.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS                                                            !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    85e5aacbc9113520d93f1d9d73193c3501ebab8032661052d9a66348e204cde6
 
Date...........: 2016-08-02
Family.........: ATMSpitter
File name......: ATMSpitter v2
File size......: 51.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Documentation..: https://usa.visa.com/dam/VCOM/global/partner-with-us/documents/visa-technical-analysis-atm-jackpottingmalware.pdf
Additional note: Date check (2017) at 0x408748 and 0x408754

Entropy:


Binary Histogram:



=== SCREENSHOT === 



=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 144 0x90 blocks_in_file: 3 3 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 0 0 max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 0 0 reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 232 0xe8 === DOS STUB === 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| === RICH Header === LIB_ID VERSION TIMES_USED 171 ab 30319 766f 23 17 158 9e 30319 766f 17 11 170 aa 30319 766f 87 57 147 93 30729 7809 4 4 4 4 8447 20ff 3 3 1 1 0 0 83 53 174 ae 30319 766f 1 1 157 9d 30319 766f 1 1 === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 5 5 TimeDateStamp: "2016-11-15 19:52:25" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 10.0 SizeOfCode: 31232 0x7a00 SizeOfInitializedData: 19968 0x4e00 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 5355 0x14eb BaseOfCode: 4096 0x1000 BaseOfData: 36864 0x9000 ImageBase: 4194304 0x400000 SectionAlignment: 4096 0x1000 FileAlignment: 512 0x200 OperatingSystemVersion: 5.1 ImageVersion: 0.0 SubsystemVersion: 5.1 Reserved1: 0 0 SizeOfImage: 69632 0x11000 SizeOfHeaders: 1024 0x400 CheckSum: 97961 0x17ea9 Subsystem: 3 3 WINDOWS_CUI DllCharacteristics: 33088 0x8140 DYNAMIC_BASE, NX_COMPAT TERMINAL_SERVER_AWARE SizeOfStackReserve: 1048576 0x100000 SizeOfStackCommit: 4096 0x1000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x b7e4 size:0x 50 RESOURCE rva:0x f000 size:0x 1b4 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x 10000 size:0x 7d8 DEBUG rva:0x 0 size:0x 0 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 0 size:0x 0 LOAD_CONFIG rva:0x b4c0 size:0x 40 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 9000 size:0x 12c Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS .text 1000 79fc 7a00 400 0 0 0 0 60000020 R-X CODE .rdata 9000 2e52 3000 7e00 0 0 0 0 40000040 R-- IDATA .data c000 2ba4 e00 ae00 0 0 0 0 c0000040 RW- IDATA .rsrc f000 1b4 200 bc00 0 0 0 0 40000040 R-- IDATA .reloc 10000 ca6 e00 be00 0 0 0 0 42000040 R-- IDATA DISCARDABLE === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0xbc58 1252 0x409 346 MANIFEST #1 === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME CSCWCNG.dll 16 CSCWCNG.dll 2b CSCWCNG.dll 2a CSCWCNG.dll 15 KERNEL32.dll 88 CreateFileA KERNEL32.dll 466 SetFilePointer KERNEL32.dll 54d lstrlenA KERNEL32.dll 525 WriteFile KERNEL32.dll 52 CloseHandle KERNEL32.dll 277 GetSystemTime KERNEL32.dll 157 FlushFileBuffers KERNEL32.dll 202 GetLastError KERNEL32.dll 2cf HeapFree KERNEL32.dll 2cb HeapAlloc KERNEL32.dll 186 GetCommandLineA KERNEL32.dll 2d3 HeapSetInformation KERNEL32.dll ca DecodePointer KERNEL32.dll 4d3 UnhandledExceptionFilter KERNEL32.dll 4a5 SetUnhandledExceptionFilter KERNEL32.dll 300 IsDebuggerPresent KERNEL32.dll ea EncodePointer KERNEL32.dll 4c0 TerminateProcess KERNEL32.dll 1c0 GetCurrentProcess KERNEL32.dll 2cd HeapCreate KERNEL32.dll 245 GetProcAddress KERNEL32.dll 218 GetModuleHandleW KERNEL32.dll 119 ExitProcess KERNEL32.dll 264 GetStdHandle KERNEL32.dll 214 GetModuleFileNameW KERNEL32.dll ee EnterCriticalSection KERNEL32.dll 339 LeaveCriticalSection KERNEL32.dll 213 GetModuleFileNameA KERNEL32.dll 161 FreeEnvironmentStringsW KERNEL32.dll 511 WideCharToMultiByte KERNEL32.dll 1da GetEnvironmentStringsW KERNEL32.dll 46f SetHandleCount KERNEL32.dll 2e3 InitializeCriticalSectionAndSpinCount KERNEL32.dll 1f3 GetFileType KERNEL32.dll 263 GetStartupInfoW KERNEL32.dll d1 DeleteCriticalSection KERNEL32.dll 4c5 TlsAlloc KERNEL32.dll 4c7 TlsGetValue KERNEL32.dll 4c8 TlsSetValue KERNEL32.dll 4c6 TlsFree KERNEL32.dll 2ef InterlockedIncrement KERNEL32.dll 473 SetLastError KERNEL32.dll 1c5 GetCurrentThreadId KERNEL32.dll 2eb InterlockedDecrement KERNEL32.dll 3a7 QueryPerformanceCounter KERNEL32.dll 293 GetTickCount KERNEL32.dll 1c1 GetCurrentProcessId KERNEL32.dll 279 GetSystemTimeAsFileTime KERNEL32.dll 19a GetConsoleCP KERNEL32.dll 1ac GetConsoleMode KERNEL32.dll 172 GetCPInfo KERNEL32.dll 168 GetACP KERNEL32.dll 237 GetOEMCP KERNEL32.dll 30a IsValidCodePage KERNEL32.dll 4b2 Sleep KERNEL32.dll 33f LoadLibraryW KERNEL32.dll 418 RtlUnwind KERNEL32.dll 487 SetStdHandle KERNEL32.dll 524 WriteConsoleW KERNEL32.dll 367 MultiByteToWideChar KERNEL32.dll 32d LCMapStringW KERNEL32.dll 269 GetStringTypeW KERNEL32.dll 2d2 HeapReAlloc KERNEL32.dll 304 IsProcessorFeaturePresent KERNEL32.dll 2d4 HeapSize KERNEL32.dll 8f CreateFileW USER32.dll 334 wvsprintfA USER32.dll 332 wsprintfA === Packer / Compiler === MS Visual C++ v8.0
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000001E0 0000004001E0 0 .text 000000000208 000000400208 0 .rdata 00000000022F 00000040022F 0 @.data 000000000258 000000400258 0 .rsrc 00000000027F 00000040027F 0 @.reloc 000000000D3D 00000040193D 0 t%HHt 000000000F7F 000000401B7F 0 HHtXHHt 00000000106F 000000401C6F 0 HHty+ 0000000014D5 0000004020D5 0 ?If90t 0000000018BF 0000004024BF 0 PPPPP 000000001A61 000000402661 0 uTVWh 000000001D47 000000402947 0 PPPPP 000000001DC9 0000004029C9 0 SSSSS 000000002860 000000403460 0 t?VSP 0000000028BA 0000004034BA 0 PPPPP 0000000029EB 0000004035EB 0 < tK< tG 000000002B35 000000403735 0 wf93t 000000002B5A 00000040375A 0 @PSVV 000000002C2A 00000040382A 0 SWf9M 000000004A02 000000405602 0 QSWVj 000000004B4B 00000040574B 0 v N+D$ 0000000057BA 0000004063BA 0 ~,WPV 00000000593F 00000040653F 0 URPQQh 000000005A5A 00000040665A 0 Rhff@ 000000005F23 000000406B23 0 9](SS 000000006069 000000406C69 0 t"SS9] u 000000006129 000000406D29 0 9] SS 0000000065EB 0000004071EB 0 v4;5\ 0000000066E9 0000004072E9 0 vL;5t 000000006DE6 0000004079E6 0 PPPPPPPP 000000006EC6 000000407AC6 0 PPPPPPPP 0000000070C3 000000407CC3 0 SVWUj 000000007164 000000407D64 0 ;t$,v- 0000000071E9 000000407DE9 0 UQPXY]Y[ 000000007742 000000408342 0 wctO 00000000774E 00000040834E 0 t3It 0000000078B8 0000004084B8 0 w9t(- 0000000078C4 0000004084C4 0 Hu7hD 0000000078F8 0000004084F8 0 (t%Ht 0000000078FF 0000004084FF 0 E$Ph( 0000000079B8 0000004085B8 0 000000007B43 000000408743 0 f9L$P 000000007D0E 00000040890E 0 T$LQRhT 000000007F78 000000409178 0 (null) 000000007FA1 0000004091A1 0 ( 8PX 000000007FA9 0000004091A9 0 700WP 000000007FC1 0000004091C1 0 xpxxxx 000000007FDC 0000004091DC 0 CorExitProcess 000000008AB4 000000409CB4 0 FlsFree 000000008ABC 000000409CBC 0 FlsSetValue 000000008AC8 000000409CC8 0 FlsGetValue 000000008AD4 000000409CD4 0 FlsAlloc 000000008D04 000000409F04 0 HH:mm:ss 000000008D10 000000409F10 0 dddd, MMMM dd, yyyy 000000008D24 000000409F24 0 MM/dd/yy 000000008D38 000000409F38 0 December 000000008D44 000000409F44 0 November 000000008D50 000000409F50 0 October 000000008D58 000000409F58 0 September File pos Mem pos ID Text ======== ======= == ==== 000000008D64 000000409F64 0 August 000000008D7C 000000409F7C 0 April 000000008D84 000000409F84 0 March 000000008D8C 000000409F8C 0 February 000000008D98 000000409F98 0 January 000000008DD0 000000409FD0 0 Saturday 000000008DDC 000000409FDC 0 Friday 000000008DE4 000000409FE4 0 Thursday 000000008DF0 000000409FF0 0 Wednesday 000000008DFC 000000409FFC 0 Tuesday 000000008E04 00000040A004 0 Monday 000000008E0C 00000040A00C 0 Sunday 000000008E55 00000040A055 0 ('8PW 000000008E5E 00000040A05E 0 700PP 000000008E79 00000040A079 0 xppwpp 000000008E8C 00000040A08C 0 GetProcessWindowStation 000000008EA4 00000040A0A4 0 GetUserObjectInformationW 000000008EC0 00000040A0C0 0 GetLastActivePopup 000000008ED4 00000040A0D4 0 GetActiveWindow 000000008EE4 00000040A0E4 0 MessageBoxW 000000008F27 00000040A127 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 000000008F68 00000040A168 0 abcdefghijklmnopqrstuvwxyz{|}~ 000000009530 00000040A730 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\] 000000009571 00000040A771 0 abcdefghijklmnopqrstuvwxyz{|}~ 0000000096B0 00000040A8B0 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 0000000096F1 00000040A8F1 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0000000097A8 00000040A9A8 0 StClass = 0000000097B8 00000040A9B8 0 STCLASS_OK 0000000097C4 00000040A9C4 0 STCLASS_ERROR_COMM 0000000097D8 00000040A9D8 0 STCLASS_ERROR_CNG 0000000097EC 00000040A9EC 0 STCLASS_ERROR_EDS 000000009800 00000040AA00 0 STCLASS_ERROR_INI 000000009814 00000040AA14 0 STCLASS_ERROR_LDR 00000000982C 00000040AA2C 0 StCode = 00000000983C 00000040AA3C 0 CSC_INVALID_SPEC 000000009850 00000040AA50 0 CSC_INVALID_HANDLE 000000009864 00000040AA64 0 CSC_INVALID_LOGICAL_ID 00000000987C 00000040AA7C 0 CSC_INVALID_PINDATA 000000009894 00000040AA94 0 CSC_INVALID_INLEN 0000000098A8 00000040AAA8 0 CSC_INVALID_OUTLEN 0000000098BC 00000040AABC 0 CSC_INVALID_POUTDATA 0000000098D4 00000040AAD4 0 CSC_DEVICE_ALREADY_OPENED 0000000098F0 00000040AAF0 0 CNG_INVALID_VARIANT 000000009908 00000040AB08 0 CNG_INVALID_RESPONSE 000000009920 00000040AB20 0 CNG_INVALID_RECOVERY 000000009938 00000040AB38 0 CNG_FIRMWARE_INCOMPLETE 000000009958 00000040AB58 0 CNG_FRM_CONTEXT (<nSTA>!=R --> cassette error; <TF>=N --> transport path is not free; <SHERR>=B --> shutter error; <TER>=M --> possible manipulation) 0000000099F0 00000040ABF0 0 CNG_FRM_SYNTAX (Invalid cassette ID; Too many tries to dispense (> 10); Number of notes > maximum value (standard CNG: 60; ProCash Compact: 20)) 000000009A84 00000040AC84 0 CNG_FRM_SW_MISSING (Firmware not loaded) 000000009AB0 00000040ACB0 0 CNG_FRM_ACCESS_ERROR 000000009AC8 00000040ACC8 0 CNG_FRM_ACCESS_CONTEXT 000000009AE0 00000040ACE0 0 CNG_FRM_SCOP 000000009AF0 00000040ACF0 0 CNG_FRM_ACCESS_DEVICE_NOT_READY 000000009B18 00000040AD18 0 CNG_FRM_DEVICE_NOT_READY (<S_SW>=O --> safety switch open; <DLOC>=Y --> device lock activated; <CAS>=N --> minimum configuration (reject box + cash-out cassette); <SR>=R --> single reject switch defective (is in reject direction); <TER>=J --> banknote jam; <OR>=Y --> operator request; <TST>=Y --> self-test active) 000000009C58 00000040AE58 0 CNG_FRM_ERROR (<nSTA>=E --> the cassette is empty; <DIS>=M --> too many banknotes with wrong size; <nSTA>=R --> timeout: no receipts for dispensing available (for printing cassette only); <DIS>=S --> too many multiple-banknote dispensing operations; <DIS>=N --> banknote dispensing is not possible*; <DIS>=J --> banknote jam has occurred during dispensing; <DIS>=E --> too many bundle rejects) 000000009DE4 00000040AFE4 0 CNG_FRM_ERROR_DECRYPTION 000000009E00 00000040B000 0 StWarn = 000000009E10 00000040B010 0 CNG_WARN_MONEY_NOT_REMOVED 000000009E2C 00000040B02C 0 CNG_WARN_MONEY_REMOVED 000000009E44 00000040B044 0 CNG_NO_FIRMWARE File pos Mem pos ID Text ======== ======= == ==== 000000009E58 00000040B058 0 CNG_NO_ACTUAL_FIRMWARE 000000009E70 00000040B070 0 CNG_WARN_LED 000000009E80 00000040B080 0 displog.txt 000000009E90 00000040B090 0 Congratulations! You are very skilled in reverse engineering! :) 000000009ED4 00000040B0D4 0 CSCCNG 000000009EE0 00000040B0E0 0 Usage: %s <Cassette Slot Number (D)> <Banknotes Count (DD)> <Dispenses Count> 000000009F30 00000040B130 0 Invalid Parameter: Cassette Slot Number. Must be a digit from 1 to 9 000000009F78 00000040B178 0 Invalid Parameter: Banknotes Count. Must be a digit from 1 to 60 000000009FC0 00000040B1C0 0 Invalid Parameter: Dispenses Count. Must be a digit from 1 to 100 00000000A004 00000040B204 0 %s,%s; 00000000A00C 00000040B20C 0 Connecting to the CNG... 00000000A028 00000040B228 0 CscCngOpen/CscCdmOpen failed with error: 00000000A054 00000040B254 0 CscCngOpen/CscCdmOpen failed with error: 00000000A07D 00000040B27D 0 System Failure 00000000A090 00000040B290 0 Successfully connected! 00000000A0AC 00000040B2AC 0 Dispense Operation # %d of %d 00000000A0CC 00000040B2CC 0 Dispensing cash to collection tray... 00000000A0F4 00000040B2F4 0 CscCngDispense/CscCdmDispense failed with error: 00000000A128 00000040B328 0 Dispensed Successfully! Raw Response: %s 00000000A154 00000040B354 0 Transporting cash to wait pos... 00000000A178 00000040B378 0 CscCngTransport failed with error: 00000000A19C 00000040B39C 0 Cash successfully transported to the wait pos. 00000000A1CC 00000040B3CC 0 Transporting cash to customer... 00000000A1F0 00000040B3F0 0 CscCngTransport/CscCdmTransport failed with error: 00000000A224 00000040B424 0 Cash successfully transported to the customer! 00000000A254 00000040B454 0 %s:%s 00000000A25C 00000040B45C 0 Disconnecting from CNG... 00000000A278 00000040B478 0 CscCngClose/CscCdmClose failed with error: 00000000A2A4 00000040B4A4 0 Successfully disconnected. 00000000A760 00000040B960 0 CSCWCNG.dll 00000000A76E 00000040B96E 0 CreateFileA 00000000A77C 00000040B97C 0 SetFilePointer 00000000A78E 00000040B98E 0 lstrlenA 00000000A79A 00000040B99A 0 WriteFile 00000000A7A6 00000040B9A6 0 CloseHandle 00000000A7B4 00000040B9B4 0 GetSystemTime 00000000A7C2 00000040B9C2 0 KERNEL32.dll 00000000A7D2 00000040B9D2 0 wvsprintfA 00000000A7E0 00000040B9E0 0 wsprintfA 00000000A7EA 00000040B9EA 0 USER32.dll 00000000A7F8 00000040B9F8 0 GetLastError 00000000A808 00000040BA08 0 HeapFree 00000000A814 00000040BA14 0 HeapAlloc 00000000A820 00000040BA20 0 GetCommandLineA 00000000A832 00000040BA32 0 HeapSetInformation 00000000A848 00000040BA48 0 DecodePointer 00000000A858 00000040BA58 0 UnhandledExceptionFilter 00000000A874 00000040BA74 0 SetUnhandledExceptionFilter 00000000A892 00000040BA92 0 IsDebuggerPresent 00000000A8A6 00000040BAA6 0 EncodePointer 00000000A8B6 00000040BAB6 0 TerminateProcess 00000000A8CA 00000040BACA 0 GetCurrentProcess 00000000A8DE 00000040BADE 0 HeapCreate 00000000A8EC 00000040BAEC 0 GetProcAddress 00000000A8FE 00000040BAFE 0 GetModuleHandleW 00000000A912 00000040BB12 0 ExitProcess 00000000A920 00000040BB20 0 GetStdHandle 00000000A930 00000040BB30 0 GetModuleFileNameW 00000000A946 00000040BB46 0 EnterCriticalSection 00000000A95E 00000040BB5E 0 LeaveCriticalSection File pos Mem pos ID Text ======== ======= == ==== 00000000A976 00000040BB76 0 GetModuleFileNameA 00000000A98C 00000040BB8C 0 FreeEnvironmentStringsW 00000000A9A6 00000040BBA6 0 WideCharToMultiByte 00000000A9BC 00000040BBBC 0 GetEnvironmentStringsW 00000000A9D6 00000040BBD6 0 SetHandleCount 00000000A9E8 00000040BBE8 0 InitializeCriticalSectionAndSpinCount 00000000AA10 00000040BC10 0 GetFileType 00000000AA1E 00000040BC1E 0 GetStartupInfoW 00000000AA30 00000040BC30 0 DeleteCriticalSection 00000000AA48 00000040BC48 0 TlsAlloc 00000000AA54 00000040BC54 0 TlsGetValue 00000000AA62 00000040BC62 0 TlsSetValue 00000000AA70 00000040BC70 0 TlsFree 00000000AA7A 00000040BC7A 0 InterlockedIncrement 00000000AA92 00000040BC92 0 SetLastError 00000000AAA2 00000040BCA2 0 GetCurrentThreadId 00000000AAB8 00000040BCB8 0 InterlockedDecrement 00000000AAD0 00000040BCD0 0 QueryPerformanceCounter 00000000AAEA 00000040BCEA 0 GetTickCount 00000000AAFA 00000040BCFA 0 GetCurrentProcessId 00000000AB10 00000040BD10 0 GetSystemTimeAsFileTime 00000000AB2A 00000040BD2A 0 GetConsoleCP 00000000AB3A 00000040BD3A 0 GetConsoleMode 00000000AB4C 00000040BD4C 0 GetCPInfo 00000000AB58 00000040BD58 0 GetACP 00000000AB62 00000040BD62 0 GetOEMCP 00000000AB6E 00000040BD6E 0 IsValidCodePage 00000000AB80 00000040BD80 0 Sleep 00000000AB88 00000040BD88 0 LoadLibraryW 00000000AB98 00000040BD98 0 RtlUnwind 00000000ABA4 00000040BDA4 0 SetStdHandle 00000000ABB4 00000040BDB4 0 WriteConsoleW 00000000ABC4 00000040BDC4 0 MultiByteToWideChar 00000000ABDA 00000040BDDA 0 LCMapStringW 00000000ABEA 00000040BDEA 0 GetStringTypeW 00000000ABFC 00000040BDFC 0 HeapReAlloc 00000000AC0A 00000040BE0A 0 IsProcessorFeaturePresent 00000000AC26 00000040BE26 0 HeapSize 00000000AC32 00000040BE32 0 FlushFileBuffers 00000000AC46 00000040BE46 0 CreateFileW 00000000B2CE 00000040C4CE 0 00000000B3AE 00000040C5AE 0 abcdefghijklmnopqrstuvwxyz 00000000B3CE 00000040C5CE 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 00000000B4D2 00000040C6D2 0 00000000B5B9 00000040C7B9 0 abcdefghijklmnopqrstuvwxyz 00000000B5D9 00000040C7D9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 00000000BC58 00000040F058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 00000000BCA3 00000040F0A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> 00000000BCDB 00000040F0DB 0 <security> 00000000BCEB 00000040F0EB 0 <requestedPrivileges> 00000000BD08 00000040F108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel> 00000000BD68 00000040F168 0 </requestedPrivileges> 00000000BD86 00000040F186 0 </security> 00000000BD97 00000040F197 0 </trustInfo> 00000000BDA7 00000040F1A7 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD 00000000BE0B 00000041000B 0 0*0L0{0 00000000BE17 000000410017 0 2L3W3h3 00000000BE2F 00000041002F 0 31464@4z4 00000000BE4B 00000041004B 0 7+8I8o8 00000000BE57 000000410057 0 8G<7= File pos Mem pos ID Text ======== ======= == ==== 00000000BE75 000000410075 0 3#3'3+3/3<3N3.484E4 00000000BE95 000000410095 0 5,5c5o5|5 00000000BEA5 0000004100A5 0 5)616D6O6T6f6p6u6 00000000BEC9 0000004100C9 0 7I7S7y7 00000000BEE7 0000004100E7 0 9%939g9t9 00000000BEF5 0000004100F5 0 9#:Q:x: 00000000BF0F 00000041010F 0 >->4>C>O>\> 00000000BF27 000000410127 0 ?'?0?T? 00000000BF53 000000410153 0 324<4}4 00000000BF71 000000410171 0 7&7N7 00000000BF81 000000410181 0 8[8b8w8 00000000BF8F 00000041018F 0 9)9M9}9 00000000BFA1 0000004101A1 0 9 :%:F:M:Y:_:k:q:z: 00000000BFEB 0000004101EB 0 <?=E=[= 00000000BFF3 0000004101F3 0 =h=n=u={= 00000000C025 000000410225 0 >#>(>0>5><>K>P>V>_> 00000000C04B 00000041024B 0 ?@?H? 00000000C0A1 0000004102A1 0 ;3<><H<a<k<~< 00000000C0C5 0000004102C5 0 ?+?F?N?V?m? 00000000C0E9 0000004102E9 0 0/0C0 00000000C0F1 0000004102F1 0 0&1z1=2k2 00000000C0FF 0000004102FF 0 3G3{3 00000000C113 000000410313 0 4J4S4_4 00000000C129 000000410329 0 8$8;8I8O8r8y8 00000000C159 000000410359 0 :H:N:V: 00000000C171 000000410371 0 ;h;q;w; 00000000C17D 00000041037D 0 <%<-< 00000000C199 000000410399 0 >1>7> 00000000C1B3 0000004103B3 0 ?'?-?7?@?K?P?Y?c?n? 00000000C1DD 0000004103DD 0 3!3H3U3Z3h3C4f4q4 00000000C1F1 0000004103F1 0 4E5Q5\6_7r7 00000000C201 000000410401 0 7%8>8Z8 00000000C23F 00000041043F 0 2'292K2]2o2 00000000C257 000000410457 0 2E3K3U3 00000000C265 000000410465 0 4$4A4G4M4S4Y4_4f4m4t4{4 00000000C2A1 0000004104A1 0 5.555 00000000C2BF 0000004104BF 0 7=7D7H7L7P7T7X7\7 00000000C2DB 0000004104DB 0 7"8-8H8O8T8X8\8}8 00000000C2FF 0000004104FF 0 8F9L9P9T9X9 00000000C313 000000410513 0 <.<d<n< 00000000C31B 00000041051B 0 <1=== 00000000C32D 00000041052D 0 >(>v? 00000000C341 000000410541 0 020Z0d1z1 00000000C359 000000410559 0 2"2'262E2T2c2r2 00000000C379 000000410579 0 3a3s3 00000000C38F 00000041058F 0 4.4=4L4[4j4y4 00000000C3AB 0000004105AB 0 5!5054585<5@5D5H5l5p5t5x5|5 00000000C3E5 0000004105E5 0 636I6 00000000C3F3 0000004105F3 0 6:7d7t7 00000000C403 000000410603 0 828?8 00000000C419 000000410619 0 969U9a9 00000000C434 000000410634 0 81<1@1D1H1T1X1 00000000C467 000000410667 0 ;$;,;4; 00000000C487 000000410687 0 5H5d5h5 00000000C49B 00000041069B 0 686X6x6 00000000C4AF 0000004106AF 0 787X7d7 00000000C4CF 0000004106CF 0 1x8x9|9 00000000C525 000000410725 0 : :0:4:8:<:@:D:H:L:P:T:X:\: 00000000C541 000000410741 0 :d:h:l:p:t:x:|: 00000000C57D 00000041077D 0 :8;H;X;h;x; File pos Mem pos ID Text ======== ======= == ==== 00000000C5AD 0000004107AD 0 =(=,=0=4=8=<=@=D=H=L=X=\= 00000000C5C7 0000004107C7 0 =d=h=l=p=t=x=|= 000000007F68 000000409168 0 (null) 000000007FEC 0000004091EC 0 mscoree.dll 000000008004 000000409204 0 runtime error 000000008937 000000409B37 0 @Microsoft Visual C++ Runtime Library 000000008994 000000409B94 0 <program name unknown> 0000000089E4 000000409BE4 0 Program: 000000008A98 000000409C98 0 KERNEL32.DLL 000000008AE0 000000409CE0 0 HH:mm:ss 000000008AF4 000000409CF4 0 dddd, MMMM dd, yyyy 000000008B1C 000000409D1C 0 MM/dd/yy 000000008B40 000000409D40 0 December 000000008B54 000000409D54 0 November 000000008B68 000000409D68 0 October 000000008B78 000000409D78 0 September 000000008B8C 000000409D8C 0 August 000000008BB4 000000409DB4 0 April 000000008BC0 000000409DC0 0 March 000000008BCC 000000409DCC 0 February 000000008BE0 000000409DE0 0 January 000000008C50 000000409E50 0 Saturday 000000008C64 000000409E64 0 Friday 000000008C74 000000409E74 0 Thursday 000000008C88 000000409E88 0 Wednesday 000000008C9C 000000409E9C 0 Tuesday 000000008CAC 000000409EAC 0 Monday 000000008CBC 000000409EBC 0 Sunday 000000008EEF 00000040A0EF 0 WUSER32.DLL 000000009797 00000040A997 0 @CONOUT$ 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000001E0 0000004001E0 0 .text 000000000208 000000400208 0 .rdata 00000000022F 00000040022F 0 @.data 000000000258 000000400258 0 .rsrc 00000000027F 00000040027F 0 @.reloc 000000000D3D 00000040193D 0 t%HHt 000000000F7F 000000401B7F 0 HHtXHHt 00000000106F 000000401C6F 0 HHty+ 0000000014D5 0000004020D5 0 ?If90t 0000000018BF 0000004024BF 0 PPPPP 000000001A61 000000402661 0 uTVWh 000000001D47 000000402947 0 PPPPP 000000001DC9 0000004029C9 0 SSSSS 000000002860 000000403460 0 t?VSP 0000000028BA 0000004034BA 0 PPPPP 0000000029EB 0000004035EB 0 < tK< tG 000000002B35 000000403735 0 wf93t 000000002B5A 00000040375A 0 @PSVV 000000002C2A 00000040382A 0 SWf9M 000000004A02 000000405602 0 QSWVj 000000004B4B 00000040574B 0 v N+D$ 0000000057BA 0000004063BA 0 ~,WPV 00000000593F 00000040653F 0 URPQQh 000000005A5A 00000040665A 0 Rhff@ 000000005F23 000000406B23 0 9](SS 000000006069 000000406C69 0 t"SS9] u 000000006129 000000406D29 0 9] SS 0000000065EB 0000004071EB 0 v4;5\ 0000000066E9 0000004072E9 0 vL;5t File pos Mem pos ID Text ======== ======= == ==== 000000006DE6 0000004079E6 0 PPPPPPPP 000000006EC6 000000407AC6 0 PPPPPPPP 0000000070C3 000000407CC3 0 SVWUj 000000007164 000000407D64 0 ;t$,v- 0000000071E9 000000407DE9 0 UQPXY]Y[ 000000007742 000000408342 0 wctO 00000000774E 00000040834E 0 t3It 0000000078B8 0000004084B8 0 w9t(- 0000000078C4 0000004084C4 0 Hu7hD 0000000078F8 0000004084F8 0 (t%Ht 0000000078FF 0000004084FF 0 E$Ph( 0000000079B8 0000004085B8 0 000000007B43 000000408743 0 f9L$P 000000007D0E 00000040890E 0 T$LQRhT 000000007F78 000000409178 0 (null) 000000007FA1 0000004091A1 0 ( 8PX 000000007FA9 0000004091A9 0 700WP 000000007FC1 0000004091C1 0 xpxxxx 000000007FDC 0000004091DC 0 CorExitProcess 000000008AB4 000000409CB4 0 FlsFree 000000008ABC 000000409CBC 0 FlsSetValue 000000008AC8 000000409CC8 0 FlsGetValue 000000008AD4 000000409CD4 0 FlsAlloc 000000008D04 000000409F04 0 HH:mm:ss 000000008D10 000000409F10 0 dddd, MMMM dd, yyyy 000000008D24 000000409F24 0 MM/dd/yy 000000008D38 000000409F38 0 December 000000008D44 000000409F44 0 November 000000008D50 000000409F50 0 October 000000008D58 000000409F58 0 September 000000008D64 000000409F64 0 August 000000008D7C 000000409F7C 0 April 000000008D84 000000409F84 0 March 000000008D8C 000000409F8C 0 February 000000008D98 000000409F98 0 January 000000008DD0 000000409FD0 0 Saturday 000000008DDC 000000409FDC 0 Friday 000000008DE4 000000409FE4 0 Thursday 000000008DF0 000000409FF0 0 Wednesday 000000008DFC 000000409FFC 0 Tuesday 000000008E04 00000040A004 0 Monday 000000008E0C 00000040A00C 0 Sunday 000000008E55 00000040A055 0 ('8PW 000000008E5E 00000040A05E 0 700PP 000000008E79 00000040A079 0 xppwpp 000000008E8C 00000040A08C 0 GetProcessWindowStation 000000008EA4 00000040A0A4 0 GetUserObjectInformationW 000000008EC0 00000040A0C0 0 GetLastActivePopup 000000008ED4 00000040A0D4 0 GetActiveWindow 000000008EE4 00000040A0E4 0 MessageBoxW 000000008F27 00000040A127 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 000000008F68 00000040A168 0 abcdefghijklmnopqrstuvwxyz{|}~ 000000009530 00000040A730 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\] 000000009571 00000040A771 0 abcdefghijklmnopqrstuvwxyz{|}~ 0000000096B0 00000040A8B0 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 0000000096F1 00000040A8F1 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0000000097A8 00000040A9A8 0 StClass = 0000000097B8 00000040A9B8 0 STCLASS_OK 0000000097C4 00000040A9C4 0 STCLASS_ERROR_COMM 0000000097D8 00000040A9D8 0 STCLASS_ERROR_CNG File pos Mem pos ID Text ======== ======= == ==== 0000000097EC 00000040A9EC 0 STCLASS_ERROR_EDS 000000009800 00000040AA00 0 STCLASS_ERROR_INI 000000009814 00000040AA14 0 STCLASS_ERROR_LDR 00000000982C 00000040AA2C 0 StCode = 00000000983C 00000040AA3C 0 CSC_INVALID_SPEC 000000009850 00000040AA50 0 CSC_INVALID_HANDLE 000000009864 00000040AA64 0 CSC_INVALID_LOGICAL_ID 00000000987C 00000040AA7C 0 CSC_INVALID_PINDATA 000000009894 00000040AA94 0 CSC_INVALID_INLEN 0000000098A8 00000040AAA8 0 CSC_INVALID_OUTLEN 0000000098BC 00000040AABC 0 CSC_INVALID_POUTDATA 0000000098D4 00000040AAD4 0 CSC_DEVICE_ALREADY_OPENED 0000000098F0 00000040AAF0 0 CNG_INVALID_VARIANT 000000009908 00000040AB08 0 CNG_INVALID_RESPONSE 000000009920 00000040AB20 0 CNG_INVALID_RECOVERY 000000009938 00000040AB38 0 CNG_FIRMWARE_INCOMPLETE 000000009958 00000040AB58 0 CNG_FRM_CONTEXT (<nSTA>!=R --> cassette error; <TF>=N --> transport path is not free; <SHERR>=B --> shutter error; <TER>=M --> possible manipulation) 0000000099F0 00000040ABF0 0 CNG_FRM_SYNTAX (Invalid cassette ID; Too many tries to dispense (> 10); Number of notes > maximum value (standard CNG: 60; ProCash Compact: 20)) 000000009A84 00000040AC84 0 CNG_FRM_SW_MISSING (Firmware not loaded) 000000009AB0 00000040ACB0 0 CNG_FRM_ACCESS_ERROR 000000009AC8 00000040ACC8 0 CNG_FRM_ACCESS_CONTEXT 000000009AE0 00000040ACE0 0 CNG_FRM_SCOP 000000009AF0 00000040ACF0 0 CNG_FRM_ACCESS_DEVICE_NOT_READY 000000009B18 00000040AD18 0 CNG_FRM_DEVICE_NOT_READY (<S_SW>=O --> safety switch open; <DLOC>=Y --> device lock activated; <CAS>=N --> minimum configuration (reject box + cash-out cassette); <SR>=R --> single reject switch defective (is in reject direction); <TER>=J --> banknote jam; <OR>=Y --> operator request; <TST>=Y --> self-test active) 000000009C58 00000040AE58 0 CNG_FRM_ERROR (<nSTA>=E --> the cassette is empty; <DIS>=M --> too many banknotes with wrong size; <nSTA>=R --> timeout: no receipts for dispensing available (for printing cassette only); <DIS>=S --> too many multiple-banknote dispensing operations; <DIS>=N --> banknote dispensing is not possible*; <DIS>=J --> banknote jam has occurred during dispensing; <DIS>=E --> too many bundle rejects) 000000009DE4 00000040AFE4 0 CNG_FRM_ERROR_DECRYPTION 000000009E00 00000040B000 0 StWarn = 000000009E10 00000040B010 0 CNG_WARN_MONEY_NOT_REMOVED 000000009E2C 00000040B02C 0 CNG_WARN_MONEY_REMOVED 000000009E44 00000040B044 0 CNG_NO_FIRMWARE 000000009E58 00000040B058 0 CNG_NO_ACTUAL_FIRMWARE 000000009E70 00000040B070 0 CNG_WARN_LED 000000009E80 00000040B080 0 displog.txt 000000009E90 00000040B090 0 Congratulations! You are very skilled in reverse engineering! :) 000000009ED4 00000040B0D4 0 CSCCNG 000000009EE0 00000040B0E0 0 Usage: %s <Cassette Slot Number (D)> <Banknotes Count (DD)> <Dispenses Count> 000000009F30 00000040B130 0 Invalid Parameter: Cassette Slot Number. Must be a digit from 1 to 9 000000009F78 00000040B178 0 Invalid Parameter: Banknotes Count. Must be a digit from 1 to 60 000000009FC0 00000040B1C0 0 Invalid Parameter: Dispenses Count. Must be a digit from 1 to 100 00000000A004 00000040B204 0 %s,%s; 00000000A00C 00000040B20C 0 Connecting to the CNG... 00000000A028 00000040B228 0 CscCngOpen/CscCdmOpen failed with error: 00000000A054 00000040B254 0 CscCngOpen/CscCdmOpen failed with error: 00000000A07D 00000040B27D 0 System Failure 00000000A090 00000040B290 0 Successfully connected! 00000000A0AC 00000040B2AC 0 Dispense Operation # %d of %d 00000000A0CC 00000040B2CC 0 Dispensing cash to collection tray... 00000000A0F4 00000040B2F4 0 CscCngDispense/CscCdmDispense failed with error: 00000000A128 00000040B328 0 Dispensed Successfully! Raw Response: %s 00000000A154 00000040B354 0 Transporting cash to wait pos... 00000000A178 00000040B378 0 CscCngTransport failed with error: 00000000A19C 00000040B39C 0 Cash successfully transported to the wait pos. 00000000A1CC 00000040B3CC 0 Transporting cash to customer... 00000000A1F0 00000040B3F0 0 CscCngTransport/CscCdmTransport failed with error: 00000000A224 00000040B424 0 Cash successfully transported to the customer! 00000000A254 00000040B454 0 %s:%s 00000000A25C 00000040B45C 0 Disconnecting from CNG... 00000000A278 00000040B478 0 CscCngClose/CscCdmClose failed with error: 00000000A2A4 00000040B4A4 0 Successfully disconnected. 00000000A760 00000040B960 0 CSCWCNG.dll File pos Mem pos ID Text ======== ======= == ==== 00000000A76E 00000040B96E 0 CreateFileA 00000000A77C 00000040B97C 0 SetFilePointer 00000000A78E 00000040B98E 0 lstrlenA 00000000A79A 00000040B99A 0 WriteFile 00000000A7A6 00000040B9A6 0 CloseHandle 00000000A7B4 00000040B9B4 0 GetSystemTime 00000000A7C2 00000040B9C2 0 KERNEL32.dll 00000000A7D2 00000040B9D2 0 wvsprintfA 00000000A7E0 00000040B9E0 0 wsprintfA 00000000A7EA 00000040B9EA 0 USER32.dll 00000000A7F8 00000040B9F8 0 GetLastError 00000000A808 00000040BA08 0 HeapFree 00000000A814 00000040BA14 0 HeapAlloc 00000000A820 00000040BA20 0 GetCommandLineA 00000000A832 00000040BA32 0 HeapSetInformation 00000000A848 00000040BA48 0 DecodePointer 00000000A858 00000040BA58 0 UnhandledExceptionFilter 00000000A874 00000040BA74 0 SetUnhandledExceptionFilter 00000000A892 00000040BA92 0 IsDebuggerPresent 00000000A8A6 00000040BAA6 0 EncodePointer 00000000A8B6 00000040BAB6 0 TerminateProcess 00000000A8CA 00000040BACA 0 GetCurrentProcess 00000000A8DE 00000040BADE 0 HeapCreate 00000000A8EC 00000040BAEC 0 GetProcAddress 00000000A8FE 00000040BAFE 0 GetModuleHandleW 00000000A912 00000040BB12 0 ExitProcess 00000000A920 00000040BB20 0 GetStdHandle 00000000A930 00000040BB30 0 GetModuleFileNameW 00000000A946 00000040BB46 0 EnterCriticalSection 00000000A95E 00000040BB5E 0 LeaveCriticalSection 00000000A976 00000040BB76 0 GetModuleFileNameA 00000000A98C 00000040BB8C 0 FreeEnvironmentStringsW 00000000A9A6 00000040BBA6 0 WideCharToMultiByte 00000000A9BC 00000040BBBC 0 GetEnvironmentStringsW 00000000A9D6 00000040BBD6 0 SetHandleCount 00000000A9E8 00000040BBE8 0 InitializeCriticalSectionAndSpinCount 00000000AA10 00000040BC10 0 GetFileType 00000000AA1E 00000040BC1E 0 GetStartupInfoW 00000000AA30 00000040BC30 0 DeleteCriticalSection 00000000AA48 00000040BC48 0 TlsAlloc 00000000AA54 00000040BC54 0 TlsGetValue 00000000AA62 00000040BC62 0 TlsSetValue 00000000AA70 00000040BC70 0 TlsFree 00000000AA7A 00000040BC7A 0 InterlockedIncrement 00000000AA92 00000040BC92 0 SetLastError 00000000AAA2 00000040BCA2 0 GetCurrentThreadId 00000000AAB8 00000040BCB8 0 InterlockedDecrement 00000000AAD0 00000040BCD0 0 QueryPerformanceCounter 00000000AAEA 00000040BCEA 0 GetTickCount 00000000AAFA 00000040BCFA 0 GetCurrentProcessId 00000000AB10 00000040BD10 0 GetSystemTimeAsFileTime 00000000AB2A 00000040BD2A 0 GetConsoleCP 00000000AB3A 00000040BD3A 0 GetConsoleMode 00000000AB4C 00000040BD4C 0 GetCPInfo 00000000AB58 00000040BD58 0 GetACP 00000000AB62 00000040BD62 0 GetOEMCP 00000000AB6E 00000040BD6E 0 IsValidCodePage 00000000AB80 00000040BD80 0 Sleep 00000000AB88 00000040BD88 0 LoadLibraryW 00000000AB98 00000040BD98 0 RtlUnwind File pos Mem pos ID Text ======== ======= == ==== 00000000ABA4 00000040BDA4 0 SetStdHandle 00000000ABB4 00000040BDB4 0 WriteConsoleW 00000000ABC4 00000040BDC4 0 MultiByteToWideChar 00000000ABDA 00000040BDDA 0 LCMapStringW 00000000ABEA 00000040BDEA 0 GetStringTypeW 00000000ABFC 00000040BDFC 0 HeapReAlloc 00000000AC0A 00000040BE0A 0 IsProcessorFeaturePresent 00000000AC26 00000040BE26 0 HeapSize 00000000AC32 00000040BE32 0 FlushFileBuffers 00000000AC46 00000040BE46 0 CreateFileW 00000000B2CE 00000040C4CE 0 00000000B3AE 00000040C5AE 0 abcdefghijklmnopqrstuvwxyz 00000000B3CE 00000040C5CE 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 00000000B4D2 00000040C6D2 0 00000000B5B9 00000040C7B9 0 abcdefghijklmnopqrstuvwxyz 00000000B5D9 00000040C7D9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 00000000BC58 00000040F058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 00000000BCA3 00000040F0A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> 00000000BCDB 00000040F0DB 0 <security> 00000000BCEB 00000040F0EB 0 <requestedPrivileges> 00000000BD08 00000040F108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel> 00000000BD68 00000040F168 0 </requestedPrivileges> 00000000BD86 00000040F186 0 </security> 00000000BD97 00000040F197 0 </trustInfo> 00000000BDA7 00000040F1A7 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD 00000000BE0B 00000041000B 0 0*0L0{0 00000000BE17 000000410017 0 2L3W3h3 00000000BE2F 00000041002F 0 31464@4z4 00000000BE4B 00000041004B 0 7+8I8o8 00000000BE57 000000410057 0 8G<7= 00000000BE75 000000410075 0 3#3'3+3/3<3N3.484E4 00000000BE95 000000410095 0 5,5c5o5|5 00000000BEA5 0000004100A5 0 5)616D6O6T6f6p6u6 00000000BEC9 0000004100C9 0 7I7S7y7 00000000BEE7 0000004100E7 0 9%939g9t9 00000000BEF5 0000004100F5 0 9#:Q:x: 00000000BF0F 00000041010F 0 >->4>C>O>\> 00000000BF27 000000410127 0 ?'?0?T? 00000000BF53 000000410153 0 324<4}4 00000000BF71 000000410171 0 7&7N7 00000000BF81 000000410181 0 8[8b8w8 00000000BF8F 00000041018F 0 9)9M9}9 00000000BFA1 0000004101A1 0 9 :%:F:M:Y:_:k:q:z: 00000000BFEB 0000004101EB 0 <?=E=[= 00000000BFF3 0000004101F3 0 =h=n=u={= 00000000C025 000000410225 0 >#>(>0>5><>K>P>V>_> 00000000C04B 00000041024B 0 ?@?H? 00000000C0A1 0000004102A1 0 ;3<><H<a<k<~< 00000000C0C5 0000004102C5 0 ?+?F?N?V?m? 00000000C0E9 0000004102E9 0 0/0C0 00000000C0F1 0000004102F1 0 0&1z1=2k2 00000000C0FF 0000004102FF 0 3G3{3 00000000C113 000000410313 0 4J4S4_4 00000000C129 000000410329 0 8$8;8I8O8r8y8 00000000C159 000000410359 0 :H:N:V: 00000000C171 000000410371 0 ;h;q;w; 00000000C17D 00000041037D 0 <%<-< 00000000C199 000000410399 0 >1>7> 00000000C1B3 0000004103B3 0 ?'?-?7?@?K?P?Y?c?n? 00000000C1DD 0000004103DD 0 3!3H3U3Z3h3C4f4q4 File pos Mem pos ID Text ======== ======= == ==== 00000000C1F1 0000004103F1 0 4E5Q5\6_7r7 00000000C201 000000410401 0 7%8>8Z8 00000000C23F 00000041043F 0 2'292K2]2o2 00000000C257 000000410457 0 2E3K3U3 00000000C265 000000410465 0 4$4A4G4M4S4Y4_4f4m4t4{4 00000000C2A1 0000004104A1 0 5.555 00000000C2BF 0000004104BF 0 7=7D7H7L7P7T7X7\7 00000000C2DB 0000004104DB 0 7"8-8H8O8T8X8\8}8 00000000C2FF 0000004104FF 0 8F9L9P9T9X9 00000000C313 000000410513 0 <.<d<n< 00000000C31B 00000041051B 0 <1=== 00000000C32D 00000041052D 0 >(>v? 00000000C341 000000410541 0 020Z0d1z1 00000000C359 000000410559 0 2"2'262E2T2c2r2 00000000C379 000000410579 0 3a3s3 00000000C38F 00000041058F 0 4.4=4L4[4j4y4 00000000C3AB 0000004105AB 0 5!5054585<5@5D5H5l5p5t5x5|5 00000000C3E5 0000004105E5 0 636I6 00000000C3F3 0000004105F3 0 6:7d7t7 00000000C403 000000410603 0 828?8 00000000C419 000000410619 0 969U9a9 00000000C434 000000410634 0 81<1@1D1H1T1X1 00000000C467 000000410667 0 ;$;,;4; 00000000C487 000000410687 0 5H5d5h5 00000000C49B 00000041069B 0 686X6x6 00000000C4AF 0000004106AF 0 787X7d7 00000000C4CF 0000004106CF 0 1x8x9|9 00000000C525 000000410725 0 : :0:4:8:<:@:D:H:L:P:T:X:\: 00000000C541 000000410741 0 :d:h:l:p:t:x:|: 00000000C57D 00000041077D 0 :8;H;X;h;x; 00000000C5AD 0000004107AD 0 =(=,=0=4=8=<=@=D=H=L=X=\= 00000000C5C7 0000004107C7 0 =d=h=l=p=t=x=|= 000000007F68 000000409168 0 (null) 000000007FEC 0000004091EC 0 mscoree.dll 000000008004 000000409204 0 runtime error 000000008937 000000409B37 0 @Microsoft Visual C++ Runtime Library 000000008994 000000409B94 0 <program name unknown> 0000000089E4 000000409BE4 0 Program: 000000008A98 000000409C98 0 KERNEL32.DLL 000000008AE0 000000409CE0 0 HH:mm:ss 000000008AF4 000000409CF4 0 dddd, MMMM dd, yyyy 000000008B1C 000000409D1C 0 MM/dd/yy 000000008B40 000000409D40 0 December 000000008B54 000000409D54 0 November 000000008B68 000000409D68 0 October 000000008B78 000000409D78 0 September 000000008B8C 000000409D8C 0 August 000000008BB4 000000409DB4 0 April 000000008BC0 000000409DC0 0 March 000000008BCC 000000409DCC 0 February 000000008BE0 000000409DE0 0 January 000000008C50 000000409E50 0 Saturday 000000008C64 000000409E64 0 Friday 000000008C74 000000409E74 0 Thursday 000000008C88 000000409E88 0 Wednesday 000000008C9C 000000409E9C 0 Tuesday 000000008CAC 000000409EAC 0 Monday 000000008CBC 000000409EBC 0 Sunday 000000008EEF 00000040A0EF 0 WUSER32.DLL 000000009797 00000040A997 0 @CONOUT$
=== DOWNLOAD ===