.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------.
! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV !
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
7888e9a27b27f026f09997414504be5822f35b69ddec826eb2a56f6347e2d147
Date...........: 2018-08-02
Family.........: Trojan.Skimer.37
File name......: S - ?????.EXE
File size......: 103.50 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Entropy:
Binary Histogram:
=== SCREENSHOT ===
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 80 0x50
blocks_in_file: 2 2
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 15 0xf
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 26 0x1a
reserved0: 2145927559 0x7fe84187
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 256 0x100
=== DOS STUB ===
00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus|
00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........|
00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 8 8
TimeDateStamp: "1992-06-19 22:22:17"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 33166 0x818e EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO
32BIT_MACHINE, BYTES_REVERSED_HI
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 2.25
SizeOfCode: 98304 0x18000
SizeOfInitializedData: 6656 0x1a00
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 101192 0x18b48
BaseOfCode: 4096 0x1000
BaseOfData: 102400 0x19000
ImageBase: 4194304 0x400000
SectionAlignment: 4096 0x1000
FileAlignment: 512 0x200
OperatingSystemVersion: 4.0
ImageVersion: 0.0
SubsystemVersion: 4.0
Reserved1: 0 0
SizeOfImage: 131072 0x20000
SizeOfHeaders: 1024 0x400
CheckSum: 117443 0x1cac3
Subsystem: 2 2 WINDOWS_GUI
DllCharacteristics: 0 0
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 16384 0x4000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x 1b000 size:0x ae0
RESOURCE rva:0x 1f000 size:0x 200
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x 1e000 size:0x 6b8
DEBUG rva:0x 0 size:0x 0
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 1d000 size:0x 18
LOAD_CONFIG rva:0x 0 size:0x 0
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 0 size:0x 0
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
CODE 1000 17fd4 18000 400 0 0 0 0 60000020 R-X CODE
DATA 19000 1c4 200 18400 0 0 0 0 c0000040 RW- IDATA
BSS 1a000 b71 0 18600 0 0 0 0 c0000000 RW-
.idata 1b000 ae0 c00 18600 0 0 0 0 c0000040 RW- IDATA
.tls 1c000 8 0 19200 0 0 0 0 c0000000 RW-
.rdata 1d000 18 200 19200 0 0 0 0 50000040 R-- IDATA SHARED
.reloc 1e000 6b8 800 19400 0 0 0 0 50000040 R-- IDATA SHARED
.rsrc 1f000 200 200 19c00 0 0 0 0 50000040 R-- IDATA SHARED
=== TLS ===
RAW_START RAW_END INDEX CALLBKS ZEROFILL FLAGS
41c000 41c008 419084 41d010 0 0
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0x19cb0 0 0 16 RCDATA DVCLAL
0x19cc0 0 0 68 RCDATA PACKAGEINFO
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
kernel32.dll 0 DeleteCriticalSection
kernel32.dll 0 LeaveCriticalSection
kernel32.dll 0 EnterCriticalSection
kernel32.dll 0 InitializeCriticalSection
kernel32.dll 0 VirtualFree
kernel32.dll 0 VirtualAlloc
kernel32.dll 0 LocalFree
kernel32.dll 0 LocalAlloc
kernel32.dll 0 GetVersion
kernel32.dll 0 GetCurrentThreadId
kernel32.dll 0 GetThreadLocale
kernel32.dll 0 GetStartupInfoA
kernel32.dll 0 GetLocaleInfoA
kernel32.dll 0 GetCommandLineA
kernel32.dll 0 FreeLibrary
kernel32.dll 0 ExitProcess
kernel32.dll 0 WriteFile
kernel32.dll 0 UnhandledExceptionFilter
kernel32.dll 0 RtlUnwind
kernel32.dll 0 RaiseException
kernel32.dll 0 GetStdHandle
user32.dll 0 GetKeyboardType
user32.dll 0 MessageBoxA
advapi32.dll 0 RegQueryValueExA
advapi32.dll 0 RegOpenKeyExA
advapi32.dll 0 RegCloseKey
kernel32.dll 0 TlsSetValue
kernel32.dll 0 TlsGetValue
kernel32.dll 0 LocalAlloc
kernel32.dll 0 GetModuleHandleA
advapi32.dll 0 RegSetKeySecurity
advapi32.dll 0 RegQueryValueExA
advapi32.dll 0 RegQueryInfoKeyA
advapi32.dll 0 RegOpenKeyExA
advapi32.dll 0 RegEnumKeyA
advapi32.dll 0 RegDeleteKeyA
advapi32.dll 0 RegCloseKey
advapi32.dll 0 OpenProcessToken
advapi32.dll 0 InitializeSecurityDescriptor
kernel32.dll 0 lstrlenA
kernel32.dll 0 lstrcpyA
kernel32.dll 0 lstrcmpiA
kernel32.dll 0 lstrcatA
kernel32.dll 0 WriteFile
kernel32.dll 0 WaitForSingleObject
kernel32.dll 0 Sleep
kernel32.dll 0 SetLastError
kernel32.dll 0 SetFileTime
kernel32.dll 0 SetFilePointer
kernel32.dll 0 SetFileAttributesA
kernel32.dll 0 SetEndOfFile
kernel32.dll 0 ReadFile
kernel32.dll 0 OpenProcess
kernel32.dll 0 LocalReAlloc
kernel32.dll 0 LocalFree
kernel32.dll 0 LocalAlloc
kernel32.dll 0 LoadLibraryA
kernel32.dll 0 GetWindowsDirectoryA
kernel32.dll 0 GetVolumeInformationA
kernel32.dll 0 GetVersionExA
kernel32.dll 0 GetTickCount
kernel32.dll 0 GetSystemTime
kernel32.dll 0 GetSystemDirectoryA
kernel32.dll 0 GetProcAddress
kernel32.dll 0 GetModuleHandleA
kernel32.dll 0 GetModuleFileNameA
kernel32.dll 0 GetLocalTime
kernel32.dll 0 GetLastError
kernel32.dll 0 GetFileTime
kernel32.dll 0 GetFileSize
kernel32.dll 0 GetFileAttributesA
kernel32.dll 0 GetExitCodeThread
kernel32.dll 0 GetCurrentThreadId
kernel32.dll 0 GetCurrentProcess
kernel32.dll 0 FormatMessageA
kernel32.dll 0 DeleteFileA
kernel32.dll 0 CreateMutexA
kernel32.dll 0 CreateFileA
kernel32.dll 0 CopyFileA
kernel32.dll 0 CloseHandle
version.dll 0 VerQueryValueA
version.dll 0 GetFileVersionInfoA
gdi32.dll 0 GetTextMetricsA
user32.dll 0 CreateWindowExA
user32.dll 0 UnregisterClassA
user32.dll 0 TranslateMessage
user32.dll 0 SetTimer
user32.dll 0 SetFocus
user32.dll 0 SendMessageA
user32.dll 0 RegisterClassA
user32.dll 0 PeekMessageA
user32.dll 0 LoadIconA
user32.dll 0 LoadCursorA
user32.dll 0 GetWindowTextA
user32.dll 0 GetWindowDC
user32.dll 0 GetSystemMetrics
user32.dll 0 GetMessageA
user32.dll 0 GetDesktopWindow
user32.dll 0 GetClientRect
user32.dll 0 ExitWindowsEx
user32.dll 0 DrawTextA
user32.dll 0 DispatchMessageA
user32.dll 0 DestroyWindow
user32.dll 0 DefWindowProcA
kernel32.dll 0 GetTickCount
kernel32.dll 0 VirtualProtect
shlwapi.dll 0 SHDeleteKeyA
user32.dll 0 wsprintfA
IMAGEHLP.DLL 0 MapFileAndCheckSumA
=== Packer / Compiler ===
BobSoft Mini Delphi (BoB / BobSoft)
File pos Mem pos ID Text
======== ======= == ====
000000000050 000000400050 0 This program must be run under Win32
000000000270 000000400270 0 .idata
0000000002C0 0000004002C0 0 .rdata
0000000002E7 0000004002E7 0 P.reloc
00000000030F 00000040030F 0 P.rsrc
00000000087C 00000040147C 0 wE;\$
000000001E03 000000402A03 0 ~KxI[)
000000001F2C 000000402B2C 0 SOFTWARE\Borland\Delphi\RTL
000000001F48 000000402B48 0 FPUMaskValue
000000001F95 000000402B95 0 PPRTj
00000000210F 000000402D0F 0 YZXtp
00000000212B 000000402D2B 0 Ph8-@
000000002286 000000402E86 0 t=HtN
000000002339 000000402F39 0 PhF/@
000000002408 000000403008 0 Uh=0@
000000002620 000000403220 0 SVWUQ
000000002854 000000403454 0 SVWRP
0000000029CF 0000004035CF 0 Uh=6@
000000002D09 000000403909 0 Uh)9@
000000002D41 000000403941 0 Uha9@
00000000310C 000000403D0C 0 ?~Xw~
000000003232 000000403E32 0 9DV&r
000000003426 000000404026 0 -%46[Jhl
000000003447 000000404047 0 -J46[
000000003488 000000404088 0 6[J4l
0000000034A6 0000004040A6 0 -%46[Jhl
0000000034C7 0000004040C7 0 -J46[
0000000034F5 0000004040F5 0 <|[I\
000000003745 000000404345 0 M\</dG
000000003756 000000404356 0 54Oe\
0000000038C7 0000004044C7 0 iuAFR,}s
000000003A1F 00000040461F 0 (H%Nz
000000003B9C 00000040479C 0 7tH;o
000000003CCF 0000004048CF 0 |Yr#t
000000003D70 000000404970 0 ]PtM1
000000003DEB 0000004049EB 0 Hu#T%
000000003E1B 000000404A1B 0 A..=;LJ{tp
000000003E41 000000404A41 0 6YqEm
000000003F34 000000404B34 0 W+IvQ
000000003F82 000000404B82 0 ~Q8+:
000000004087 000000404C87 0 I5XPS9
000000004243 000000404E43 0 [U~nb!94
00000000424F 000000404E4F 0 y.?'x
0000000045FC 0000004051FC 0 T"Bc+dzMPA
00000000470F 00000040530F 0 \}JH2
000000004775 000000405375 0 R96sHsq
0000000047F6 0000004053F6 0 %%uGK?
000000004884 000000405484 0 56Opf
000000004933 000000405533 0 d#FvJN
0000000049D8 0000004055D8 0 6azCh
000000004A7D 00000040567D 0 Jf":}
000000004BA3 0000004057A3 0 s9ojlr
000000004E15 000000405A15 0 Fy2qK
000000004F13 000000405B13 0 s\2*l
000000004F35 000000405B35 0 9[\N&6C
0000000050BA 000000405CBA 0 .*GJ;qNk
0000000050C5 000000405CC5 0 .FQpb
0000000051D1 000000405DD1 0 7jQim
00000000528E 000000405E8E 0 sz!Nl
000000005317 000000405F17 0 iv0p[
File pos Mem pos ID Text
======== ======= == ====
000000005430 000000406030 0 ?FX76
000000005489 000000406089 0 ~S;4M|
0000000056E4 0000004062E4 0 PI~ )
000000005764 000000406364 0 G}Jyy
0000000059FD 0000004065FD 0 qAvhk
000000005AE7 0000004066E7 0 ~Qk9v
000000005BC4 0000004067C4 0 jH2n#
000000005CB4 0000004068B4 0 23<hf
000000005D37 000000406937 0 E3Dh$?
000000005F09 000000406B09 0 :i51$Y
00000000609F 000000406C9F 0 WOGb'
0000000060B4 000000406CB4 0 AQCCAK
00000000617F 000000406D7F 0 |U\u8U
0000000061C6 000000406DC6 0 sHA&mP}i
000000006237 000000406E37 0 sa}J'=
000000006411 000000407011 0 hj<z[
00000000654A 00000040714A 0 (]Q1#
000000006795 000000407395 0 5eQNP
0000000068F7 0000004074F7 0 qJjwbw+
000000006920 000000407520 0 Tj/5+
000000006962 000000407562 0 LZ t
000000006A8B 00000040768B 0 1xY='
000000006C9B 00000040789B 0 MKXok
000000006D11 000000407911 0 bMMQ&]
000000006EBC 000000407ABC 0 %t?(HP
000000006EF6 000000407AF6 0 ,NHoY
000000007035 000000407C35 0 <=43z
0000000070D4 000000407CD4 0 ?I!=N
000000007104 000000407D04 0 l7ZU0
000000007215 000000407E15 0 Q]O:K0
0000000072F5 000000407EF5 0 /$$zz@{&
000000007438 000000408038 0 dB&s.{
000000007676 000000408276 0 h!wZZ
0000000076C4 0000004082C4 0 </=|-
000000007854 000000408454 0 ox|y!z
000000007AC8 0000004086C8 0 =>4oZ
000000007B5E 00000040875E 0 mVr12q
000000007C7F 00000040887F 0 3'Zi#
000000007C8E 00000040888E 0 ?J!j:
000000007CDA 0000004088DA 0 ? c]:
000000007D51 000000408951 0 EOfm2
000000007E46 000000408A46 0 ;FXa.
0000000080C9 000000408CC9 0 nL>dL
00000000810D 000000408D0D 0 [8\#_q
0000000082EF 000000408EEF 0 b4k_ 5
000000008496 000000409096 0 |.J.@|
0000000084ED 0000004090ED 0 <>::K
00000000856F 00000040916F 0 LHpmg
0000000086C0 0000004092C0 0 eWZ/"}o
000000008785 000000409385 0 Sob_-
000000008847 000000409447 0 |h/ii
000000008876 000000409476 0 1&,C L0n
0000000088EB 0000004094EB 0 T's1iAb
000000008A3C 00000040963C 0 f~%7'
000000008AFF 0000004096FF 0 ::kUd
000000008BE5 0000004097E5 0 "+/:EV
000000008BED 0000004097ED 0 MDm)dwS
000000008EA6 000000409AA6 0 N$1_$Xb
000000008FF8 000000409BF8 0 T"YfP
0000000092D5 000000409ED5 0 N{5wl
File pos Mem pos ID Text
======== ======= == ====
0000000092F2 000000409EF2 0 86e9q
000000009946 00000040A546 0 y] Bz
000000009ACB 00000040A6CB 0 u(Kz7
000000009B63 00000040A763 0 |A<hxF
000000009C74 00000040A874 0 ?G&s|f&?
000000009DF4 00000040A9F4 0 0Ct!5
000000009E39 00000040AA39 0 &RR5N
00000000A03B 00000040AC3B 0 4j&,h
00000000A087 00000040AC87 0 9\;ds
00000000A13B 00000040AD3B 0 7;A<<
00000000A215 00000040AE15 0 !kmZG
00000000A2DA 00000040AEDA 0 <yJI+
00000000A3CA 00000040AFCA 0 vVEJf{b
00000000A3EA 00000040AFEA 0 a"v1O
00000000A4D6 00000040B0D6 0 $tY3#
00000000A566 00000040B166 0 'y~$<
00000000A7D7 00000040B3D7 0 &G6VG
00000000A99B 00000040B59B 0 QbRg)
00000000A9F4 00000040B5F4 0 W,%*'
00000000AA64 00000040B664 0 3~d#7
00000000AA7B 00000040B67B 0 d!@!D~
00000000AC04 00000040B804 0 'Tx*O
00000000ACD5 00000040B8D5 0 Cf)cx
00000000AD87 00000040B987 0 <JV3<n
00000000AD92 00000040B992 0 wpe,e
00000000ADA2 00000040B9A2 0 Y[U=i<
00000000AE18 00000040BA18 0 Iu%MR
00000000AE82 00000040BA82 0 ?|i'[
00000000B1D4 00000040BDD4 0 +"\wVD
00000000B1F8 00000040BDF8 0 -?iH
00000000B235 00000040BE35 0 x+]%E]
00000000B254 00000040BE54 0 6a]zH
00000000B290 00000040BE90 0 y4b'2gH
00000000B388 00000040BF88 0 #GRwF
00000000B451 00000040C051 0 CbAhx;i
00000000B4BD 00000040C0BD 0 g'8$',
00000000B537 00000040C137 0 N0xPT
00000000B60D 00000040C20D 0 i>('Y
00000000B773 00000040C373 0 I)Qjj
00000000B79E 00000040C39E 0 IP*f{-
00000000B7D5 00000040C3D5 0 m<d6
00000000B844 00000040C444 0 P1GRH
00000000B87B 00000040C47B 0 #0#KA
00000000B8C3 00000040C4C3 0 -Bn9O
00000000BA5C 00000040C65C 0 ?~k$~
00000000BF39 00000040CB39 0 <Jr7-
00000000C318 00000040CF18 0 f!xp}B
00000000C3DD 00000040CFDD 0 6 2Fi
00000000C3F6 00000040CFF6 0 i|q1X
00000000C486 00000040D086 0 8l8yq
00000000C550 00000040D150 0 IeRhQG
00000000C735 00000040D335 0 h@L &
00000000C756 00000040D356 0 XjoxNP
00000000C828 00000040D428 0 /y0=e!
00000000C848 00000040D448 0 tzznk
00000000C893 00000040D493 0 "Z*+G
00000000C89E 00000040D49E 0 4*)[6
00000000C8C6 00000040D4C6 0 ]8<O"
00000000C919 00000040D519 0 P9@s*6
00000000CF6D 00000040DB6D 0 H"%3a
File pos Mem pos ID Text
======== ======= == ====
00000000D0E1 00000040DCE1 0 -Nr\(
00000000D1A4 00000040DDA4 0 c HWMT
00000000D2C4 00000040DEC4 0 K4IHW
00000000D32F 00000040DF2F 0 +E+IO
00000000D36E 00000040DF6E 0 Z[!G1
00000000D684 00000040E284 0 &*ok8
00000000D95E 00000040E55E 0 cz1a
00000000DA7D 00000040E67D 0 }~e2p
00000000DA83 00000040E683 0 6W2 =%
00000000DB17 00000040E717 0 w91$1A
00000000DDBD 00000040E9BD 0 OWG'y
00000000DE55 00000040EA55 0 p|a9j
00000000DFF9 00000040EBF9 0 dc_G=
00000000E166 00000040ED66 0 "ez+GO4"
00000000E31B 00000040EF1B 0 6"\/
00000000E3D9 00000040EFD9 0 oG$+ q
00000000E49D 00000040F09D 0 !f$8A}MCP[
00000000E70E 00000040F30E 0 %1H -
00000000E85E 00000040F45E 0 A";;k
00000000E8B3 00000040F4B3 0 AV=n|/
00000000E906 00000040F506 0 V/o!S
00000000E966 00000040F566 0 'D(AN
00000000E9BC 00000040F5BC 0 Gf;!G
00000000EB72 00000040F772 0 q|UIn
00000000EC4F 00000040F84F 0 T ,ajDXI
00000000EC62 00000040F862 0 " 8G/
00000000ED57 00000040F957 0 fr-p0
00000000EDDB 00000040F9DB 0 >B>B9
00000000F051 00000040FC51 0 =;VS
00000000F0D2 00000040FCD2 0 .6vt7m
00000000F25F 00000040FE5F 0 OgD;&
00000000F265 00000040FE65 0 EvN7C
00000000F340 00000040FF40 0 /(TX@Q
00000000F370 00000040FF70 0 e#Bu"-
00000000F4BE 0000004100BE 0 v9i;]H
00000000F536 000000410136 0 9mung
00000000F7A4 0000004103A4 0 6Q&#l
00000000F823 000000410423 0 $+Y.A
00000000F930 000000410530 0 CC&:nM$
00000000F9FE 0000004105FE 0 ([bJ=
00000000FC2C 00000041082C 0 *s|~0
00000000FC79 000000410879 0 *pNE
00000000FDD4 0000004109D4 0 _J4(7
00000000FE10 000000410A10 0 -95.)g
00000000FF13 000000410B13 0 u#y8/
000000010097 000000410C97 0 W[m)w61Qn
0000000102EC 000000410EEC 0 nweg4
000000010313 000000410F13 0 MV7CdE
0000000103AC 000000410FAC 0 g'$G?
00000001045A 00000041105A 0 o'K43
000000010477 000000411077 0 >rxH|
00000001075D 00000041135D 0 reQko
000000010841 000000411441 0 /I6tO
00000001089E 00000041149E 0 'gYnW
0000000108C0 0000004114C0 0 |>dx{
00000001096D 00000041156D 0 3.&hg\
000000010978 000000411578 0 (eOht
000000010993 000000411593 0 {[%?~
000000010E4F 000000411A4F 0 pp'6X
000000011080 000000411C80 0 7{ocn
File pos Mem pos ID Text
======== ======= == ====
0000000110E2 000000411CE2 0 DL( O
0000000111BE 000000411DBE 0 .sz5L
000000011224 000000411E24 0 @AWQVj\
00000001124D 000000411E4D 0 6xN)oJ
00000001128C 000000411E8C 0 M}W99Z
00000001150E 00000041210E 0 WTpbQW
000000011547 000000412147 0 n$+'!
000000011563 000000412163 0 ';y
00000001165A 00000041225A 0 _);|TQ
000000011665 000000412265 0 _!A-e
0000000116F4 0000004122F4 0 /TLf_
00000001174C 00000041234C 0 z[U2%q
000000011874 000000412474 0 xdpXq)
0000000118CC 0000004124CC 0 *\W"gM$
0000000119A8 0000004125A8 0 6\kmi
000000011A70 000000412670 0 Z#ib5
000000011AA3 0000004126A3 0 x:jixL]
000000011B00 000000412700 0 3[b3f
000000011B38 000000412738 0 Rm\f[%8
000000011B71 000000412771 0 9ItFr
000000011B96 000000412796 0 1b2 u
000000011BD7 0000004127D7 0 *.!jn
000000011C28 000000412828 0 w8R$<
000000011FC1 000000412BC1 0 1N6{c
00000001220F 000000412E0F 0 2{b\_
0000000125E7 0000004131E7 0 XI(A0
000000012601 000000413201 0 9!J, C
000000012697 000000413297 0 <|=|y
00000001274A 00000041334A 0 #'z FN
0000000127E5 0000004133E5 0 %cpo/
000000012A9D 00000041369D 0 ,ls9Y
000000012BDD 0000004137DD 0 <WFo.
000000012C62 000000413862 0 *yl 8
000000012F21 000000413B21 0 4X@Ah
000000012F80 000000413B80 0 ";j1+
000000013440 000000414040 0 c&x;zy4C>
0000000134C3 0000004140C3 0 >jCB}
0000000137A0 0000004143A0 0 Ce]6W
00000001383A 00000041443A 0 >IsO2
00000001397B 00000041457B 0 :rV~Hf
000000013D58 000000414958 0 (@k78
000000013DAC 0000004149AC 0 R?Z54C W
000000013FAE 000000414BAE 0 O6WE*_
0000000140BA 000000414CBA 0 5I6s;
0000000141E1 000000414DE1 0 $>xEX~
000000014200 000000414E00 0 $VtT[
000000014301 000000414F01 0 {SCxZ
00000001442B 00000041502B 0 D'i5M
0000000146D3 0000004152D3 0 $cjh
000000014840 000000415440 0 9jV?p
000000014CEA 0000004158EA 0 RESERV_END
000000014D68 000000415968 0 TagConstBegin
000000014D78 000000415978 0 kernel32.dll
000000014D88 000000415988 0 VirtualAllocEx
000000014D98 000000415998 0 VirtualFreeEx
000000014DA8 0000004159A8 0 WriteProcessMemory
000000014DBC 0000004159BC 0 CreateRemoteThread
000000014DD0 0000004159D0 0 GetWindowsDirectoryA
000000014DE8 0000004159E8 0 TerminateProcess
000000014DFC 0000004159FC 0 CreateToolhelp32Snapshot
File pos Mem pos ID Text
======== ======= == ====
000000014E18 000000415A18 0 Process32First
000000014E28 000000415A28 0 Process32Next
000000014E38 000000415A38 0 Module32First
000000014E48 000000415A48 0 Module32Next
000000014E58 000000415A58 0 advapi32.dll
000000014E68 000000415A68 0 OpenSCManagerA
000000014E78 000000415A78 0 OpenServiceA
000000014E88 000000415A88 0 QueryServiceStatus
000000014E9C 000000415A9C 0 ControlService
000000014EAC 000000415AAC 0 CloseServiceHandle
000000014EC0 000000415AC0 0 LookupPrivilegeValueA
000000014ED8 000000415AD8 0 AdjustTokenPrivileges
000000014EF0 000000415AF0 0 shell32.dll
000000014EFC 000000415AFC 0 IsUserAnAdmin
000000014F0C 000000415B0C 0 user32.dll
000000014F18 000000415B18 0 CloseDesktop
000000014F28 000000415B28 0 CloseWindowStation
000000014F3C 000000415B3C 0 CreateDesktopA
000000014F4C 000000415B4C 0 EnumDisplayMonitors
000000014F60 000000415B60 0 GetMonitorInfoA
000000014F70 000000415B70 0 GetProcessWindowStation
000000014F88 000000415B88 0 GetThreadDesktop
000000014F9C 000000415B9C 0 OpenDesktopA
000000014FAC 000000415BAC 0 OpenWindowStationA
000000014FC0 000000415BC0 0 SetProcessWindowStation
000000014FD8 000000415BD8 0 SetThreadDesktop
000000014FEC 000000415BEC 0 SwitchDesktop
000000014FFC 000000415BFC 0 psapi.dll
000000015008 000000415C08 0 EnumProcesses
000000015018 000000415C18 0 GetModuleBaseNameA
00000001502C 000000415C2C 0 GetModuleFileNameExA
000000015044 000000415C44 0 \Prefetch\
000000015050 000000415C50 0 SpiService.exe
000000015060 000000415C60 0 C:\Program Files\Diebold\AgilisXFS\bin\SpiService.exe
000000015098 000000415C98 0 AgilisShell.exe
0000000150A8 000000415CA8 0 mu.exe
0000000150B0 000000415CB0 0 /setupapi.log
0000000150C4 000000415CC4 0 netmgr.dll
0000000150D0 000000415CD0 0 \trl2
0000000150E4 000000415CE4 0 \attrib
0000000150F0 000000415CF0 0 \attrib2
0000000150FC 000000415CFC 0 \win.ini:attrib
000000015110 000000415D10 0 \win.ini:attrib2
000000015124 000000415D24 0 Diebold XFS
000000015130 000000415D30 0 \system32\netmgr.dll
000000015148 000000415D48 0 C:\Program Files\Diebold\AgilisXFS\bin\SpiService.exe:#13
000000015184 000000415D84 0 SOFTWARE\Diebold\Agilis 91x Applications
0000000151B0 000000415DB0 0 SOFTWARE\Diebold\Agilis 91x Core
0000000151D4 000000415DD4 0 SOFTWARE\Diebold\Agilis 91x
0000000151F0 000000415DF0 0 SOFTWARE\Diebold\Agilis Power
000000015210 000000415E10 0 Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
00000001524C 000000415E4C 0 Software\Microsoft\Windows\ShellNoRoam\MUICache
00000001527C 000000415E7C 0 SYSTEM\CurrentControlSet\Enum\
00000001529C 000000415E9C 0 TagConstEnd
0000000152A8 000000415EA8 0 LoadFile
000000015770 000000416370 0 WinSta0
000000015778 000000416378 0 MyDesktop
000000015790 000000416390 0 ATMDialog
00000001579C 00000041639C 0 hello
0000000157A4 0000004163A4 0 STATIC
File pos Mem pos ID Text
======== ======= == ====
0000000157BC 0000004163BC 0 default
000000015864 000000416464 0 $ZXs?
00000001586B 00000041646B 0 ZX}9j
000000015990 000000416590 0 CreateFile
00000001599C 00000041659C 0 WriteFile
0000000159A8 0000004165A8 0 ReadFile
000000015A1C 00000041661C 0 CreateFile
000000015A5B 00000041665B 0 PhtfA
000000015A78 000000416678 0 %.2d/%.2d/%.2d %.2d:%.2d:%.2d
000000015BD0 0000004167D0 0 Error
000000015C78 000000416878 0 CreateFile1
000000015D90 000000416990 0 OpenProcessToken
000000015DA4 0000004169A4 0 LookupPrivilegeValue
000000015DBC 0000004169BC 0 AdjustTokenPrivileges
000000016092 000000416C92 0 ]hxV4
00000001633C 000000416F3C 0 LocalRealloc
00000001634C 000000416F4C 0 LoadLibraryA
00000001635C 000000416F5C 0 kernel32
000000016438 000000417038 0 CreateFile
000000016444 000000417044 0 WriteFile
0000000165C8 0000004171C8 0 dll CRC error
0000000165D8 0000004171D8 0 Error
0000000165E0 0000004171E0 0 dll file length>128k
00000001669C 00000041729C 0 SeDebugPrivilege
0000000167A4 0000004173A4 0 TimeOutSrvStop
000000016870 000000417470 0 OpenService
00000001687C 00000041747C 0 Stop
000000016884 000000417484 0 ControlService
000000016A8C 00000041768C 0 A.I. Error
000000016A98 000000417698 0 Warning
000000016C00 000000417800 0 OpenProcess
000000016C0C 00000041780C 0 GetExitCodeThread
000000016DF8 0000004179F8 0 kernel32.dll
000000016E08 000000417A08 0 FindFirstFileA
000000016E18 000000417A18 0 FindNextFileA
000000016E28 000000417A28 0 FindClose
000000016E34 000000417A34 0 lstrcpy
000000016E3C 000000417A3C 0 DeleteFileA
000000016E48 000000417A48 0 Sleep
000000016E50 000000417A50 0 -*.pf
000000016E9D 000000417A9D 0 $ZXuz
000000016F2C 000000417B2C 0 LoadLibrary
000000016F38 000000417B38 0 GetProcAddress
000000017104 000000417D04 0 Product Version
000000017118 000000417D18 0 version
0000000172D8 000000417ED8 0 used,
0000000172E4 000000417EE4 0 ver: %X.%X.%X.%X
000000017404 000000418004 0 SeDebugPrivilege
000000017525 000000418125 0 8NTFS
0000000175D0 0000004181D0 0 %s %x.%d %d, %s, Monitors:%d
000000017742 000000418342 0 Admin
0000000177C7 0000004183C7 0 EZX~A
000000017A17 000000418617 0 UZX~Q
000000017CDC 0000004188DC 0 8I121u_
000000017D54 000000418954 0 [%.4d/%.2d/%.2d
000000017D68 000000418968 0 USB\VID_
000000017D74 000000418974 0 USBSTOR\DISK&VEN_
000000017D88 000000418988 0 STORAGE\REMOVABLEMEDIA\
000000017DA0 0000004189A0 0 TagDecoderU
000000017DB0 0000004189B0 0 ]hUUUU
File pos Mem pos ID Text
======== ======= == ====
000000017ED8 000000418AD8 0 TagEndDecoder
00000001829C 000000418E9C 0 memo.txt
0000000182B0 000000418EB0 0 SundBox
0000000182BC 000000418EBC 0 LinInst2
0000000182CA 000000418ECA 0 Before
0000000182D4 000000418ED4 0 SeTtInGs
0000000182E0 000000418EE0 0 Setup v 3.1.0
0000000182F6 000000418EF6 0 Agent v %s
000000018309 000000418F09 0 MenuCode %d
00000001831C 000000418F1C 0 SingleCmdCode %d
00000001832F 000000418F2F 0 OWner ID %d
000000018342 000000418F42 0 Instrument ID %d
00000001835A 000000418F5A 0 Country - %s
00000001836C 000000418F6C 0 No Settings
000000018378 000000418F78 0 Installation Error
00000001838C 000000418F8C 0 Installation OK
00000001839C 000000418F9C 0 DbdDevService.exe
0000000183B2 000000418FB2 0 After
0000000183BC 000000418FBC 0 SeShutdownPrivilege
00000001844C 00000041904C 0 Error
000000018454 000000419054 0 Runtime error at 00000000
000000018474 000000419074 0 0123456789ABCDEF
000000018900 00000041B300 0 kernel32.dll
000000018910 00000041B310 0 DeleteCriticalSection
000000018928 00000041B328 0 LeaveCriticalSection
000000018940 00000041B340 0 EnterCriticalSection
000000018958 00000041B358 0 InitializeCriticalSection
000000018974 00000041B374 0 VirtualFree
000000018982 00000041B382 0 VirtualAlloc
000000018992 00000041B392 0 LocalFree
00000001899E 00000041B39E 0 LocalAlloc
0000000189AC 00000041B3AC 0 GetVersion
0000000189BA 00000041B3BA 0 GetCurrentThreadId
0000000189D0 00000041B3D0 0 GetThreadLocale
0000000189E2 00000041B3E2 0 GetStartupInfoA
0000000189F4 00000041B3F4 0 GetLocaleInfoA
000000018A06 00000041B406 0 GetCommandLineA
000000018A18 00000041B418 0 FreeLibrary
000000018A26 00000041B426 0 ExitProcess
000000018A34 00000041B434 0 WriteFile
000000018A40 00000041B440 0 UnhandledExceptionFilter
000000018A5C 00000041B45C 0 RtlUnwind
000000018A68 00000041B468 0 RaiseException
000000018A7A 00000041B47A 0 GetStdHandle
000000018A88 00000041B488 0 user32.dll
000000018A96 00000041B496 0 GetKeyboardType
000000018AA8 00000041B4A8 0 MessageBoxA
000000018AB4 00000041B4B4 0 advapi32.dll
000000018AC4 00000041B4C4 0 RegQueryValueExA
000000018AD8 00000041B4D8 0 RegOpenKeyExA
000000018AE8 00000041B4E8 0 RegCloseKey
000000018AF4 00000041B4F4 0 kernel32.dll
000000018B04 00000041B504 0 TlsSetValue
000000018B12 00000041B512 0 TlsGetValue
000000018B20 00000041B520 0 LocalAlloc
000000018B2E 00000041B52E 0 GetModuleHandleA
000000018B40 00000041B540 0 advapi32.dll
000000018B50 00000041B550 0 RegSetKeySecurity
000000018B64 00000041B564 0 RegQueryValueExA
000000018B78 00000041B578 0 RegQueryInfoKeyA
File pos Mem pos ID Text
======== ======= == ====
000000018B8C 00000041B58C 0 RegOpenKeyExA
000000018B9C 00000041B59C 0 RegEnumKeyA
000000018BAA 00000041B5AA 0 RegDeleteKeyA
000000018BBA 00000041B5BA 0 RegCloseKey
000000018BC8 00000041B5C8 0 OpenProcessToken
000000018BDC 00000041B5DC 0 InitializeSecurityDescriptor
000000018BFA 00000041B5FA 0 kernel32.dll
000000018C0A 00000041B60A 0 lstrlenA
000000018C16 00000041B616 0 lstrcpyA
000000018C22 00000041B622 0 lstrcmpiA
000000018C2E 00000041B62E 0 lstrcatA
000000018C3A 00000041B63A 0 WriteFile
000000018C46 00000041B646 0 WaitForSingleObject
000000018C5C 00000041B65C 0 Sleep
000000018C64 00000041B664 0 SetLastError
000000018C74 00000041B674 0 SetFileTime
000000018C82 00000041B682 0 SetFilePointer
000000018C94 00000041B694 0 SetFileAttributesA
000000018CAA 00000041B6AA 0 SetEndOfFile
000000018CBA 00000041B6BA 0 ReadFile
000000018CC6 00000041B6C6 0 OpenProcess
000000018CD4 00000041B6D4 0 LocalReAlloc
000000018CE4 00000041B6E4 0 LocalFree
000000018CF0 00000041B6F0 0 LocalAlloc
000000018CFE 00000041B6FE 0 LoadLibraryA
000000018D0E 00000041B70E 0 GetWindowsDirectoryA
000000018D26 00000041B726 0 GetVolumeInformationA
000000018D3E 00000041B73E 0 GetVersionExA
000000018D4E 00000041B74E 0 GetTickCount
000000018D5E 00000041B75E 0 GetSystemTime
000000018D6E 00000041B76E 0 GetSystemDirectoryA
000000018D84 00000041B784 0 GetProcAddress
000000018D96 00000041B796 0 GetModuleHandleA
000000018DAA 00000041B7AA 0 GetModuleFileNameA
000000018DC0 00000041B7C0 0 GetLocalTime
000000018DD0 00000041B7D0 0 GetLastError
000000018DE0 00000041B7E0 0 GetFileTime
000000018DEE 00000041B7EE 0 GetFileSize
000000018DFC 00000041B7FC 0 GetFileAttributesA
000000018E12 00000041B812 0 GetExitCodeThread
000000018E26 00000041B826 0 GetCurrentThreadId
000000018E3C 00000041B83C 0 GetCurrentProcess
000000018E50 00000041B850 0 FormatMessageA
000000018E62 00000041B862 0 DeleteFileA
000000018E70 00000041B870 0 CreateMutexA
000000018E80 00000041B880 0 CreateFileA
000000018E8E 00000041B88E 0 CopyFileA
000000018E9A 00000041B89A 0 CloseHandle
000000018EA6 00000041B8A6 0 version.dll
000000018EB4 00000041B8B4 0 VerQueryValueA
000000018EC6 00000041B8C6 0 GetFileVersionInfoA
000000018EDA 00000041B8DA 0 gdi32.dll
000000018EE6 00000041B8E6 0 GetTextMetricsA
000000018EF6 00000041B8F6 0 user32.dll
000000018F04 00000041B904 0 CreateWindowExA
000000018F16 00000041B916 0 UnregisterClassA
000000018F2A 00000041B92A 0 TranslateMessage
000000018F3E 00000041B93E 0 SetTimer
000000018F4A 00000041B94A 0 SetFocus
000000018F56 00000041B956 0 SendMessageA
File pos Mem pos ID Text
======== ======= == ====
000000018F66 00000041B966 0 RegisterClassA
000000018F78 00000041B978 0 PeekMessageA
000000018F88 00000041B988 0 LoadIconA
000000018F94 00000041B994 0 LoadCursorA
000000018FA2 00000041B9A2 0 GetWindowTextA
000000018FB4 00000041B9B4 0 GetWindowDC
000000018FC2 00000041B9C2 0 GetSystemMetrics
000000018FD6 00000041B9D6 0 GetMessageA
000000018FE4 00000041B9E4 0 GetDesktopWindow
000000018FF8 00000041B9F8 0 GetClientRect
000000019008 00000041BA08 0 ExitWindowsEx
000000019018 00000041BA18 0 DrawTextA
000000019024 00000041BA24 0 DispatchMessageA
000000019038 00000041BA38 0 DestroyWindow
000000019048 00000041BA48 0 DefWindowProcA
000000019058 00000041BA58 0 kernel32.dll
000000019068 00000041BA68 0 GetTickCount
000000019078 00000041BA78 0 VirtualProtect
000000019088 00000041BA88 0 shlwapi.dll
000000019096 00000041BA96 0 SHDeleteKeyA
0000000190A4 00000041BAA4 0 user32.dll
0000000190B2 00000041BAB2 0 wsprintfA
0000000190BC 00000041BABC 0 IMAGEHLP.DLL
0000000190CC 00000041BACC 0 MapFileAndCheckSumA
00000001940F 00000041E00F 0 0"0*020:0B0J0R0Z0b0j0r0z0
000000019453 00000041E053 0 6S6b6
000000019467 00000041E067 0 9$9.989N9T9b9w9
000000019491 00000041E091 0 :?:I:S:]:g:z:
0000000194B9 00000041E0B9 0 ;H<h<
0000000194C3 00000041E0C3 0 =Q>]>
0000000194F5 00000041E0F5 0 081A1[1
000000019507 00000041E107 0 2O2X2h2p2v2
000000019527 00000041E127 0 3 383D3L3m3|3
000000019541 00000041E141 0 4B4v4
00000001954D 00000041E14D 0 4$5,52585E5K5
000000019585 00000041E185 0 858F8[8h8
0000000195A3 00000041E1A3 0 ;#;];r;
0000000195B7 00000041E1B7 0 <&<:<D<W<
0000000195C9 00000041E1C9 0 <-=4=V=
0000000195D5 00000041E1D5 0 ?;?B?Z?|?
0000000195F1 00000041E1F1 0 0b0{0
00000001960B 00000041E20B 0 1@1K1h1r1
000000019627 00000041E227 0 2&2+2M2a2m2
00000001963F 00000041E23F 0 4e5v5
000000019665 00000041E265 0 7&7*70747:7A7E7_7h7q7}7
00000001968D 00000041E28D 0 738e8v8{8
0000000196AD 00000041E2AD 0 9$969C9O9\9n9v9~9
0000000196DD 00000041E2DD 0 :&:.:6:>:F:N:V:
0000000196ED 00000041E2ED 0 :f:n:v:~:
00000001971D 00000041E31D 0 ;&;.;6;>;F;N;V;
00000001972D 00000041E32D 0 ;f;n;v;~;
000000019765 00000041E365 0 9*929:9B9J9R9Z9b9
00000001977D 00000041E37D 0 ?"?,?2?=?i?x?
0000000197C3 00000041E3C3 0 3&3,393C3M3W3a3
0000000197EF 00000041E3EF 0 9&9/9c9l9
0000000197F9 00000041E3F9 0 9W:d:
00000001981B 00000041E41B 0 0:1D1
000000019841 00000041E441 0 4"474<4X4b4
000000019851 00000041E451 0 5&595T5e5
00000001986B 00000041E46B 0 6U6Z6_6
File pos Mem pos ID Text
======== ======= == ====
000000019875 00000041E475 0 7O7l7
00000001988B 00000041E48B 0 9&9G9L9
00000001989D 00000041E49D 0 :_;q;w;
0000000198B3 00000041E4B3 0 <U<e<
0000000198BD 00000041E4BD 0 <]=x=
0000000198C3 00000041E4C3 0 = >c>
0000000198C9 00000041E4C9 0 >M?\?
0000000198DC 00000041E4DC 0 ;0h0x0
0000000198E7 00000041E4E7 0 1-151
0000000198EF 00000041E4EF 0 1 2)292G2j2x2
00000001990D 00000041E50D 0 3*30495
00000001992D 00000041E52D 0 9_:h:
000000019943 00000041E543 0 ; ;$;(;,;0;4;8;<;D;O;
000000019959 00000041E559 0 ;j;q;y;
000000019981 00000041E581 0 <4<9<><U<Z<_<v<{<
0000000199B9 00000041E5B9 0 =$=/=>=L=R=W=a=g=o=u=|=
0000000199F7 00000041E5F7 0 >#>.>@>J>U>]>y>
000000019A18 00000041E618 0 $0(0,0
000000019A57 00000041E657 0 1 1$1(1,1014181@1D1H1L1T1X1\1
000000019A75 00000041E675 0 1d1h1l1p1t1x1|1
000000019CCE 00000041F0CE 0 lineyka
000000019CD7 00000041F0D7 0 UTypes
000000019CE0 00000041F0E0 0 System
000000019CE9 00000041F0E9 0 SysInit
000000019CF3 00000041F0F3 0 Reserv
000000019CFB 00000041F0FB 0 KWindows
000000019C98 00000041F098 0 PACKAGEINFO
000000000050 000000400050 0 This program must be run under Win32
000000000270 000000400270 0 .idata
0000000002C0 0000004002C0 0 .rdata
0000000002E7 0000004002E7 0 P.reloc
00000000030F 00000040030F 0 P.rsrc
00000000087C 00000040147C 0 wE;\$
000000001E03 000000402A03 0 ~KxI[)
000000001F2C 000000402B2C 0 SOFTWARE\Borland\Delphi\RTL
000000001F48 000000402B48 0 FPUMaskValue
000000001F95 000000402B95 0 PPRTj
00000000210F 000000402D0F 0 YZXtp
00000000212B 000000402D2B 0 Ph8-@
000000002286 000000402E86 0 t=HtN
000000002339 000000402F39 0 PhF/@
000000002408 000000403008 0 Uh=0@
000000002620 000000403220 0 SVWUQ
000000002854 000000403454 0 SVWRP
0000000029CF 0000004035CF 0 Uh=6@
000000002D09 000000403909 0 Uh)9@
000000002D41 000000403941 0 Uha9@
00000000310C 000000403D0C 0 ?~Xw~
000000003232 000000403E32 0 9DV&r
000000003426 000000404026 0 -%46[Jhl
000000003447 000000404047 0 -J46[
000000003488 000000404088 0 6[J4l
0000000034A6 0000004040A6 0 -%46[Jhl
0000000034C7 0000004040C7 0 -J46[
0000000034F5 0000004040F5 0 <|[I\
000000003745 000000404345 0 M\</dG
000000003756 000000404356 0 54Oe\
0000000038C7 0000004044C7 0 iuAFR,}s
000000003A1F 00000040461F 0 (H%Nz
000000003B9C 00000040479C 0 7tH;o
File pos Mem pos ID Text
======== ======= == ====
000000003CCF 0000004048CF 0 |Yr#t
000000003D70 000000404970 0 ]PtM1
000000003DEB 0000004049EB 0 Hu#T%
000000003E1B 000000404A1B 0 A..=;LJ{tp
000000003E41 000000404A41 0 6YqEm
000000003F34 000000404B34 0 W+IvQ
000000003F82 000000404B82 0 ~Q8+:
000000004087 000000404C87 0 I5XPS9
000000004243 000000404E43 0 [U~nb!94
00000000424F 000000404E4F 0 y.?'x
0000000045FC 0000004051FC 0 T"Bc+dzMPA
00000000470F 00000040530F 0 \}JH2
000000004775 000000405375 0 R96sHsq
0000000047F6 0000004053F6 0 %%uGK?
000000004884 000000405484 0 56Opf
000000004933 000000405533 0 d#FvJN
0000000049D8 0000004055D8 0 6azCh
000000004A7D 00000040567D 0 Jf":}
000000004BA3 0000004057A3 0 s9ojlr
000000004E15 000000405A15 0 Fy2qK
000000004F13 000000405B13 0 s\2*l
000000004F35 000000405B35 0 9[\N&6C
0000000050BA 000000405CBA 0 .*GJ;qNk
0000000050C5 000000405CC5 0 .FQpb
0000000051D1 000000405DD1 0 7jQim
00000000528E 000000405E8E 0 sz!Nl
000000005317 000000405F17 0 iv0p[
000000005430 000000406030 0 ?FX76
000000005489 000000406089 0 ~S;4M|
0000000056E4 0000004062E4 0 PI~ )
000000005764 000000406364 0 G}Jyy
0000000059FD 0000004065FD 0 qAvhk
000000005AE7 0000004066E7 0 ~Qk9v
000000005BC4 0000004067C4 0 jH2n#
000000005CB4 0000004068B4 0 23<hf
000000005D37 000000406937 0 E3Dh$?
000000005F09 000000406B09 0 :i51$Y
00000000609F 000000406C9F 0 WOGb'
0000000060B4 000000406CB4 0 AQCCAK
00000000617F 000000406D7F 0 |U\u8U
0000000061C6 000000406DC6 0 sHA&mP}i
000000006237 000000406E37 0 sa}J'=
000000006411 000000407011 0 hj<z[
00000000654A 00000040714A 0 (]Q1#
000000006795 000000407395 0 5eQNP
0000000068F7 0000004074F7 0 qJjwbw+
000000006920 000000407520 0 Tj/5+
000000006962 000000407562 0 LZ t
000000006A8B 00000040768B 0 1xY='
000000006C9B 00000040789B 0 MKXok
000000006D11 000000407911 0 bMMQ&]
000000006EBC 000000407ABC 0 %t?(HP
000000006EF6 000000407AF6 0 ,NHoY
000000007035 000000407C35 0 <=43z
0000000070D4 000000407CD4 0 ?I!=N
000000007104 000000407D04 0 l7ZU0
000000007215 000000407E15 0 Q]O:K0
0000000072F5 000000407EF5 0 /$$zz@{&
000000007438 000000408038 0 dB&s.{
000000007676 000000408276 0 h!wZZ
File pos Mem pos ID Text
======== ======= == ====
0000000076C4 0000004082C4 0 </=|-
000000007854 000000408454 0 ox|y!z
000000007AC8 0000004086C8 0 =>4oZ
000000007B5E 00000040875E 0 mVr12q
000000007C7F 00000040887F 0 3'Zi#
000000007C8E 00000040888E 0 ?J!j:
000000007CDA 0000004088DA 0 ? c]:
000000007D51 000000408951 0 EOfm2
000000007E46 000000408A46 0 ;FXa.
0000000080C9 000000408CC9 0 nL>dL
00000000810D 000000408D0D 0 [8\#_q
0000000082EF 000000408EEF 0 b4k_ 5
000000008496 000000409096 0 |.J.@|
0000000084ED 0000004090ED 0 <>::K
00000000856F 00000040916F 0 LHpmg
0000000086C0 0000004092C0 0 eWZ/"}o
000000008785 000000409385 0 Sob_-
000000008847 000000409447 0 |h/ii
000000008876 000000409476 0 1&,C L0n
0000000088EB 0000004094EB 0 T's1iAb
000000008A3C 00000040963C 0 f~%7'
000000008AFF 0000004096FF 0 ::kUd
000000008BE5 0000004097E5 0 "+/:EV
000000008BED 0000004097ED 0 MDm)dwS
000000008EA6 000000409AA6 0 N$1_$Xb
000000008FF8 000000409BF8 0 T"YfP
0000000092D5 000000409ED5 0 N{5wl
0000000092F2 000000409EF2 0 86e9q
000000009946 00000040A546 0 y] Bz
000000009ACB 00000040A6CB 0 u(Kz7
000000009B63 00000040A763 0 |A<hxF
000000009C74 00000040A874 0 ?G&s|f&?
000000009DF4 00000040A9F4 0 0Ct!5
000000009E39 00000040AA39 0 &RR5N
00000000A03B 00000040AC3B 0 4j&,h
00000000A087 00000040AC87 0 9\;ds
00000000A13B 00000040AD3B 0 7;A<<
00000000A215 00000040AE15 0 !kmZG
00000000A2DA 00000040AEDA 0 <yJI+
00000000A3CA 00000040AFCA 0 vVEJf{b
00000000A3EA 00000040AFEA 0 a"v1O
00000000A4D6 00000040B0D6 0 $tY3#
00000000A566 00000040B166 0 'y~$<
00000000A7D7 00000040B3D7 0 &G6VG
00000000A99B 00000040B59B 0 QbRg)
00000000A9F4 00000040B5F4 0 W,%*'
00000000AA64 00000040B664 0 3~d#7
00000000AA7B 00000040B67B 0 d!@!D~
00000000AC04 00000040B804 0 'Tx*O
00000000ACD5 00000040B8D5 0 Cf)cx
00000000AD87 00000040B987 0 <JV3<n
00000000AD92 00000040B992 0 wpe,e
00000000ADA2 00000040B9A2 0 Y[U=i<
00000000AE18 00000040BA18 0 Iu%MR
00000000AE82 00000040BA82 0 ?|i'[
00000000B1D4 00000040BDD4 0 +"\wVD
00000000B1F8 00000040BDF8 0 -?iH
00000000B235 00000040BE35 0 x+]%E]
00000000B254 00000040BE54 0 6a]zH
00000000B290 00000040BE90 0 y4b'2gH
File pos Mem pos ID Text
======== ======= == ====
00000000B388 00000040BF88 0 #GRwF
00000000B451 00000040C051 0 CbAhx;i
00000000B4BD 00000040C0BD 0 g'8$',
00000000B537 00000040C137 0 N0xPT
00000000B60D 00000040C20D 0 i>('Y
00000000B773 00000040C373 0 I)Qjj
00000000B79E 00000040C39E 0 IP*f{-
00000000B7D5 00000040C3D5 0 m<d6
00000000B844 00000040C444 0 P1GRH
00000000B87B 00000040C47B 0 #0#KA
00000000B8C3 00000040C4C3 0 -Bn9O
00000000BA5C 00000040C65C 0 ?~k$~
00000000BF39 00000040CB39 0 <Jr7-
00000000C318 00000040CF18 0 f!xp}B
00000000C3DD 00000040CFDD 0 6 2Fi
00000000C3F6 00000040CFF6 0 i|q1X
00000000C486 00000040D086 0 8l8yq
00000000C550 00000040D150 0 IeRhQG
00000000C735 00000040D335 0 h@L &
00000000C756 00000040D356 0 XjoxNP
00000000C828 00000040D428 0 /y0=e!
00000000C848 00000040D448 0 tzznk
00000000C893 00000040D493 0 "Z*+G
00000000C89E 00000040D49E 0 4*)[6
00000000C8C6 00000040D4C6 0 ]8<O"
00000000C919 00000040D519 0 P9@s*6
00000000CF6D 00000040DB6D 0 H"%3a
00000000D0E1 00000040DCE1 0 -Nr\(
00000000D1A4 00000040DDA4 0 c HWMT
00000000D2C4 00000040DEC4 0 K4IHW
00000000D32F 00000040DF2F 0 +E+IO
00000000D36E 00000040DF6E 0 Z[!G1
00000000D684 00000040E284 0 &*ok8
00000000D95E 00000040E55E 0 cz1a
00000000DA7D 00000040E67D 0 }~e2p
00000000DA83 00000040E683 0 6W2 =%
00000000DB17 00000040E717 0 w91$1A
00000000DDBD 00000040E9BD 0 OWG'y
00000000DE55 00000040EA55 0 p|a9j
00000000DFF9 00000040EBF9 0 dc_G=
00000000E166 00000040ED66 0 "ez+GO4"
00000000E31B 00000040EF1B 0 6"\/
00000000E3D9 00000040EFD9 0 oG$+ q
00000000E49D 00000040F09D 0 !f$8A}MCP[
00000000E70E 00000040F30E 0 %1H -
00000000E85E 00000040F45E 0 A";;k
00000000E8B3 00000040F4B3 0 AV=n|/
00000000E906 00000040F506 0 V/o!S
00000000E966 00000040F566 0 'D(AN
00000000E9BC 00000040F5BC 0 Gf;!G
00000000EB72 00000040F772 0 q|UIn
00000000EC4F 00000040F84F 0 T ,ajDXI
00000000EC62 00000040F862 0 " 8G/
00000000ED57 00000040F957 0 fr-p0
00000000EDDB 00000040F9DB 0 >B>B9
00000000F051 00000040FC51 0 =;VS
00000000F0D2 00000040FCD2 0 .6vt7m
00000000F25F 00000040FE5F 0 OgD;&
00000000F265 00000040FE65 0 EvN7C
00000000F340 00000040FF40 0 /(TX@Q
File pos Mem pos ID Text
======== ======= == ====
00000000F370 00000040FF70 0 e#Bu"-
00000000F4BE 0000004100BE 0 v9i;]H
00000000F536 000000410136 0 9mung
00000000F7A4 0000004103A4 0 6Q&#l
00000000F823 000000410423 0 $+Y.A
00000000F930 000000410530 0 CC&:nM$
00000000F9FE 0000004105FE 0 ([bJ=
00000000FC2C 00000041082C 0 *s|~0
00000000FC79 000000410879 0 *pNE
00000000FDD4 0000004109D4 0 _J4(7
00000000FE10 000000410A10 0 -95.)g
00000000FF13 000000410B13 0 u#y8/
000000010097 000000410C97 0 W[m)w61Qn
0000000102EC 000000410EEC 0 nweg4
000000010313 000000410F13 0 MV7CdE
0000000103AC 000000410FAC 0 g'$G?
00000001045A 00000041105A 0 o'K43
000000010477 000000411077 0 >rxH|
00000001075D 00000041135D 0 reQko
000000010841 000000411441 0 /I6tO
00000001089E 00000041149E 0 'gYnW
0000000108C0 0000004114C0 0 |>dx{
00000001096D 00000041156D 0 3.&hg\
000000010978 000000411578 0 (eOht
000000010993 000000411593 0 {[%?~
000000010E4F 000000411A4F 0 pp'6X
000000011080 000000411C80 0 7{ocn
0000000110E2 000000411CE2 0 DL( O
0000000111BE 000000411DBE 0 .sz5L
000000011224 000000411E24 0 @AWQVj\
00000001124D 000000411E4D 0 6xN)oJ
00000001128C 000000411E8C 0 M}W99Z
00000001150E 00000041210E 0 WTpbQW
000000011547 000000412147 0 n$+'!
000000011563 000000412163 0 ';y
00000001165A 00000041225A 0 _);|TQ
000000011665 000000412265 0 _!A-e
0000000116F4 0000004122F4 0 /TLf_
00000001174C 00000041234C 0 z[U2%q
000000011874 000000412474 0 xdpXq)
0000000118CC 0000004124CC 0 *\W"gM$
0000000119A8 0000004125A8 0 6\kmi
000000011A70 000000412670 0 Z#ib5
000000011AA3 0000004126A3 0 x:jixL]
000000011B00 000000412700 0 3[b3f
000000011B38 000000412738 0 Rm\f[%8
000000011B71 000000412771 0 9ItFr
000000011B96 000000412796 0 1b2 u
000000011BD7 0000004127D7 0 *.!jn
000000011C28 000000412828 0 w8R$<
000000011FC1 000000412BC1 0 1N6{c
00000001220F 000000412E0F 0 2{b\_
0000000125E7 0000004131E7 0 XI(A0
000000012601 000000413201 0 9!J, C
000000012697 000000413297 0 <|=|y
00000001274A 00000041334A 0 #'z FN
0000000127E5 0000004133E5 0 %cpo/
000000012A9D 00000041369D 0 ,ls9Y
000000012BDD 0000004137DD 0 <WFo.
000000012C62 000000413862 0 *yl 8
File pos Mem pos ID Text
======== ======= == ====
000000012F21 000000413B21 0 4X@Ah
000000012F80 000000413B80 0 ";j1+
000000013440 000000414040 0 c&x;zy4C>
0000000134C3 0000004140C3 0 >jCB}
0000000137A0 0000004143A0 0 Ce]6W
00000001383A 00000041443A 0 >IsO2
00000001397B 00000041457B 0 :rV~Hf
000000013D58 000000414958 0 (@k78
000000013DAC 0000004149AC 0 R?Z54C W
000000013FAE 000000414BAE 0 O6WE*_
0000000140BA 000000414CBA 0 5I6s;
0000000141E1 000000414DE1 0 $>xEX~
000000014200 000000414E00 0 $VtT[
000000014301 000000414F01 0 {SCxZ
00000001442B 00000041502B 0 D'i5M
0000000146D3 0000004152D3 0 $cjh
000000014840 000000415440 0 9jV?p
000000014CEA 0000004158EA 0 RESERV_END
000000014D68 000000415968 0 TagConstBegin
000000014D78 000000415978 0 kernel32.dll
000000014D88 000000415988 0 VirtualAllocEx
000000014D98 000000415998 0 VirtualFreeEx
000000014DA8 0000004159A8 0 WriteProcessMemory
000000014DBC 0000004159BC 0 CreateRemoteThread
000000014DD0 0000004159D0 0 GetWindowsDirectoryA
000000014DE8 0000004159E8 0 TerminateProcess
000000014DFC 0000004159FC 0 CreateToolhelp32Snapshot
000000014E18 000000415A18 0 Process32First
000000014E28 000000415A28 0 Process32Next
000000014E38 000000415A38 0 Module32First
000000014E48 000000415A48 0 Module32Next
000000014E58 000000415A58 0 advapi32.dll
000000014E68 000000415A68 0 OpenSCManagerA
000000014E78 000000415A78 0 OpenServiceA
000000014E88 000000415A88 0 QueryServiceStatus
000000014E9C 000000415A9C 0 ControlService
000000014EAC 000000415AAC 0 CloseServiceHandle
000000014EC0 000000415AC0 0 LookupPrivilegeValueA
000000014ED8 000000415AD8 0 AdjustTokenPrivileges
000000014EF0 000000415AF0 0 shell32.dll
000000014EFC 000000415AFC 0 IsUserAnAdmin
000000014F0C 000000415B0C 0 user32.dll
000000014F18 000000415B18 0 CloseDesktop
000000014F28 000000415B28 0 CloseWindowStation
000000014F3C 000000415B3C 0 CreateDesktopA
000000014F4C 000000415B4C 0 EnumDisplayMonitors
000000014F60 000000415B60 0 GetMonitorInfoA
000000014F70 000000415B70 0 GetProcessWindowStation
000000014F88 000000415B88 0 GetThreadDesktop
000000014F9C 000000415B9C 0 OpenDesktopA
000000014FAC 000000415BAC 0 OpenWindowStationA
000000014FC0 000000415BC0 0 SetProcessWindowStation
000000014FD8 000000415BD8 0 SetThreadDesktop
000000014FEC 000000415BEC 0 SwitchDesktop
000000014FFC 000000415BFC 0 psapi.dll
000000015008 000000415C08 0 EnumProcesses
000000015018 000000415C18 0 GetModuleBaseNameA
00000001502C 000000415C2C 0 GetModuleFileNameExA
000000015044 000000415C44 0 \Prefetch\
000000015050 000000415C50 0 SpiService.exe
File pos Mem pos ID Text
======== ======= == ====
000000015060 000000415C60 0 C:\Program Files\Diebold\AgilisXFS\bin\SpiService.exe
000000015098 000000415C98 0 AgilisShell.exe
0000000150A8 000000415CA8 0 mu.exe
0000000150B0 000000415CB0 0 /setupapi.log
0000000150C4 000000415CC4 0 netmgr.dll
0000000150D0 000000415CD0 0 \trl2
0000000150E4 000000415CE4 0 \attrib
0000000150F0 000000415CF0 0 \attrib2
0000000150FC 000000415CFC 0 \win.ini:attrib
000000015110 000000415D10 0 \win.ini:attrib2
000000015124 000000415D24 0 Diebold XFS
000000015130 000000415D30 0 \system32\netmgr.dll
000000015148 000000415D48 0 C:\Program Files\Diebold\AgilisXFS\bin\SpiService.exe:#13
000000015184 000000415D84 0 SOFTWARE\Diebold\Agilis 91x Applications
0000000151B0 000000415DB0 0 SOFTWARE\Diebold\Agilis 91x Core
0000000151D4 000000415DD4 0 SOFTWARE\Diebold\Agilis 91x
0000000151F0 000000415DF0 0 SOFTWARE\Diebold\Agilis Power
000000015210 000000415E10 0 Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
00000001524C 000000415E4C 0 Software\Microsoft\Windows\ShellNoRoam\MUICache
00000001527C 000000415E7C 0 SYSTEM\CurrentControlSet\Enum\
00000001529C 000000415E9C 0 TagConstEnd
0000000152A8 000000415EA8 0 LoadFile
000000015770 000000416370 0 WinSta0
000000015778 000000416378 0 MyDesktop
000000015790 000000416390 0 ATMDialog
00000001579C 00000041639C 0 hello
0000000157A4 0000004163A4 0 STATIC
0000000157BC 0000004163BC 0 default
000000015864 000000416464 0 $ZXs?
00000001586B 00000041646B 0 ZX}9j
000000015990 000000416590 0 CreateFile
00000001599C 00000041659C 0 WriteFile
0000000159A8 0000004165A8 0 ReadFile
000000015A1C 00000041661C 0 CreateFile
000000015A5B 00000041665B 0 PhtfA
000000015A78 000000416678 0 %.2d/%.2d/%.2d %.2d:%.2d:%.2d
000000015BD0 0000004167D0 0 Error
000000015C78 000000416878 0 CreateFile1
000000015D90 000000416990 0 OpenProcessToken
000000015DA4 0000004169A4 0 LookupPrivilegeValue
000000015DBC 0000004169BC 0 AdjustTokenPrivileges
000000016092 000000416C92 0 ]hxV4
00000001633C 000000416F3C 0 LocalRealloc
00000001634C 000000416F4C 0 LoadLibraryA
00000001635C 000000416F5C 0 kernel32
000000016438 000000417038 0 CreateFile
000000016444 000000417044 0 WriteFile
0000000165C8 0000004171C8 0 dll CRC error
0000000165D8 0000004171D8 0 Error
0000000165E0 0000004171E0 0 dll file length>128k
00000001669C 00000041729C 0 SeDebugPrivilege
0000000167A4 0000004173A4 0 TimeOutSrvStop
000000016870 000000417470 0 OpenService
00000001687C 00000041747C 0 Stop
000000016884 000000417484 0 ControlService
000000016A8C 00000041768C 0 A.I. Error
000000016A98 000000417698 0 Warning
000000016C00 000000417800 0 OpenProcess
000000016C0C 00000041780C 0 GetExitCodeThread
000000016DF8 0000004179F8 0 kernel32.dll
File pos Mem pos ID Text
======== ======= == ====
000000016E08 000000417A08 0 FindFirstFileA
000000016E18 000000417A18 0 FindNextFileA
000000016E28 000000417A28 0 FindClose
000000016E34 000000417A34 0 lstrcpy
000000016E3C 000000417A3C 0 DeleteFileA
000000016E48 000000417A48 0 Sleep
000000016E50 000000417A50 0 -*.pf
000000016E9D 000000417A9D 0 $ZXuz
000000016F2C 000000417B2C 0 LoadLibrary
000000016F38 000000417B38 0 GetProcAddress
000000017104 000000417D04 0 Product Version
000000017118 000000417D18 0 version
0000000172D8 000000417ED8 0 used,
0000000172E4 000000417EE4 0 ver: %X.%X.%X.%X
000000017404 000000418004 0 SeDebugPrivilege
000000017525 000000418125 0 8NTFS
0000000175D0 0000004181D0 0 %s %x.%d %d, %s, Monitors:%d
000000017742 000000418342 0 Admin
0000000177C7 0000004183C7 0 EZX~A
000000017A17 000000418617 0 UZX~Q
000000017CDC 0000004188DC 0 8I121u_
000000017D54 000000418954 0 [%.4d/%.2d/%.2d
000000017D68 000000418968 0 USB\VID_
000000017D74 000000418974 0 USBSTOR\DISK&VEN_
000000017D88 000000418988 0 STORAGE\REMOVABLEMEDIA\
000000017DA0 0000004189A0 0 TagDecoderU
000000017DB0 0000004189B0 0 ]hUUUU
000000017ED8 000000418AD8 0 TagEndDecoder
00000001829C 000000418E9C 0 memo.txt
0000000182B0 000000418EB0 0 SundBox
0000000182BC 000000418EBC 0 LinInst2
0000000182CA 000000418ECA 0 Before
0000000182D4 000000418ED4 0 SeTtInGs
0000000182E0 000000418EE0 0 Setup v 3.1.0
0000000182F6 000000418EF6 0 Agent v %s
000000018309 000000418F09 0 MenuCode %d
00000001831C 000000418F1C 0 SingleCmdCode %d
00000001832F 000000418F2F 0 OWner ID %d
000000018342 000000418F42 0 Instrument ID %d
00000001835A 000000418F5A 0 Country - %s
00000001836C 000000418F6C 0 No Settings
000000018378 000000418F78 0 Installation Error
00000001838C 000000418F8C 0 Installation OK
00000001839C 000000418F9C 0 DbdDevService.exe
0000000183B2 000000418FB2 0 After
0000000183BC 000000418FBC 0 SeShutdownPrivilege
00000001844C 00000041904C 0 Error
000000018454 000000419054 0 Runtime error at 00000000
000000018474 000000419074 0 0123456789ABCDEF
000000018900 00000041B300 0 kernel32.dll
000000018910 00000041B310 0 DeleteCriticalSection
000000018928 00000041B328 0 LeaveCriticalSection
000000018940 00000041B340 0 EnterCriticalSection
000000018958 00000041B358 0 InitializeCriticalSection
000000018974 00000041B374 0 VirtualFree
000000018982 00000041B382 0 VirtualAlloc
000000018992 00000041B392 0 LocalFree
00000001899E 00000041B39E 0 LocalAlloc
0000000189AC 00000041B3AC 0 GetVersion
0000000189BA 00000041B3BA 0 GetCurrentThreadId
File pos Mem pos ID Text
======== ======= == ====
0000000189D0 00000041B3D0 0 GetThreadLocale
0000000189E2 00000041B3E2 0 GetStartupInfoA
0000000189F4 00000041B3F4 0 GetLocaleInfoA
000000018A06 00000041B406 0 GetCommandLineA
000000018A18 00000041B418 0 FreeLibrary
000000018A26 00000041B426 0 ExitProcess
000000018A34 00000041B434 0 WriteFile
000000018A40 00000041B440 0 UnhandledExceptionFilter
000000018A5C 00000041B45C 0 RtlUnwind
000000018A68 00000041B468 0 RaiseException
000000018A7A 00000041B47A 0 GetStdHandle
000000018A88 00000041B488 0 user32.dll
000000018A96 00000041B496 0 GetKeyboardType
000000018AA8 00000041B4A8 0 MessageBoxA
000000018AB4 00000041B4B4 0 advapi32.dll
000000018AC4 00000041B4C4 0 RegQueryValueExA
000000018AD8 00000041B4D8 0 RegOpenKeyExA
000000018AE8 00000041B4E8 0 RegCloseKey
000000018AF4 00000041B4F4 0 kernel32.dll
000000018B04 00000041B504 0 TlsSetValue
000000018B12 00000041B512 0 TlsGetValue
000000018B20 00000041B520 0 LocalAlloc
000000018B2E 00000041B52E 0 GetModuleHandleA
000000018B40 00000041B540 0 advapi32.dll
000000018B50 00000041B550 0 RegSetKeySecurity
000000018B64 00000041B564 0 RegQueryValueExA
000000018B78 00000041B578 0 RegQueryInfoKeyA
000000018B8C 00000041B58C 0 RegOpenKeyExA
000000018B9C 00000041B59C 0 RegEnumKeyA
000000018BAA 00000041B5AA 0 RegDeleteKeyA
000000018BBA 00000041B5BA 0 RegCloseKey
000000018BC8 00000041B5C8 0 OpenProcessToken
000000018BDC 00000041B5DC 0 InitializeSecurityDescriptor
000000018BFA 00000041B5FA 0 kernel32.dll
000000018C0A 00000041B60A 0 lstrlenA
000000018C16 00000041B616 0 lstrcpyA
000000018C22 00000041B622 0 lstrcmpiA
000000018C2E 00000041B62E 0 lstrcatA
000000018C3A 00000041B63A 0 WriteFile
000000018C46 00000041B646 0 WaitForSingleObject
000000018C5C 00000041B65C 0 Sleep
000000018C64 00000041B664 0 SetLastError
000000018C74 00000041B674 0 SetFileTime
000000018C82 00000041B682 0 SetFilePointer
000000018C94 00000041B694 0 SetFileAttributesA
000000018CAA 00000041B6AA 0 SetEndOfFile
000000018CBA 00000041B6BA 0 ReadFile
000000018CC6 00000041B6C6 0 OpenProcess
000000018CD4 00000041B6D4 0 LocalReAlloc
000000018CE4 00000041B6E4 0 LocalFree
000000018CF0 00000041B6F0 0 LocalAlloc
000000018CFE 00000041B6FE 0 LoadLibraryA
000000018D0E 00000041B70E 0 GetWindowsDirectoryA
000000018D26 00000041B726 0 GetVolumeInformationA
000000018D3E 00000041B73E 0 GetVersionExA
000000018D4E 00000041B74E 0 GetTickCount
000000018D5E 00000041B75E 0 GetSystemTime
000000018D6E 00000041B76E 0 GetSystemDirectoryA
000000018D84 00000041B784 0 GetProcAddress
000000018D96 00000041B796 0 GetModuleHandleA
File pos Mem pos ID Text
======== ======= == ====
000000018DAA 00000041B7AA 0 GetModuleFileNameA
000000018DC0 00000041B7C0 0 GetLocalTime
000000018DD0 00000041B7D0 0 GetLastError
000000018DE0 00000041B7E0 0 GetFileTime
000000018DEE 00000041B7EE 0 GetFileSize
000000018DFC 00000041B7FC 0 GetFileAttributesA
000000018E12 00000041B812 0 GetExitCodeThread
000000018E26 00000041B826 0 GetCurrentThreadId
000000018E3C 00000041B83C 0 GetCurrentProcess
000000018E50 00000041B850 0 FormatMessageA
000000018E62 00000041B862 0 DeleteFileA
000000018E70 00000041B870 0 CreateMutexA
000000018E80 00000041B880 0 CreateFileA
000000018E8E 00000041B88E 0 CopyFileA
000000018E9A 00000041B89A 0 CloseHandle
000000018EA6 00000041B8A6 0 version.dll
000000018EB4 00000041B8B4 0 VerQueryValueA
000000018EC6 00000041B8C6 0 GetFileVersionInfoA
000000018EDA 00000041B8DA 0 gdi32.dll
000000018EE6 00000041B8E6 0 GetTextMetricsA
000000018EF6 00000041B8F6 0 user32.dll
000000018F04 00000041B904 0 CreateWindowExA
000000018F16 00000041B916 0 UnregisterClassA
000000018F2A 00000041B92A 0 TranslateMessage
000000018F3E 00000041B93E 0 SetTimer
000000018F4A 00000041B94A 0 SetFocus
000000018F56 00000041B956 0 SendMessageA
000000018F66 00000041B966 0 RegisterClassA
000000018F78 00000041B978 0 PeekMessageA
000000018F88 00000041B988 0 LoadIconA
000000018F94 00000041B994 0 LoadCursorA
000000018FA2 00000041B9A2 0 GetWindowTextA
000000018FB4 00000041B9B4 0 GetWindowDC
000000018FC2 00000041B9C2 0 GetSystemMetrics
000000018FD6 00000041B9D6 0 GetMessageA
000000018FE4 00000041B9E4 0 GetDesktopWindow
000000018FF8 00000041B9F8 0 GetClientRect
000000019008 00000041BA08 0 ExitWindowsEx
000000019018 00000041BA18 0 DrawTextA
000000019024 00000041BA24 0 DispatchMessageA
000000019038 00000041BA38 0 DestroyWindow
000000019048 00000041BA48 0 DefWindowProcA
000000019058 00000041BA58 0 kernel32.dll
000000019068 00000041BA68 0 GetTickCount
000000019078 00000041BA78 0 VirtualProtect
000000019088 00000041BA88 0 shlwapi.dll
000000019096 00000041BA96 0 SHDeleteKeyA
0000000190A4 00000041BAA4 0 user32.dll
0000000190B2 00000041BAB2 0 wsprintfA
0000000190BC 00000041BABC 0 IMAGEHLP.DLL
0000000190CC 00000041BACC 0 MapFileAndCheckSumA
00000001940F 00000041E00F 0 0"0*020:0B0J0R0Z0b0j0r0z0
000000019453 00000041E053 0 6S6b6
000000019467 00000041E067 0 9$9.989N9T9b9w9
000000019491 00000041E091 0 :?:I:S:]:g:z:
0000000194B9 00000041E0B9 0 ;H<h<
0000000194C3 00000041E0C3 0 =Q>]>
0000000194F5 00000041E0F5 0 081A1[1
000000019507 00000041E107 0 2O2X2h2p2v2
000000019527 00000041E127 0 3 383D3L3m3|3
File pos Mem pos ID Text
======== ======= == ====
000000019541 00000041E141 0 4B4v4
00000001954D 00000041E14D 0 4$5,52585E5K5
000000019585 00000041E185 0 858F8[8h8
0000000195A3 00000041E1A3 0 ;#;];r;
0000000195B7 00000041E1B7 0 <&<:<D<W<
0000000195C9 00000041E1C9 0 <-=4=V=
0000000195D5 00000041E1D5 0 ?;?B?Z?|?
0000000195F1 00000041E1F1 0 0b0{0
00000001960B 00000041E20B 0 1@1K1h1r1
000000019627 00000041E227 0 2&2+2M2a2m2
00000001963F 00000041E23F 0 4e5v5
000000019665 00000041E265 0 7&7*70747:7A7E7_7h7q7}7
00000001968D 00000041E28D 0 738e8v8{8
0000000196AD 00000041E2AD 0 9$969C9O9\9n9v9~9
0000000196DD 00000041E2DD 0 :&:.:6:>:F:N:V:
0000000196ED 00000041E2ED 0 :f:n:v:~:
00000001971D 00000041E31D 0 ;&;.;6;>;F;N;V;
00000001972D 00000041E32D 0 ;f;n;v;~;
000000019765 00000041E365 0 9*929:9B9J9R9Z9b9
00000001977D 00000041E37D 0 ?"?,?2?=?i?x?
0000000197C3 00000041E3C3 0 3&3,393C3M3W3a3
0000000197EF 00000041E3EF 0 9&9/9c9l9
0000000197F9 00000041E3F9 0 9W:d:
00000001981B 00000041E41B 0 0:1D1
000000019841 00000041E441 0 4"474<4X4b4
000000019851 00000041E451 0 5&595T5e5
00000001986B 00000041E46B 0 6U6Z6_6
000000019875 00000041E475 0 7O7l7
00000001988B 00000041E48B 0 9&9G9L9
00000001989D 00000041E49D 0 :_;q;w;
0000000198B3 00000041E4B3 0 <U<e<
0000000198BD 00000041E4BD 0 <]=x=
0000000198C3 00000041E4C3 0 = >c>
0000000198C9 00000041E4C9 0 >M?\?
0000000198DC 00000041E4DC 0 ;0h0x0
0000000198E7 00000041E4E7 0 1-151
0000000198EF 00000041E4EF 0 1 2)292G2j2x2
00000001990D 00000041E50D 0 3*30495
00000001992D 00000041E52D 0 9_:h:
000000019943 00000041E543 0 ; ;$;(;,;0;4;8;<;D;O;
000000019959 00000041E559 0 ;j;q;y;
000000019981 00000041E581 0 <4<9<><U<Z<_<v<{<
0000000199B9 00000041E5B9 0 =$=/=>=L=R=W=a=g=o=u=|=
0000000199F7 00000041E5F7 0 >#>.>@>J>U>]>y>
000000019A18 00000041E618 0 $0(0,0
000000019A57 00000041E657 0 1 1$1(1,1014181@1D1H1L1T1X1\1
000000019A75 00000041E675 0 1d1h1l1p1t1x1|1
000000019CCE 00000041F0CE 0 lineyka
000000019CD7 00000041F0D7 0 UTypes
000000019CE0 00000041F0E0 0 System
000000019CE9 00000041F0E9 0 SysInit
000000019CF3 00000041F0F3 0 Reserv
000000019CFB 00000041F0FB 0 KWindows
000000019C98 00000041F098 0 PACKAGEINFO