturePresent 00000000AE9E 00000040BE9E 0 HeapSize 00000000AEAA 00000040BEAA 0 FlushFileBuffers 00000000AEBE 00000040BEBE 0 CreateFileW 00000000B4CE 00000040C4CE 0 00000000B5AE 00000040C5AE 0 abcdefghijklmnopqrstuvwxyz 00000000B5CE 00000040C5CE 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 00000000B6D2 00000040C6D2 0 00000000B7B9 00000040C7B9 0 abcdefghijklmnopqrstuvwxyz 00000000B7D9 00000040C7D9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 00000000BE58 00000040F058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 00000000BEA3 00000040F0A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> 00000000BEDB 00000040F0DB 0 <security> 00000000BEEB 00000040F0EB 0 <requestedPrivileges> 00000000BF08 00000040F108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel> 00000000BF68 00000040F168 0 </requestedPrivileges> 00000000BF86 00000040F186 0 </security> 00000000BF97 00000040F197 0 </trustInfo> 00000000BFA7 00000040F1A7 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD File pos Mem pos ID Text ======== ======= == ==== 00000000C00B 00000041000B 0 0*0L0{0 00000000C017 000000410017 0 2L3W3h3 00000000C02F 00000041002F 0 31464@4z4 00000000C04B 00000041004B 0 7+8I8o8 00000000C057 000000410057 0 8G<7= 00000000C075 000000410075 0 3#3'3+3/3<3N3.484E4 00000000C095 000000410095 0 5,5c5o5|5 00000000C0A5 0000004100A5 0 5)616D6O6T6f6p6u6 00000000C0C9 0000004100C9 0 7I7S7y7 00000000C0E7 0000004100E7 0 9%939g9t9 00000000C0F5 0000004100F5 0 9#:Q:x: 00000000C10F 00000041010F 0 >->4>C>O>\> 00000000C127 000000410127 0 ?'?0?T? 00000000C153 000000410153 0 324<4}4 00000000C171 000000410171 0 7&7N7 00000000C181 000000410181 0 8[8b8w8 00000000C18F 00000041018F 0 9)9M9}9 00000000C1A1 0000004101A1 0 9 :%:F:M:Y:_:k:q:z: 00000000C1EB 0000004101EB 0 <?=E=[= 00000000C1F3 0000004101F3 0 =h=n=u={= 00000000C225 000000410225 0 >#>(>0>5><>K>P>V>_> 00000000C24B 00000041024B 0 ?@?H? 00000000C2A1 0000004102A1 0 ;3<><H<a<k<~< 00000000C2C5 0000004102C5 0 ?+?F?N?V?m? 00000000C2E9 0000004102E9 0 0/0C0 00000000C2F1 0000004102F1 0 0&1z1=2k2 00000000C2FF 0000004102FF 0 3G3{3 00000000C313 000000410313 0 4J4S4_4 00000000C329 000000410329 0 8$8;8I8O8r8y8 00000000C359 000000410359 0 :H:N:V: 00000000C371 000000410371 0 ;h;q;w; 00000000C37D 00000041037D 0 <%<-< 00000000C399 000000410399 0 >1>7> 00000000C3B3 0000004103B3 0 ?'?-?7?@?K?P?Y?c?n? 00000000C3DD 0000004103DD 0 3!3H3U3Z3h3C4f4q4 00000000C3F1 0000004103F1 0 4E5Q5\6_7r7 00000000C401 000000410401 0 7%8>8Z8 00000000C43F 00000041043F 0 2'292K2]2o2 00000000C457 000000410457 0 2E3K3U3 00000000C465 000000410465 0 4$4A4G4M4S4Y4_4f4m4t4{4 00000000C4A1 0000004104A1 0 5.555 00000000C4BF 0000004104BF 0 7=7D7H7L7P7T7X7\7 00000000C4DB 0000004104DB 0 7"8-8H8O8T8X8\8}8 00000000C4FF 0000004104FF 0 8F9L9P9T9X9 00000000C513 000000410513 0 <.<d<n< 00000000C51B 00000041051B 0 <1=== 00000000C52D 00000041052D 0 >(>v? 00000000C541 000000410541 0 020Z0d1z1 00000000C559 000000410559 0 2"2'262E2T2c2r2 00000000C579 000000410579 0 3a3s3 00000000C58F 00000041058F 0 4.4=4L4[4j4y4 00000000C5AB 0000004105AB 0 5!5054585<5@5D5H5l5p5t5x5|5 00000000C5E5 0000004105E5 0 6;6Q6 00000000C5F5 0000004105F5 0 7E7U7_7 00000000C605 000000410605 0 8'838_8l8 00000000C619 000000410619 0 8 9-9A9N9m9y9 00000000C631 000000410631 0 :&:?: 00000000C640 000000410640 0 @1D1H1L1P1\1 00000000C671 000000410671 0 ;$;,;4;<; 00000000C69D 00000041069D 0 6$6@6L6h6 File pos Mem pos ID Text ======== ======= == ==== 00000000C6AF 0000004106AF 0 7$7(7H7h7 00000000C6C5 0000004106C5 0 808P8 00000000C6DB 0000004106DB 0 1x8x9|9 00000000C731 000000410731 0 : :0:4:8:<:@:D:H:L:P:T:X:\: 00000000C74D 00000041074D 0 :d:h:l:p:t:x:|: 00000000C789 000000410789 0 :8;H;X;h;x; 00000000C7B9 0000004107B9 0 =(=,=0=4=8=<=@=D=H=L=X=\= 00000000C7D3 0000004107D3 0 =d=h=l=p=t=x=|= 000000008170 000000409170 0 (null) 0000000081F4 0000004091F4 0 mscoree.dll 00000000820C 00000040920C 0 runtime error 000000008B3F 000000409B3F 0 @Microsoft Visual C++ Runtime Library 000000008B9C 000000409B9C 0 <program name unknown> 000000008BEC 000000409BEC 0 Program: 000000008CA0 000000409CA0 0 KERNEL32.DLL 000000008CE8 000000409CE8 0 HH:mm:ss 000000008CFC 000000409CFC 0 dddd, MMMM dd, yyyy 000000008D24 000000409D24 0 MM/dd/yy 000000008D48 000000409D48 0 December 000000008D5C 000000409D5C 0 November 000000008D70 000000409D70 0 October 000000008D80 000000409D80 0 September 000000008D94 000000409D94 0 August 000000008DBC 000000409DBC 0 April 000000008DC8 000000409DC8 0 March 000000008DD4 000000409DD4 0 February 000000008DE8 000000409DE8 0 January 000000008E58 000000409E58 0 Saturday 000000008E6C 000000409E6C 0 Friday 000000008E7C 000000409E7C 0 Thursday 000000008E90 000000409E90 0 Wednesday 000000008EA4 000000409EA4 0 Tuesday 000000008EB4 000000409EB4 0 Monday 000000008EC4 000000409EC4 0 Sunday 0000000090F7 00000040A0F7 0 WUSER32.DLL 00000000999F 00000040A99F 0 @CONOUT$ 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000001E8 0000004001E8 0 .text 000000000210 000000400210 0 .rdata 000000000237 000000400237 0 @.data 000000000260 000000400260 0 .rsrc 000000000287 000000400287 0 @.reloc 000000000D3D 00000040193D 0 t%HHt 000000000F7F 000000401B7F 0 HHtXHHt 00000000106F 000000401C6F 0 HHty+ 0000000014D5 0000004020D5 0 ?If90t 0000000018BF 0000004024BF 0 PPPPP 000000001A61 000000402661 0 uTVWh 000000001D47 000000402947 0 PPPPP 000000001DC9 0000004029C9 0 SSSSS 000000002860 000000403460 0 t?VSP 0000000028BA 0000004034BA 0 PPPPP 0000000029EB 0000004035EB 0 < tK< tG 000000002B35 000000403735 0 wf93t 000000002B5A 00000040375A 0 @PSVV 000000002C2A 00000040382A 0 SWf9M 000000004A02 000000405602 0 QSWVj 000000004B4B 00000040574B 0 v N+D$ 0000000057BA 0000004063BA 0 ~,WPV 00000000593F 00000040653F 0 URPQQh File pos Mem pos ID Text ======== ======= == ==== 000000005A5A 00000040665A 0 Rhff@ 000000005F23 000000406B23 0 9](SS 000000006069 000000406C69 0 t"SS9] u 000000006129 000000406D29 0 9] SS 0000000065EB 0000004071EB 0 v4;5\ 0000000066E9 0000004072E9 0 vL;5t 000000006DE6 0000004079E6 0 PPPPPPPP 000000006EC6 000000407AC6 0 PPPPPPPP 0000000070C3 000000407CC3 0 SVWUj 000000007164 000000407D64 0 ;t$,v- 0000000071E9 000000407DE9 0 UQPXY]Y[ 000000007742 000000408342 0 wctO 00000000774E 00000040834E 0 t3It 0000000078B8 0000004084B8 0 w9t(- 0000000078C4 0000004084C4 0 Hu7hL 0000000078F8 0000004084F8 0 (t%Ht 0000000078FF 0000004084FF 0 E$Ph0 0000000079B8 0000004085B8 0 000000007A1A 00000040861A 0 D$<120 000000007B24 000000408724 0 f9L$P 000000007D3B 00000040893B 0 L$LPQhX 000000008180 000000409180 0 (null) 0000000081A9 0000004091A9 0 ( 8PX 0000000081B1 0000004091B1 0 700WP 0000000081C9 0000004091C9 0 xpxxxx 0000000081E4 0000004091E4 0 CorExitProcess 000000008CBC 000000409CBC 0 FlsFree 000000008CC4 000000409CC4 0 FlsSetValue 000000008CD0 000000409CD0 0 FlsGetValue 000000008CDC 000000409CDC 0 FlsAlloc 000000008F0C 000000409F0C 0 HH:mm:ss 000000008F18 000000409F18 0 dddd, MMMM dd, yyyy 000000008F2C 000000409F2C 0 MM/dd/yy 000000008F40 000000409F40 0 December 000000008F4C 000000409F4C 0 November 000000008F58 000000409F58 0 October 000000008F60 000000409F60 0 September 000000008F6C 000000409F6C 0 August 000000008F84 000000409F84 0 April 000000008F8C 000000409F8C 0 March 000000008F94 000000409F94 0 February 000000008FA0 000000409FA0 0 January 000000008FD8 000000409FD8 0 Saturday 000000008FE4 000000409FE4 0 Friday 000000008FEC 000000409FEC 0 Thursday 000000008FF8 000000409FF8 0 Wednesday 000000009004 00000040A004 0 Tuesday 00000000900C 00000040A00C 0 Monday 000000009014 00000040A014 0 Sunday 00000000905D 00000040A05D 0 ('8PW 000000009066 00000040A066 0 700PP 000000009081 00000040A081 0 xppwpp 000000009094 00000040A094 0 GetProcessWindowStation 0000000090AC 00000040A0AC 0 GetUserObjectInformationW 0000000090C8 00000040A0C8 0 GetLastActivePopup 0000000090DC 00000040A0DC 0 GetActiveWindow 0000000090EC 00000040A0EC 0 MessageBoxW 00000000912F 00000040A12F 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 000000009170 00000040A170 0 abcdefghijklmnopqrstuvwxyz{|}~ 000000009738 00000040A738 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\] File pos Mem pos ID Text ======== ======= == ==== 000000009779 00000040A779 0 abcdefghijklmnopqrstuvwxyz{|}~ 0000000098B8 00000040A8B8 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 0000000098F9 00000040A8F9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0000000099B0 00000040A9B0 0 StClass = 0000000099C0 00000040A9C0 0 STCLASS_OK 0000000099CC 00000040A9CC 0 STCLASS_ERROR_COMM 0000000099E0 00000040A9E0 0 STCLASS_ERROR_CNG 0000000099F4 00000040A9F4 0 STCLASS_ERROR_EDS 000000009A08 00000040AA08 0 STCLASS_ERROR_INI 000000009A1C 00000040AA1C 0 STCLASS_ERROR_LDR 000000009A34 00000040AA34 0 StCode = 000000009A44 00000040AA44 0 CSC_INVALID_SPEC 000000009A58 00000040AA58 0 CSC_INVALID_HANDLE 000000009A6C 00000040AA6C 0 CSC_INVALID_LOGICAL_ID 000000009A84 00000040AA84 0 CSC_INVALID_PINDATA 000000009A9C 00000040AA9C 0 CSC_INVALID_INLEN 000000009AB0 00000040AAB0 0 CSC_INVALID_OUTLEN 000000009AC4 00000040AAC4 0 CSC_INVALID_POUTDATA 000000009ADC 00000040AADC 0 CSC_DEVICE_ALREADY_OPENED 000000009AF8 00000040AAF8 0 CNG_INVALID_VARIANT 000000009B10 00000040AB10 0 CNG_INVALID_RESPONSE 000000009B28 00000040AB28 0 CNG_INVALID_RECOVERY 000000009B40 00000040AB40 0 CNG_FIRMWARE_INCOMPLETE 000000009B60 00000040AB60 0 CNG_FRM_CONTEXT (<nSTA>!=R --> cassette error; <TF>=N --> transport path is not free; <SHERR>=B --> shutter error; <TER>=M --> possible manipulation) 000000009BF8 00000040ABF8 0 CNG_FRM_SYNTAX (Invalid cassette ID; Too many tries to dispense (> 10); Number of notes > maximum value (standard CNG: 60; ProCash Compact: 20)) 000000009C8C 00000040AC8C 0 CNG_FRM_SW_MISSING (Firmware not loaded) 000000009CB8 00000040ACB8 0 CNG_FRM_ACCESS_ERROR 000000009CD0 00000040ACD0 0 CNG_FRM_ACCESS_CONTEXT 000000009CE8 00000040ACE8 0 CNG_FRM_SCOP 000000009CF8 00000040ACF8 0 CNG_FRM_ACCESS_DEVICE_NOT_READY 000000009D20 00000040AD20 0 CNG_FRM_DEVICE_NOT_READY (<S_SW>=O --> safety switch open; <DLOC>=Y --> device lock activated; <CAS>=N --> minimum configuration (reject box + cash-out cassette); <SR>=R --> single reject switch defective (is in reject direction); <TER>=J --> banknote jam; <OR>=Y --> operator request; <TST>=Y --> self-test active) 000000009E60 00000040AE60 0 CNG_FRM_ERROR (<nSTA>=E --> the cassette is empty; <DIS>=M --> too many banknotes with wrong size; <nSTA>=R --> timeout: no receipts for dispensing available (for printing cassette only); <DIS>=S --> too many multiple-banknote dispensing operations; <DIS>=N --> banknote dispensing is not possible*; <DIS>=J --> banknote jam has occurred during dispensing; <DIS>=E --> too many bundle rejects) 000000009FEC 00000040AFEC 0 CNG_FRM_ERROR_DECRYPTION 00000000A008 00000040B008 0 StWarn = 00000000A018 00000040B018 0 CNG_WARN_MONEY_NOT_REMOVED 00000000A034 00000040B034 0 CNG_WARN_MONEY_REMOVED 00000000A04C 00000040B04C 0 CNG_NO_FIRMWARE 00000000A060 00000040B060 0 CNG_NO_ACTUAL_FIRMWARE 00000000A078 00000040B078 0 CNG_WARN_LED 00000000A088 00000040B088 0 displog.txt 00000000A098 00000040B098 0 Congratulations! You are very skilled in reverse engineering! :) 00000000A0DC 00000040B0DC 0 CSCCNG 00000000A0E4 00000040B0E4 0 Usage: %s <Cassette Slot Number (D)> <Banknotes Count (DD)> 00000000A128 00000040B128 0 Invalid Parameter: Cassette Slot Number. Must be a digit from 1 to 9 00000000A170 00000040B170 0 Invalid Parameter: Banknotes Count. Must be a digit from 1 to 60 00000000A1B4 00000040B1B4 0 %s,%s; 00000000A1BC 00000040B1BC 0 Connecting to the CNG... 00000000A1D8 00000040B1D8 0 CscCngOpen/CscCdmOpen failed with error: 00000000A204 00000040B204 0 CscCngOpen/CscCdmOpen failed with error: 00000000A22D 00000040B22D 0 System Failure 00000000A240 00000040B240 0 Successfully connected! 00000000A25C 00000040B25C 0 Locking device for exclusive access... 00000000A284 00000040B284 0 CscCngLock/CscCdmLock failed with error: 00000000A2B0 00000040B2B0 0 Device successfully locked! 00000000A2D0 00000040B2D0 0 Dispensing cash to collection tray... 00000000A2F8 00000040B2F8 0 CscCngDispense/CscCdmDispense failed with error: 00000000A32C 00000040B32C 0 Dispensed Successfully! Raw Response: %s 00000000A358 00000040B358 0 Transporting cash to wait pos... 00000000A37C 00000040B37C 0 CscCngTransport failed with error: 00000000A3A0 00000040B3A0 0 Cash successfully transported to the wait pos. File pos Mem pos ID Text ======== ======= == ==== 00000000A3D0 00000040B3D0 0 Transporting cash to customer... 00000000A3F4 00000040B3F4 0 CscCngTransport/CscCdmTransport failed with error: 00000000A428 00000040B428 0 Cash successfully transported to the customer! 00000000A458 00000040B458 0 %s:%s 00000000A460 00000040B460 0 Unlocking device... 00000000A478 00000040B478 0 CscCngUnlock/CscCdmUnlock failed with error: 00000000A4A8 00000040B4A8 0 Device successfully unlocked. 00000000A4C8 00000040B4C8 0 Disconnecting from CNG... 00000000A4E4 00000040B4E4 0 CscCngClose/CscCdmClose failed with error: 00000000A510 00000040B510 0 Successfully disconnected. 00000000A9D8 00000040B9D8 0 CSCWCNG.dll 00000000A9E6 00000040B9E6 0 CreateFileA 00000000A9F4 00000040B9F4 0 SetFilePointer 00000000AA06 00000040BA06 0 lstrlenA 00000000AA12 00000040BA12 0 WriteFile 00000000AA1E 00000040BA1E 0 CloseHandle 00000000AA2C 00000040BA2C 0 GetSystemTime 00000000AA3A 00000040BA3A 0 KERNEL32.dll 00000000AA4A 00000040BA4A 0 wvsprintfA 00000000AA58 00000040BA58 0 wsprintfA 00000000AA62 00000040BA62 0 USER32.dll 00000000AA70 00000040BA70 0 GetLastError 00000000AA80 00000040BA80 0 HeapFree 00000000AA8C 00000040BA8C 0 HeapAlloc 00000000AA98 00000040BA98 0 GetCommandLineA 00000000AAAA 00000040BAAA 0 HeapSetInformation 00000000AAC0 00000040BAC0 0 DecodePointer 00000000AAD0 00000040BAD0 0 UnhandledExceptionFilter 00000000AAEC 00000040BAEC 0 SetUnhandledExceptionFilter 00000000AB0A 00000040BB0A 0 IsDebuggerPresent 00000000AB1E 00000040BB1E 0 EncodePointer 00000000AB2E 00000040BB2E 0 TerminateProcess 00000000AB42 00000040BB42 0 GetCurrentProcess 00000000AB56 00000040BB56 0 HeapCreate 00000000AB64 00000040BB64 0 GetProcAddress 00000000AB76 00000040BB76 0 GetModuleHandleW 00000000AB8A 00000040BB8A 0 ExitProcess 00000000AB98 00000040BB98 0 GetStdHandle 00000000ABA8 00000040BBA8 0 GetModuleFileNameW 00000000ABBE 00000040BBBE 0 EnterCriticalSection 00000000ABD6 00000040BBD6 0 LeaveCriticalSection 00000000ABEE 00000040BBEE 0 GetModuleFileNameA 00000000AC04 00000040BC04 0 FreeEnvironmentStringsW 00000000AC1E 00000040BC1E 0 WideCharToMultiByte 00000000AC34 00000040BC34 0 GetEnvironmentStringsW 00000000AC4E 00000040BC4E 0 SetHandleCount 00000000AC60 00000040BC60 0 InitializeCriticalSectionAndSpinCount 00000000AC88 00000040BC88 0 GetFileType 00000000AC96 00000040BC96 0 GetStartupInfoW 00000000ACA8 00000040BCA8 0 DeleteCriticalSection 00000000ACC0 00000040BCC0 0 TlsAlloc 00000000ACCC 00000040BCCC 0 TlsGetValue 00000000ACDA 00000040BCDA 0 TlsSetValue 00000000ACE8 00000040BCE8 0 TlsFree 00000000ACF2 00000040BCF2 0 InterlockedIncrement 00000000AD0A 00000040BD0A 0 SetLastError 00000000AD1A 00000040BD1A 0 GetCurrentThreadId 00000000AD30 00000040BD30 0 InterlockedDecrement 00000000AD48 00000040BD48 0 QueryPerformanceCounter 00000000AD62 00000040BD62 0 GetTickCount File pos Mem pos ID Text ======== ======= == ==== 00000000AD72 00000040BD72 0 GetCurrentProcessId 00000000AD88 00000040BD88 0 GetSystemTimeAsFileTime 00000000ADA2 00000040BDA2 0 GetConsoleCP 00000000ADB2 00000040BDB2 0 GetConsoleMode 00000000ADC4 00000040BDC4 0 GetCPInfo 00000000ADD0 00000040BDD0 0 GetACP 00000000ADDA 00000040BDDA 0 GetOEMCP 00000000ADE6 00000040BDE6 0 IsValidCodePage 00000000ADF8 00000040BDF8 0 Sleep 00000000AE00 00000040BE00 0 LoadLibraryW 00000000AE10 00000040BE10 0 RtlUnwind 00000000AE1C 00000040BE1C 0 SetStdHandle 00000000AE2C 00000040BE2C 0 WriteConsoleW 00000000AE3C 00000040BE3C 0 MultiByteToWideChar 00000000AE52 00000040BE52 0 LCMapStringW 00000000AE62 00000040BE62 0 GetStringTypeW 00000000AE74 00000040BE74 0 HeapReAlloc 00000000AE82 00000040BE82 0 IsProcessorFeaturePresent 00000000AE9E 00000040BE9E 0 HeapSize 00000000AEAA 00000040BEAA 0 FlushFileBuffers 00000000AEBE 00000040BEBE 0 CreateFileW 00000000B4CE 00000040C4CE 0 00000000B5AE 00000040C5AE 0 abcdefghijklmnopqrstuvwxyz 00000000B5CE 00000040C5CE 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 00000000B6D2 00000040C6D2 0 00000000B7B9 00000040C7B9 0 abcdefghijklmnopqrstuvwxyz 00000000B7D9 00000040C7D9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 00000000BE58 00000040F058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 00000000BEA3 00000040F0A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> 00000000BEDB 00000040F0DB 0 <security> 00000000BEEB 00000040F0EB 0 <requestedPrivileges> 00000000BF08 00000040F108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel> 00000000BF68 00000040F168 0 </requestedPrivileges> 00000000BF86 00000040F186 0 </security> 00000000BF97 00000040F197 0 </trustInfo> 00000000BFA7 00000040F1A7 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD 00000000C00B 00000041000B 0 0*0L0{0 00000000C017 000000410017 0 2L3W3h3 00000000C02F 00000041002F 0 31464@4z4 00000000C04B 00000041004B 0 7+8I8o8 00000000C057 000000410057 0 8G<7= 00000000C075 000000410075 0 3#3'3+3/3<3N3.484E4 00000000C095 000000410095 0 5,5c5o5|5 00000000C0A5 0000004100A5 0 5)616D6O6T6f6p6u6 00000000C0C9 0000004100C9 0 7I7S7y7 00000000C0E7 0000004100E7 0 9%939g9t9 00000000C0F5 0000004100F5 0 9#:Q:x: 00000000C10F 00000041010F 0 >->4>C>O>\> 00000000C127 000000410127 0 ?'?0?T? 00000000C153 000000410153 0 324<4}4 00000000C171 000000410171 0 7&7N7 00000000C181 000000410181 0 8[8b8w8 00000000C18F 00000041018F 0 9)9M9}9 00000000C1A1 0000004101A1 0 9 :%:F:M:Y:_:k:q:z: 00000000C1EB 0000004101EB 0 <?=E=[= 00000000C1F3 0000004101F3 0 =h=n=u={= 00000000C225 000000410225 0 >#>(>0>5><>K>P>V>_> 00000000C24B 00000041024B 0 ?@?H? 00000000C2A1 0000004102A1 0 ;3<><H<a<k<~< 00000000C2C5 0000004102C5 0 ?+?F?N?V?m? File pos Mem pos ID Text ======== ======= == ==== 00000000C2E9 0000004102E9 0 0/0C0 00000000C2F1 0000004102F1 0 0&1z1=2k2 00000000C2FF 0000004102FF 0 3G3{3 00000000C313 000000410313 0 4J4S4_4 00000000C329 000000410329 0 8$8;8I8O8r8y8 00000000C359 000000410359 0 :H:N:V: 00000000C371 000000410371 0 ;h;q;w; 00000000C37D 00000041037D 0 <%<-< 00000000C399 000000410399 0 >1>7> 00000000C3B3 0000004103B3 0 ?'?-?7?@?K?P?Y?c?n? 00000000C3DD 0000004103DD 0 3!3H3U3Z3h3C4f4q4 00000000C3F1 0000004103F1 0 4E5Q5\6_7r7 00000000C401 000000410401 0 7%8>8Z8 00000000C43F 00000041043F 0 2'292K2]2o2 00000000C457 000000410457 0 2E3K3U3 00000000C465 000000410465 0 4$4A4G4M4S4Y4_4f4m4t4{4 00000000C4A1 0000004104A1 0 5.555 00000000C4BF 0000004104BF 0 7=7D7H7L7P7T7X7\7 00000000C4DB 0000004104DB 0 7"8-8H8O8T8X8\8}8 00000000C4FF 0000004104FF 0 8F9L9P9T9X9 00000000C513 000000410513 0 <.<d<n< 00000000C51B 00000041051B 0 <1=== 00000000C52D 00000041052D 0 >(>v? 00000000C541 000000410541 0 020Z0d1z1 00000000C559 000000410559 0 2"2'262E2T2c2r2 00000000C579 000000410579 0 3a3s3 00000000C58F 00000041058F 0 4.4=4L4[4j4y4 00000000C5AB 0000004105AB 0 5!5054585<5@5D5H5l5p5t5x5|5 00000000C5E5 0000004105E5 0 6;6Q6 00000000C5F5 0000004105F5 0 7E7U7_7 00000000C605 000000410605 0 8'838_8l8 00000000C619 000000410619 0 8 9-9A9N9m9y9 00000000C631 000000410631 0 :&:?: 00000000C640 000000410640 0 @1D1H1L1P1\1 00000000C671 000000410671 0 ;$;,;4;<; 00000000C69D 00000041069D 0 6$6@6L6h6 00000000C6AF 0000004106AF 0 7$7(7H7h7 00000000C6C5 0000004106C5 0 808P8 00000000C6DB 0000004106DB 0 1x8x9|9 00000000C731 000000410731 0 : :0:4:8:<:@:D:H:L:P:T:X:\: 00000000C74D 00000041074D 0 :d:h:l:p:t:x:|: 00000000C789 000000410789 0 :8;H;X;h;x; 00000000C7B9 0000004107B9 0 =(=,=0=4=8=<=@=D=H=L=X=\= 00000000C7D3 0000004107D3 0 =d=h=l=p=t=x=|= 000000008170 000000409170 0 (null) 0000000081F4 0000004091F4 0 mscoree.dll 00000000820C 00000040920C 0 runtime error 000000008B3F 000000409B3F 0 @Microsoft Visual C++ Runtime Library 000000008B9C 000000409B9C 0 <program name unknown> 000000008BEC 000000409BEC 0 Program: 000000008CA0 000000409CA0 0 KERNEL32.DLL 000000008CE8 000000409CE8 0 HH:mm:ss 000000008CFC 000000409CFC 0 dddd, MMMM dd, yyyy 000000008D24 000000409D24 0 MM/dd/yy 000000008D48 000000409D48 0 December 000000008D5C 000000409D5C 0 November 000000008D70 000000409D70 0 October 000000008D80 000000409D80 0 September 000000008D94 000000409D94 0 August 000000008DBC 000000409DBC 0 April File pos Mem pos ID Text ======== ======= == ==== 000000008DC8 000000409DC8 0 March 000000008DD4 000000409DD4 0 February 000000008DE8 000000409DE8 0 January 000000008E58 000000409E58 0 Saturday 000000008E6C 000000409E6C 0 Friday 000000008E7C 000000409E7C 0 Thursday 000000008E90 000000409E90 0 Wednesday 000000008EA4 000000409EA4 0 Tuesday 000000008EB4 000000409EB4 0 Monday 000000008EC4 000000409EC4 0 Sunday 0000000090F7 00000040A0F7 0 WUSER32.DLL 00000000999F 00000040A99F 0 @CONOUT$
=== DOWNLOAD ===