.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS                                                            !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    b361963fe11b149afc526a6e0656c08226f943bdba0f2c7c0a7640fba09afce8
 
Date...........: 2009-03-18
Family.........: Ligsterac
File name......: lsass.exe
File size......: 80.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Documentation..: https://vms.drweb.com/virus/?i=426550&lng=en
Additional note: First ATM malware variant observed

Entropy:


Binary Histogram:


=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 80 0x50 blocks_in_file: 2 2 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 15 0xf max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 26 0x1a reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 256 0x100 === DOS STUB === 00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..| 00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus| 00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W| 00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........| 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 8 8 TimeDateStamp: "1992-06-19 22:22:17" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 33166 0x818e EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO 32BIT_MACHINE, BYTES_REVERSED_HI # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 2.25 SizeOfCode: 15360 0x3c00 SizeOfInitializedData: 62464 0xf400 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 19280 0x4b50 BaseOfCode: 4096 0x1000 BaseOfData: 20480 0x5000 ImageBase: 4194304 0x400000 SectionAlignment: 4096 0x1000 FileAlignment: 512 0x200 OperatingSystemVersion: 4.0 ImageVersion: 0.0 SubsystemVersion: 4.0 Reserved1: 0 0 SizeOfImage: 106496 0x1a000 SizeOfHeaders: 1024 0x400 CheckSum: 0 0 Subsystem: 2 2 WINDOWS_GUI DllCharacteristics: 0 0 SizeOfStackReserve: 1048576 0x100000 SizeOfStackCommit: 16384 0x4000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x 7000 size:0x 78e RESOURCE rva:0x b000 size:0x e070 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x a000 size:0x 448 DEBUG rva:0x 0 size:0x 0 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 9000 size:0x 18 LOAD_CONFIG rva:0x 0 size:0x 0 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 0 size:0x 0 Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS CODE 1000 3b98 3c00 400 0 0 0 0 60000020 R-X CODE DATA 5000 b8 200 4000 0 0 0 0 c0000040 RW- IDATA BSS 6000 6b1 0 4200 0 0 0 0 c0000000 RW- .idata 7000 78e 800 4200 0 0 0 0 c0000040 RW- IDATA .tls 8000 8 0 4a00 0 0 0 0 c0000000 RW- .rdata 9000 18 200 4a00 0 0 0 0 50000040 R-- IDATA SHARED .reloc a000 448 600 4c00 0 0 0 0 50000040 R-- IDATA SHARED .rsrc b000 e070 e200 5200 0 0 0 0 50000040 R-- IDATA SHARED === TLS === RAW_START RAW_END INDEX CALLBKS ZEROFILL FLAGS 408000 408008 405084 409010 0 0 === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0x5270 1252 0 57344 RCDATA PACKAGEINFO === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME kernel32.dll 0 DeleteCriticalSection kernel32.dll 0 LeaveCriticalSection kernel32.dll 0 EnterCriticalSection kernel32.dll 0 InitializeCriticalSection kernel32.dll 0 VirtualFree kernel32.dll 0 VirtualAlloc kernel32.dll 0 LocalFree kernel32.dll 0 LocalAlloc kernel32.dll 0 GetVersion kernel32.dll 0 GetCurrentThreadId kernel32.dll 0 GetThreadLocale kernel32.dll 0 GetStartupInfoA kernel32.dll 0 GetLocaleInfoA kernel32.dll 0 GetCommandLineA kernel32.dll 0 FreeLibrary kernel32.dll 0 ExitProcess kernel32.dll 0 WriteFile kernel32.dll 0 UnhandledExceptionFilter kernel32.dll 0 RtlUnwind kernel32.dll 0 RaiseException kernel32.dll 0 GetStdHandle user32.dll 0 GetKeyboardType user32.dll 0 MessageBoxA advapi32.dll 0 RegQueryValueExA advapi32.dll 0 RegOpenKeyExA advapi32.dll 0 RegCloseKey kernel32.dll 0 TlsSetValue kernel32.dll 0 TlsGetValue kernel32.dll 0 LocalAlloc kernel32.dll 0 GetModuleHandleA advapi32.dll 0 OpenProcessToken advapi32.dll 0 LookupPrivilegeValueA advapi32.dll 0 AdjustTokenPrivileges kernel32.dll 0 lstrlenA kernel32.dll 0 lstrcpyA kernel32.dll 0 lstrcmpiA kernel32.dll 0 lstrcatA kernel32.dll 0 WriteProcessMemory kernel32.dll 0 WriteFile kernel32.dll 0 WaitForSingleObject kernel32.dll 0 VirtualFreeEx kernel32.dll 0 VirtualAllocEx kernel32.dll 0 TerminateProcess kernel32.dll 0 Sleep kernel32.dll 0 SizeofResource kernel32.dll 0 ReadFile kernel32.dll 0 OpenProcess kernel32.dll 0 LockResource kernel32.dll 0 LocalFree kernel32.dll 0 LocalAlloc kernel32.dll 0 LoadResource kernel32.dll 0 GetWindowsDirectoryA kernel32.dll 0 GetVolumeInformationA kernel32.dll 0 GetTickCount kernel32.dll 0 GetProcAddress kernel32.dll 0 GetModuleHandleA kernel32.dll 0 GetModuleFileNameA kernel32.dll 0 GetLastError kernel32.dll 0 GetFileSize kernel32.dll 0 GetExitCodeThread kernel32.dll 0 GetCurrentProcess kernel32.dll 0 FormatMessageA kernel32.dll 0 FindResourceA kernel32.dll 0 DeleteFileA kernel32.dll 0 CreateRemoteThread kernel32.dll 0 CreateFileA kernel32.dll 0 CopyFileA kernel32.dll 0 CloseHandle user32.dll 0 MessageBoxA advapi32.dll 0 StartServiceA advapi32.dll 0 QueryServiceStatus advapi32.dll 0 QueryServiceConfigA advapi32.dll 0 OpenServiceA advapi32.dll 0 OpenSCManagerA advapi32.dll 0 ControlService advapi32.dll 0 CloseServiceHandle === Packer / Compiler === Borland Delphi v3.0
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 000000000050 000000400050 0 This program must be run under Win32 000000000270 000000400270 0 .idata 0000000002C0 0000004002C0 0 .rdata 0000000002E7 0000004002E7 0 P.reloc 00000000030F 00000040030F 0 P.rsrc 00000000058C 00000040118C 0 SVWUQ 0000000007AD 0000004013AD 0 w;;t$ 0000000008B8 0000004014B8 0 SVWUQ 00000000179D 00000040239D 0 Uh%$@ 0000000019FF 0000004025FF 0 ~KxI[) 000000001B28 000000402728 0 SOFTWARE\Borland\Delphi\RTL 000000001B44 000000402744 0 FPUMaskValue 000000001B91 000000402791 0 PPRTj 000000001D0B 00000040290B 0 YZXtp 000000001D27 000000402927 0 Ph4)@ 000000001E82 000000402A82 0 t=HtN 000000001F35 000000402B35 0 PhB+@ 000000001FFE 000000402BFE 0 Uh*,@ 000000002401 000000403001 0 Uh\0@ 0000000024E1 0000004030E1 0 Uh&1@ 000000002711 000000403311 0 Uh13@ 000000002749 000000403349 0 Uhi3@ 000000002931 000000403531 0 UhQ5@ 000000002AC0 0000004036C0 0 kernel32.dll 000000002AD0 0000004036D0 0 CreateToolhelp32Snapshot 000000002AEC 0000004036EC 0 Heap32ListFirst 000000002AFC 0000004036FC 0 Heap32ListNext 000000002B0C 00000040370C 0 Heap32First 000000002B18 000000403718 0 Heap32Next 000000002B24 000000403724 0 Toolhelp32ReadProcessMemory 000000002B40 000000403740 0 Process32First 000000002B50 000000403750 0 Process32Next 000000002B60 000000403760 0 Process32FirstW 000000002B70 000000403770 0 Process32NextW 000000002B80 000000403780 0 Thread32First 000000002B90 000000403790 0 Thread32Next 000000002BA0 0000004037A0 0 Module32First 000000002BB0 0000004037B0 0 Module32Next 000000002BC0 0000004037C0 0 Module32FirstW 000000002BD0 0000004037D0 0 Module32NextW 000000002CB8 0000004038B8 0 APC UPS Service 000000002CC8 0000004038C8 0 Apache Tomcat 000000002CD8 0000004038D8 0 PCD_MODULELauncher 000000002CEC 0000004038EC 0 ntfsvc 000000002CF4 0000004038F4 0 LogWriter 000000002D00 000000403900 0 Diebold XFS 000000002E50 000000403A50 0 OpenProcessToken 000000002E64 000000403A64 0 LookupPrivilegeValue 000000002E7C 000000403A7C 0 AdjustTokenPrivileges 0000000030F9 000000403CF9 0 (h(=@ 000000003128 000000403D28 0 LoadLibraryA 000000003138 000000403D38 0 kernel32 000000003144 000000403D44 0 SVWUQ 0000000031AC 000000403DAC 0 CreateFile (wr) 000000003234 000000403E34 0 QueryServiceStatus 000000003248 000000403E48 0 Wait Stop Service TimeOut 000000003300 000000403F00 0 MSCOREE.DLL 00000000330C 000000403F0C 0 SVWUQ 000000003390 000000403F90 0 CreateFile 000000003408 000000404008 0 D$<PV File pos Mem pos ID Text ======== ======= == ==== 0000000036B0 0000004042B0 0 OpenSCManager 0000000036C0 0000004042C0 0 OpenService 0000000036CC 0000004042CC 0 QueryServiceConfig 0000000036E4 0000004042E4 0 pwrstr.dll 0000000036F0 0000004042F0 0 LoadFile 0000000036FC 0000004042FC 0 Error 000000003704 000000404304 0 Alredy instaled 000000003714 000000404314 0 mscore.dll in import 00000000372C 00000040432C 0 Stop 000000003734 000000404334 0 ControlService 00000000374C 00000040434C 0 PACKAGEINFO 000000003758 000000404358 0 StartService 000000003768 000000404368 0 CopyFile 0000000037A7 0000004043A7 0 8NTFS 0000000038A4 0000004044A4 0 \greenstone.bmp:redstone.bmp 0000000038C4 0000004044C4 0 \greenstone.bmp:bluestone.bmp 0000000038E4 0000004044E4 0 \redstone.bmp 0000000038F4 0000004044F4 0 \bluestone,bmp 000000003904 000000404504 0 \trl2 0000000039AC 0000004045AC 0 CreateToolhelp32Snapshot 0000000039C8 0000004045C8 0 Module32First 000000003A10 000000404610 0 D$$PW 000000003AC0 0000004046C0 0 \lsass.exe 000000003ACC 0000004046CC 0 SeDebugPrivilege 000000003AE0 0000004046E0 0 lsass.exe 000000003CB0 0000004048B0 0 getProcessEntry 000000003CC0 0000004048C0 0 SeDebugPrivilege 000000003CD4 0000004048D4 0 OpenProcess 000000003CE0 0000004048E0 0 GetExitCodeThread 000000003CF4 0000004048F4 0 VirtualFreeEx 000000003E7C 000000404A7C 0 kernel32.dll 000000003E8C 000000404A8C 0 FindFirstFileA 000000003E9C 000000404A9C 0 FindNextFileA 000000003EAC 000000404AAC 0 FindClose 000000003EB8 000000404AB8 0 lstrcpy 000000003EC0 000000404AC0 0 DeleteFileA 000000003ECC 000000404ACC 0 Sleep 000000003ED4 000000404AD4 0 \Prefetch\ 000000003EE0 000000404AE0 0 -*.pf 000000003F88 000000404B88 0 explorer.exe 00000000404C 00000040504C 0 Error 000000004054 000000405054 0 Runtime error at 00000000 000000004074 000000405074 0 0123456789ABCDEF 000000004404 000000407204 0 kernel32.dll 000000004414 000000407214 0 DeleteCriticalSection 00000000442C 00000040722C 0 LeaveCriticalSection 000000004444 000000407244 0 EnterCriticalSection 00000000445C 00000040725C 0 InitializeCriticalSection 000000004478 000000407278 0 VirtualFree 000000004486 000000407286 0 VirtualAlloc 000000004496 000000407296 0 LocalFree 0000000044A2 0000004072A2 0 LocalAlloc 0000000044B0 0000004072B0 0 GetVersion 0000000044BE 0000004072BE 0 GetCurrentThreadId 0000000044D4 0000004072D4 0 GetThreadLocale 0000000044E6 0000004072E6 0 GetStartupInfoA 0000000044F8 0000004072F8 0 GetLocaleInfoA 00000000450A 00000040730A 0 GetCommandLineA 00000000451C 00000040731C 0 FreeLibrary 00000000452A 00000040732A 0 ExitProcess File pos Mem pos ID Text ======== ======= == ==== 000000004538 000000407338 0 WriteFile 000000004544 000000407344 0 UnhandledExceptionFilter 000000004560 000000407360 0 RtlUnwind 00000000456C 00000040736C 0 RaiseException 00000000457E 00000040737E 0 GetStdHandle 00000000458C 00000040738C 0 user32.dll 00000000459A 00000040739A 0 GetKeyboardType 0000000045AC 0000004073AC 0 MessageBoxA 0000000045B8 0000004073B8 0 advapi32.dll 0000000045C8 0000004073C8 0 RegQueryValueExA 0000000045DC 0000004073DC 0 RegOpenKeyExA 0000000045EC 0000004073EC 0 RegCloseKey 0000000045F8 0000004073F8 0 kernel32.dll 000000004608 000000407408 0 TlsSetValue 000000004616 000000407416 0 TlsGetValue 000000004624 000000407424 0 LocalAlloc 000000004632 000000407432 0 GetModuleHandleA 000000004644 000000407444 0 advapi32.dll 000000004654 000000407454 0 OpenProcessToken 000000004668 000000407468 0 LookupPrivilegeValueA 000000004680 000000407480 0 AdjustTokenPrivileges 000000004696 000000407496 0 kernel32.dll 0000000046A6 0000004074A6 0 lstrlenA 0000000046B2 0000004074B2 0 lstrcpyA 0000000046BE 0000004074BE 0 lstrcmpiA 0000000046CA 0000004074CA 0 lstrcatA 0000000046D6 0000004074D6 0 WriteProcessMemory 0000000046EC 0000004074EC 0 WriteFile 0000000046F8 0000004074F8 0 WaitForSingleObject 00000000470E 00000040750E 0 VirtualFreeEx 00000000471E 00000040751E 0 VirtualAllocEx 000000004730 000000407530 0 TerminateProcess 000000004744 000000407544 0 Sleep 00000000474C 00000040754C 0 SizeofResource 00000000475E 00000040755E 0 ReadFile 00000000476A 00000040756A 0 OpenProcess 000000004778 000000407578 0 LockResource 000000004788 000000407588 0 LocalFree 000000004794 000000407594 0 LocalAlloc 0000000047A2 0000004075A2 0 LoadResource 0000000047B2 0000004075B2 0 GetWindowsDirectoryA 0000000047CA 0000004075CA 0 GetVolumeInformationA 0000000047E2 0000004075E2 0 GetTickCount 0000000047F2 0000004075F2 0 GetProcAddress 000000004804 000000407604 0 GetModuleHandleA 000000004818 000000407618 0 GetModuleFileNameA 00000000482E 00000040762E 0 GetLastError 00000000483E 00000040763E 0 GetFileSize 00000000484C 00000040764C 0 GetExitCodeThread 000000004860 000000407660 0 GetCurrentProcess 000000004874 000000407674 0 FormatMessageA 000000004886 000000407686 0 FindResourceA 000000004896 000000407696 0 DeleteFileA 0000000048A4 0000004076A4 0 CreateRemoteThread 0000000048BA 0000004076BA 0 CreateFileA 0000000048C8 0000004076C8 0 CopyFileA 0000000048D4 0000004076D4 0 CloseHandle 0000000048E0 0000004076E0 0 user32.dll 0000000048EE 0000004076EE 0 MessageBoxA 0000000048FA 0000004076FA 0 advapi32.dll File pos Mem pos ID Text ======== ======= == ==== 00000000490A 00000040770A 0 StartServiceA 00000000491A 00000040771A 0 QueryServiceStatus 000000004930 000000407730 0 QueryServiceConfigA 000000004946 000000407746 0 OpenServiceA 000000004956 000000407756 0 OpenSCManagerA 000000004968 000000407768 0 ControlService 00000000497A 00000040777A 0 CloseServiceHandle 000000004C0F 00000040A00F 0 0"0*020:0B0J0R0Z0b0j0r0z0 000000004C55 00000040A055 0 5)5D5 000000004C5B 00000040A05B 0 5&7b7 000000004C7D 00000040A07D 0 8$868B8Q8]8e8p8v8 000000004CA9 00000040A0A9 0 9*9K9c9 000000004CB9 00000040A0B9 0 9G:g: 000000004CCB 00000040A0CB 0 < <+<4<;<J<Q<s< 000000004CDD 00000040A0DD 0 <Y=w=|= 000000004CED 00000040A0ED 0 >R>[>q> 000000004CFD 00000040A0FD 0 ?"?L?U?e?m?s?|? 000000004D29 00000040A129 0 000<0D0[0j0z0 000000004D47 00000040A147 0 1n1t1|1 000000004D59 00000040A159 0 2e2l2|2 000000004D7D 00000040A17D 0 4?4_4z4 000000004D89 00000040A189 0 4m5Z6 000000004D9B 00000040A19B 0 7Y7n7 000000004DAD 00000040A1AD 0 8"868@8S8 000000004DBF 00000040A1BF 0 8)909R9 000000004DCB 00000040A1CB 0 ;7;>;V;x; 000000004DFB 00000040A1FB 0 ='=D=N=s=}= 000000004E1B 00000040A21B 0 >->A> 000000004E39 00000040A239 0 0!0*060=0x0 000000004E4F 00000040A24F 0 1!121?1F1J1P1T1Z1a1e1 000000004E7D 00000040A27D 0 2F2p2~2 000000004E9D 00000040A29D 0 3,3>3K3W3d3v3~3 000000004ED3 00000040A2D3 0 4&4.464>4F4N4V4 000000004EE3 00000040A2E3 0 4f4n4v4~4 000000004F0B 00000040A30B 0 5&535?5L5 000000004F15 00000040A315 0 5f5t5 000000004F3B 00000040A33B 0 6&6+686=6J6O6\6a6n6s6 000000004F5F 00000040A35F 0 838S8s8 000000004F6D 00000040A36D 0 819O9 000000004FA7 00000040A3A7 0 1\1a1 000000004FB3 00000040A3B3 0 2 2I2y2~2 000000004FC3 00000040A3C3 0 3.4@485 000000004FCB 00000040A3CB 0 5k6z6 000000004FEB 00000040A3EB 0 9?:M:S: 000000004FFB 00000040A3FB 0 ; ;$;(;,;0;4;8;<;@;D;L;W;m;w; 000000005020 00000040A420 0 $0(0,0 0000000052C0 00000040B0C0 0 This program must be run under Win32 0000000054E0 00000040B2E0 0 .idata 000000005508 00000040B308 0 .reloc 00000000552F 00000040B32F 0 P.rsrc 000000005804 00000040B604 0 SVWUQ 000000005A25 00000040B825 0 w;;t$ 000000005B30 00000040B930 0 SVWUQ 000000006A15 00000040C815 0 Uh-$@ 000000006DBF 00000040CBBF 0 ~KxI[) 000000006F18 00000040CD18 0 SOFTWARE\Borland\Delphi\RTL 000000006F34 00000040CD34 0 FPUMaskValue 000000006F81 00000040CD81 0 PPRTj 0000000070FB 00000040CEFB 0 YZXtp 000000007272 00000040D072 0 t=HtN File pos Mem pos ID Text ======== ======= == ==== 000000007A1C 00000040D81C 0 SVWRP 000000007BA0 00000040D9A0 0 USVW1 000000007C78 00000040DA78 0 Uh'6@ 000000007D46 00000040DB46 0 Uh.7@ 0000000080A5 00000040DEA5 0 UhU:@ 0000000086D4 00000040E4D4 0 kernel32.dll 0000000086E4 00000040E4E4 0 CreateToolhelp32Snapshot 000000008700 00000040E500 0 Heap32ListFirst 000000008710 00000040E510 0 Heap32ListNext 000000008720 00000040E520 0 Heap32First 00000000872C 00000040E52C 0 Heap32Next 000000008738 00000040E538 0 Toolhelp32ReadProcessMemory 000000008754 00000040E554 0 Process32First 000000008764 00000040E564 0 Process32Next 000000008774 00000040E574 0 Process32FirstW 000000008784 00000040E584 0 Process32NextW 000000008794 00000040E594 0 Thread32First 0000000087A4 00000040E5A4 0 Thread32Next 0000000087B4 00000040E5B4 0 Module32First 0000000087C4 00000040E5C4 0 Module32Next 0000000087D4 00000040E5D4 0 Module32FirstW 0000000087E4 00000040E5E4 0 Module32NextW 000000008859 00000040E659 0 Uh B@ 000000008891 00000040E691 0 UhAB@ 00000000890C 00000040E70C 0 TES TEDafwhicomm 000000008920 00000040E720 0 C:\Program Files\Diebold\AMI\AMITRACE\AMITrace.txt 000000008954 00000040E754 0 C:\windows\EpsStmApi.log\ 000000008C54 00000040EA54 0 WinSta0 000000008C5C 00000040EA5C 0 default 000000008C64 00000040EA64 0 DISPLAY 000000008EA2 00000040ECA2 0 D$XPSj 000000008F3B 00000040ED3B 0 D$xPj 000000008F88 00000040ED88 0 |$,{u 000000009040 00000040EE40 0 WinSta0 000000009048 00000040EE48 0 MyDesktop 000000009060 00000040EE60 0 ATMDialog 00000000906C 00000040EE6C 0 hello 000000009074 00000040EE74 0 STATIC 00000000908C 00000040EE8C 0 default 000000009128 00000040EF28 0 Error 000000009148 00000040EF48 0 Uh\K@ 000000009211 00000040F011 0 Uh-L@ 0000000092B8 00000040F0B8 0 CreateFile 00000000942B 00000040F22B 0 Uh+N@ 000000009436 00000040F236 0 !RPh8N@ 0000000094A8 00000040F2A8 0 %s Error code= %d 00000000954C 00000040F34C 0 %s Error code= %.2X 000000009585 00000040F385 0 t"Jt" 000000009594 00000040F394 0 Jt Jt 0000000096AC 00000040F4AC 0 OpenProcessToken 0000000096C8 00000040F4C8 0 LookupPrivilegeValue 0000000096E8 00000040F4E8 0 AdjustTokenPrivileges 000000009727 00000040F527 0 Uh4R@ 0000000098C0 00000040F6C0 0 getProcessEntry 0000000098D0 00000040F6D0 0 SeDebugPrivilege 0000000098EC 00000040F6EC 0 OpenProcess 000000009900 00000040F700 0 GetExitCodeThread 00000000991C 00000040F71C 0 VirtualFreeEx 000000009AB8 00000040F8B8 0 kernel32.dll 000000009AC8 00000040F8C8 0 GetModuleHandleA File pos Mem pos ID Text ======== ======= == ==== 000000009ADC 00000040F8DC 0 GetProcAddress 000000009AEC 00000040F8EC 0 DbdDevAPI.dll 000000009AFC 00000040F8FC 0 DbdDevOpen 000000009B08 00000040F908 0 DbdDevClose 000000009B14 00000040F914 0 DbdDevUnlock 000000009B24 00000040F924 0 DbdDevUnregisterCallback 000000009C8C 00000040FA8C 0 No CallbackAddr 000000009CA0 00000040FAA0 0 dbdDevlock 000000009CDE 00000040FADE 0 t,-"% 000000009F18 00000040FD18 0 DbdDevExecute(EPP4_ENCODE_DECODE) 000000009F3C 00000040FD3C 0 DbdDevExecute(EPP4_ENABLE_KEYBOARD_READ) 000000009F68 00000040FD68 0 EPP Complete LOCK 000000009F7C 00000040FD7C 0 EPP Complete ENCODE_DECODE 00000000A05C 00000040FE5C 0 DBDDevOpen 00000000A068 00000040FE68 0 DbdDevRegisterCallback 00000000A080 00000040FE80 0 DbdDevLock 00000000A08C 00000040FE8C 0 DbdDevUnregisterCallback 00000000A0A8 00000040FEA8 0 DBDDevClose 00000000A124 00000040FF24 0 DbdDevUnlock 00000000A134 00000040FF34 0 bdDevUnregisterCallback 00000000A14C 00000040FF4C 0 DBDDevClose 00000000A234 000000410034 0 DbdDevAPI.dll 00000000A244 000000410044 0 DbdDevOpen 00000000A250 000000410050 0 DbdDevClose 00000000A25C 00000041005C 0 DbdDevGetInfo 00000000A26C 00000041006C 0 DbdDevRegisterCallback 00000000A284 000000410084 0 DbdDevUnregisterCallback 00000000A2A0 0000004100A0 0 DbdDevLock 00000000A2AC 0000004100AC 0 DbdDevUnlock 00000000A2BC 0000004100BC 0 DbdDevExecute 00000000A31D 00000041011D 0 PhDZ@ 00000000A3C4 0000004101C4 0 AMI function don 00000000A3D5 0000004101D5 0 t return in 1 sec 00000000A5F0 0000004103F0 0 RECEIPT 00000000A5F8 0000004103F8 0 WINSPOOL 00000000A60C 00000041040C 0 CreateDC 00000000A618 000000410418 0 hello 00000000A628 000000410428 0 escape 00000000A638 000000410438 0 TextOut 00000000A648 000000410448 0 enddoc 00000000A774 000000410574 0 DbdDevExecute(EPP4_COPY_KEY) 00000000A79C 00000041059C 0 EPP4_COPY_KEY TimeOut 00000000A8A8 0000004106A8 0 DbdDevExecute(EPP4_LOAD_KEY) 00000000A8D0 0000004106D0 0 EPP4_LOAD_KEY TimeOut 00000000A980 000000410780 0 DbdDevExecute(EPP4_DELETE_KEY) 00000000A9A8 0000004107A8 0 EPP4_DELETE_KEY TimeOut 00000000AAD4 0000004108D4 0 DbdDevExecute(EPP4_ENCODE_DECODE) 00000000AB00 000000410900 0 EPP_Encrypt TimeOut 00000000AC04 000000410A04 0 SVWUQ 00000000AE28 000000410C28 0 kernel32.dll 00000000AE38 000000410C38 0 GetModuleHandleA 00000000AE4C 000000410C4C 0 GetProcAddress 00000000AE5C 000000410C5C 0 DbdDevAPI.dll 00000000AE6C 000000410C6C 0 DbdDevRegisterCallback 00000000AE84 000000410C84 0 DbdDevLock 00000000AF98 000000410D98 0 LocalAlloc 00000000AFAC 000000410DAC 0 LocalLock 00000000B431 000000411231 0 t Find Key A 00000000B44D 00000041124D 0 t Find Key B 00000000B654 000000411454 0 Uhup@ File pos Mem pos ID Text ======== ======= == ==== 00000000B827 000000411627 0 u7IBF 00000000B8B6 0000004116B6 0 I(NBu 00000000BA8E 00000041188E 0 Uh5v@ 00000000BBCE 0000004119CE 0 PhHv@ 00000000BBFE 0000004119FE 0 Phdv@ 00000000BC37 000000411A37 0 Phlv@ 00000000BCB8 000000411AB8 0 %.2d/%.2d/%.2d %.2d:%.2d 00000000BE6A 000000411C6A 0 tdHuaj 00000000BEE0 000000411CE0 0 DbdDevExecute(RECEIPT_PRINTER_START_GDI) 00000000BF10 000000411D10 0 t LOCK EPP 00000000BF1C 000000411D1C 0 RECEIPT_PRINTER_START_GDI 00000000BF38 000000411D38 0 DbdDevExecute(RECEIPT_PRINTER_EJECT) 00000000C0F0 000000411EF0 0 DbdDevExecute(AFD_DISPENCE) 00000000C10C 000000411F0C 0 CDM Complete LOCK 00000000C120 000000411F20 0 DbdDevExecute(AFD_PRESENT) 00000000C13C 000000411F3C 0 DbdDevExecute(AFD_RESTORE) 00000000C3BC 0000004121BC 0 kernel32 00000000C3C8 0000004121C8 0 DeleteFileA 00000000C3D4 0000004121D4 0 FreeLibrary 00000000C3E0 0000004121E0 0 GetModuleHandleA 00000000C3F4 0000004121F4 0 CreateFileA 00000000C400 000000412200 0 Sleep 00000000C408 000000412208 0 WriteFile 00000000C414 000000412214 0 CloseHandle 00000000C420 000000412220 0 LocalFree 00000000C42C 00000041222C 0 LoadLibraryA 00000000C444 000000412244 0 :pwrstr.dll 00000000C450 000000412250 0 SVWUQ 00000000C562 000000412362 0 DZX|@3 00000000C59A 00000041239A 0 <0u AG 00000000C5E0 0000004123E0 0 SeShutdownPrivilege 00000000C600 000000412400 0 InitiateSystemShutdown 00000000C79C 00000041259C 0 TimeOut EPP4_DISABLE_KEYBOARD_READ complete 00000000C7C8 0000004125C8 0 DbdDevExecute(EPP4_DISABLE_KEYBOARD_READ) 00000000C950 000000412750 0 %.2X%.2X 00000000C95C 00000041275C 0 Request Code: %.6d 00000000C96F 00000041276F 0 Enter Responce 00000000C980 000000412780 0 Autorization 00000000C990 000000412790 0 1..4 - dispense cassete 00000000C9A8 0000004127A8 0 9 - Uninstall 00000000C9B6 0000004127B6 0 0 - Exit 00000000C9C0 0000004127C0 0 Enter Command 00000000CBCC 0000004129CC 0 Diebold:OGuiFrame 00000000CBE0 0000004129E0 0 Enter Password 00000000CBF4 0000004129F4 0 STATIC 00000000CC04 000000412A04 0 Supply Manager 00000000CC14 000000412A14 0 Pripnt 00000000CC1C 000000412A1C 0 View All Counts 00000000CF84 000000412D84 0 DbdDevExecute(RESET) 00000000CF9C 000000412D9C 0 DBDDEV_LOCK(CRW) 00000000CFB0 000000412DB0 0 DbdDevExecute(MCRW_ACCEPT_INSERTION) 00000000CFD8 000000412DD8 0 MCRW_ACCEPT_INSERTION 00000000CFF0 000000412DF0 0 DbdDevExecute(MCRW_POWERON) 00000000D039 000000412E39 0 ;C&v= 00000000DBC1 0000004139C1 0 t find KEY C 00000000DF14 000000413D14 0 SOFTWARE\Diebold\Agilis 91x Core 00000000DF38 000000413D38 0 SOFTWARE\Diebold\Agilis 91x 00000000DF54 000000413D54 0 Product Version 00000000DF68 000000413D68 0 version 00000000DF7C 000000413D7C 0 RegQueryValue File pos Mem pos ID Text ======== ======= == ==== 00000000DF9C 000000413D9C 0 Agilis %s 00000000DFAD 000000413DAD 0 Agent %s 00000000DFBD 000000413DBD 0 Transactions %d 00000000DFCE 000000413DCE 0 Cards %d 00000000DFE2 000000413DE2 0 KEYs %d 00000000E10C 000000413F0C 0 DbdDevExecute(MCRW_CHIP_IO) 00000000E130 000000413F30 0 TimeOut MCRW_CHIP_IO 00000000E348 000000414148 0 Invalid Sim Response 00000000E48C 00000041428C 0 DbdDevExecute(MCRW_ACCEPT_INSERTION) 00000000E528 000000414328 0 DbdDevExecute(MCRW_POWEROFF) 00000000E6F0 0000004144F0 0 TimeOut Reset 00000000E708 000000414508 0 Incorrect FIle Size 00000000EA78 000000414878 0 TimeOut Reset 00000000EBAF 0000004149AF 0 <3=t FJu 00000000EFEB 000000414DEB 0 aE;l$ 00000000F057 000000414E57 0 $E;l$ 00000000F3EC 0000004151EC 0 PSTATPL 00000000F3F4 0000004151F4 0 IAMJZPL 00000000F414 000000415214 0 BALANCE: 00000000F470 000000415270 0 SetWaitableTimer 00000000F69D 00000041549D 0 4$@Ju 00000000F724 000000415524 0 $ZXuy 00000000F900 000000415700 0 kernel32.dll 00000000F910 000000415710 0 GetModuleHandleA 00000000F924 000000415724 0 GetProcAddress 00000000F934 000000415734 0 LoadLibraryA 00000000F944 000000415744 0 Sleep 00000000F94C 00000041574C 0 VirtualProtect 00000000F95C 00000041575C 0 CallNamedPipeA 00000000F96C 00000041576C 0 DbdDevAPI.dll 00000000F97C 00000041577C 0 \\.\pipe\lsndbd 00000000F991 000000415791 0 DbdDevRegisterCallback 00000000F9A9 0000004157A9 0 DbdDevLock 00000000FCE0 000000415AE0 0 kernel32.dll 00000000FCF0 000000415AF0 0 CreateFileA 00000000FCFC 000000415AFC 0 GetFileTime 00000000FD08 000000415B08 0 SetFileTime 00000000FD14 000000415B14 0 GetFileSize 00000000FD20 000000415B20 0 ReadFile 00000000FD2C 000000415B2C 0 WriteFile 00000000FD38 000000415B38 0 SetFilePointer 00000000FD48 000000415B48 0 CloseHandle 00000000FD54 000000415B54 0 LocalAlloc 00000000FD60 000000415B60 0 LocalFree 00000000FD6C 000000415B6C 0 ExitThread 00000000FD78 000000415B78 0 VirtualFree 00000000FD84 000000415B84 0 Sleep 00000000FD8C 000000415B8C 0 DeleteFileA 00000000FEC0 000000415CC0 0 :pwrstr.dll 00000000FECC 000000415CCC 0 mu.exe 00000000FF1C 000000415D1C 0 Not executable file ! 000000010084 000000415E84 0 Enter command: 000000010094 000000415E94 0 Agent 0000000101B9 000000415FB9 0 8TCS,t 0000000101C4 000000415FC4 0 8HST,u0 000000010258 000000416058 0 sharedq.dll 00000001026C 00000041606C 0 LoadLibrary(sharedq.dll) 000000010288 000000416088 0 SQReceiveFromServer 0000000102A4 0000004160A4 0 GetProcAddress(SQReceiveFromServer) 00000001034C 00000041614C 0 mu.exe File pos Mem pos ID Text ======== ======= == ==== 000000010450 000000416250 0 \\.\pipe\lsndbd 00000001046C 00000041626C 0 CreateNamedPipe 00000001057C 00000041637C 0 8NTFS 0000000105E4 0000004163E4 0 \greenstone.bmp:redstone.bmp 000000010604 000000416404 0 \greenstone.bmp:bluestone.bmp 000000010624 000000416424 0 \redstone.bmp 000000010634 000000416434 0 \bluestone.bmp 0000000106C5 0000004164C5 0 33333 0000000106E7 0000004164E7 0 UUUU3 000000010839 000000416639 0 VWUSQ 000000010881 000000416681 0 33333 0000000108A3 0000004166A3 0 UUUU3 000000010957 000000416757 0 UUUU3 0000000109B5 0000004167B5 0 VWUSQ 000000010A6C 00000041686C 0 UUUU3 000000010CBC 000000416ABC 0 Error 000000010CC4 000000416AC4 0 Runtime error at 00000000 000000010CE4 000000416AE4 0 0123456789ABCDEF 000000010D20 000000416B20 0 1AY&SX 000000010D52 000000416B52 0 <o:o:_;OPO 000000010D61 000000416B61 0 OLONO 000000010D6D 000000416B6D 0 O!O%O 000000010D74 000000416B74 0 mu.exe 000000010FC8 000000416DC8 0 SpiService.exe 000000011370 000000417170 0 <4,$?7/' 0000000113B6 0000004171B6 0 !"#$%&'()*+,-./012345678 000000011401 000000417201 0 (3-!0 000000011408 000000417208 0 ,1'8"5 0000000119C0 0000004177C0 0 kernel32.dll 0000000119D0 0000004177D0 0 DeleteCriticalSection 0000000119E8 0000004177E8 0 LeaveCriticalSection 000000011A00 000000417800 0 EnterCriticalSection 000000011A18 000000417818 0 InitializeCriticalSection 000000011A34 000000417834 0 VirtualFree 000000011A42 000000417842 0 VirtualAlloc 000000011A52 000000417852 0 LocalFree 000000011A5E 00000041785E 0 LocalAlloc 000000011A6C 00000041786C 0 GetVersion 000000011A7A 00000041787A 0 GetCurrentThreadId 000000011A90 000000417890 0 GetThreadLocale 000000011AA2 0000004178A2 0 GetStartupInfoA 000000011AB4 0000004178B4 0 GetLocaleInfoA 000000011AC6 0000004178C6 0 GetCommandLineA 000000011AD8 0000004178D8 0 FreeLibrary 000000011AE6 0000004178E6 0 ExitProcess 000000011AF4 0000004178F4 0 CreateThread 000000011B04 000000417904 0 WriteFile 000000011B10 000000417910 0 UnhandledExceptionFilter 000000011B2C 00000041792C 0 RtlUnwind 000000011B38 000000417938 0 RaiseException 000000011B4A 00000041794A 0 GetStdHandle 000000011B58 000000417958 0 user32.dll 000000011B66 000000417966 0 GetKeyboardType 000000011B78 000000417978 0 MessageBoxA 000000011B84 000000417984 0 advapi32.dll 000000011B94 000000417994 0 RegQueryValueExA 000000011BA8 0000004179A8 0 RegOpenKeyExA 000000011BB8 0000004179B8 0 RegCloseKey 000000011BC4 0000004179C4 0 kernel32.dll 000000011BD4 0000004179D4 0 TlsSetValue File pos Mem pos ID Text ======== ======= == ==== 000000011BE2 0000004179E2 0 TlsGetValue 000000011BF0 0000004179F0 0 TlsFree 000000011BFA 0000004179FA 0 TlsAlloc 000000011C06 000000417A06 0 LocalFree 000000011C12 000000417A12 0 LocalAlloc 000000011C1E 000000417A1E 0 advapi32.dll 000000011C2E 000000417A2E 0 RegQueryValueExA 000000011C42 000000417A42 0 RegOpenKeyExA 000000011C52 000000417A52 0 RegCloseKey 000000011C60 000000417A60 0 OpenProcessToken 000000011C74 000000417A74 0 LookupPrivilegeValueA 000000011C8C 000000417A8C 0 InitiateSystemShutdownA 000000011CA6 000000417AA6 0 AdjustTokenPrivileges 000000011CBC 000000417ABC 0 kernel32.dll 000000011CCC 000000417ACC 0 lstrlenA 000000011CD8 000000417AD8 0 lstrcpynA 000000011CE4 000000417AE4 0 lstrcpyA 000000011CF0 000000417AF0 0 lstrcmpiA 000000011CFC 000000417AFC 0 lstrcmpA 000000011D08 000000417B08 0 lstrcatA 000000011D14 000000417B14 0 WriteProcessMemory 000000011D2A 000000417B2A 0 WriteFile 000000011D36 000000417B36 0 WaitForSingleObjectEx 000000011D4E 000000417B4E 0 WaitForSingleObject 000000011D64 000000417B64 0 VirtualFreeEx 000000011D74 000000417B74 0 VirtualAllocEx 000000011D86 000000417B86 0 TerminateThread 000000011D98 000000417B98 0 SleepEx 000000011DA2 000000417BA2 0 Sleep 000000011DAA 000000417BAA 0 SetWaitableTimer 000000011DBE 000000417BBE 0 SetFilePointer 000000011DD0 000000417BD0 0 SetEvent 000000011DDC 000000417BDC 0 ReadFile 000000011DE8 000000417BE8 0 OpenProcess 000000011DF6 000000417BF6 0 LocalUnlock 000000011E04 000000417C04 0 LocalSize 000000011E10 000000417C10 0 LocalReAlloc 000000011E20 000000417C20 0 LocalLock 000000011E2C 000000417C2C 0 LocalFree 000000011E38 000000417C38 0 LocalAlloc 000000011E46 000000417C46 0 LoadLibraryA 000000011E56 000000417C56 0 GetWindowsDirectoryA 000000011E6E 000000417C6E 0 GetVolumeInformationA 000000011E86 000000417C86 0 GetTickCount 000000011E96 000000417C96 0 GetTempFileNameA 000000011EAA 000000417CAA 0 GetSystemTimeAsFileTime 000000011EC4 000000417CC4 0 GetProcAddress 000000011ED6 000000417CD6 0 GetModuleHandleA 000000011EEA 000000417CEA 0 GetModuleFileNameA 000000011F00 000000417D00 0 GetLastError 000000011F10 000000417D10 0 GetFileSize 000000011F1E 000000417D1E 0 GetExitCodeThread 000000011F32 000000417D32 0 GetCurrentThreadId 000000011F48 000000417D48 0 GetCurrentProcess 000000011F5C 000000417D5C 0 FormatMessageA 000000011F6E 000000417D6E 0 FileTimeToSystemTime 000000011F86 000000417D86 0 FileTimeToLocalFileTime 000000011FA0 000000417DA0 0 ExitThread 000000011FAE 000000417DAE 0 ExitProcess 000000011FBC 000000417DBC 0 DisconnectNamedPipe File pos Mem pos ID Text ======== ======= == ==== 000000011FD2 000000417DD2 0 DeleteFileA 000000011FE0 000000417DE0 0 CreateWaitableTimerA 000000011FF8 000000417DF8 0 CreateThread 000000012008 000000417E08 0 CreateRemoteThread 00000001201E 000000417E1E 0 CreateNamedPipeA 000000012032 000000417E32 0 CreateFileA 000000012040 000000417E40 0 CreateEventA 000000012050 000000417E50 0 CopyFileA 00000001205C 000000417E5C 0 ConnectNamedPipe 000000012070 000000417E70 0 CloseHandle 00000001207C 000000417E7C 0 gdi32.dll 000000012088 000000417E88 0 TextOutA 000000012094 000000417E94 0 SelectObject 0000000120A4 000000417EA4 0 Rectangle 0000000120B0 000000417EB0 0 GetTextMetricsA 0000000120C2 000000417EC2 0 Escape 0000000120CC 000000417ECC 0 EndDoc 0000000120D6 000000417ED6 0 DeleteObject 0000000120E6 000000417EE6 0 DeleteDC 0000000120F2 000000417EF2 0 CreateSolidBrush 000000012106 000000417F06 0 CreateDCA 000000012110 000000417F10 0 user32.dll 00000001211E 000000417F1E 0 CreateWindowExA 000000012130 000000417F30 0 UnregisterClassA 000000012144 000000417F44 0 TranslateMessage 000000012158 000000417F58 0 SwitchDesktop 000000012168 000000417F68 0 SetTimer 000000012174 000000417F74 0 SetThreadDesktop 000000012188 000000417F88 0 SetProcessWindowStation 0000000121A2 000000417FA2 0 SetForegroundWindow 0000000121B8 000000417FB8 0 SetFocus 0000000121C4 000000417FC4 0 SendMessageA 0000000121D4 000000417FD4 0 RegisterClassA 0000000121E6 000000417FE6 0 PostMessageA 0000000121F6 000000417FF6 0 PeekMessageA 000000012206 000000418006 0 OpenWindowStationA 00000001221C 00000041801C 0 OpenDesktopA 00000001222C 00000041802C 0 LoadIconA 000000012238 000000418038 0 LoadCursorA 000000012246 000000418046 0 InvalidateRect 000000012258 000000418058 0 GetWindowTextA 00000001226A 00000041806A 0 GetWindowDC 000000012278 000000418078 0 GetThreadDesktop 00000001228C 00000041808C 0 GetSystemMetrics 0000000122A0 0000004180A0 0 GetProcessWindowStation 0000000122BA 0000004180BA 0 GetMessageA 0000000122C8 0000004180C8 0 GetForegroundWindow 0000000122DE 0000004180DE 0 GetDesktopWindow 0000000122F2 0000004180F2 0 GetClientRect 000000012302 000000418102 0 FindWindowExA 000000012312 000000418112 0 FindWindowA 000000012320 000000418120 0 DrawTextA 00000001232C 00000041812C 0 DispatchMessageA 000000012340 000000418140 0 DestroyWindow 000000012350 000000418150 0 DefWindowProcA 000000012362 000000418162 0 CreateDesktopA 000000012374 000000418174 0 CloseWindowStation 00000001238A 00000041818A 0 CloseDesktop 00000001239A 00000041819A 0 CharUpperA 0000000123A6 0000004181A6 0 winspool.drv File pos Mem pos ID Text ======== ======= == ==== 0000000123B6 0000004181B6 0 EnumPrintersA 0000000123C4 0000004181C4 0 user32.dll 0000000123D2 0000004181D2 0 wsprintfA 0000000123DE 0000004181DE 0 GetMonitorInfoA 0000000123F0 0000004181F0 0 EnumDisplayMonitors 00000001247F 00000041827F 0 0"0*020:0B0J0R0Z0b0j0r0z0 0000000124C5 0000004182C5 0 4%515L5 0000000124CD 0000004182CD 0 5.7j7 0000000124ED 0000004182ED 0 8$8,8>8J8Y8e8m8x8~8 000000012519 000000418319 0 9'929S9k9 00000001252B 00000041832B 0 :O:o: 00000001253D 00000041833D 0 <(<3<<<C<R<Y<{< 00000001255F 00000041835F 0 >Z>c>y> 00000001256F 00000041836F 0 ?*?T?]?m?u?{? 00000001259B 00000041839B 0 0 080D0L0c0r0 0000000125B5 0000004183B5 0 0$1H1f1v1|1 0000000125CD 0000004183CD 0 2m2t2 0000000125EF 0000004183EF 0 4#4G4g4 00000001260D 00000041840D 0 8)8?8]8s8 000000012621 000000418421 0 9 989F9z9 000000012635 000000418435 0 :0:9:k:t: 000000012651 000000418451 0 <,=4=?=k= 000000012661 000000418461 0 =(>8>>>D>J>O>U> 000000012671 000000418471 0 >n>s>x>}> 000000012689 000000418489 0 >$?/?L?V?{? 0000000126B5 0000004184B5 0 050I0 0000000126C3 0000004184C3 0 1L1[1O4 0000000126CD 0000004184CD 0 6J6Q6c6 0000000126DD 0000004184DD 0 6!7C7O7V7 000000012707 000000418507 0 8.8C8T8 00000001270F 00000041850F 0 8f8n8v8~8 000000012725 000000418525 0 9#9+9P9X9f9k9 000000012747 000000418547 0 :*:7:C:P:b:j:r:z: 00000001277F 00000041857F 0 ;";*;2;:;B;J;R;Z;b;j;r;z; 0000000127BF 0000004185BF 0 <"<*<2<:<B<J<R<Z<b<j<r<z< 0000000127FF 0000004185FF 0 ="=*=2=:=B=J=R=Z=b=j=r=z= 000000012841 000000418641 0 ?-?:???L?Q? 00000001284D 00000041864D 0 ?c?p?u? 00000001287F 00000041867F 0 0$0)060;0H0S0 000000012899 000000418699 0 2#2/2<2N2V2c2o2|2 0000000128B3 0000004186B3 0 3"30353;3G3P3X3k3 0000000128D1 0000004186D1 0 444B4M4Z4_4j4u4 0000000128ED 0000004186ED 0 5)595E5O5T5h5~5 00000001290F 00000041870F 0 5-6R6 000000012915 000000418715 0 6Q7W7i7o7 000000012923 000000418723 0 8>8C8 00000001292F 00000041872F 0 8W9d9q9 000000012951 000000418751 0 <W=k= 00000001295B 00000041875B 0 >a>n> 000000012975 000000418775 0 0=1I1 000000012997 000000418797 0 505E5W5x5 0000000129B3 0000004187B3 0 6c7p7 0000000129CD 0000004187CD 0 8-8W8v8 0000000129D9 0000004187D9 0 8K9V9j9u9 0000000129ED 0000004187ED 0 9r:{: 000000012A05 000000418805 0 ;";';,;7;<;A;L;Q;V;a;f;k;v;{; 000000012A39 000000418839 0 =8>z> 000000012A4D 00000041884D 0 ?.?M? 000000012A9F 00000041889F 0 4 404<4H4 000000012AB5 0000004188B5 0 636J6Z6m6}6 File pos Mem pos ID Text ======== ======= == ==== 000000012ACD 0000004188CD 0 6 7,7;7J7Y7h7 000000012ADB 0000004188DB 0 7(888\8b8j8y8 000000012B18 000000418918 0 c0 444 000000012B39 000000418939 0 7 7%7A7j7 000000012B4F 00000041894F 0 8 80868a8v9 000000012B6B 00000041896B 0 :H:Q:n: 000000012B79 000000418979 0 ;$;);8; 000000012B89 000000418989 0 <1<A<M<Z<h<v< 000000012BAB 0000004189AB 0 >">'> 000000012BB7 0000004189B7 0 >9?E?f? 000000012BD1 0000004189D1 0 01060 000000012BF1 0000004189F1 0 292w2|2 000000012BFF 0000004189FF 0 4,4d4 000000012C1B 000000418A1B 0 6:7A7H7~7 000000012C43 000000418A43 0 9#>M> 000000012C5B 000000418A5B 0 777f7 000000012C65 000000418A65 0 7 848F8 000000012C71 000000418A71 0 9.:7:I:X:e:n:v: 000000012C81 000000418A81 0 :0;b; 000000012C9B 000000418A9B 0 =J>q>z> 000000012CAD 000000418AAD 0 ?-?=? 000000012CCD 000000418ACD 0 3 333P3l3~3 000000012D0F 000000418B0F 0 9#9'9+9/93979K: 000000012D27 000000418B27 0 ;%;<; 000000012D61 000000418B61 0 >->4>9>N>j>r> 000000012D8D 000000418B8D 0 2&292T2Z2T3[3g3Q4V4Q5]5j5x5 000000012DBD 000000418BBD 0 6=6B6H6*777C7P7Z7f7s7}7 000000012E0F 000000418C0F 0 :t:z: 000000012E37 000000418C37 0 ;b<y< 000000012E43 000000418C43 0 =&=k=w= 000000012E4B 000000418C4B 0 >!>0>?>S>d>l>q> 000000012E6B 000000418C6B 0 ?-?8?@?E?L?Q?W?b? 000000012E97 000000418C97 0 1"1+171E1s1 000000012EA9 000000418CA9 0 1E2M2g2t2 000000012EC1 000000418CC1 0 2U3m3u3 000000012EDB 000000418CDB 0 3c4n4 000000012F14 000000418D14 0 $0(0,0 00000001313E 000000418F3E 0 pwrstr 000000013146 000000418F46 0 UTypes 00000001314F 000000418F4F 0 System 000000013158 000000418F58 0 SysInit 000000013161 000000418F61 0 WWinSpool 00000001316C 000000418F6C 0 KWindows 000000013176 000000418F76 0 3Messages 000000013182 000000418F82 0 TlHelp32 00000001318D 000000418F8D 0 WinSvc 000000013270 000000419070 0 PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING 000000013108 000000418F08 0 PACKAGEINFO 000000000050 000000400050 0 This program must be run under Win32 000000000270 000000400270 0 .idata 0000000002C0 0000004002C0 0 .rdata 0000000002E7 0000004002E7 0 P.reloc 00000000030F 00000040030F 0 P.rsrc 00000000058C 00000040118C 0 SVWUQ 0000000007AD 0000004013AD 0 w;;t$ 0000000008B8 0000004014B8 0 SVWUQ 00000000179D 00000040239D 0 Uh%$@ 0000000019FF 0000004025FF 0 ~KxI[) 000000001B28 000000402728 0 SOFTWARE\Borland\Delphi\RTL 000000001B44 000000402744 0 FPUMaskValue File pos Mem pos ID Text ======== ======= == ==== 000000001B91 000000402791 0 PPRTj 000000001D0B 00000040290B 0 YZXtp 000000001D27 000000402927 0 Ph4)@ 000000001E82 000000402A82 0 t=HtN 000000001F35 000000402B35 0 PhB+@ 000000001FFE 000000402BFE 0 Uh*,@ 000000002401 000000403001 0 Uh\0@ 0000000024E1 0000004030E1 0 Uh&1@ 000000002711 000000403311 0 Uh13@ 000000002749 000000403349 0 Uhi3@ 000000002931 000000403531 0 UhQ5@ 000000002AC0 0000004036C0 0 kernel32.dll 000000002AD0 0000004036D0 0 CreateToolhelp32Snapshot 000000002AEC 0000004036EC 0 Heap32ListFirst 000000002AFC 0000004036FC 0 Heap32ListNext 000000002B0C 00000040370C 0 Heap32First 000000002B18 000000403718 0 Heap32Next 000000002B24 000000403724 0 Toolhelp32ReadProcessMemory 000000002B40 000000403740 0 Process32First 000000002B50 000000403750 0 Process32Next 000000002B60 000000403760 0 Process32FirstW 000000002B70 000000403770 0 Process32NextW 000000002B80 000000403780 0 Thread32First 000000002B90 000000403790 0 Thread32Next 000000002BA0 0000004037A0 0 Module32First 000000002BB0 0000004037B0 0 Module32Next 000000002BC0 0000004037C0 0 Module32FirstW 000000002BD0 0000004037D0 0 Module32NextW 000000002CB8 0000004038B8 0 APC UPS Service 000000002CC8 0000004038C8 0 Apache Tomcat 000000002CD8 0000004038D8 0 PCD_MODULELauncher 000000002CEC 0000004038EC 0 ntfsvc 000000002CF4 0000004038F4 0 LogWriter 000000002D00 000000403900 0 Diebold XFS 000000002E50 000000403A50 0 OpenProcessToken 000000002E64 000000403A64 0 LookupPrivilegeValue 000000002E7C 000000403A7C 0 AdjustTokenPrivileges 0000000030F9 000000403CF9 0 (h(=@ 000000003128 000000403D28 0 LoadLibraryA 000000003138 000000403D38 0 kernel32 000000003144 000000403D44 0 SVWUQ 0000000031AC 000000403DAC 0 CreateFile (wr) 000000003234 000000403E34 0 QueryServiceStatus 000000003248 000000403E48 0 Wait Stop Service TimeOut 000000003300 000000403F00 0 MSCOREE.DLL 00000000330C 000000403F0C 0 SVWUQ 000000003390 000000403F90 0 CreateFile 000000003408 000000404008 0 D$<PV 0000000036B0 0000004042B0 0 OpenSCManager 0000000036C0 0000004042C0 0 OpenService 0000000036CC 0000004042CC 0 QueryServiceConfig 0000000036E4 0000004042E4 0 pwrstr.dll 0000000036F0 0000004042F0 0 LoadFile 0000000036FC 0000004042FC 0 Error 000000003704 000000404304 0 Alredy instaled 000000003714 000000404314 0 mscore.dll in import 00000000372C 00000040432C 0 Stop 000000003734 000000404334 0 ControlService 00000000374C 00000040434C 0 PACKAGEINFO 000000003758 000000404358 0 StartService File pos Mem pos ID Text ======== ======= == ==== 000000003768 000000404368 0 CopyFile 0000000037A7 0000004043A7 0 8NTFS 0000000038A4 0000004044A4 0 \greenstone.bmp:redstone.bmp 0000000038C4 0000004044C4 0 \greenstone.bmp:bluestone.bmp 0000000038E4 0000004044E4 0 \redstone.bmp 0000000038F4 0000004044F4 0 \bluestone,bmp 000000003904 000000404504 0 \trl2 0000000039AC 0000004045AC 0 CreateToolhelp32Snapshot 0000000039C8 0000004045C8 0 Module32First 000000003A10 000000404610 0 D$$PW 000000003AC0 0000004046C0 0 \lsass.exe 000000003ACC 0000004046CC 0 SeDebugPrivilege 000000003AE0 0000004046E0 0 lsass.exe 000000003CB0 0000004048B0 0 getProcessEntry 000000003CC0 0000004048C0 0 SeDebugPrivilege 000000003CD4 0000004048D4 0 OpenProcess 000000003CE0 0000004048E0 0 GetExitCodeThread 000000003CF4 0000004048F4 0 VirtualFreeEx 000000003E7C 000000404A7C 0 kernel32.dll 000000003E8C 000000404A8C 0 FindFirstFileA 000000003E9C 000000404A9C 0 FindNextFileA 000000003EAC 000000404AAC 0 FindClose 000000003EB8 000000404AB8 0 lstrcpy 000000003EC0 000000404AC0 0 DeleteFileA 000000003ECC 000000404ACC 0 Sleep 000000003ED4 000000404AD4 0 \Prefetch\ 000000003EE0 000000404AE0 0 -*.pf 000000003F88 000000404B88 0 explorer.exe 00000000404C 00000040504C 0 Error 000000004054 000000405054 0 Runtime error at 00000000 000000004074 000000405074 0 0123456789ABCDEF 000000004404 000000407204 0 kernel32.dll 000000004414 000000407214 0 DeleteCriticalSection 00000000442C 00000040722C 0 LeaveCriticalSection 000000004444 000000407244 0 EnterCriticalSection 00000000445C 00000040725C 0 InitializeCriticalSection 000000004478 000000407278 0 VirtualFree 000000004486 000000407286 0 VirtualAlloc 000000004496 000000407296 0 LocalFree 0000000044A2 0000004072A2 0 LocalAlloc 0000000044B0 0000004072B0 0 GetVersion 0000000044BE 0000004072BE 0 GetCurrentThreadId 0000000044D4 0000004072D4 0 GetThreadLocale 0000000044E6 0000004072E6 0 GetStartupInfoA 0000000044F8 0000004072F8 0 GetLocaleInfoA 00000000450A 00000040730A 0 GetCommandLineA 00000000451C 00000040731C 0 FreeLibrary 00000000452A 00000040732A 0 ExitProcess 000000004538 000000407338 0 WriteFile 000000004544 000000407344 0 UnhandledExceptionFilter 000000004560 000000407360 0 RtlUnwind 00000000456C 00000040736C 0 RaiseException 00000000457E 00000040737E 0 GetStdHandle 00000000458C 00000040738C 0 user32.dll 00000000459A 00000040739A 0 GetKeyboardType 0000000045AC 0000004073AC 0 MessageBoxA 0000000045B8 0000004073B8 0 advapi32.dll 0000000045C8 0000004073C8 0 RegQueryValueExA 0000000045DC 0000004073DC 0 RegOpenKeyExA 0000000045EC 0000004073EC 0 RegCloseKey File pos Mem pos ID Text ======== ======= == ==== 0000000045F8 0000004073F8 0 kernel32.dll 000000004608 000000407408 0 TlsSetValue 000000004616 000000407416 0 TlsGetValue 000000004624 000000407424 0 LocalAlloc 000000004632 000000407432 0 GetModuleHandleA 000000004644 000000407444 0 advapi32.dll 000000004654 000000407454 0 OpenProcessToken 000000004668 000000407468 0 LookupPrivilegeValueA 000000004680 000000407480 0 AdjustTokenPrivileges 000000004696 000000407496 0 kernel32.dll 0000000046A6 0000004074A6 0 lstrlenA 0000000046B2 0000004074B2 0 lstrcpyA 0000000046BE 0000004074BE 0 lstrcmpiA 0000000046CA 0000004074CA 0 lstrcatA 0000000046D6 0000004074D6 0 WriteProcessMemory 0000000046EC 0000004074EC 0 WriteFile 0000000046F8 0000004074F8 0 WaitForSingleObject 00000000470E 00000040750E 0 VirtualFreeEx 00000000471E 00000040751E 0 VirtualAllocEx 000000004730 000000407530 0 TerminateProcess 000000004744 000000407544 0 Sleep 00000000474C 00000040754C 0 SizeofResource 00000000475E 00000040755E 0 ReadFile 00000000476A 00000040756A 0 OpenProcess 000000004778 000000407578 0 LockResource 000000004788 000000407588 0 LocalFree 000000004794 000000407594 0 LocalAlloc 0000000047A2 0000004075A2 0 LoadResource 0000000047B2 0000004075B2 0 GetWindowsDirectoryA 0000000047CA 0000004075CA 0 GetVolumeInformationA 0000000047E2 0000004075E2 0 GetTickCount 0000000047F2 0000004075F2 0 GetProcAddress 000000004804 000000407604 0 GetModuleHandleA 000000004818 000000407618 0 GetModuleFileNameA 00000000482E 00000040762E 0 GetLastError 00000000483E 00000040763E 0 GetFileSize 00000000484C 00000040764C 0 GetExitCodeThread 000000004860 000000407660 0 GetCurrentProcess 000000004874 000000407674 0 FormatMessageA 000000004886 000000407686 0 FindResourceA 000000004896 000000407696 0 DeleteFileA 0000000048A4 0000004076A4 0 CreateRemoteThread 0000000048BA 0000004076BA 0 CreateFileA 0000000048C8 0000004076C8 0 CopyFileA 0000000048D4 0000004076D4 0 CloseHandle 0000000048E0 0000004076E0 0 user32.dll 0000000048EE 0000004076EE 0 MessageBoxA 0000000048FA 0000004076FA 0 advapi32.dll 00000000490A 00000040770A 0 StartServiceA 00000000491A 00000040771A 0 QueryServiceStatus 000000004930 000000407730 0 QueryServiceConfigA 000000004946 000000407746 0 OpenServiceA 000000004956 000000407756 0 OpenSCManagerA 000000004968 000000407768 0 ControlService 00000000497A 00000040777A 0 CloseServiceHandle 000000004C0F 00000040A00F 0 0"0*020:0B0J0R0Z0b0j0r0z0 000000004C55 00000040A055 0 5)5D5 000000004C5B 00000040A05B 0 5&7b7 000000004C7D 00000040A07D 0 8$868B8Q8]8e8p8v8 000000004CA9 00000040A0A9 0 9*9K9c9 File pos Mem pos ID Text ======== ======= == ==== 000000004CB9 00000040A0B9 0 9G:g: 000000004CCB 00000040A0CB 0 < <+<4<;<J<Q<s< 000000004CDD 00000040A0DD 0 <Y=w=|= 000000004CED 00000040A0ED 0 >R>[>q> 000000004CFD 00000040A0FD 0 ?"?L?U?e?m?s?|? 000000004D29 00000040A129 0 000<0D0[0j0z0 000000004D47 00000040A147 0 1n1t1|1 000000004D59 00000040A159 0 2e2l2|2 000000004D7D 00000040A17D 0 4?4_4z4 000000004D89 00000040A189 0 4m5Z6 000000004D9B 00000040A19B 0 7Y7n7 000000004DAD 00000040A1AD 0 8"868@8S8 000000004DBF 00000040A1BF 0 8)909R9 000000004DCB 00000040A1CB 0 ;7;>;V;x; 000000004DFB 00000040A1FB 0 ='=D=N=s=}= 000000004E1B 00000040A21B 0 >->A> 000000004E39 00000040A239 0 0!0*060=0x0 000000004E4F 00000040A24F 0 1!121?1F1J1P1T1Z1a1e1 000000004E7D 00000040A27D 0 2F2p2~2 000000004E9D 00000040A29D 0 3,3>3K3W3d3v3~3 000000004ED3 00000040A2D3 0 4&4.464>4F4N4V4 000000004EE3 00000040A2E3 0 4f4n4v4~4 000000004F0B 00000040A30B 0 5&535?5L5 000000004F15 00000040A315 0 5f5t5 000000004F3B 00000040A33B 0 6&6+686=6J6O6\6a6n6s6 000000004F5F 00000040A35F 0 838S8s8 000000004F6D 00000040A36D 0 819O9 000000004FA7 00000040A3A7 0 1\1a1 000000004FB3 00000040A3B3 0 2 2I2y2~2 000000004FC3 00000040A3C3 0 3.4@485 000000004FCB 00000040A3CB 0 5k6z6 000000004FEB 00000040A3EB 0 9?:M:S: 000000004FFB 00000040A3FB 0 ; ;$;(;,;0;4;8;<;@;D;L;W;m;w; 000000005020 00000040A420 0 $0(0,0 0000000052C0 00000040B0C0 0 This program must be run under Win32 0000000054E0 00000040B2E0 0 .idata 000000005508 00000040B308 0 .reloc 00000000552F 00000040B32F 0 P.rsrc 000000005804 00000040B604 0 SVWUQ 000000005A25 00000040B825 0 w;;t$ 000000005B30 00000040B930 0 SVWUQ 000000006A15 00000040C815 0 Uh-$@ 000000006DBF 00000040CBBF 0 ~KxI[) 000000006F18 00000040CD18 0 SOFTWARE\Borland\Delphi\RTL 000000006F34 00000040CD34 0 FPUMaskValue 000000006F81 00000040CD81 0 PPRTj 0000000070FB 00000040CEFB 0 YZXtp 000000007272 00000040D072 0 t=HtN 000000007A1C 00000040D81C 0 SVWRP 000000007BA0 00000040D9A0 0 USVW1 000000007C78 00000040DA78 0 Uh'6@ 000000007D46 00000040DB46 0 Uh.7@ 0000000080A5 00000040DEA5 0 UhU:@ 0000000086D4 00000040E4D4 0 kernel32.dll 0000000086E4 00000040E4E4 0 CreateToolhelp32Snapshot 000000008700 00000040E500 0 Heap32ListFirst 000000008710 00000040E510 0 Heap32ListNext 000000008720 00000040E520 0 Heap32First 00000000872C 00000040E52C 0 Heap32Next 000000008738 00000040E538 0 Toolhelp32ReadProcessMemory File pos Mem pos ID Text ======== ======= == ==== 000000008754 00000040E554 0 Process32First 000000008764 00000040E564 0 Process32Next 000000008774 00000040E574 0 Process32FirstW 000000008784 00000040E584 0 Process32NextW 000000008794 00000040E594 0 Thread32First 0000000087A4 00000040E5A4 0 Thread32Next 0000000087B4 00000040E5B4 0 Module32First 0000000087C4 00000040E5C4 0 Module32Next 0000000087D4 00000040E5D4 0 Module32FirstW 0000000087E4 00000040E5E4 0 Module32NextW 000000008859 00000040E659 0 Uh B@ 000000008891 00000040E691 0 UhAB@ 00000000890C 00000040E70C 0 TES TEDafwhicomm 000000008920 00000040E720 0 C:\Program Files\Diebold\AMI\AMITRACE\AMITrace.txt 000000008954 00000040E754 0 C:\windows\EpsStmApi.log\ 000000008C54 00000040EA54 0 WinSta0 000000008C5C 00000040EA5C 0 default 000000008C64 00000040EA64 0 DISPLAY 000000008EA2 00000040ECA2 0 D$XPSj 000000008F3B 00000040ED3B 0 D$xPj 000000008F88 00000040ED88 0 |$,{u 000000009040 00000040EE40 0 WinSta0 000000009048 00000040EE48 0 MyDesktop 000000009060 00000040EE60 0 ATMDialog 00000000906C 00000040EE6C 0 hello 000000009074 00000040EE74 0 STATIC 00000000908C 00000040EE8C 0 default 000000009128 00000040EF28 0 Error 000000009148 00000040EF48 0 Uh\K@ 000000009211 00000040F011 0 Uh-L@ 0000000092B8 00000040F0B8 0 CreateFile 00000000942B 00000040F22B 0 Uh+N@ 000000009436 00000040F236 0 !RPh8N@ 0000000094A8 00000040F2A8 0 %s Error code= %d 00000000954C 00000040F34C 0 %s Error code= %.2X 000000009585 00000040F385 0 t"Jt" 000000009594 00000040F394 0 Jt Jt 0000000096AC 00000040F4AC 0 OpenProcessToken 0000000096C8 00000040F4C8 0 LookupPrivilegeValue 0000000096E8 00000040F4E8 0 AdjustTokenPrivileges 000000009727 00000040F527 0 Uh4R@ 0000000098C0 00000040F6C0 0 getProcessEntry 0000000098D0 00000040F6D0 0 SeDebugPrivilege 0000000098EC 00000040F6EC 0 OpenProcess 000000009900 00000040F700 0 GetExitCodeThread 00000000991C 00000040F71C 0 VirtualFreeEx 000000009AB8 00000040F8B8 0 kernel32.dll 000000009AC8 00000040F8C8 0 GetModuleHandleA 000000009ADC 00000040F8DC 0 GetProcAddress 000000009AEC 00000040F8EC 0 DbdDevAPI.dll 000000009AFC 00000040F8FC 0 DbdDevOpen 000000009B08 00000040F908 0 DbdDevClose 000000009B14 00000040F914 0 DbdDevUnlock 000000009B24 00000040F924 0 DbdDevUnregisterCallback 000000009C8C 00000040FA8C 0 No CallbackAddr 000000009CA0 00000040FAA0 0 dbdDevlock 000000009CDE 00000040FADE 0 t,-"% 000000009F18 00000040FD18 0 DbdDevExecute(EPP4_ENCODE_DECODE) 000000009F3C 00000040FD3C 0 DbdDevExecute(EPP4_ENABLE_KEYBOARD_READ) 000000009F68 00000040FD68 0 EPP Complete LOCK File pos Mem pos ID Text ======== ======= == ==== 000000009F7C 00000040FD7C 0 EPP Complete ENCODE_DECODE 00000000A05C 00000040FE5C 0 DBDDevOpen 00000000A068 00000040FE68 0 DbdDevRegisterCallback 00000000A080 00000040FE80 0 DbdDevLock 00000000A08C 00000040FE8C 0 DbdDevUnregisterCallback 00000000A0A8 00000040FEA8 0 DBDDevClose 00000000A124 00000040FF24 0 DbdDevUnlock 00000000A134 00000040FF34 0 bdDevUnregisterCallback 00000000A14C 00000040FF4C 0 DBDDevClose 00000000A234 000000410034 0 DbdDevAPI.dll 00000000A244 000000410044 0 DbdDevOpen 00000000A250 000000410050 0 DbdDevClose 00000000A25C 00000041005C 0 DbdDevGetInfo 00000000A26C 00000041006C 0 DbdDevRegisterCallback 00000000A284 000000410084 0 DbdDevUnregisterCallback 00000000A2A0 0000004100A0 0 DbdDevLock 00000000A2AC 0000004100AC 0 DbdDevUnlock 00000000A2BC 0000004100BC 0 DbdDevExecute 00000000A31D 00000041011D 0 PhDZ@ 00000000A3C4 0000004101C4 0 AMI function don 00000000A3D5 0000004101D5 0 t return in 1 sec 00000000A5F0 0000004103F0 0 RECEIPT 00000000A5F8 0000004103F8 0 WINSPOOL 00000000A60C 00000041040C 0 CreateDC 00000000A618 000000410418 0 hello 00000000A628 000000410428 0 escape 00000000A638 000000410438 0 TextOut 00000000A648 000000410448 0 enddoc 00000000A774 000000410574 0 DbdDevExecute(EPP4_COPY_KEY) 00000000A79C 00000041059C 0 EPP4_COPY_KEY TimeOut 00000000A8A8 0000004106A8 0 DbdDevExecute(EPP4_LOAD_KEY) 00000000A8D0 0000004106D0 0 EPP4_LOAD_KEY TimeOut 00000000A980 000000410780 0 DbdDevExecute(EPP4_DELETE_KEY) 00000000A9A8 0000004107A8 0 EPP4_DELETE_KEY TimeOut 00000000AAD4 0000004108D4 0 DbdDevExecute(EPP4_ENCODE_DECODE) 00000000AB00 000000410900 0 EPP_Encrypt TimeOut 00000000AC04 000000410A04 0 SVWUQ 00000000AE28 000000410C28 0 kernel32.dll 00000000AE38 000000410C38 0 GetModuleHandleA 00000000AE4C 000000410C4C 0 GetProcAddress 00000000AE5C 000000410C5C 0 DbdDevAPI.dll 00000000AE6C 000000410C6C 0 DbdDevRegisterCallback 00000000AE84 000000410C84 0 DbdDevLock 00000000AF98 000000410D98 0 LocalAlloc 00000000AFAC 000000410DAC 0 LocalLock 00000000B431 000000411231 0 t Find Key A 00000000B44D 00000041124D 0 t Find Key B 00000000B654 000000411454 0 Uhup@ 00000000B827 000000411627 0 u7IBF 00000000B8B6 0000004116B6 0 I(NBu 00000000BA8E 00000041188E 0 Uh5v@ 00000000BBCE 0000004119CE 0 PhHv@ 00000000BBFE 0000004119FE 0 Phdv@ 00000000BC37 000000411A37 0 Phlv@ 00000000BCB8 000000411AB8 0 %.2d/%.2d/%.2d %.2d:%.2d 00000000BE6A 000000411C6A 0 tdHuaj 00000000BEE0 000000411CE0 0 DbdDevExecute(RECEIPT_PRINTER_START_GDI) 00000000BF10 000000411D10 0 t LOCK EPP 00000000BF1C 000000411D1C 0 RECEIPT_PRINTER_START_GDI 00000000BF38 000000411D38 0 DbdDevExecute(RECEIPT_PRINTER_EJECT) File pos Mem pos ID Text ======== ======= == ==== 00000000C0F0 000000411EF0 0 DbdDevExecute(AFD_DISPENCE) 00000000C10C 000000411F0C 0 CDM Complete LOCK 00000000C120 000000411F20 0 DbdDevExecute(AFD_PRESENT) 00000000C13C 000000411F3C 0 DbdDevExecute(AFD_RESTORE) 00000000C3BC 0000004121BC 0 kernel32 00000000C3C8 0000004121C8 0 DeleteFileA 00000000C3D4 0000004121D4 0 FreeLibrary 00000000C3E0 0000004121E0 0 GetModuleHandleA 00000000C3F4 0000004121F4 0 CreateFileA 00000000C400 000000412200 0 Sleep 00000000C408 000000412208 0 WriteFile 00000000C414 000000412214 0 CloseHandle 00000000C420 000000412220 0 LocalFree 00000000C42C 00000041222C 0 LoadLibraryA 00000000C444 000000412244 0 :pwrstr.dll 00000000C450 000000412250 0 SVWUQ 00000000C562 000000412362 0 DZX|@3 00000000C59A 00000041239A 0 <0u AG 00000000C5E0 0000004123E0 0 SeShutdownPrivilege 00000000C600 000000412400 0 InitiateSystemShutdown 00000000C79C 00000041259C 0 TimeOut EPP4_DISABLE_KEYBOARD_READ complete 00000000C7C8 0000004125C8 0 DbdDevExecute(EPP4_DISABLE_KEYBOARD_READ) 00000000C950 000000412750 0 %.2X%.2X 00000000C95C 00000041275C 0 Request Code: %.6d 00000000C96F 00000041276F 0 Enter Responce 00000000C980 000000412780 0 Autorization 00000000C990 000000412790 0 1..4 - dispense cassete 00000000C9A8 0000004127A8 0 9 - Uninstall 00000000C9B6 0000004127B6 0 0 - Exit 00000000C9C0 0000004127C0 0 Enter Command 00000000CBCC 0000004129CC 0 Diebold:OGuiFrame 00000000CBE0 0000004129E0 0 Enter Password 00000000CBF4 0000004129F4 0 STATIC 00000000CC04 000000412A04 0 Supply Manager 00000000CC14 000000412A14 0 Pripnt 00000000CC1C 000000412A1C 0 View All Counts 00000000CF84 000000412D84 0 DbdDevExecute(RESET) 00000000CF9C 000000412D9C 0 DBDDEV_LOCK(CRW) 00000000CFB0 000000412DB0 0 DbdDevExecute(MCRW_ACCEPT_INSERTION) 00000000CFD8 000000412DD8 0 MCRW_ACCEPT_INSERTION 00000000CFF0 000000412DF0 0 DbdDevExecute(MCRW_POWERON) 00000000D039 000000412E39 0 ;C&v= 00000000DBC1 0000004139C1 0 t find KEY C 00000000DF14 000000413D14 0 SOFTWARE\Diebold\Agilis 91x Core 00000000DF38 000000413D38 0 SOFTWARE\Diebold\Agilis 91x 00000000DF54 000000413D54 0 Product Version 00000000DF68 000000413D68 0 version 00000000DF7C 000000413D7C 0 RegQueryValue 00000000DF9C 000000413D9C 0 Agilis %s 00000000DFAD 000000413DAD 0 Agent %s 00000000DFBD 000000413DBD 0 Transactions %d 00000000DFCE 000000413DCE 0 Cards %d 00000000DFE2 000000413DE2 0 KEYs %d 00000000E10C 000000413F0C 0 DbdDevExecute(MCRW_CHIP_IO) 00000000E130 000000413F30 0 TimeOut MCRW_CHIP_IO 00000000E348 000000414148 0 Invalid Sim Response 00000000E48C 00000041428C 0 DbdDevExecute(MCRW_ACCEPT_INSERTION) 00000000E528 000000414328 0 DbdDevExecute(MCRW_POWEROFF) 00000000E6F0 0000004144F0 0 TimeOut Reset 00000000E708 000000414508 0 Incorrect FIle Size File pos Mem pos ID Text ======== ======= == ==== 00000000EA78 000000414878 0 TimeOut Reset 00000000EBAF 0000004149AF 0 <3=t FJu 00000000EFEB 000000414DEB 0 aE;l$ 00000000F057 000000414E57 0 $E;l$ 00000000F3EC 0000004151EC 0 PSTATPL 00000000F3F4 0000004151F4 0 IAMJZPL 00000000F414 000000415214 0 BALANCE: 00000000F470 000000415270 0 SetWaitableTimer 00000000F69D 00000041549D 0 4$@Ju 00000000F724 000000415524 0 $ZXuy 00000000F900 000000415700 0 kernel32.dll 00000000F910 000000415710 0 GetModuleHandleA 00000000F924 000000415724 0 GetProcAddress 00000000F934 000000415734 0 LoadLibraryA 00000000F944 000000415744 0 Sleep 00000000F94C 00000041574C 0 VirtualProtect 00000000F95C 00000041575C 0 CallNamedPipeA 00000000F96C 00000041576C 0 DbdDevAPI.dll 00000000F97C 00000041577C 0 \\.\pipe\lsndbd 00000000F991 000000415791 0 DbdDevRegisterCallback 00000000F9A9 0000004157A9 0 DbdDevLock 00000000FCE0 000000415AE0 0 kernel32.dll 00000000FCF0 000000415AF0 0 CreateFileA 00000000FCFC 000000415AFC 0 GetFileTime 00000000FD08 000000415B08 0 SetFileTime 00000000FD14 000000415B14 0 GetFileSize 00000000FD20 000000415B20 0 ReadFile 00000000FD2C 000000415B2C 0 WriteFile 00000000FD38 000000415B38 0 SetFilePointer 00000000FD48 000000415B48 0 CloseHandle 00000000FD54 000000415B54 0 LocalAlloc 00000000FD60 000000415B60 0 LocalFree 00000000FD6C 000000415B6C 0 ExitThread 00000000FD78 000000415B78 0 VirtualFree 00000000FD84 000000415B84 0 Sleep 00000000FD8C 000000415B8C 0 DeleteFileA 00000000FEC0 000000415CC0 0 :pwrstr.dll 00000000FECC 000000415CCC 0 mu.exe 00000000FF1C 000000415D1C 0 Not executable file ! 000000010084 000000415E84 0 Enter command: 000000010094 000000415E94 0 Agent 0000000101B9 000000415FB9 0 8TCS,t 0000000101C4 000000415FC4 0 8HST,u0 000000010258 000000416058 0 sharedq.dll 00000001026C 00000041606C 0 LoadLibrary(sharedq.dll) 000000010288 000000416088 0 SQReceiveFromServer 0000000102A4 0000004160A4 0 GetProcAddress(SQReceiveFromServer) 00000001034C 00000041614C 0 mu.exe 000000010450 000000416250 0 \\.\pipe\lsndbd 00000001046C 00000041626C 0 CreateNamedPipe 00000001057C 00000041637C 0 8NTFS 0000000105E4 0000004163E4 0 \greenstone.bmp:redstone.bmp 000000010604 000000416404 0 \greenstone.bmp:bluestone.bmp 000000010624 000000416424 0 \redstone.bmp 000000010634 000000416434 0 \bluestone.bmp 0000000106C5 0000004164C5 0 33333 0000000106E7 0000004164E7 0 UUUU3 000000010839 000000416639 0 VWUSQ 000000010881 000000416681 0 33333 0000000108A3 0000004166A3 0 UUUU3 File pos Mem pos ID Text ======== ======= == ==== 000000010957 000000416757 0 UUUU3 0000000109B5 0000004167B5 0 VWUSQ 000000010A6C 00000041686C 0 UUUU3 000000010CBC 000000416ABC 0 Error 000000010CC4 000000416AC4 0 Runtime error at 00000000 000000010CE4 000000416AE4 0 0123456789ABCDEF 000000010D20 000000416B20 0 1AY&SX 000000010D52 000000416B52 0 <o:o:_;OPO 000000010D61 000000416B61 0 OLONO 000000010D6D 000000416B6D 0 O!O%O 000000010D74 000000416B74 0 mu.exe 000000010FC8 000000416DC8 0 SpiService.exe 000000011370 000000417170 0 <4,$?7/' 0000000113B6 0000004171B6 0 !"#$%&'()*+,-./012345678 000000011401 000000417201 0 (3-!0 000000011408 000000417208 0 ,1'8"5 0000000119C0 0000004177C0 0 kernel32.dll 0000000119D0 0000004177D0 0 DeleteCriticalSection 0000000119E8 0000004177E8 0 LeaveCriticalSection 000000011A00 000000417800 0 EnterCriticalSection 000000011A18 000000417818 0 InitializeCriticalSection 000000011A34 000000417834 0 VirtualFree 000000011A42 000000417842 0 VirtualAlloc 000000011A52 000000417852 0 LocalFree 000000011A5E 00000041785E 0 LocalAlloc 000000011A6C 00000041786C 0 GetVersion 000000011A7A 00000041787A 0 GetCurrentThreadId 000000011A90 000000417890 0 GetThreadLocale 000000011AA2 0000004178A2 0 GetStartupInfoA 000000011AB4 0000004178B4 0 GetLocaleInfoA 000000011AC6 0000004178C6 0 GetCommandLineA 000000011AD8 0000004178D8 0 FreeLibrary 000000011AE6 0000004178E6 0 ExitProcess 000000011AF4 0000004178F4 0 CreateThread 000000011B04 000000417904 0 WriteFile 000000011B10 000000417910 0 UnhandledExceptionFilter 000000011B2C 00000041792C 0 RtlUnwind 000000011B38 000000417938 0 RaiseException 000000011B4A 00000041794A 0 GetStdHandle 000000011B58 000000417958 0 user32.dll 000000011B66 000000417966 0 GetKeyboardType 000000011B78 000000417978 0 MessageBoxA 000000011B84 000000417984 0 advapi32.dll 000000011B94 000000417994 0 RegQueryValueExA 000000011BA8 0000004179A8 0 RegOpenKeyExA 000000011BB8 0000004179B8 0 RegCloseKey 000000011BC4 0000004179C4 0 kernel32.dll 000000011BD4 0000004179D4 0 TlsSetValue 000000011BE2 0000004179E2 0 TlsGetValue 000000011BF0 0000004179F0 0 TlsFree 000000011BFA 0000004179FA 0 TlsAlloc 000000011C06 000000417A06 0 LocalFree 000000011C12 000000417A12 0 LocalAlloc 000000011C1E 000000417A1E 0 advapi32.dll 000000011C2E 000000417A2E 0 RegQueryValueExA 000000011C42 000000417A42 0 RegOpenKeyExA 000000011C52 000000417A52 0 RegCloseKey 000000011C60 000000417A60 0 OpenProcessToken 000000011C74 000000417A74 0 LookupPrivilegeValueA 000000011C8C 000000417A8C 0 InitiateSystemShutdownA File pos Mem pos ID Text ======== ======= == ==== 000000011CA6 000000417AA6 0 AdjustTokenPrivileges 000000011CBC 000000417ABC 0 kernel32.dll 000000011CCC 000000417ACC 0 lstrlenA 000000011CD8 000000417AD8 0 lstrcpynA 000000011CE4 000000417AE4 0 lstrcpyA 000000011CF0 000000417AF0 0 lstrcmpiA 000000011CFC 000000417AFC 0 lstrcmpA 000000011D08 000000417B08 0 lstrcatA 000000011D14 000000417B14 0 WriteProcessMemory 000000011D2A 000000417B2A 0 WriteFile 000000011D36 000000417B36 0 WaitForSingleObjectEx 000000011D4E 000000417B4E 0 WaitForSingleObject 000000011D64 000000417B64 0 VirtualFreeEx 000000011D74 000000417B74 0 VirtualAllocEx 000000011D86 000000417B86 0 TerminateThread 000000011D98 000000417B98 0 SleepEx 000000011DA2 000000417BA2 0 Sleep 000000011DAA 000000417BAA 0 SetWaitableTimer 000000011DBE 000000417BBE 0 SetFilePointer 000000011DD0 000000417BD0 0 SetEvent 000000011DDC 000000417BDC 0 ReadFile 000000011DE8 000000417BE8 0 OpenProcess 000000011DF6 000000417BF6 0 LocalUnlock 000000011E04 000000417C04 0 LocalSize 000000011E10 000000417C10 0 LocalReAlloc 000000011E20 000000417C20 0 LocalLock 000000011E2C 000000417C2C 0 LocalFree 000000011E38 000000417C38 0 LocalAlloc 000000011E46 000000417C46 0 LoadLibraryA 000000011E56 000000417C56 0 GetWindowsDirectoryA 000000011E6E 000000417C6E 0 GetVolumeInformationA 000000011E86 000000417C86 0 GetTickCount 000000011E96 000000417C96 0 GetTempFileNameA 000000011EAA 000000417CAA 0 GetSystemTimeAsFileTime 000000011EC4 000000417CC4 0 GetProcAddress 000000011ED6 000000417CD6 0 GetModuleHandleA 000000011EEA 000000417CEA 0 GetModuleFileNameA 000000011F00 000000417D00 0 GetLastError 000000011F10 000000417D10 0 GetFileSize 000000011F1E 000000417D1E 0 GetExitCodeThread 000000011F32 000000417D32 0 GetCurrentThreadId 000000011F48 000000417D48 0 GetCurrentProcess 000000011F5C 000000417D5C 0 FormatMessageA 000000011F6E 000000417D6E 0 FileTimeToSystemTime 000000011F86 000000417D86 0 FileTimeToLocalFileTime 000000011FA0 000000417DA0 0 ExitThread 000000011FAE 000000417DAE 0 ExitProcess 000000011FBC 000000417DBC 0 DisconnectNamedPipe 000000011FD2 000000417DD2 0 DeleteFileA 000000011FE0 000000417DE0 0 CreateWaitableTimerA 000000011FF8 000000417DF8 0 CreateThread 000000012008 000000417E08 0 CreateRemoteThread 00000001201E 000000417E1E 0 CreateNamedPipeA 000000012032 000000417E32 0 CreateFileA 000000012040 000000417E40 0 CreateEventA 000000012050 000000417E50 0 CopyFileA 00000001205C 000000417E5C 0 ConnectNamedPipe 000000012070 000000417E70 0 CloseHandle 00000001207C 000000417E7C 0 gdi32.dll 000000012088 000000417E88 0 TextOutA File pos Mem pos ID Text ======== ======= == ==== 000000012094 000000417E94 0 SelectObject 0000000120A4 000000417EA4 0 Rectangle 0000000120B0 000000417EB0 0 GetTextMetricsA 0000000120C2 000000417EC2 0 Escape 0000000120CC 000000417ECC 0 EndDoc 0000000120D6 000000417ED6 0 DeleteObject 0000000120E6 000000417EE6 0 DeleteDC 0000000120F2 000000417EF2 0 CreateSolidBrush 000000012106 000000417F06 0 CreateDCA 000000012110 000000417F10 0 user32.dll 00000001211E 000000417F1E 0 CreateWindowExA 000000012130 000000417F30 0 UnregisterClassA 000000012144 000000417F44 0 TranslateMessage 000000012158 000000417F58 0 SwitchDesktop 000000012168 000000417F68 0 SetTimer 000000012174 000000417F74 0 SetThreadDesktop 000000012188 000000417F88 0 SetProcessWindowStation 0000000121A2 000000417FA2 0 SetForegroundWindow 0000000121B8 000000417FB8 0 SetFocus 0000000121C4 000000417FC4 0 SendMessageA 0000000121D4 000000417FD4 0 RegisterClassA 0000000121E6 000000417FE6 0 PostMessageA 0000000121F6 000000417FF6 0 PeekMessageA 000000012206 000000418006 0 OpenWindowStationA 00000001221C 00000041801C 0 OpenDesktopA 00000001222C 00000041802C 0 LoadIconA 000000012238 000000418038 0 LoadCursorA 000000012246 000000418046 0 InvalidateRect 000000012258 000000418058 0 GetWindowTextA 00000001226A 00000041806A 0 GetWindowDC 000000012278 000000418078 0 GetThreadDesktop 00000001228C 00000041808C 0 GetSystemMetrics 0000000122A0 0000004180A0 0 GetProcessWindowStation 0000000122BA 0000004180BA 0 GetMessageA 0000000122C8 0000004180C8 0 GetForegroundWindow 0000000122DE 0000004180DE 0 GetDesktopWindow 0000000122F2 0000004180F2 0 GetClientRect 000000012302 000000418102 0 FindWindowExA 000000012312 000000418112 0 FindWindowA 000000012320 000000418120 0 DrawTextA 00000001232C 00000041812C 0 DispatchMessageA 000000012340 000000418140 0 DestroyWindow 000000012350 000000418150 0 DefWindowProcA 000000012362 000000418162 0 CreateDesktopA 000000012374 000000418174 0 CloseWindowStation 00000001238A 00000041818A 0 CloseDesktop 00000001239A 00000041819A 0 CharUpperA 0000000123A6 0000004181A6 0 winspool.drv 0000000123B6 0000004181B6 0 EnumPrintersA 0000000123C4 0000004181C4 0 user32.dll 0000000123D2 0000004181D2 0 wsprintfA 0000000123DE 0000004181DE 0 GetMonitorInfoA 0000000123F0 0000004181F0 0 EnumDisplayMonitors 00000001247F 00000041827F 0 0"0*020:0B0J0R0Z0b0j0r0z0 0000000124C5 0000004182C5 0 4%515L5 0000000124CD 0000004182CD 0 5.7j7 0000000124ED 0000004182ED 0 8$8,8>8J8Y8e8m8x8~8 000000012519 000000418319 0 9'929S9k9 00000001252B 00000041832B 0 :O:o: 00000001253D 00000041833D 0 <(<3<<<C<R<Y<{< File pos Mem pos ID Text ======== ======= == ==== 00000001255F 00000041835F 0 >Z>c>y> 00000001256F 00000041836F 0 ?*?T?]?m?u?{? 00000001259B 00000041839B 0 0 080D0L0c0r0 0000000125B5 0000004183B5 0 0$1H1f1v1|1 0000000125CD 0000004183CD 0 2m2t2 0000000125EF 0000004183EF 0 4#4G4g4 00000001260D 00000041840D 0 8)8?8]8s8 000000012621 000000418421 0 9 989F9z9 000000012635 000000418435 0 :0:9:k:t: 000000012651 000000418451 0 <,=4=?=k= 000000012661 000000418461 0 =(>8>>>D>J>O>U> 000000012671 000000418471 0 >n>s>x>}> 000000012689 000000418489 0 >$?/?L?V?{? 0000000126B5 0000004184B5 0 050I0 0000000126C3 0000004184C3 0 1L1[1O4 0000000126CD 0000004184CD 0 6J6Q6c6 0000000126DD 0000004184DD 0 6!7C7O7V7 000000012707 000000418507 0 8.8C8T8 00000001270F 00000041850F 0 8f8n8v8~8 000000012725 000000418525 0 9#9+9P9X9f9k9 000000012747 000000418547 0 :*:7:C:P:b:j:r:z: 00000001277F 00000041857F 0 ;";*;2;:;B;J;R;Z;b;j;r;z; 0000000127BF 0000004185BF 0 <"<*<2<:<B<J<R<Z<b<j<r<z< 0000000127FF 0000004185FF 0 ="=*=2=:=B=J=R=Z=b=j=r=z= 000000012841 000000418641 0 ?-?:???L?Q? 00000001284D 00000041864D 0 ?c?p?u? 00000001287F 00000041867F 0 0$0)060;0H0S0 000000012899 000000418699 0 2#2/2<2N2V2c2o2|2 0000000128B3 0000004186B3 0 3"30353;3G3P3X3k3 0000000128D1 0000004186D1 0 444B4M4Z4_4j4u4 0000000128ED 0000004186ED 0 5)595E5O5T5h5~5 00000001290F 00000041870F 0 5-6R6 000000012915 000000418715 0 6Q7W7i7o7 000000012923 000000418723 0 8>8C8 00000001292F 00000041872F 0 8W9d9q9 000000012951 000000418751 0 <W=k= 00000001295B 00000041875B 0 >a>n> 000000012975 000000418775 0 0=1I1 000000012997 000000418797 0 505E5W5x5 0000000129B3 0000004187B3 0 6c7p7 0000000129CD 0000004187CD 0 8-8W8v8 0000000129D9 0000004187D9 0 8K9V9j9u9 0000000129ED 0000004187ED 0 9r:{: 000000012A05 000000418805 0 ;";';,;7;<;A;L;Q;V;a;f;k;v;{; 000000012A39 000000418839 0 =8>z> 000000012A4D 00000041884D 0 ?.?M? 000000012A9F 00000041889F 0 4 404<4H4 000000012AB5 0000004188B5 0 636J6Z6m6}6 000000012ACD 0000004188CD 0 6 7,7;7J7Y7h7 000000012ADB 0000004188DB 0 7(888\8b8j8y8 000000012B18 000000418918 0 c0 444 000000012B39 000000418939 0 7 7%7A7j7 000000012B4F 00000041894F 0 8 80868a8v9 000000012B6B 00000041896B 0 :H:Q:n: 000000012B79 000000418979 0 ;$;);8; 000000012B89 000000418989 0 <1<A<M<Z<h<v< 000000012BAB 0000004189AB 0 >">'> 000000012BB7 0000004189B7 0 >9?E?f? 000000012BD1 0000004189D1 0 01060 000000012BF1 0000004189F1 0 292w2|2 File pos Mem pos ID Text ======== ======= == ==== 000000012BFF 0000004189FF 0 4,4d4 000000012C1B 000000418A1B 0 6:7A7H7~7 000000012C43 000000418A43 0 9#>M> 000000012C5B 000000418A5B 0 777f7 000000012C65 000000418A65 0 7 848F8 000000012C71 000000418A71 0 9.:7:I:X:e:n:v: 000000012C81 000000418A81 0 :0;b; 000000012C9B 000000418A9B 0 =J>q>z> 000000012CAD 000000418AAD 0 ?-?=? 000000012CCD 000000418ACD 0 3 333P3l3~3 000000012D0F 000000418B0F 0 9#9'9+9/93979K: 000000012D27 000000418B27 0 ;%;<; 000000012D61 000000418B61 0 >->4>9>N>j>r> 000000012D8D 000000418B8D 0 2&292T2Z2T3[3g3Q4V4Q5]5j5x5 000000012DBD 000000418BBD 0 6=6B6H6*777C7P7Z7f7s7}7 000000012E0F 000000418C0F 0 :t:z: 000000012E37 000000418C37 0 ;b<y< 000000012E43 000000418C43 0 =&=k=w= 000000012E4B 000000418C4B 0 >!>0>?>S>d>l>q> 000000012E6B 000000418C6B 0 ?-?8?@?E?L?Q?W?b? 000000012E97 000000418C97 0 1"1+171E1s1 000000012EA9 000000418CA9 0 1E2M2g2t2 000000012EC1 000000418CC1 0 2U3m3u3 000000012EDB 000000418CDB 0 3c4n4 000000012F14 000000418D14 0 $0(0,0 00000001313E 000000418F3E 0 pwrstr 000000013146 000000418F46 0 UTypes 00000001314F 000000418F4F 0 System 000000013158 000000418F58 0 SysInit 000000013161 000000418F61 0 WWinSpool 00000001316C 000000418F6C 0 KWindows 000000013176 000000418F76 0 3Messages 000000013182 000000418F82 0 TlHelp32 00000001318D 000000418F8D 0 WinSvc 000000013270 000000419070 0 PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING 000000013108 000000418F08 0 PACKAGEINFO
=== DOWNLOAD ===