.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS                                                            !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    cde6f7fb2fbdefffe22a012295ab157cffc07cab26ba0e34ced0bae484355187
 
Date...........: 2018-10-03
Family.........: Trojan.Skimer.39
File name......: 11111.exe
File size......: 104.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA

Entropy:


Binary Histogram:



=== SCREENSHOT === 



=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 80 0x50 blocks_in_file: 2 2 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 15 0xf max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 26 0x1a reserved0: 1954858752 0x7484c700 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 256 0x100 === DOS STUB === 00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..| 00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus| 00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W| 00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........| 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 8 8 TimeDateStamp: "1992-06-19 22:22:17" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 33166 0x818e EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO 32BIT_MACHINE, BYTES_REVERSED_HI # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 2.25 SizeOfCode: 98816 0x18200 SizeOfInitializedData: 6656 0x1a00 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 101224 0x18b68 BaseOfCode: 4096 0x1000 BaseOfData: 106496 0x1a000 ImageBase: 4194304 0x400000 SectionAlignment: 4096 0x1000 FileAlignment: 512 0x200 OperatingSystemVersion: 4.0 ImageVersion: 0.0 SubsystemVersion: 4.0 Reserved1: 0 0 SizeOfImage: 135168 0x21000 SizeOfHeaders: 1024 0x400 CheckSum: 106883 0x1a183 Subsystem: 2 2 WINDOWS_GUI DllCharacteristics: 0 0 SizeOfStackReserve: 1048576 0x100000 SizeOfStackCommit: 16384 0x4000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x 1c000 size:0x ae0 RESOURCE rva:0x 20000 size:0x 200 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x 1f000 size:0x 6bc DEBUG rva:0x 0 size:0x 0 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 1e000 size:0x 18 LOAD_CONFIG rva:0x 0 size:0x 0 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 0 size:0x 0 Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS CODE 1000 18008 18200 400 0 0 0 0 60000020 R-X CODE DATA 1a000 1c4 200 18600 0 0 0 0 c0000040 RW- IDATA BSS 1b000 b71 0 18800 0 0 0 0 c0000000 RW- .idata 1c000 ae0 c00 18800 0 0 0 0 c0000040 RW- IDATA .tls 1d000 8 0 19400 0 0 0 0 c0000000 RW- .rdata 1e000 18 200 19400 0 0 0 0 50000040 R-- IDATA SHARED .reloc 1f000 6bc 800 19600 0 0 0 0 50000040 R-- IDATA SHARED .rsrc 20000 200 200 19e00 0 0 0 0 50000040 R-- IDATA SHARED === TLS === RAW_START RAW_END INDEX CALLBKS ZEROFILL FLAGS 41d000 41d008 41a084 41e010 0 0 === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0x19eb0 0 0 16 RCDATA DVCLAL 0x19ec0 0 0 68 RCDATA PACKAGEINFO === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME kernel32.dll 0 DeleteCriticalSection kernel32.dll 0 LeaveCriticalSection kernel32.dll 0 EnterCriticalSection kernel32.dll 0 InitializeCriticalSection kernel32.dll 0 VirtualFree kernel32.dll 0 VirtualAlloc kernel32.dll 0 LocalFree kernel32.dll 0 LocalAlloc kernel32.dll 0 GetVersion kernel32.dll 0 GetCurrentThreadId kernel32.dll 0 GetThreadLocale kernel32.dll 0 GetStartupInfoA kernel32.dll 0 GetLocaleInfoA kernel32.dll 0 GetCommandLineA kernel32.dll 0 FreeLibrary kernel32.dll 0 ExitProcess kernel32.dll 0 WriteFile kernel32.dll 0 UnhandledExceptionFilter kernel32.dll 0 RtlUnwind kernel32.dll 0 RaiseException kernel32.dll 0 GetStdHandle user32.dll 0 GetKeyboardType user32.dll 0 MessageBoxA advapi32.dll 0 RegQueryValueExA advapi32.dll 0 RegOpenKeyExA advapi32.dll 0 RegCloseKey kernel32.dll 0 TlsSetValue kernel32.dll 0 TlsGetValue kernel32.dll 0 LocalAlloc kernel32.dll 0 GetModuleHandleA advapi32.dll 0 RegSetKeySecurity advapi32.dll 0 RegQueryValueExA advapi32.dll 0 RegQueryInfoKeyA advapi32.dll 0 RegOpenKeyExA advapi32.dll 0 RegEnumKeyA advapi32.dll 0 RegDeleteKeyA advapi32.dll 0 RegCloseKey advapi32.dll 0 OpenProcessToken advapi32.dll 0 InitializeSecurityDescriptor kernel32.dll 0 lstrlenA kernel32.dll 0 lstrcpyA kernel32.dll 0 lstrcmpiA kernel32.dll 0 lstrcatA kernel32.dll 0 WriteFile kernel32.dll 0 WaitForSingleObject kernel32.dll 0 Sleep kernel32.dll 0 SetLastError kernel32.dll 0 SetFileTime kernel32.dll 0 SetFilePointer kernel32.dll 0 SetFileAttributesA kernel32.dll 0 SetEndOfFile kernel32.dll 0 ReadFile kernel32.dll 0 OpenProcess kernel32.dll 0 LocalReAlloc kernel32.dll 0 LocalFree kernel32.dll 0 LocalAlloc kernel32.dll 0 LoadLibraryA kernel32.dll 0 GetWindowsDirectoryA kernel32.dll 0 GetVolumeInformationA kernel32.dll 0 GetVersionExA kernel32.dll 0 GetTickCount kernel32.dll 0 GetSystemTime kernel32.dll 0 GetSystemDirectoryA kernel32.dll 0 GetProcAddress kernel32.dll 0 GetModuleHandleA kernel32.dll 0 GetModuleFileNameA kernel32.dll 0 GetLocalTime kernel32.dll 0 GetLastError kernel32.dll 0 GetFileTime kernel32.dll 0 GetFileSize kernel32.dll 0 GetFileAttributesA kernel32.dll 0 GetExitCodeThread kernel32.dll 0 GetCurrentThreadId kernel32.dll 0 GetCurrentProcess kernel32.dll 0 FormatMessageA kernel32.dll 0 DeleteFileA kernel32.dll 0 CreateMutexA kernel32.dll 0 CreateFileA kernel32.dll 0 CopyFileA kernel32.dll 0 CloseHandle version.dll 0 VerQueryValueA version.dll 0 GetFileVersionInfoA gdi32.dll 0 GetTextMetricsA user32.dll 0 CreateWindowExA user32.dll 0 UnregisterClassA user32.dll 0 TranslateMessage user32.dll 0 SetTimer user32.dll 0 SetFocus user32.dll 0 SendMessageA user32.dll 0 RegisterClassA user32.dll 0 PeekMessageA user32.dll 0 LoadIconA user32.dll 0 LoadCursorA user32.dll 0 GetWindowTextA user32.dll 0 GetWindowDC user32.dll 0 GetSystemMetrics user32.dll 0 GetMessageA user32.dll 0 GetDesktopWindow user32.dll 0 GetClientRect user32.dll 0 ExitWindowsEx user32.dll 0 DrawTextA user32.dll 0 DispatchMessageA user32.dll 0 DestroyWindow user32.dll 0 DefWindowProcA kernel32.dll 0 GetTickCount kernel32.dll 0 VirtualProtect shlwapi.dll 0 SHDeleteKeyA user32.dll 0 wsprintfA IMAGEHLP.DLL 0 MapFileAndCheckSumA === Packer / Compiler === BobSoft Mini Delphi (BoB / BobSoft)
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 000000000050 000000400050 0 This program must be run under Win32 000000000270 000000400270 0 .idata 0000000002C0 0000004002C0 0 .rdata 0000000002E7 0000004002E7 0 P.reloc 00000000030F 00000040030F 0 P.rsrc 00000000087C 00000040147C 0 wE;\$ 000000001E03 000000402A03 0 ~KxI[) 000000001F2C 000000402B2C 0 SOFTWARE\Borland\Delphi\RTL 000000001F48 000000402B48 0 FPUMaskValue 000000001F95 000000402B95 0 PPRTj 00000000210F 000000402D0F 0 YZXtp 00000000212B 000000402D2B 0 Ph8-@ 000000002286 000000402E86 0 t=HtN 000000002339 000000402F39 0 PhF/@ 000000002408 000000403008 0 Uh=0@ 000000002620 000000403220 0 SVWUQ 000000002854 000000403454 0 SVWRP 0000000029CF 0000004035CF 0 Uh=6@ 000000002D09 000000403909 0 Uh)9@ 000000002D41 000000403941 0 Uha9@ 0000000030F9 000000403CF9 0 +tM"W 000000003554 000000404154 0 Hp>\o 0000000037CC 0000004043CC 0 v:qNgJ 000000003A4F 00000040464F 0 2w0& 000000003AE9 0000004046E9 0 j\50] 000000003B22 000000404722 0 ."pu]Dk 000000003B81 000000404781 0 0Lh&m 000000003CB6 0000004048B6 0 0]&i- 000000003D14 000000404914 0 z8hV 000000003D67 000000404967 0 .P.Gy 000000003FF2 000000404BF2 0 Y*9D7 00000000418F 000000404D8F 0 VJH*& 0000000041AD 000000404DAD 0 ]T-8RV 0000000041B5 000000404DB5 0 ['J8< 000000004220 000000404E20 0 q*W'. 00000000431D 000000404F1D 0 SSztL 0000000043F0 000000404FF0 0 jndIQ 00000000456A 00000040516A 0 .\XHW 00000000489F 00000040549F 0 Kf)nn 0000000048BE 0000004054BE 0 seAil 0000000049CE 0000004055CE 0 $I/3H 0000000049EA 0000004055EA 0 &FDoI 000000004A1F 00000040561F 0 ,x4x[ 000000004A5D 00000040565D 0 d2oI6 000000004C7C 00000040587C 0 ]DK?1 000000004C8A 00000040588A 0 Y;1F9 000000004E89 000000405A89 0 C=|:x 000000004F0C 000000405B0C 0 )c6*c 000000004F31 000000405B31 0 w2BJn 000000005048 000000405C48 0 6<\Hn 00000000506D 000000405C6D 0 >BkA} 00000000522F 000000405E2F 0 5 8(g 0000000052C7 000000405EC7 0 })"$pI 000000005312 000000405F12 0 MYl\} 0000000053B7 000000405FB7 0 vUp<U 0000000053F4 000000405FF4 0 .F4+x 000000005448 000000406048 0 /K ~! 0000000054B8 0000004060B8 0 -ie4ZR 0000000056E1 0000004062E1 0 4D:\1 000000005740 000000406340 0 J>i6%lYqJ File pos Mem pos ID Text ======== ======= == ==== 00000000582E 00000040642E 0 .h}z7 000000005AA1 0000004066A1 0 rqL?<j 000000005B7E 00000040677E 0 'VP#C 000000005C4B 00000040684B 0 ,=2*Y/ 000000005D8E 00000040698E 0 >2;o'=/ 000000005E4F 000000406A4F 0 o.yv :5 000000005E88 000000406A88 0 lV]$X 000000005EB3 000000406AB3 0 mqZG% 0000000060D9 000000406CD9 0 k[#r( 0000000060E8 000000406CE8 0 -{3#J 00000000617B 000000406D7B 0 8;,!#wZ 0000000061E7 000000406DE7 0 Te?th5[ 00000000624F 000000406E4F 0 U}BFk 0000000062BE 000000406EBE 0 ApI% mo 000000006397 000000406F97 0 R)m\e 0000000063D8 000000406FD8 0 .%-y 000000006705 000000407305 0 '#@~8/ 00000000683C 00000040743C 0 77A&O 000000006948 000000407548 0 naw'# 000000006A45 000000407645 0 :.6PS]n 000000006C51 000000407851 0 E[,KH 000000006DA5 0000004079A5 0 5pf@O 000000006E08 000000407A08 0 G1";q 000000006F0A 000000407B0A 0 ISSb0 000000006FFE 000000407BFE 0 (=|oQz 000000007040 000000407C40 0 ,2aJZ 0000000070BB 000000407CBB 0 'rKdO 000000007102 000000407D02 0 3h);"( 000000007113 000000407D13 0 A*'4| 00000000726F 000000407E6F 0 Ff7Lb3 000000007312 000000407F12 0 ZuNJJ 000000007464 000000408064 0 :tb4$ 000000007525 000000408125 0 #<x14X 000000007556 000000408156 0 'yD=: 000000007722 000000408322 0 f@[*$1\ 0000000078B4 0000004084B4 0 ?hL}~ 0000000078D2 0000004084D2 0 2m[& 0000000079B0 0000004085B0 0 8ugqpa 000000007A78 000000408678 0 IrJum 000000007BA3 0000004087A3 0 /@ MYGW 000000007C03 000000408803 0 xXbPr 000000008189 000000408D89 0 )]/O9 0000000082D4 000000408ED4 0 \]$LfE 000000008420 000000409020 0 K+DxQ 0000000085CD 0000004091CD 0 UqgKo 000000008629 000000409229 0 -L]*Z 0000000086AE 0000004092AE 0 FyLac 0000000086F0 0000004092F0 0 }Ve hD 0000000086F8 0000004092F8 0 .w;op 000000008702 000000409302 0 jc]&V 000000008776 000000409376 0 V!G+, 0000000087FA 0000004093FA 0 emL;H 0000000088BC 0000004094BC 0 .) h]'[ 000000008961 000000409561 0 m>%kP 00000000897B 00000040957B 0 z'[+, 000000008A02 000000409602 0 /jB _ 000000008A5E 00000040965E 0 RQ7.c 000000008AA6 0000004096A6 0 B:@OF 000000008AB6 0000004096B6 0 "{~ZC 000000008C70 000000409870 0 '+81Yqpb File pos Mem pos ID Text ======== ======= == ==== 000000008CF4 0000004098F4 0 (T#4ch 000000008D53 000000409953 0 6n 'nnP 000000008D6D 00000040996D 0 S)<,- 000000008F13 000000409B13 0 hccBZ 000000008F68 000000409B68 0 \E#]1 000000008F7B 000000409B7B 0 D!ZV1 000000008FB7 000000409BB7 0 eiN+F 0000000090FD 000000409CFD 0 gOv=K5 00000000919C 000000409D9C 0 ?9IV| 000000009278 000000409E78 0 {3?z{ 0000000093F7 000000409FF7 0 >,]#}X7 00000000948C 00000040A08C 0 >fQPW 0000000094AA 00000040A0AA 0 ~k]v~j 000000009732 00000040A332 0 mE+U& 000000009754 00000040A354 0 slknm 0000000098CE 00000040A4CE 0 hbCXT 00000000999F 00000040A59F 0 Tn:M, 000000009A41 00000040A641 0 P49nag 000000009C67 00000040A867 0 <>?2x}|d 000000009C86 00000040A886 0 d/t:64 000000009FEC 00000040ABEC 0 T"QPjL 00000000A03B 00000040AC3B 0 54y=k? 00000000A0D5 00000040ACD5 0 WCCo,, 00000000A152 00000040AD52 0 :A3@/AH 00000000A4A4 00000040B0A4 0 EfTdI%"fm 00000000A4F5 00000040B0F5 0 X0_z]35 00000000A540 00000040B140 0 f$fjO 00000000A5B2 00000040B1B2 0 =C5O{ 00000000A810 00000040B410 0 4>["Lv 00000000A896 00000040B496 0 5r_DO 00000000A988 00000040B588 0 R}sqo 00000000A99C 00000040B59C 0 =Cdw7} 00000000A9CB 00000040B5CB 0 xol}y 00000000AA4E 00000040B64E 0 j>7Z_ 00000000AAEF 00000040B6EF 0 Gr5+\n 00000000AB41 00000040B741 0 pMJ7 00000000AC5E 00000040B85E 0 P;8hR 00000000AD10 00000040B910 0 T%}[W 00000000AF9B 00000040BB9B 0 ig'S;v 00000000AFD0 00000040BBD0 0 %1S wb 00000000AFE2 00000040BBE2 0 ,C1L# 00000000B067 00000040BC67 0 !2dpBd 00000000B0F8 00000040BCF8 0 ,Ov]X 00000000B120 00000040BD20 0 7J&t* 00000000B32C 00000040BF2C 0 }52)~E 00000000B402 00000040C002 0 ',EM#| 00000000B492 00000040C092 0 !famU 00000000B53D 00000040C13D 0 g2BmL 00000000B6C6 00000040C2C6 0 $G<P? 00000000B870 00000040C470 0 Za!g= 00000000B962 00000040C562 0 9/-~q 00000000B9B4 00000040C5B4 0 .f{_( 00000000BA5C 00000040C65C 0 < 45x@ 00000000BC6C 00000040C86C 0 2[YUq 00000000BD56 00000040C956 0 2+@ 00000000BFA9 00000040CBA9 0 ~C[yGv, 00000000C035 00000040CC35 0 !j+e6 00000000C0AF 00000040CCAF 0 u405iU(t 00000000C19D 00000040CD9D 0 'c"B$8 00000000C1FC 00000040CDFC 0 #]|#: File pos Mem pos ID Text ======== ======= == ==== 00000000C220 00000040CE20 0 $?wdG 00000000C2DE 00000040CEDE 0 ozVX' 00000000C377 00000040CF77 0 CD;px 00000000C478 00000040D078 0 ?+Y$M 00000000C4F2 00000040D0F2 0 )QT6C/,B 00000000C861 00000040D461 0 Wx{n' 00000000C9DD 00000040D5DD 0 E=m{b 00000000CA96 00000040D696 0 ;2w:wd 00000000CAEF 00000040D6EF 0 Fj\)" 00000000CC2F 00000040D82F 0 vN$kUH 00000000CE44 00000040DA44 0 aUtbnG 00000000CFC6 00000040DBC6 0 %Yy+H 00000000D040 00000040DC40 0 %WU~.VU 00000000D0EB 00000040DCEB 0 #"!egdg 00000000D2E7 00000040DEE7 0 5xkuE 00000000D443 00000040E043 0 9j3u < 00000000D530 00000040E130 0 GV)zfG 00000000D71D 00000040E31D 0 z[645 00000000D752 00000040E352 0 h'VR( 00000000D8DA 00000040E4DA 0 oO sT]M 00000000D8FF 00000040E4FF 0 u}8>+ 00000000DB0B 00000040E70B 0 UPO/n+Q 00000000DB32 00000040E732 0 }V]*?D 00000000DCB9 00000040E8B9 0 + |%\ 00000000DCF5 00000040E8F5 0 qSw4n\ 00000000DE77 00000040EA77 0 }#KX1 00000000DEF8 00000040EAF8 0 AF[0Ye 00000000DF48 00000040EB48 0 p.,&# 00000000E054 00000040EC54 0 m U#2 00000000E093 00000040EC93 0 "\mEE 00000000E160 00000040ED60 0 9 %6" 00000000E1F9 00000040EDF9 0 =Z|;, 00000000E39E 00000040EF9E 0 60|&lS# 00000000E505 00000040F105 0 %u=$q 00000000E52B 00000040F12B 0 EH82b 00000000E6A1 00000040F2A1 0 >X?I 00000000E6DD 00000040F2DD 0 ,mCnQ 00000000E73D 00000040F33D 0 7w:"k 00000000E8A9 00000040F4A9 0 ?6<Zt 00000000E98C 00000040F58C 0 azv J 00000000EC21 00000040F821 0 ghI&w 00000000EC2F 00000040F82F 0 L$&\! 00000000EC63 00000040F863 0 +4?RW 00000000EC77 00000040F877 0 X&F!N\ 00000000EDD4 00000040F9D4 0 x ay28K 00000000EF37 00000040FB37 0 P|vNk 00000000EF65 00000040FB65 0 BK{]l 00000000F0E8 00000040FCE8 0 cTqVb 00000000F313 00000040FF13 0 9KaWV 00000000F486 000000410086 0 - 7@Z 00000000F5ED 0000004101ED 0 Z+<d?Rg 00000000F607 000000410207 0 kzE5Z 00000000F63D 00000041023D 0 ,+bsbR 00000000F745 000000410345 0 REXbm 00000000F963 000000410563 0 3O0bZ"Z 00000000F9CE 0000004105CE 0 _HX|Ao3< 00000000F9E6 0000004105E6 0 &p)cM 00000000FAF5 0000004106F5 0 C.FfX 00000000FB6E 00000041076E 0 (h(s9/ 00000000FCCD 0000004108CD 0 :g'Cw& File pos Mem pos ID Text ======== ======= == ==== 00000000FFC3 000000410BC3 0 *8=G|pz 00000001007F 000000410C7F 0 prb:2 00000001009C 000000410C9C 0 i R0)5 00000001013A 000000410D3A 0 BJj4Y 00000001017E 000000410D7E 0 iJo<%j! 0000000101C1 000000410DC1 0 ";R2' 000000010216 000000410E16 0 {zsj| 0000000102AA 000000410EAA 0 -lRR[ 0000000102E5 000000410EE5 0 %$h>KH9_ 00000001052C 00000041112C 0 >(6&}R 00000001054E 00000041114E 0 k)IV( 0000000105C1 0000004111C1 0 4uf(i 0000000106B2 0000004112B2 0 ,Ef!] 0000000107DD 0000004113DD 0 #~cmE 000000010838 000000411438 0 .$FhD 000000010A0A 00000041160A 0 !4q @i 000000010A6E 00000041166E 0 ,k:jY 000000010A85 000000411685 0 js&x_ 000000010B5A 00000041175A 0 41[@kc 000000010B96 000000411796 0 sb0#j 000000010CEC 0000004118EC 0 K<h'i 000000010CF2 0000004118F2 0 ;~Y[owu 000000010D89 000000411989 0 BHKSG 000000010F4B 000000411B4B 0 rDK9$ 000000011174 000000411D74 0 5k[9<> 000000011494 000000412094 0 ,-"Q\~ 0000000114B2 0000004120B2 0 W1D/P 000000011560 000000412160 0 q8k++C 000000011624 000000412224 0 g7]# 000000011721 000000412321 0 ,#]<eG 000000011880 000000412480 0 6E[fk 000000011B67 000000412767 0 {sx07 000000011BB0 0000004127B0 0 @9=[hY<I/ 000000011BF2 0000004127F2 0 o@597=T 000000011F44 000000412B44 0 *sK0& 00000001213D 000000412D3D 0 c}"pw 000000012161 000000412D61 0 i/[hu2} 0000000121B6 000000412DB6 0 l[}V; 000000012280 000000412E80 0 1J9@| 00000001230D 000000412F0D 0 ;-G&CZ 00000001237D 000000412F7D 0 )j XP 000000012591 000000413191 0 ;#6Z,GlP 0000000126CE 0000004132CE 0 ! pyB@ 000000012EDC 000000413ADC 0 =L[h 000000012F61 000000413B61 0 &[8/M 0000000135A7 0000004141A7 0 ,OORb> 0000000136E7 0000004142E7 0 )A % 000000013970 000000414570 0 4yxxi 000000013991 000000414591 0 /bskcF 000000013A8C 00000041468C 0 Ut 6+ 000000013AAC 0000004146AC 0 g/:c:jl 000000013C04 000000414804 0 L#/=8u 000000013DB1 0000004149B1 0 $\R6t$ 000000013EEE 000000414AEE 0 \yi.9 00000001419A 000000414D9A 0 _tGAw 000000014357 000000414F57 0 .Wp+~ 0000000143DE 000000414FDE 0 Q4u4hi 0000000146CD 0000004152CD 0 3cH$. 000000014CEA 0000004158EA 0 RESERV_END 000000014D68 000000415968 0 TagConstBegin File pos Mem pos ID Text ======== ======= == ==== 000000014D78 000000415978 0 kernel32.dll 000000014D88 000000415988 0 VirtualAllocEx 000000014D98 000000415998 0 VirtualFreeEx 000000014DA8 0000004159A8 0 WriteProcessMemory 000000014DBC 0000004159BC 0 CreateRemoteThread 000000014DD0 0000004159D0 0 GetWindowsDirectoryA 000000014DE8 0000004159E8 0 TerminateProcess 000000014DFC 0000004159FC 0 CreateToolhelp32Snapshot 000000014E18 000000415A18 0 Process32First 000000014E28 000000415A28 0 Process32Next 000000014E38 000000415A38 0 Module32First 000000014E48 000000415A48 0 Module32Next 000000014E58 000000415A58 0 advapi32.dll 000000014E68 000000415A68 0 OpenSCManagerA 000000014E78 000000415A78 0 OpenServiceA 000000014E88 000000415A88 0 QueryServiceStatus 000000014E9C 000000415A9C 0 ControlService 000000014EAC 000000415AAC 0 CloseServiceHandle 000000014EC0 000000415AC0 0 LookupPrivilegeValueA 000000014ED8 000000415AD8 0 AdjustTokenPrivileges 000000014EF0 000000415AF0 0 shell32.dll 000000014EFC 000000415AFC 0 IsUserAnAdmin 000000014F0C 000000415B0C 0 user32.dll 000000014F18 000000415B18 0 CloseDesktop 000000014F28 000000415B28 0 CloseWindowStation 000000014F3C 000000415B3C 0 CreateDesktopA 000000014F4C 000000415B4C 0 EnumDisplayMonitors 000000014F60 000000415B60 0 GetMonitorInfoA 000000014F70 000000415B70 0 GetProcessWindowStation 000000014F88 000000415B88 0 GetThreadDesktop 000000014F9C 000000415B9C 0 OpenDesktopA 000000014FAC 000000415BAC 0 OpenWindowStationA 000000014FC0 000000415BC0 0 SetProcessWindowStation 000000014FD8 000000415BD8 0 SetThreadDesktop 000000014FEC 000000415BEC 0 SwitchDesktop 000000014FFC 000000415BFC 0 psapi.dll 000000015008 000000415C08 0 EnumProcesses 000000015018 000000415C18 0 GetModuleBaseNameA 00000001502C 000000415C2C 0 GetModuleFileNameExA 000000015044 000000415C44 0 \Prefetch\ 000000015050 000000415C50 0 SpiService.exe 000000015060 000000415C60 0 C:\Program Files\Diebold\AgilisXFS\bin\SpiService.exe 000000015098 000000415C98 0 AgilisShell.exe 0000000150A8 000000415CA8 0 mu.exe 0000000150B0 000000415CB0 0 /setupapi.log 0000000150C4 000000415CC4 0 netmgr.dll 0000000150D0 000000415CD0 0 \trl2 0000000150E4 000000415CE4 0 \attrib 0000000150F0 000000415CF0 0 \attrib2 0000000150FC 000000415CFC 0 \win.ini:attrib 000000015110 000000415D10 0 \win.ini:attrib2 000000015124 000000415D24 0 Diebold XFS 000000015130 000000415D30 0 \system32\netmgr.dll 000000015148 000000415D48 0 C:\Program Files\Diebold\AgilisXFS\bin\SpiService.exe:#13 000000015184 000000415D84 0 SOFTWARE\Diebold\Agilis 91x Applications 0000000151B0 000000415DB0 0 SOFTWARE\Diebold\Agilis 91x Core 0000000151D4 000000415DD4 0 SOFTWARE\Diebold\Agilis 91x 0000000151F0 000000415DF0 0 SOFTWARE\Diebold\Agilis Power 000000015210 000000415E10 0 Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU 00000001524C 000000415E4C 0 Software\Microsoft\Windows\ShellNoRoam\MUICache File pos Mem pos ID Text ======== ======= == ==== 00000001527C 000000415E7C 0 SYSTEM\CurrentControlSet\Enum\ 00000001529C 000000415E9C 0 TagConstEnd 0000000152A8 000000415EA8 0 LoadFile 000000015770 000000416370 0 WinSta0 000000015778 000000416378 0 MyDesktop 000000015790 000000416390 0 ATMDialog 00000001579C 00000041639C 0 hello 0000000157A4 0000004163A4 0 STATIC 0000000157BC 0000004163BC 0 default 000000015864 000000416464 0 $ZXs? 00000001586B 00000041646B 0 ZX}9j 000000015990 000000416590 0 CreateFile 00000001599C 00000041659C 0 WriteFile 0000000159A8 0000004165A8 0 ReadFile 000000015A1C 00000041661C 0 CreateFile 000000015A5B 00000041665B 0 PhtfA 000000015A78 000000416678 0 %.2d/%.2d/%.2d %.2d:%.2d:%.2d 000000015BD0 0000004167D0 0 Error 000000015C78 000000416878 0 CreateFile1 000000015D90 000000416990 0 OpenProcessToken 000000015DA4 0000004169A4 0 LookupPrivilegeValue 000000015DBC 0000004169BC 0 AdjustTokenPrivileges 000000016092 000000416C92 0 ]hxV4 00000001633C 000000416F3C 0 LocalRealloc 00000001634C 000000416F4C 0 LoadLibraryA 00000001635C 000000416F5C 0 kernel32 000000016438 000000417038 0 CreateFile 000000016444 000000417044 0 WriteFile 0000000165C8 0000004171C8 0 dll CRC error 0000000165D8 0000004171D8 0 Error 0000000165E0 0000004171E0 0 dll file length>128k 00000001669C 00000041729C 0 SeDebugPrivilege 0000000167A4 0000004173A4 0 TimeOutSrvStop 000000016870 000000417470 0 OpenService 00000001687C 00000041747C 0 Stop 000000016884 000000417484 0 ControlService 000000016A8C 00000041768C 0 A.I. Error 000000016A98 000000417698 0 Warning 000000016C00 000000417800 0 OpenProcess 000000016C0C 00000041780C 0 GetExitCodeThread 000000016DF8 0000004179F8 0 kernel32.dll 000000016E08 000000417A08 0 FindFirstFileA 000000016E18 000000417A18 0 FindNextFileA 000000016E28 000000417A28 0 FindClose 000000016E34 000000417A34 0 lstrcpy 000000016E3C 000000417A3C 0 DeleteFileA 000000016E48 000000417A48 0 Sleep 000000016E50 000000417A50 0 -*.pf 000000016E9D 000000417A9D 0 $ZXuz 000000016F2C 000000417B2C 0 LoadLibrary 000000016F38 000000417B38 0 GetProcAddress 000000017104 000000417D04 0 Product Version 000000017118 000000417D18 0 version 0000000172D8 000000417ED8 0 used, 0000000172E4 000000417EE4 0 ver: %X.%X.%X.%X 000000017404 000000418004 0 SeDebugPrivilege 000000017525 000000418125 0 8NTFS 0000000175D0 0000004181D0 0 %s %x.%d %d, %s, Monitors:%d 000000017742 000000418342 0 Admin 0000000177C7 0000004183C7 0 EZX~A File pos Mem pos ID Text ======== ======= == ==== 000000017A17 000000418617 0 UZX~Q 000000017C10 000000418810 0 RegDeleteKey 000000017CFC 0000004188FC 0 8I121u_ 000000017D74 000000418974 0 [%.4d/%.2d/%.2d 000000017D88 000000418988 0 USB\VID_ 000000017D94 000000418994 0 USBSTOR\DISK&VEN_ 000000017DA8 0000004189A8 0 STORAGE\REMOVABLEMEDIA\ 000000017DC0 0000004189C0 0 TagDecoderU 000000017DD0 0000004189D0 0 ]hUUUU 000000017EF8 000000418AF8 0 TagEndDecoder 0000000182D0 000000418ED0 0 memo.txt 0000000182E4 000000418EE4 0 SundBox 0000000182F0 000000418EF0 0 LinInst2 0000000182FE 000000418EFE 0 Before 000000018308 000000418F08 0 SeTtInGs 000000018314 000000418F14 0 Setup v 3.1.0 00000001832A 000000418F2A 0 Agent v %s 00000001833D 000000418F3D 0 MenuCode %d 000000018350 000000418F50 0 SingleCmdCode %d 000000018363 000000418F63 0 OWner ID %d 000000018376 000000418F76 0 Instrument ID %d 00000001838E 000000418F8E 0 Country - %s 0000000183A0 000000418FA0 0 No Settings 0000000183AC 000000418FAC 0 Installation Error 0000000183C0 000000418FC0 0 Installation OK 0000000183D0 000000418FD0 0 DbdDevService.exe 0000000183E6 000000418FE6 0 After 0000000183F0 000000418FF0 0 SeShutdownPrivilege 00000001864C 00000041A04C 0 Error 000000018654 00000041A054 0 Runtime error at 00000000 000000018674 00000041A074 0 0123456789ABCDEF 000000018B00 00000041C300 0 kernel32.dll 000000018B10 00000041C310 0 DeleteCriticalSection 000000018B28 00000041C328 0 LeaveCriticalSection 000000018B40 00000041C340 0 EnterCriticalSection 000000018B58 00000041C358 0 InitializeCriticalSection 000000018B74 00000041C374 0 VirtualFree 000000018B82 00000041C382 0 VirtualAlloc 000000018B92 00000041C392 0 LocalFree 000000018B9E 00000041C39E 0 LocalAlloc 000000018BAC 00000041C3AC 0 GetVersion 000000018BBA 00000041C3BA 0 GetCurrentThreadId 000000018BD0 00000041C3D0 0 GetThreadLocale 000000018BE2 00000041C3E2 0 GetStartupInfoA 000000018BF4 00000041C3F4 0 GetLocaleInfoA 000000018C06 00000041C406 0 GetCommandLineA 000000018C18 00000041C418 0 FreeLibrary 000000018C26 00000041C426 0 ExitProcess 000000018C34 00000041C434 0 WriteFile 000000018C40 00000041C440 0 UnhandledExceptionFilter 000000018C5C 00000041C45C 0 RtlUnwind 000000018C68 00000041C468 0 RaiseException 000000018C7A 00000041C47A 0 GetStdHandle 000000018C88 00000041C488 0 user32.dll 000000018C96 00000041C496 0 GetKeyboardType 000000018CA8 00000041C4A8 0 MessageBoxA 000000018CB4 00000041C4B4 0 advapi32.dll 000000018CC4 00000041C4C4 0 RegQueryValueExA 000000018CD8 00000041C4D8 0 RegOpenKeyExA 000000018CE8 00000041C4E8 0 RegCloseKey File pos Mem pos ID Text ======== ======= == ==== 000000018CF4 00000041C4F4 0 kernel32.dll 000000018D04 00000041C504 0 TlsSetValue 000000018D12 00000041C512 0 TlsGetValue 000000018D20 00000041C520 0 LocalAlloc 000000018D2E 00000041C52E 0 GetModuleHandleA 000000018D40 00000041C540 0 advapi32.dll 000000018D50 00000041C550 0 RegSetKeySecurity 000000018D64 00000041C564 0 RegQueryValueExA 000000018D78 00000041C578 0 RegQueryInfoKeyA 000000018D8C 00000041C58C 0 RegOpenKeyExA 000000018D9C 00000041C59C 0 RegEnumKeyA 000000018DAA 00000041C5AA 0 RegDeleteKeyA 000000018DBA 00000041C5BA 0 RegCloseKey 000000018DC8 00000041C5C8 0 OpenProcessToken 000000018DDC 00000041C5DC 0 InitializeSecurityDescriptor 000000018DFA 00000041C5FA 0 kernel32.dll 000000018E0A 00000041C60A 0 lstrlenA 000000018E16 00000041C616 0 lstrcpyA 000000018E22 00000041C622 0 lstrcmpiA 000000018E2E 00000041C62E 0 lstrcatA 000000018E3A 00000041C63A 0 WriteFile 000000018E46 00000041C646 0 WaitForSingleObject 000000018E5C 00000041C65C 0 Sleep 000000018E64 00000041C664 0 SetLastError 000000018E74 00000041C674 0 SetFileTime 000000018E82 00000041C682 0 SetFilePointer 000000018E94 00000041C694 0 SetFileAttributesA 000000018EAA 00000041C6AA 0 SetEndOfFile 000000018EBA 00000041C6BA 0 ReadFile 000000018EC6 00000041C6C6 0 OpenProcess 000000018ED4 00000041C6D4 0 LocalReAlloc 000000018EE4 00000041C6E4 0 LocalFree 000000018EF0 00000041C6F0 0 LocalAlloc 000000018EFE 00000041C6FE 0 LoadLibraryA 000000018F0E 00000041C70E 0 GetWindowsDirectoryA 000000018F26 00000041C726 0 GetVolumeInformationA 000000018F3E 00000041C73E 0 GetVersionExA 000000018F4E 00000041C74E 0 GetTickCount 000000018F5E 00000041C75E 0 GetSystemTime 000000018F6E 00000041C76E 0 GetSystemDirectoryA 000000018F84 00000041C784 0 GetProcAddress 000000018F96 00000041C796 0 GetModuleHandleA 000000018FAA 00000041C7AA 0 GetModuleFileNameA 000000018FC0 00000041C7C0 0 GetLocalTime 000000018FD0 00000041C7D0 0 GetLastError 000000018FE0 00000041C7E0 0 GetFileTime 000000018FEE 00000041C7EE 0 GetFileSize 000000018FFC 00000041C7FC 0 GetFileAttributesA 000000019012 00000041C812 0 GetExitCodeThread 000000019026 00000041C826 0 GetCurrentThreadId 00000001903C 00000041C83C 0 GetCurrentProcess 000000019050 00000041C850 0 FormatMessageA 000000019062 00000041C862 0 DeleteFileA 000000019070 00000041C870 0 CreateMutexA 000000019080 00000041C880 0 CreateFileA 00000001908E 00000041C88E 0 CopyFileA 00000001909A 00000041C89A 0 CloseHandle 0000000190A6 00000041C8A6 0 version.dll 0000000190B4 00000041C8B4 0 VerQueryValueA 0000000190C6 00000041C8C6 0 GetFileVersionInfoA File pos Mem pos ID Text ======== ======= == ==== 0000000190DA 00000041C8DA 0 gdi32.dll 0000000190E6 00000041C8E6 0 GetTextMetricsA 0000000190F6 00000041C8F6 0 user32.dll 000000019104 00000041C904 0 CreateWindowExA 000000019116 00000041C916 0 UnregisterClassA 00000001912A 00000041C92A 0 TranslateMessage 00000001913E 00000041C93E 0 SetTimer 00000001914A 00000041C94A 0 SetFocus 000000019156 00000041C956 0 SendMessageA 000000019166 00000041C966 0 RegisterClassA 000000019178 00000041C978 0 PeekMessageA 000000019188 00000041C988 0 LoadIconA 000000019194 00000041C994 0 LoadCursorA 0000000191A2 00000041C9A2 0 GetWindowTextA 0000000191B4 00000041C9B4 0 GetWindowDC 0000000191C2 00000041C9C2 0 GetSystemMetrics 0000000191D6 00000041C9D6 0 GetMessageA 0000000191E4 00000041C9E4 0 GetDesktopWindow 0000000191F8 00000041C9F8 0 GetClientRect 000000019208 00000041CA08 0 ExitWindowsEx 000000019218 00000041CA18 0 DrawTextA 000000019224 00000041CA24 0 DispatchMessageA 000000019238 00000041CA38 0 DestroyWindow 000000019248 00000041CA48 0 DefWindowProcA 000000019258 00000041CA58 0 kernel32.dll 000000019268 00000041CA68 0 GetTickCount 000000019278 00000041CA78 0 VirtualProtect 000000019288 00000041CA88 0 shlwapi.dll 000000019296 00000041CA96 0 SHDeleteKeyA 0000000192A4 00000041CAA4 0 user32.dll 0000000192B2 00000041CAB2 0 wsprintfA 0000000192BC 00000041CABC 0 IMAGEHLP.DLL 0000000192CC 00000041CACC 0 MapFileAndCheckSumA 00000001960F 00000041F00F 0 0"0*020:0B0J0R0Z0b0j0r0z0 000000019653 00000041F053 0 6S6b6 000000019667 00000041F067 0 9$9.989N9T9b9w9 000000019691 00000041F091 0 :?:I:S:]:g:z: 0000000196B9 00000041F0B9 0 ;H<h< 0000000196C3 00000041F0C3 0 =Q>]> 0000000196F5 00000041F0F5 0 081A1[1 000000019707 00000041F107 0 2O2X2h2p2v2 000000019727 00000041F127 0 3 383D3L3m3|3 000000019741 00000041F141 0 4B4v4 00000001974D 00000041F14D 0 4$5,52585E5K5 000000019785 00000041F185 0 858F8[8h8 0000000197A3 00000041F1A3 0 ;#;];r; 0000000197B7 00000041F1B7 0 <&<:<D<W< 0000000197C9 00000041F1C9 0 <-=4=V= 0000000197D5 00000041F1D5 0 ?;?B?Z?|? 0000000197F1 00000041F1F1 0 0b0{0 00000001980B 00000041F20B 0 1@1K1h1r1 000000019827 00000041F227 0 2&2+2M2a2m2 00000001983F 00000041F23F 0 4e5v5 000000019865 00000041F265 0 7&7*70747:7A7E7_7h7q7}7 00000001988D 00000041F28D 0 738e8v8{8 0000000198AD 00000041F2AD 0 9$969C9O9\9n9v9~9 0000000198DD 00000041F2DD 0 :&:.:6:>:F:N:V: 0000000198ED 00000041F2ED 0 :f:n:v:~: 00000001991D 00000041F31D 0 ;&;.;6;>;F;N;V; 00000001992D 00000041F32D 0 ;f;n;v;~; File pos Mem pos ID Text ======== ======= == ==== 000000019965 00000041F365 0 9*929:9B9J9R9Z9b9 00000001997D 00000041F37D 0 ?"?,?2?=?i?x? 0000000199C3 00000041F3C3 0 3&3,393C3M3W3a3 0000000199EF 00000041F3EF 0 9&9/9c9l9 0000000199F9 00000041F3F9 0 9W:d: 000000019A1B 00000041F41B 0 0:1D1 000000019A41 00000041F441 0 4"474<4X4b4 000000019A51 00000041F451 0 5&595T5e5 000000019A6B 00000041F46B 0 6U6Z6_6 000000019A75 00000041F475 0 7O7l7 000000019A8B 00000041F48B 0 9&9G9L9 000000019A9D 00000041F49D 0 :_;q;w; 000000019AB3 00000041F4B3 0 <U<e< 000000019ABD 00000041F4BD 0 <]=x= 000000019AC3 00000041F4C3 0 = >c> 000000019AC9 00000041F4C9 0 >M?\? 000000019ADC 00000041F4DC 0 ;0h0x0 000000019AE7 00000041F4E7 0 1-151 000000019AEF 00000041F4EF 0 1 2)292G2j2x2 000000019B0D 00000041F50D 0 3*30495 000000019B1F 00000041F51F 0 788=8 000000019B27 00000041F527 0 9%9F9 000000019B3D 00000041F53D 0 ;";4;8;<;@;D;H;L;P;T;X;\;d;o;~; 000000019B7F 00000041F57F 0 <(<9<T<Y< 000000019B89 00000041F589 0 <u<z< 000000019BB1 00000041F5B1 0 = =&=/=5=:=D=O= 000000019BC1 00000041F5C1 0 =l=r=w= 000000019BF1 00000041F5F1 0 >">,>1>>>C>N> 000000019BFF 00000041F5FF 0 >j>u>~> 000000019C1C 00000041F61C 0 $0(0,0 000000019C5B 00000041F65B 0 1 1$1(1,1014181@1D1H1L1T1X1\1 000000019C79 00000041F679 0 1d1h1l1p1t1x1|1 000000019ECE 0000004200CE 0 lineyka 000000019ED7 0000004200D7 0 UTypes 000000019EE0 0000004200E0 0 System 000000019EE9 0000004200E9 0 SysInit 000000019EF3 0000004200F3 0 Reserv 000000019EFB 0000004200FB 0 KWindows 000000019E98 000000420098 0 PACKAGEINFO 000000000050 000000400050 0 This program must be run under Win32 000000000270 000000400270 0 .idata 0000000002C0 0000004002C0 0 .rdata 0000000002E7 0000004002E7 0 P.reloc 00000000030F 00000040030F 0 P.rsrc 00000000087C 00000040147C 0 wE;\$ 000000001E03 000000402A03 0 ~KxI[) 000000001F2C 000000402B2C 0 SOFTWARE\Borland\Delphi\RTL 000000001F48 000000402B48 0 FPUMaskValue 000000001F95 000000402B95 0 PPRTj 00000000210F 000000402D0F 0 YZXtp 00000000212B 000000402D2B 0 Ph8-@ 000000002286 000000402E86 0 t=HtN 000000002339 000000402F39 0 PhF/@ 000000002408 000000403008 0 Uh=0@ 000000002620 000000403220 0 SVWUQ 000000002854 000000403454 0 SVWRP 0000000029CF 0000004035CF 0 Uh=6@ 000000002D09 000000403909 0 Uh)9@ 000000002D41 000000403941 0 Uha9@ 0000000030F9 000000403CF9 0 +tM"W File pos Mem pos ID Text ======== ======= == ==== 000000003554 000000404154 0 Hp>\o 0000000037CC 0000004043CC 0 v:qNgJ 000000003A4F 00000040464F 0 2w0& 000000003AE9 0000004046E9 0 j\50] 000000003B22 000000404722 0 ."pu]Dk 000000003B81 000000404781 0 0Lh&m 000000003CB6 0000004048B6 0 0]&i- 000000003D14 000000404914 0 z8hV 000000003D67 000000404967 0 .P.Gy 000000003FF2 000000404BF2 0 Y*9D7 00000000418F 000000404D8F 0 VJH*& 0000000041AD 000000404DAD 0 ]T-8RV 0000000041B5 000000404DB5 0 ['J8< 000000004220 000000404E20 0 q*W'. 00000000431D 000000404F1D 0 SSztL 0000000043F0 000000404FF0 0 jndIQ 00000000456A 00000040516A 0 .\XHW 00000000489F 00000040549F 0 Kf)nn 0000000048BE 0000004054BE 0 seAil 0000000049CE 0000004055CE 0 $I/3H 0000000049EA 0000004055EA 0 &FDoI 000000004A1F 00000040561F 0 ,x4x[ 000000004A5D 00000040565D 0 d2oI6 000000004C7C 00000040587C 0 ]DK?1 000000004C8A 00000040588A 0 Y;1F9 000000004E89 000000405A89 0 C=|:x 000000004F0C 000000405B0C 0 )c6*c 000000004F31 000000405B31 0 w2BJn 000000005048 000000405C48 0 6<\Hn 00000000506D 000000405C6D 0 >BkA} 00000000522F 000000405E2F 0 5 8(g 0000000052C7 000000405EC7 0 })"$pI 000000005312 000000405F12 0 MYl\} 0000000053B7 000000405FB7 0 vUp<U 0000000053F4 000000405FF4 0 .F4+x 000000005448 000000406048 0 /K ~! 0000000054B8 0000004060B8 0 -ie4ZR 0000000056E1 0000004062E1 0 4D:\1 000000005740 000000406340 0 J>i6%lYqJ 00000000582E 00000040642E 0 .h}z7 000000005AA1 0000004066A1 0 rqL?<j 000000005B7E 00000040677E 0 'VP#C 000000005C4B 00000040684B 0 ,=2*Y/ 000000005D8E 00000040698E 0 >2;o'=/ 000000005E4F 000000406A4F 0 o.yv :5 000000005E88 000000406A88 0 lV]$X 000000005EB3 000000406AB3 0 mqZG% 0000000060D9 000000406CD9 0 k[#r( 0000000060E8 000000406CE8 0 -{3#J 00000000617B 000000406D7B 0 8;,!#wZ 0000000061E7 000000406DE7 0 Te?th5[ 00000000624F 000000406E4F 0 U}BFk 0000000062BE 000000406EBE 0 ApI% mo 000000006397 000000406F97 0 R)m\e 0000000063D8 000000406FD8 0 .%-y 000000006705 000000407305 0 '#@~8/ 00000000683C 00000040743C 0 77A&O 000000006948 000000407548 0 naw'# 000000006A45 000000407645 0 :.6PS]n 000000006C51 000000407851 0 E[,KH File pos Mem pos ID Text ======== ======= == ==== 000000006DA5 0000004079A5 0 5pf@O 000000006E08 000000407A08 0 G1";q 000000006F0A 000000407B0A 0 ISSb0 000000006FFE 000000407BFE 0 (=|oQz 000000007040 000000407C40 0 ,2aJZ 0000000070BB 000000407CBB 0 'rKdO 000000007102 000000407D02 0 3h);"( 000000007113 000000407D13 0 A*'4| 00000000726F 000000407E6F 0 Ff7Lb3 000000007312 000000407F12 0 ZuNJJ 000000007464 000000408064 0 :tb4$ 000000007525 000000408125 0 #<x14X 000000007556 000000408156 0 'yD=: 000000007722 000000408322 0 f@[*$1\ 0000000078B4 0000004084B4 0 ?hL}~ 0000000078D2 0000004084D2 0 2m[& 0000000079B0 0000004085B0 0 8ugqpa 000000007A78 000000408678 0 IrJum 000000007BA3 0000004087A3 0 /@ MYGW 000000007C03 000000408803 0 xXbPr 000000008189 000000408D89 0 )]/O9 0000000082D4 000000408ED4 0 \]$LfE 000000008420 000000409020 0 K+DxQ 0000000085CD 0000004091CD 0 UqgKo 000000008629 000000409229 0 -L]*Z 0000000086AE 0000004092AE 0 FyLac 0000000086F0 0000004092F0 0 }Ve hD 0000000086F8 0000004092F8 0 .w;op 000000008702 000000409302 0 jc]&V 000000008776 000000409376 0 V!G+, 0000000087FA 0000004093FA 0 emL;H 0000000088BC 0000004094BC 0 .) h]'[ 000000008961 000000409561 0 m>%kP 00000000897B 00000040957B 0 z'[+, 000000008A02 000000409602 0 /jB _ 000000008A5E 00000040965E 0 RQ7.c 000000008AA6 0000004096A6 0 B:@OF 000000008AB6 0000004096B6 0 "{~ZC 000000008C70 000000409870 0 '+81Yqpb 000000008CF4 0000004098F4 0 (T#4ch 000000008D53 000000409953 0 6n 'nnP 000000008D6D 00000040996D 0 S)<,- 000000008F13 000000409B13 0 hccBZ 000000008F68 000000409B68 0 \E#]1 000000008F7B 000000409B7B 0 D!ZV1 000000008FB7 000000409BB7 0 eiN+F 0000000090FD 000000409CFD 0 gOv=K5 00000000919C 000000409D9C 0 ?9IV| 000000009278 000000409E78 0 {3?z{ 0000000093F7 000000409FF7 0 >,]#}X7 00000000948C 00000040A08C 0 >fQPW 0000000094AA 00000040A0AA 0 ~k]v~j 000000009732 00000040A332 0 mE+U& 000000009754 00000040A354 0 slknm 0000000098CE 00000040A4CE 0 hbCXT 00000000999F 00000040A59F 0 Tn:M, 000000009A41 00000040A641 0 P49nag 000000009C67 00000040A867 0 <>?2x}|d 000000009C86 00000040A886 0 d/t:64 000000009FEC 00000040ABEC 0 T"QPjL File pos Mem pos ID Text ======== ======= == ==== 00000000A03B 00000040AC3B 0 54y=k? 00000000A0D5 00000040ACD5 0 WCCo,, 00000000A152 00000040AD52 0 :A3@/AH 00000000A4A4 00000040B0A4 0 EfTdI%"fm 00000000A4F5 00000040B0F5 0 X0_z]35 00000000A540 00000040B140 0 f$fjO 00000000A5B2 00000040B1B2 0 =C5O{ 00000000A810 00000040B410 0 4>["Lv 00000000A896 00000040B496 0 5r_DO 00000000A988 00000040B588 0 R}sqo 00000000A99C 00000040B59C 0 =Cdw7} 00000000A9CB 00000040B5CB 0 xol}y 00000000AA4E 00000040B64E 0 j>7Z_ 00000000AAEF 00000040B6EF 0 Gr5+\n 00000000AB41 00000040B741 0 pMJ7 00000000AC5E 00000040B85E 0 P;8hR 00000000AD10 00000040B910 0 T%}[W 00000000AF9B 00000040BB9B 0 ig'S;v 00000000AFD0 00000040BBD0 0 %1S wb 00000000AFE2 00000040BBE2 0 ,C1L# 00000000B067 00000040BC67 0 !2dpBd 00000000B0F8 00000040BCF8 0 ,Ov]X 00000000B120 00000040BD20 0 7J&t* 00000000B32C 00000040BF2C 0 }52)~E 00000000B402 00000040C002 0 ',EM#| 00000000B492 00000040C092 0 !famU 00000000B53D 00000040C13D 0 g2BmL 00000000B6C6 00000040C2C6 0 $G<P? 00000000B870 00000040C470 0 Za!g= 00000000B962 00000040C562 0 9/-~q 00000000B9B4 00000040C5B4 0 .f{_( 00000000BA5C 00000040C65C 0 < 45x@ 00000000BC6C 00000040C86C 0 2[YUq 00000000BD56 00000040C956 0 2+@ 00000000BFA9 00000040CBA9 0 ~C[yGv, 00000000C035 00000040CC35 0 !j+e6 00000000C0AF 00000040CCAF 0 u405iU(t 00000000C19D 00000040CD9D 0 'c"B$8 00000000C1FC 00000040CDFC 0 #]|#: 00000000C220 00000040CE20 0 $?wdG 00000000C2DE 00000040CEDE 0 ozVX' 00000000C377 00000040CF77 0 CD;px 00000000C478 00000040D078 0 ?+Y$M 00000000C4F2 00000040D0F2 0 )QT6C/,B 00000000C861 00000040D461 0 Wx{n' 00000000C9DD 00000040D5DD 0 E=m{b 00000000CA96 00000040D696 0 ;2w:wd 00000000CAEF 00000040D6EF 0 Fj\)" 00000000CC2F 00000040D82F 0 vN$kUH 00000000CE44 00000040DA44 0 aUtbnG 00000000CFC6 00000040DBC6 0 %Yy+H 00000000D040 00000040DC40 0 %WU~.VU 00000000D0EB 00000040DCEB 0 #"!egdg 00000000D2E7 00000040DEE7 0 5xkuE 00000000D443 00000040E043 0 9j3u < 00000000D530 00000040E130 0 GV)zfG 00000000D71D 00000040E31D 0 z[645 00000000D752 00000040E352 0 h'VR( 00000000D8DA 00000040E4DA 0 oO sT]M 00000000D8FF 00000040E4FF 0 u}8>+ File pos Mem pos ID Text ======== ======= == ==== 00000000DB0B 00000040E70B 0 UPO/n+Q 00000000DB32 00000040E732 0 }V]*?D 00000000DCB9 00000040E8B9 0 + |%\ 00000000DCF5 00000040E8F5 0 qSw4n\ 00000000DE77 00000040EA77 0 }#KX1 00000000DEF8 00000040EAF8 0 AF[0Ye 00000000DF48 00000040EB48 0 p.,&# 00000000E054 00000040EC54 0 m U#2 00000000E093 00000040EC93 0 "\mEE 00000000E160 00000040ED60 0 9 %6" 00000000E1F9 00000040EDF9 0 =Z|;, 00000000E39E 00000040EF9E 0 60|&lS# 00000000E505 00000040F105 0 %u=$q 00000000E52B 00000040F12B 0 EH82b 00000000E6A1 00000040F2A1 0 >X?I 00000000E6DD 00000040F2DD 0 ,mCnQ 00000000E73D 00000040F33D 0 7w:"k 00000000E8A9 00000040F4A9 0 ?6<Zt 00000000E98C 00000040F58C 0 azv J 00000000EC21 00000040F821 0 ghI&w 00000000EC2F 00000040F82F 0 L$&\! 00000000EC63 00000040F863 0 +4?RW 00000000EC77 00000040F877 0 X&F!N\ 00000000EDD4 00000040F9D4 0 x ay28K 00000000EF37 00000040FB37 0 P|vNk 00000000EF65 00000040FB65 0 BK{]l 00000000F0E8 00000040FCE8 0 cTqVb 00000000F313 00000040FF13 0 9KaWV 00000000F486 000000410086 0 - 7@Z 00000000F5ED 0000004101ED 0 Z+<d?Rg 00000000F607 000000410207 0 kzE5Z 00000000F63D 00000041023D 0 ,+bsbR 00000000F745 000000410345 0 REXbm 00000000F963 000000410563 0 3O0bZ"Z 00000000F9CE 0000004105CE 0 _HX|Ao3< 00000000F9E6 0000004105E6 0 &p)cM 00000000FAF5 0000004106F5 0 C.FfX 00000000FB6E 00000041076E 0 (h(s9/ 00000000FCCD 0000004108CD 0 :g'Cw& 00000000FFC3 000000410BC3 0 *8=G|pz 00000001007F 000000410C7F 0 prb:2 00000001009C 000000410C9C 0 i R0)5 00000001013A 000000410D3A 0 BJj4Y 00000001017E 000000410D7E 0 iJo<%j! 0000000101C1 000000410DC1 0 ";R2' 000000010216 000000410E16 0 {zsj| 0000000102AA 000000410EAA 0 -lRR[ 0000000102E5 000000410EE5 0 %$h>KH9_ 00000001052C 00000041112C 0 >(6&}R 00000001054E 00000041114E 0 k)IV( 0000000105C1 0000004111C1 0 4uf(i 0000000106B2 0000004112B2 0 ,Ef!] 0000000107DD 0000004113DD 0 #~cmE 000000010838 000000411438 0 .$FhD 000000010A0A 00000041160A 0 !4q @i 000000010A6E 00000041166E 0 ,k:jY 000000010A85 000000411685 0 js&x_ 000000010B5A 00000041175A 0 41[@kc 000000010B96 000000411796 0 sb0#j 000000010CEC 0000004118EC 0 K<h'i File pos Mem pos ID Text ======== ======= == ==== 000000010CF2 0000004118F2 0 ;~Y[owu 000000010D89 000000411989 0 BHKSG 000000010F4B 000000411B4B 0 rDK9$ 000000011174 000000411D74 0 5k[9<> 000000011494 000000412094 0 ,-"Q\~ 0000000114B2 0000004120B2 0 W1D/P 000000011560 000000412160 0 q8k++C 000000011624 000000412224 0 g7]# 000000011721 000000412321 0 ,#]<eG 000000011880 000000412480 0 6E[fk 000000011B67 000000412767 0 {sx07 000000011BB0 0000004127B0 0 @9=[hY<I/ 000000011BF2 0000004127F2 0 o@597=T 000000011F44 000000412B44 0 *sK0& 00000001213D 000000412D3D 0 c}"pw 000000012161 000000412D61 0 i/[hu2} 0000000121B6 000000412DB6 0 l[}V; 000000012280 000000412E80 0 1J9@| 00000001230D 000000412F0D 0 ;-G&CZ 00000001237D 000000412F7D 0 )j XP 000000012591 000000413191 0 ;#6Z,GlP 0000000126CE 0000004132CE 0 ! pyB@ 000000012EDC 000000413ADC 0 =L[h 000000012F61 000000413B61 0 &[8/M 0000000135A7 0000004141A7 0 ,OORb> 0000000136E7 0000004142E7 0 )A % 000000013970 000000414570 0 4yxxi 000000013991 000000414591 0 /bskcF 000000013A8C 00000041468C 0 Ut 6+ 000000013AAC 0000004146AC 0 g/:c:jl 000000013C04 000000414804 0 L#/=8u 000000013DB1 0000004149B1 0 $\R6t$ 000000013EEE 000000414AEE 0 \yi.9 00000001419A 000000414D9A 0 _tGAw 000000014357 000000414F57 0 .Wp+~ 0000000143DE 000000414FDE 0 Q4u4hi 0000000146CD 0000004152CD 0 3cH$. 000000014CEA 0000004158EA 0 RESERV_END 000000014D68 000000415968 0 TagConstBegin 000000014D78 000000415978 0 kernel32.dll 000000014D88 000000415988 0 VirtualAllocEx 000000014D98 000000415998 0 VirtualFreeEx 000000014DA8 0000004159A8 0 WriteProcessMemory 000000014DBC 0000004159BC 0 CreateRemoteThread 000000014DD0 0000004159D0 0 GetWindowsDirectoryA 000000014DE8 0000004159E8 0 TerminateProcess 000000014DFC 0000004159FC 0 CreateToolhelp32Snapshot 000000014E18 000000415A18 0 Process32First 000000014E28 000000415A28 0 Process32Next 000000014E38 000000415A38 0 Module32First 000000014E48 000000415A48 0 Module32Next 000000014E58 000000415A58 0 advapi32.dll 000000014E68 000000415A68 0 OpenSCManagerA 000000014E78 000000415A78 0 OpenServiceA 000000014E88 000000415A88 0 QueryServiceStatus 000000014E9C 000000415A9C 0 ControlService 000000014EAC 000000415AAC 0 CloseServiceHandle 000000014EC0 000000415AC0 0 LookupPrivilegeValueA 000000014ED8 000000415AD8 0 AdjustTokenPrivileges 000000014EF0 000000415AF0 0 shell32.dll File pos Mem pos ID Text ======== ======= == ==== 000000014EFC 000000415AFC 0 IsUserAnAdmin 000000014F0C 000000415B0C 0 user32.dll 000000014F18 000000415B18 0 CloseDesktop 000000014F28 000000415B28 0 CloseWindowStation 000000014F3C 000000415B3C 0 CreateDesktopA 000000014F4C 000000415B4C 0 EnumDisplayMonitors 000000014F60 000000415B60 0 GetMonitorInfoA 000000014F70 000000415B70 0 GetProcessWindowStation 000000014F88 000000415B88 0 GetThreadDesktop 000000014F9C 000000415B9C 0 OpenDesktopA 000000014FAC 000000415BAC 0 OpenWindowStationA 000000014FC0 000000415BC0 0 SetProcessWindowStation 000000014FD8 000000415BD8 0 SetThreadDesktop 000000014FEC 000000415BEC 0 SwitchDesktop 000000014FFC 000000415BFC 0 psapi.dll 000000015008 000000415C08 0 EnumProcesses 000000015018 000000415C18 0 GetModuleBaseNameA 00000001502C 000000415C2C 0 GetModuleFileNameExA 000000015044 000000415C44 0 \Prefetch\ 000000015050 000000415C50 0 SpiService.exe 000000015060 000000415C60 0 C:\Program Files\Diebold\AgilisXFS\bin\SpiService.exe 000000015098 000000415C98 0 AgilisShell.exe 0000000150A8 000000415CA8 0 mu.exe 0000000150B0 000000415CB0 0 /setupapi.log 0000000150C4 000000415CC4 0 netmgr.dll 0000000150D0 000000415CD0 0 \trl2 0000000150E4 000000415CE4 0 \attrib 0000000150F0 000000415CF0 0 \attrib2 0000000150FC 000000415CFC 0 \win.ini:attrib 000000015110 000000415D10 0 \win.ini:attrib2 000000015124 000000415D24 0 Diebold XFS 000000015130 000000415D30 0 \system32\netmgr.dll 000000015148 000000415D48 0 C:\Program Files\Diebold\AgilisXFS\bin\SpiService.exe:#13 000000015184 000000415D84 0 SOFTWARE\Diebold\Agilis 91x Applications 0000000151B0 000000415DB0 0 SOFTWARE\Diebold\Agilis 91x Core 0000000151D4 000000415DD4 0 SOFTWARE\Diebold\Agilis 91x 0000000151F0 000000415DF0 0 SOFTWARE\Diebold\Agilis Power 000000015210 000000415E10 0 Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU 00000001524C 000000415E4C 0 Software\Microsoft\Windows\ShellNoRoam\MUICache 00000001527C 000000415E7C 0 SYSTEM\CurrentControlSet\Enum\ 00000001529C 000000415E9C 0 TagConstEnd 0000000152A8 000000415EA8 0 LoadFile 000000015770 000000416370 0 WinSta0 000000015778 000000416378 0 MyDesktop 000000015790 000000416390 0 ATMDialog 00000001579C 00000041639C 0 hello 0000000157A4 0000004163A4 0 STATIC 0000000157BC 0000004163BC 0 default 000000015864 000000416464 0 $ZXs? 00000001586B 00000041646B 0 ZX}9j 000000015990 000000416590 0 CreateFile 00000001599C 00000041659C 0 WriteFile 0000000159A8 0000004165A8 0 ReadFile 000000015A1C 00000041661C 0 CreateFile 000000015A5B 00000041665B 0 PhtfA 000000015A78 000000416678 0 %.2d/%.2d/%.2d %.2d:%.2d:%.2d 000000015BD0 0000004167D0 0 Error 000000015C78 000000416878 0 CreateFile1 000000015D90 000000416990 0 OpenProcessToken 000000015DA4 0000004169A4 0 LookupPrivilegeValue File pos Mem pos ID Text ======== ======= == ==== 000000015DBC 0000004169BC 0 AdjustTokenPrivileges 000000016092 000000416C92 0 ]hxV4 00000001633C 000000416F3C 0 LocalRealloc 00000001634C 000000416F4C 0 LoadLibraryA 00000001635C 000000416F5C 0 kernel32 000000016438 000000417038 0 CreateFile 000000016444 000000417044 0 WriteFile 0000000165C8 0000004171C8 0 dll CRC error 0000000165D8 0000004171D8 0 Error 0000000165E0 0000004171E0 0 dll file length>128k 00000001669C 00000041729C 0 SeDebugPrivilege 0000000167A4 0000004173A4 0 TimeOutSrvStop 000000016870 000000417470 0 OpenService 00000001687C 00000041747C 0 Stop 000000016884 000000417484 0 ControlService 000000016A8C 00000041768C 0 A.I. Error 000000016A98 000000417698 0 Warning 000000016C00 000000417800 0 OpenProcess 000000016C0C 00000041780C 0 GetExitCodeThread 000000016DF8 0000004179F8 0 kernel32.dll 000000016E08 000000417A08 0 FindFirstFileA 000000016E18 000000417A18 0 FindNextFileA 000000016E28 000000417A28 0 FindClose 000000016E34 000000417A34 0 lstrcpy 000000016E3C 000000417A3C 0 DeleteFileA 000000016E48 000000417A48 0 Sleep 000000016E50 000000417A50 0 -*.pf 000000016E9D 000000417A9D 0 $ZXuz 000000016F2C 000000417B2C 0 LoadLibrary 000000016F38 000000417B38 0 GetProcAddress 000000017104 000000417D04 0 Product Version 000000017118 000000417D18 0 version 0000000172D8 000000417ED8 0 used, 0000000172E4 000000417EE4 0 ver: %X.%X.%X.%X 000000017404 000000418004 0 SeDebugPrivilege 000000017525 000000418125 0 8NTFS 0000000175D0 0000004181D0 0 %s %x.%d %d, %s, Monitors:%d 000000017742 000000418342 0 Admin 0000000177C7 0000004183C7 0 EZX~A 000000017A17 000000418617 0 UZX~Q 000000017C10 000000418810 0 RegDeleteKey 000000017CFC 0000004188FC 0 8I121u_ 000000017D74 000000418974 0 [%.4d/%.2d/%.2d 000000017D88 000000418988 0 USB\VID_ 000000017D94 000000418994 0 USBSTOR\DISK&VEN_ 000000017DA8 0000004189A8 0 STORAGE\REMOVABLEMEDIA\ 000000017DC0 0000004189C0 0 TagDecoderU 000000017DD0 0000004189D0 0 ]hUUUU 000000017EF8 000000418AF8 0 TagEndDecoder 0000000182D0 000000418ED0 0 memo.txt 0000000182E4 000000418EE4 0 SundBox 0000000182F0 000000418EF0 0 LinInst2 0000000182FE 000000418EFE 0 Before 000000018308 000000418F08 0 SeTtInGs 000000018314 000000418F14 0 Setup v 3.1.0 00000001832A 000000418F2A 0 Agent v %s 00000001833D 000000418F3D 0 MenuCode %d 000000018350 000000418F50 0 SingleCmdCode %d 000000018363 000000418F63 0 OWner ID %d 000000018376 000000418F76 0 Instrument ID %d File pos Mem pos ID Text ======== ======= == ==== 00000001838E 000000418F8E 0 Country - %s 0000000183A0 000000418FA0 0 No Settings 0000000183AC 000000418FAC 0 Installation Error 0000000183C0 000000418FC0 0 Installation OK 0000000183D0 000000418FD0 0 DbdDevService.exe 0000000183E6 000000418FE6 0 After 0000000183F0 000000418FF0 0 SeShutdownPrivilege 00000001864C 00000041A04C 0 Error 000000018654 00000041A054 0 Runtime error at 00000000 000000018674 00000041A074 0 0123456789ABCDEF 000000018B00 00000041C300 0 kernel32.dll 000000018B10 00000041C310 0 DeleteCriticalSection 000000018B28 00000041C328 0 LeaveCriticalSection 000000018B40 00000041C340 0 EnterCriticalSection 000000018B58 00000041C358 0 InitializeCriticalSection 000000018B74 00000041C374 0 VirtualFree 000000018B82 00000041C382 0 VirtualAlloc 000000018B92 00000041C392 0 LocalFree 000000018B9E 00000041C39E 0 LocalAlloc 000000018BAC 00000041C3AC 0 GetVersion 000000018BBA 00000041C3BA 0 GetCurrentThreadId 000000018BD0 00000041C3D0 0 GetThreadLocale 000000018BE2 00000041C3E2 0 GetStartupInfoA 000000018BF4 00000041C3F4 0 GetLocaleInfoA 000000018C06 00000041C406 0 GetCommandLineA 000000018C18 00000041C418 0 FreeLibrary 000000018C26 00000041C426 0 ExitProcess 000000018C34 00000041C434 0 WriteFile 000000018C40 00000041C440 0 UnhandledExceptionFilter 000000018C5C 00000041C45C 0 RtlUnwind 000000018C68 00000041C468 0 RaiseException 000000018C7A 00000041C47A 0 GetStdHandle 000000018C88 00000041C488 0 user32.dll 000000018C96 00000041C496 0 GetKeyboardType 000000018CA8 00000041C4A8 0 MessageBoxA 000000018CB4 00000041C4B4 0 advapi32.dll 000000018CC4 00000041C4C4 0 RegQueryValueExA 000000018CD8 00000041C4D8 0 RegOpenKeyExA 000000018CE8 00000041C4E8 0 RegCloseKey 000000018CF4 00000041C4F4 0 kernel32.dll 000000018D04 00000041C504 0 TlsSetValue 000000018D12 00000041C512 0 TlsGetValue 000000018D20 00000041C520 0 LocalAlloc 000000018D2E 00000041C52E 0 GetModuleHandleA 000000018D40 00000041C540 0 advapi32.dll 000000018D50 00000041C550 0 RegSetKeySecurity 000000018D64 00000041C564 0 RegQueryValueExA 000000018D78 00000041C578 0 RegQueryInfoKeyA 000000018D8C 00000041C58C 0 RegOpenKeyExA 000000018D9C 00000041C59C 0 RegEnumKeyA 000000018DAA 00000041C5AA 0 RegDeleteKeyA 000000018DBA 00000041C5BA 0 RegCloseKey 000000018DC8 00000041C5C8 0 OpenProcessToken 000000018DDC 00000041C5DC 0 InitializeSecurityDescriptor 000000018DFA 00000041C5FA 0 kernel32.dll 000000018E0A 00000041C60A 0 lstrlenA 000000018E16 00000041C616 0 lstrcpyA 000000018E22 00000041C622 0 lstrcmpiA 000000018E2E 00000041C62E 0 lstrcatA 000000018E3A 00000041C63A 0 WriteFile File pos Mem pos ID Text ======== ======= == ==== 000000018E46 00000041C646 0 WaitForSingleObject 000000018E5C 00000041C65C 0 Sleep 000000018E64 00000041C664 0 SetLastError 000000018E74 00000041C674 0 SetFileTime 000000018E82 00000041C682 0 SetFilePointer 000000018E94 00000041C694 0 SetFileAttributesA 000000018EAA 00000041C6AA 0 SetEndOfFile 000000018EBA 00000041C6BA 0 ReadFile 000000018EC6 00000041C6C6 0 OpenProcess 000000018ED4 00000041C6D4 0 LocalReAlloc 000000018EE4 00000041C6E4 0 LocalFree 000000018EF0 00000041C6F0 0 LocalAlloc 000000018EFE 00000041C6FE 0 LoadLibraryA 000000018F0E 00000041C70E 0 GetWindowsDirectoryA 000000018F26 00000041C726 0 GetVolumeInformationA 000000018F3E 00000041C73E 0 GetVersionExA 000000018F4E 00000041C74E 0 GetTickCount 000000018F5E 00000041C75E 0 GetSystemTime 000000018F6E 00000041C76E 0 GetSystemDirectoryA 000000018F84 00000041C784 0 GetProcAddress 000000018F96 00000041C796 0 GetModuleHandleA 000000018FAA 00000041C7AA 0 GetModuleFileNameA 000000018FC0 00000041C7C0 0 GetLocalTime 000000018FD0 00000041C7D0 0 GetLastError 000000018FE0 00000041C7E0 0 GetFileTime 000000018FEE 00000041C7EE 0 GetFileSize 000000018FFC 00000041C7FC 0 GetFileAttributesA 000000019012 00000041C812 0 GetExitCodeThread 000000019026 00000041C826 0 GetCurrentThreadId 00000001903C 00000041C83C 0 GetCurrentProcess 000000019050 00000041C850 0 FormatMessageA 000000019062 00000041C862 0 DeleteFileA 000000019070 00000041C870 0 CreateMutexA 000000019080 00000041C880 0 CreateFileA 00000001908E 00000041C88E 0 CopyFileA 00000001909A 00000041C89A 0 CloseHandle 0000000190A6 00000041C8A6 0 version.dll 0000000190B4 00000041C8B4 0 VerQueryValueA 0000000190C6 00000041C8C6 0 GetFileVersionInfoA 0000000190DA 00000041C8DA 0 gdi32.dll 0000000190E6 00000041C8E6 0 GetTextMetricsA 0000000190F6 00000041C8F6 0 user32.dll 000000019104 00000041C904 0 CreateWindowExA 000000019116 00000041C916 0 UnregisterClassA 00000001912A 00000041C92A 0 TranslateMessage 00000001913E 00000041C93E 0 SetTimer 00000001914A 00000041C94A 0 SetFocus 000000019156 00000041C956 0 SendMessageA 000000019166 00000041C966 0 RegisterClassA 000000019178 00000041C978 0 PeekMessageA 000000019188 00000041C988 0 LoadIconA 000000019194 00000041C994 0 LoadCursorA 0000000191A2 00000041C9A2 0 GetWindowTextA 0000000191B4 00000041C9B4 0 GetWindowDC 0000000191C2 00000041C9C2 0 GetSystemMetrics 0000000191D6 00000041C9D6 0 GetMessageA 0000000191E4 00000041C9E4 0 GetDesktopWindow 0000000191F8 00000041C9F8 0 GetClientRect 000000019208 00000041CA08 0 ExitWindowsEx 000000019218 00000041CA18 0 DrawTextA File pos Mem pos ID Text ======== ======= == ==== 000000019224 00000041CA24 0 DispatchMessageA 000000019238 00000041CA38 0 DestroyWindow 000000019248 00000041CA48 0 DefWindowProcA 000000019258 00000041CA58 0 kernel32.dll 000000019268 00000041CA68 0 GetTickCount 000000019278 00000041CA78 0 VirtualProtect 000000019288 00000041CA88 0 shlwapi.dll 000000019296 00000041CA96 0 SHDeleteKeyA 0000000192A4 00000041CAA4 0 user32.dll 0000000192B2 00000041CAB2 0 wsprintfA 0000000192BC 00000041CABC 0 IMAGEHLP.DLL 0000000192CC 00000041CACC 0 MapFileAndCheckSumA 00000001960F 00000041F00F 0 0"0*020:0B0J0R0Z0b0j0r0z0 000000019653 00000041F053 0 6S6b6 000000019667 00000041F067 0 9$9.989N9T9b9w9 000000019691 00000041F091 0 :?:I:S:]:g:z: 0000000196B9 00000041F0B9 0 ;H<h< 0000000196C3 00000041F0C3 0 =Q>]> 0000000196F5 00000041F0F5 0 081A1[1 000000019707 00000041F107 0 2O2X2h2p2v2 000000019727 00000041F127 0 3 383D3L3m3|3 000000019741 00000041F141 0 4B4v4 00000001974D 00000041F14D 0 4$5,52585E5K5 000000019785 00000041F185 0 858F8[8h8 0000000197A3 00000041F1A3 0 ;#;];r; 0000000197B7 00000041F1B7 0 <&<:<D<W< 0000000197C9 00000041F1C9 0 <-=4=V= 0000000197D5 00000041F1D5 0 ?;?B?Z?|? 0000000197F1 00000041F1F1 0 0b0{0 00000001980B 00000041F20B 0 1@1K1h1r1 000000019827 00000041F227 0 2&2+2M2a2m2 00000001983F 00000041F23F 0 4e5v5 000000019865 00000041F265 0 7&7*70747:7A7E7_7h7q7}7 00000001988D 00000041F28D 0 738e8v8{8 0000000198AD 00000041F2AD 0 9$969C9O9\9n9v9~9 0000000198DD 00000041F2DD 0 :&:.:6:>:F:N:V: 0000000198ED 00000041F2ED 0 :f:n:v:~: 00000001991D 00000041F31D 0 ;&;.;6;>;F;N;V; 00000001992D 00000041F32D 0 ;f;n;v;~; 000000019965 00000041F365 0 9*929:9B9J9R9Z9b9 00000001997D 00000041F37D 0 ?"?,?2?=?i?x? 0000000199C3 00000041F3C3 0 3&3,393C3M3W3a3 0000000199EF 00000041F3EF 0 9&9/9c9l9 0000000199F9 00000041F3F9 0 9W:d: 000000019A1B 00000041F41B 0 0:1D1 000000019A41 00000041F441 0 4"474<4X4b4 000000019A51 00000041F451 0 5&595T5e5 000000019A6B 00000041F46B 0 6U6Z6_6 000000019A75 00000041F475 0 7O7l7 000000019A8B 00000041F48B 0 9&9G9L9 000000019A9D 00000041F49D 0 :_;q;w; 000000019AB3 00000041F4B3 0 <U<e< 000000019ABD 00000041F4BD 0 <]=x= 000000019AC3 00000041F4C3 0 = >c> 000000019AC9 00000041F4C9 0 >M?\? 000000019ADC 00000041F4DC 0 ;0h0x0 000000019AE7 00000041F4E7 0 1-151 000000019AEF 00000041F4EF 0 1 2)292G2j2x2 000000019B0D 00000041F50D 0 3*30495 000000019B1F 00000041F51F 0 788=8 File pos Mem pos ID Text ======== ======= == ==== 000000019B27 00000041F527 0 9%9F9 000000019B3D 00000041F53D 0 ;";4;8;<;@;D;H;L;P;T;X;\;d;o;~; 000000019B7F 00000041F57F 0 <(<9<T<Y< 000000019B89 00000041F589 0 <u<z< 000000019BB1 00000041F5B1 0 = =&=/=5=:=D=O= 000000019BC1 00000041F5C1 0 =l=r=w= 000000019BF1 00000041F5F1 0 >">,>1>>>C>N> 000000019BFF 00000041F5FF 0 >j>u>~> 000000019C1C 00000041F61C 0 $0(0,0 000000019C5B 00000041F65B 0 1 1$1(1,1014181@1D1H1L1T1X1\1 000000019C79 00000041F679 0 1d1h1l1p1t1x1|1 000000019ECE 0000004200CE 0 lineyka 000000019ED7 0000004200D7 0 UTypes 000000019EE0 0000004200E0 0 System 000000019EE9 0000004200E9 0 SysInit 000000019EF3 0000004200F3 0 Reserv 000000019EFB 0000004200FB 0 KWindows 000000019E98 000000420098 0 PACKAGEINFO
=== DOWNLOAD ===