.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV                                                      !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    85652bbd0379d73395102edc299c892f21a4bba3378aa3b0aaea9b1130022bdd
 
Date...........: 2014-04-29
Family.........: NeoPocket
File name......: Css1.exe
File size......: 228.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Documentation..: https://www.s21sec.com/en/blog/2014/04/neopocket-a-new-atm-malware/
Additional note: NeoPocket does not steal cash from the ATM as it focuses on data theft only

Entropy:


Binary Histogram:


=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 144 0x90 blocks_in_file: 3 3 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 0 0 max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 0 0 reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 184 0xb8 === DOS STUB === 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| === RICH Header === LIB_ID VERSION TIMES_USED 14 e 7299 1c83 1 1 9 9 8783 224f 2 2 13 d 9782 2636 1 1 === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 3 3 TimeDateStamp: "2014-03-19 14:07:54" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 271 0x10f RELOCS_STRIPPED, EXECUTABLE_IMAGE LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED 32BIT_MACHINE # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 6.0 SizeOfCode: 221184 0x36000 SizeOfInitializedData: 8192 0x2000 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 13068 0x330c BaseOfCode: 4096 0x1000 BaseOfData: 225280 0x37000 ImageBase: 4194304 0x400000 SectionAlignment: 4096 0x1000 FileAlignment: 4096 0x1000 OperatingSystemVersion: 4.0 ImageVersion: 1.0 SubsystemVersion: 4.0 Reserved1: 0 0 SizeOfImage: 233472 0x39000 SizeOfHeaders: 4096 0x1000 CheckSum: 244157 0x3b9bd Subsystem: 2 2 WINDOWS_GUI DllCharacteristics: 0 0 SizeOfStackReserve: 1048576 0x100000 SizeOfStackCommit: 4096 0x1000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x 35764 size:0x 28 RESOURCE rva:0x 38000 size:0x be4 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x 0 size:0x 0 DEBUG rva:0x 0 size:0x 0 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 0 size:0x 0 LOAD_CONFIG rva:0x 0 size:0x 0 Bound_IAT rva:0x 228 size:0x 20 IAT rva:0x 1000 size:0x 28c Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS .text 1000 3527c 36000 1000 0 0 0 0 60000020 R-X CODE .data 37000 c38 1000 37000 0 0 0 0 c0000040 RW- IDATA .rsrc 38000 be4 1000 38000 0 0 0 0 40000040 R-- IDATA === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0x3833c 1200 0 2216 ICON #30001 0x38328 1200 0 20 GROUP_ICON #1 0x380f0 1200 0xc0a 568 VERSION #1 === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME MSVBVM60.DLL 0 __vbaVarTstGt MSVBVM60.DLL 0 __vbaVarSub MSVBVM60.DLL 0 __vbaStrI2 MSVBVM60.DLL 0 _CIcos MSVBVM60.DLL 0 _adj_fptan MSVBVM60.DLL 0 __vbaVarMove MSVBVM60.DLL 0 __vbaStrI4 MSVBVM60.DLL 0 __vbaVarVargNofree MSVBVM60.DLL 0 __vbaFreeVar MSVBVM60.DLL 0 __vbaAryMove MSVBVM60.DLL 0 __vbaStrVarMove MSVBVM60.DLL 0 __vbaLenBstr MSVBVM60.DLL 0 __vbaLineInputStr MSVBVM60.DLL 0 __vbaLateIdCall MSVBVM60.DLL 0 __vbaFreeVarList MSVBVM60.DLL 0 __vbaEnd MSVBVM60.DLL 0 __vbaPut3 MSVBVM60.DLL 0 _adj_fdiv_m64 MSVBVM60.DLL 0 __vbaPut4 MSVBVM60.DLL 0 __vbaLineInputVar MSVBVM60.DLL 0 __vbaFreeObjList MSVBVM60.DLL 204 MSVBVM60.DLL 0 _adj_fprem1 MSVBVM60.DLL 0 __vbaRecAnsiToUni MSVBVM60.DLL 272 MSVBVM60.DLL 0 __vbaResume MSVBVM60.DLL 0 __vbaStrCat MSVBVM60.DLL 0 __vbaVarCmpNe MSVBVM60.DLL 0 __vbaForEachCollAd MSVBVM60.DLL 0 __vbaError MSVBVM60.DLL 229 MSVBVM60.DLL 294 MSVBVM60.DLL 0 __vbaSetSystemError MSVBVM60.DLL 0 __vbaHresultCheckObj MSVBVM60.DLL 0 __vbaLenVar MSVBVM60.DLL 0 _adj_fdiv_m32 MSVBVM60.DLL 0 __vbaAryDestruct MSVBVM60.DLL 0 __vbaExitProc MSVBVM60.DLL 251 MSVBVM60.DLL 0 __vbaVarForInit MSVBVM60.DLL 252 MSVBVM60.DLL 0 __vbaOnError MSVBVM60.DLL 253 MSVBVM60.DLL 0 __vbaObjSet MSVBVM60.DLL 254 MSVBVM60.DLL 0 _adj_fdiv_m16i MSVBVM60.DLL 0 __vbaObjSetAddref MSVBVM60.DLL 0 _adj_fdivr_m16i MSVBVM60.DLL 256 MSVBVM60.DLL 0 __vbaRefVarAry MSVBVM60.DLL 0 __vbaBoolVarNull MSVBVM60.DLL 0 __vbaVarTstLt MSVBVM60.DLL 0 __vbaFpR8 MSVBVM60.DLL 0 _CIsin MSVBVM60.DLL 0 __vbaErase MSVBVM60.DLL 0 __vbaVargVarMove MSVBVM60.DLL 0 __vbaVarCmpGt MSVBVM60.DLL 278 MSVBVM60.DLL 0 __vbaChkstk MSVBVM60.DLL 0 __vbaFileClose MSVBVM60.DLL 0 EVENT_SINK_AddRef MSVBVM60.DLL 0 __vbaGenerateBoundsError MSVBVM60.DLL 0 __vbaStrCmp MSVBVM60.DLL 0 __vbaVarTstEq MSVBVM60.DLL 0 __vbaAryConstruct2 MSVBVM60.DLL 0 __vbaPutOwner4 MSVBVM60.DLL 231 MSVBVM60.DLL 0 __vbaI2I4 MSVBVM60.DLL 0 __vbaObjVar MSVBVM60.DLL 0 DllFunctionCall MSVBVM60.DLL 0 __vbaVarOr MSVBVM60.DLL 0 __vbaStrR4 MSVBVM60.DLL 0 _adj_fpatan MSVBVM60.DLL 0 __vbaLateIdCallLd MSVBVM60.DLL 0 __vbaStrR8 MSVBVM60.DLL 0 __vbaRedim MSVBVM60.DLL 0 __vbaRecUniToAnsi MSVBVM60.DLL 0 EVENT_SINK_Release MSVBVM60.DLL 0 __vbaNew MSVBVM60.DLL 258 MSVBVM60.DLL 0 __vbaUI1I2 MSVBVM60.DLL 0 _CIsqrt MSVBVM60.DLL 0 __vbaVarAnd MSVBVM60.DLL 0 EVENT_SINK_QueryInterface MSVBVM60.DLL 0 __vbaUI1I4 MSVBVM60.DLL 0 __vbaStr2Vec MSVBVM60.DLL 0 __vbaVarMul MSVBVM60.DLL 0 __vbaExceptHandler MSVBVM60.DLL 0 __vbaStrToUnicode MSVBVM60.DLL 0 __vbaPrintFile MSVBVM60.DLL 0 _adj_fprem MSVBVM60.DLL 0 _adj_fdivr_m64 MSVBVM60.DLL 25f MSVBVM60.DLL 260 MSVBVM60.DLL 2cc MSVBVM60.DLL 0 __vbaFPException MSVBVM60.DLL 0 __vbaUbound MSVBVM60.DLL 0 __vbaStrVarVal MSVBVM60.DLL 0 __vbaVarCat MSVBVM60.DLL 0 __vbaGetOwner4 MSVBVM60.DLL 0 __vbaI2Var MSVBVM60.DLL 284 MSVBVM60.DLL 219 MSVBVM60.DLL 0 _CIlog MSVBVM60.DLL 0 __vbaErrorOverflow MSVBVM60.DLL 0 __vbaFileOpen MSVBVM60.DLL 0 __vbaNew2 MSVBVM60.DLL 0 __vbaR8Str MSVBVM60.DLL 23a MSVBVM60.DLL 0 __vbaVarLateMemCallLdRf MSVBVM60.DLL 0 __vbaVarInt MSVBVM60.DLL 23b MSVBVM60.DLL 0 _adj_fdiv_m32i MSVBVM60.DLL 0 _adj_fdivr_m32i MSVBVM60.DLL 0 __vbaStrCopy MSVBVM60.DLL 23d MSVBVM60.DLL 0 __vbaI4Str MSVBVM60.DLL 0 __vbaFreeStrList MSVBVM60.DLL 0 _adj_fdivr_m32 MSVBVM60.DLL 0 _adj_fdiv_r MSVBVM60.DLL 2ad MSVBVM60.DLL 64 MSVBVM60.DLL 0 __vbaVarTstNe MSVBVM60.DLL 0 __vbaVarSetVar MSVBVM60.DLL 0 __vbaI4Var MSVBVM60.DLL 0 __vbaVarCmpEq MSVBVM60.DLL 0 __vbaAryLock MSVBVM60.DLL 0 __vbaVarAdd MSVBVM60.DLL 0 __vbaLateMemCall MSVBVM60.DLL 0 __vbaStrToAnsi MSVBVM60.DLL 0 __vbaVarDup MSVBVM60.DLL 0 __vbaFpI2 MSVBVM60.DLL 0 __vbaVarMod MSVBVM60.DLL 268 MSVBVM60.DLL 0 __vbaVarCopy MSVBVM60.DLL 0 __vbaVarLateMemCallLd MSVBVM60.DLL 0 __vbaFpI4 MSVBVM60.DLL 269 MSVBVM60.DLL 0 __vbaLateMemCallLd MSVBVM60.DLL 0 _CIatan MSVBVM60.DLL 0 __vbaAryCopy MSVBVM60.DLL 0 __vbaStrMove MSVBVM60.DLL 0 __vbaCastObj MSVBVM60.DLL 0 __vbaStrVarCopy MSVBVM60.DLL 26b MSVBVM60.DLL 21e MSVBVM60.DLL 21f MSVBVM60.DLL 0 _allmul MSVBVM60.DLL 0 __vbaLateIdSt MSVBVM60.DLL 220 MSVBVM60.DLL 221 MSVBVM60.DLL 0 _CItan MSVBVM60.DLL 222 MSVBVM60.DLL 0 __vbaNextEachCollAd MSVBVM60.DLL 0 __vbaFPInt MSVBVM60.DLL 223 MSVBVM60.DLL 0 __vbaAryUnlock MSVBVM60.DLL 0 __vbaVarForNext MSVBVM60.DLL 0 _CIexp MSVBVM60.DLL 0 __vbaFreeStr MSVBVM60.DLL 0 __vbaFreeObj MSVBVM60.DLL 245 === VERSION INFO === # VS_FIXEDFILEINFO: FileVersion : 1.0.0.0 ProductVersion : 1.0.0.0 StrucVersion : 0x10000 FileFlagsMask : 0 FileFlags : 0 FileOS : 4 FileType : 1 FileSubtype : 0 VarFileInfo : [ 0xc0a, 0x4b0 ] # StringTable 0C0A04B0: CompanyName : "Wincss MFC Application" ProductName : "Wincss Application" FileVersion : "1.00" ProductVersion : "1.00" InternalName : "Css1" OriginalFilename : "Css1.exe" === Packer / Compiler === MS Visual Basic v5.0/v6.0
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000001B0 0000004001B0 0 .text 0000000001D8 0000004001D8 0 .data 000000000200 000000400200 0 .rsrc 000000000238 000000400238 0 MSVBVM60.DLL 00000000101D 00000040101D 0 rJs1hJs 000000001036 000000401036 0 JsbrJs 00000000103E 00000040103E 0 Fs>UHs 000000001046 000000401046 0 IswUHs 000000001062 000000401062 0 Gs&HHs 00000000107A 00000040107A 0 GskbIs 0000000010DA 0000004010DA 0 Gs0sJs 0000000010E2 0000004010E2 0 JssnHs*aIs 000000001152 000000401152 0 Hs@:Js 000000001159 000000401159 0 vJs$FHsx 00000000118D 00000040118D 0 UHsfLHs 0000000011A2 0000004011A2 0 Fs];Gs 0000000011AE 0000004011AE 0 Hs\THs 0000000011D2 0000004011D2 0 HsEjHs 0000000011EE 0000004011EE 0 GstLHs" 000000001209 000000401209 0 mJsYuJs 00000000121E 00000040121E 0 JspuJs 000000001232 000000401232 0 FstjHs 00000000127A 00000040127A 0 Hs0jHs 000000003342 000000403342 0 nta.ttWincss 0000000033B8 0000004033B8 0 Form1 0000000033C2 0000004033C2 0 Wincss 000000003C9C 000000403C9C 0 Form1 000000003CC0 000000403CC0 0 TcpLocal 000000003CCC 000000403CCC 0 MSWinsockLib.Winsock 000000003D25 000000403D25 0 Text1 000000003D41 000000403D41 0 Text3 000000003D5D 000000403D5D 0 Timer2 000000003D7F 000000403D7F 0 Timer1 000000003DA1 000000403DA1 0 TcpRemote 000000003DAE 000000403DAE 0 MSWinsockLib.Winsock 000000003E54 000000403E54 0 VB5!6&VB6ES.DLL 000000003ED1 000000403ED1 0 Wincss 000000003ED9 000000403ED9 0 Wincss 0000000040D0 0000004040D0 0 MSWINSCK.OCX 0000000040DD 0000004040DD 0 MSWinsockLib.Winsock 0000000040F2 0000004040F2 0 Winsock 000000004D30 000000404D30 0 Form1 000000004D38 000000404D38 0 CRijndael 000000004D44 000000404D44 0 Wincss 000000004D9C 000000404D9C 0 Text1 000000004DB4 000000404DB4 0 C:\Archivos de programa\Microsoft Visual Studio\VB98\VB6.OLB 000000004E30 000000404E30 0 TcpRemote 000000004E4C 000000404E4C 0 C:\WINDOWS\system32\MSWINSCK.oca 000000004E70 000000404E70 0 MSWinsockLib 000000004EA8 000000404EA8 0 Text3 000000004EC8 000000404EC8 0 TcpLocal 000000004EE4 000000404EE4 0 Timer2 000000004EEC 000000404EEC 0 Timer1 000000004F3C 000000404F3C 0 user32 000000004F48 000000404F48 0 GetKeyState 000000004F8C 000000404F8C 0 FindWindowA 000000004FD0 000000404FD0 0 kernel32 000000004FE0 000000404FE0 0 CreateFileA 000000005024 000000405024 0 WriteFile File pos Mem pos ID Text ======== ======= == ==== 000000005068 000000405068 0 CloseHandle 0000000050AC 0000004050AC 0 FindFirstFileA 0000000050F4 0000004050F4 0 FindClose 000000005138 000000405138 0 CopyFileA 00000000517C 00000040517C 0 DeleteFileA 0000000051C0 0000004051C0 0 SetFileAttributesA 00000000520C 00000040520C 0 advapi32.dll 000000005220 000000405220 0 RegCloseKey 000000005264 000000405264 0 RegEnumKeyExA 0000000052AC 0000004052AC 0 RegEnumValueA 0000000052F4 0000004052F4 0 RegCreateKeyExA 00000000533C 00000040533C 0 RegOpenKeyExA 000000005384 000000405384 0 RegQueryValueExA 0000000053D0 0000004053D0 0 RegSetValueExA 000000005418 000000405418 0 RegQueryValueA 000000005460 000000405460 0 RegDeleteKeyA 0000000054A8 0000004054A8 0 RegDeleteValueA 000000008858 000000408858 0 Class 000000008870 000000408870 0 C:\WINDOWS\system32\msvbvm60.dll\3 000000008894 000000408894 0 VBRUN 0000000088C8 0000004088C8 0 RtlMoveMemory 00000000890C 00000040890C 0 gentables 000000008920 000000408920 0 Encrypt 000000008928 000000408928 0 Decrypt 000000008930 000000408930 0 EncryptData 00000000893C 00000040893C 0 DecryptData 000000008948 000000408948 0 __vbaPutOwner4 000000008DC0 000000408DC0 0 VBA6.DLL 000000008DCC 000000408DCC 0 __vbaNextEachCollAd 000000008DE4 000000408DE4 0 __vbaLateMemCall 000000008DF8 000000408DF8 0 __vbaForEachCollAd 000000008E0C 000000408E0C 0 __vbaLateMemCallLd 000000008E20 000000408E20 0 __vbaObjVar 000000008E2C 000000408E2C 0 __vbaVarMul 000000008E38 000000408E38 0 __vbaVarAdd 000000008E44 000000408E44 0 __vbaVarForNext 000000008E54 000000408E54 0 __vbaVarForInit 000000008E64 000000408E64 0 __vbaFpI4 000000008E70 000000408E70 0 __vbaVarCmpNe 000000008E80 000000408E80 0 __vbaFpR8 000000008E8C 000000408E8C 0 __vbaCastObj 000000008E9C 000000408E9C 0 __vbaErase 000000008EA8 000000408EA8 0 __vbaGetOwner4 000000008EB8 000000408EB8 0 __vbaRedim 000000008EC4 000000408EC4 0 __vbaNew 000000008ED0 000000408ED0 0 __vbaObjSetAddref 000000008EE4 000000408EE4 0 __vbaVarSub 000000008EF0 000000408EF0 0 __vbaAryConstruct2 000000008F04 000000408F04 0 __vbaRecAnsiToUni 000000008F18 000000408F18 0 __vbaRecUniToAnsi 000000008F2C 000000408F2C 0 __vbaAryDestruct 000000008F40 000000408F40 0 __vbaAryUnlock 000000008F50 000000408F50 0 __vbaAryLock 000000008F60 000000408F60 0 __vbaStr2Vec 000000008F70 000000408F70 0 __vbaAryMove 000000008F80 000000408F80 0 __vbaVarInt 000000008F8C 000000408F8C 0 __vbaVarMod 000000008F98 000000408F98 0 __vbaFreeObjList 000000008FAC 000000408FAC 0 __vbaVarOr 000000008FB8 000000408FB8 0 __vbaFPInt File pos Mem pos ID Text ======== ======= == ==== 000000008FC4 000000408FC4 0 __vbaStrR4 000000008FD0 000000408FD0 0 __vbaVarTstEq 000000008FE0 000000408FE0 0 __vbaI2I4 000000008FEC 000000408FEC 0 __vbaPut3 000000008FF8 000000408FF8 0 __vbaVarTstLt 000000009008 000000409008 0 __vbaVarTstNe 000000009018 000000409018 0 __vbaStrVarCopy 000000009028 000000409028 0 __vbaVarSetVar 000000009038 000000409038 0 __vbaLineInputVar 00000000904C 00000040904C 0 __vbaLateIdCallLd 000000009060 000000409060 0 __vbaI2Var 00000000906C 00000040906C 0 __vbaVarLateMemCallLdRf 000000009084 000000409084 0 __vbaVarLateMemCallLd 00000000909C 00000040909C 0 __vbaFpI2 0000000090A8 0000004090A8 0 __vbaPut4 0000000090B4 0000004090B4 0 __vbaLateIdCall 0000000090C4 0000004090C4 0 __vbaLateIdSt 0000000090D4 0000004090D4 0 __vbaLineInputStr 0000000090E8 0000004090E8 0 __vbaObjSet 0000000090F4 0000004090F4 0 __vbaStrI2 000000009100 000000409100 0 __vbaI4Str 00000000910C 00000040910C 0 __vbaStrVarVal 00000000911C 00000040911C 0 __vbaGenerateBoundsError 000000009138 000000409138 0 __vbaLenVar 000000009144 000000409144 0 __vbaStrI4 000000009150 000000409150 0 __vbaFileClose 000000009160 000000409160 0 __vbaPrintFile 000000009170 000000409170 0 __vbaFileOpen 000000009180 000000409180 0 __vbaVarDup 00000000918C 00000040918C 0 __vbaStrCat 000000009198 000000409198 0 __vbaStrCmp 0000000091A4 0000004091A4 0 __vbaR8Str 0000000091B0 0000004091B0 0 __vbaStrR8 0000000091BC 0000004091BC 0 __vbaVarCmpGt 0000000091CC 0000004091CC 0 __vbaVarCmpEq 0000000091DC 0000004091DC 0 __vbaVarAnd 0000000091E8 0000004091E8 0 __vbaBoolVarNull 0000000091FC 0000004091FC 0 __vbaVarTstGt 00000000920C 00000040920C 0 __vbaEnd 000000009218 000000409218 0 __vbaFreeObj 000000009228 000000409228 0 __vbaHresultCheckObj 000000009240 000000409240 0 __vbaNew2 000000009254 000000409254 0 __vbaVarCopy 000000009264 000000409264 0 __vbaFreeVar 000000009274 000000409274 0 __vbaVarMove 000000009284 000000409284 0 __vbaErrorOverflow 000000009298 000000409298 0 __vbaExitProc 0000000092A8 0000004092A8 0 __vbaResume 0000000092B4 0000004092B4 0 __vbaVargVarMove 0000000092C8 0000004092C8 0 __vbaError 0000000092D4 0000004092D4 0 __vbaOnError 0000000092E4 0000004092E4 0 __vbaStrCopy 0000000092F4 0000004092F4 0 __vbaFreeStr 000000009304 000000409304 0 __vbaI4Var 000000009310 000000409310 0 __vbaFreeStrList 000000009324 000000409324 0 __vbaStrToUnicode 000000009338 000000409338 0 __vbaSetSystemError 00000000934C 00000040934C 0 __vbaStrToAnsi 00000000935C 00000040935C 0 __vbaStrMove 00000000936C 00000040936C 0 __vbaUI1I4 File pos Mem pos ID Text ======== ======= == ==== 000000009378 000000409378 0 __vbaLenBstr 000000009388 000000409388 0 __vbaFreeVarList 00000000939C 00000040939C 0 __vbaVarVargNofree 0000000093B0 0000004093B0 0 __vbaVarCat 0000000093BC 0000004093BC 0 __vbaStrVarMove 000000009430 000000409430 0 __vbaRefVarAry 000000009440 000000409440 0 __vbaUbound 00000000944C 00000040944C 0 __vbaAryCopy 00000000945C 00000040945C 0 __vbaUI1I2 000000009740 000000409740 0 bytMessage 00000000974C 00000040974C 0 bytPassword 000000009758 000000409758 0 bytIn 000000009FCC 000000409FCC 0 QPj?PP 00000000A3BB 00000040A3BB 0 }#jhh 00000000A4E6 00000040A4E6 0 }#j|h 00000000B5A6 00000040B5A6 0 QhDh@ 00000000B655 00000040B655 0 QhXh@ 00000000B704 00000040B704 0 Qhph@ 00000000CDD8 00000040CDD8 0 }#jPh 00000000CE53 00000040CE53 0 HlQh v@ 00000000CEA1 00000040CEA1 0 BlPh v@ 00000000D336 00000040D336 0 BlPh v@ 00000000DCD8 00000040DCD8 0 Ph\t@ 00000000DD63 00000040DD63 0 Ph@v@ 00000000ED87 00000040ED87 0 }#j\h 00000000F384 00000040F384 0 HlQh v@ 00000000F3FE 00000040F3FE 0 BlPh v@ 00000000F477 00000040F477 0 BlPh v@ 00000000F999 00000040F999 0 QlRh v@ 00000000FA13 00000040FA13 0 HlQh v@ 00000000FA86 00000040FA86 0 HlQh v@ 000000010ADA 000000410ADA 0 PhP|@ 000000010D3C 000000410D3C 0 Phx|@ 0000000124CE 0000004124CE 0 PhDh@ 000000012DD9 000000412DD9 0 B\f-&# 0000000136E6 0000004136E6 0 B\f-&# 0000000178B2 0000004178B2 0 BlPh4 000000017908 000000417908 0 HlQh4 000000017A53 000000417A53 0 BlPhT 000000017AA1 000000417AA1 0 QlRhp 000000017AEF 000000417AEF 0 HlQh v@ 000000019357 000000419357 0 PhP|@ 0000000195B9 0000004195B9 0 Phx|@ 00000001A23B 00000041A23B 0 RhP|@ 00000001A485 00000041A485 0 Rhx|@ 00000001CBAC 00000041CBAC 0 }#j\h 00000001D59F 00000041D59F 0 }#j\h 00000001DD9D 00000041DD9D 0 }#j\h 00000001E45C 00000041E45C 0 }#j\h 00000001E5D4 00000041E5D4 0 HlQhT 00000001E697 00000041E697 0 QlRhT 00000001E838 00000041E838 0 HlQh4 00000001E8FB 00000041E8FB 0 QlRh4 00000001F137 00000041F137 0 QhP|@ 00000001FB3A 00000041FB3A 0 }#j\h 0000000200DC 0000004200DC 0 QlRhp 00000002016B 00000042016B 0 QlRhp 0000000201CE 0000004201CE 0 QlRhp 000000020228 000000420228 0 HlQhp 0000000202D7 0000004202D7 0 }#j\h File pos Mem pos ID Text ======== ======= == ==== 0000000205A4 0000004205A4 0 }#j\h 000000020B46 000000420B46 0 QlRhp 000000020BD5 000000420BD5 0 QlRhp 000000020C38 000000420C38 0 QlRhp 000000020C92 000000420C92 0 HlQhp 000000020D41 000000420D41 0 }#j\h 00000002100E 00000042100E 0 }#j\h 0000000215B0 0000004215B0 0 QlRhp 00000002163F 00000042163F 0 QlRhp 0000000216A2 0000004216A2 0 QlRhp 0000000216FC 0000004216FC 0 HlQhp 0000000217AB 0000004217AB 0 }#j\h 000000021A78 000000421A78 0 }#j\h 00000002201A 00000042201A 0 QlRhp 0000000220A9 0000004220A9 0 QlRhp 00000002210C 00000042210C 0 QlRhp 000000022166 000000422166 0 HlQhp 000000022215 000000422215 0 }#j\h 0000000224E2 0000004224E2 0 }#j\h 000000022A84 000000422A84 0 QlRhp 000000022B13 000000422B13 0 QlRhp 000000022B76 000000422B76 0 QlRhp 000000022BD0 000000422BD0 0 HlQhp 000000022C7F 000000422C7F 0 }#j\h 000000022F3A 000000422F3A 0 }#j\h 000000023067 000000423067 0 QlRh4 0000000230CF 0000004230CF 0 BlPh4 00000002324A 00000042324A 0 QlRhT 0000000232A4 0000004232A4 0 HlQhp 0000000232FE 0000004232FE 0 BlPh v@ 00000002410A 00000042410A 0 }#j\h 0000000241FC 0000004241FC 0 }#j\h 000000024329 000000424329 0 BlPh4 000000024391 000000424391 0 HlQh4 00000002450C 00000042450C 0 BlPhT 000000024566 000000424566 0 QlRhp 0000000245C0 0000004245C0 0 HlQh v@ 000000025426 000000425426 0 }#j\h 000000025518 000000425518 0 }#j\h 000000025645 000000425645 0 BlPh4 0000000256AD 0000004256AD 0 HlQh4 000000025828 000000425828 0 BlPhT 000000025882 000000425882 0 QlRhp 0000000258DC 0000004258DC 0 HlQh v@ 000000026742 000000426742 0 }#j\h 000000026834 000000426834 0 }#j\h 000000026961 000000426961 0 BlPh4 0000000269C9 0000004269C9 0 HlQh4 000000026B44 000000426B44 0 BlPhT 000000026B9E 000000426B9E 0 QlRhp 000000026BF8 000000426BF8 0 HlQh v@ 000000027A5E 000000427A5E 0 }#j\h 000000027B50 000000427B50 0 }#j\h 000000027C7D 000000427C7D 0 BlPh4 000000027CE5 000000427CE5 0 HlQh4 000000027E60 000000427E60 0 BlPhT 000000027EBA 000000427EBA 0 QlRhp 000000027F14 000000427F14 0 HlQh v@ 000000028D7A 000000428D7A 0 }#j\h 00000002A421 00000042A421 0 }#jPh File pos Mem pos ID Text ======== ======= == ==== 00000002A59A 00000042A59A 0 }#jPh 00000002A799 00000042A799 0 ph<C@ 00000002A7BE 00000042A7BE 0 NlQhT 00000002AB24 00000042AB24 0 VlRhp 000000030BAA 000000430BAA 0 Ph@v@ 000000030BCA 000000430BCA 0 Ph@v@ 000000030C43 000000430C43 0 Ph@v@ 000000030D62 000000430D62 0 Ph@v@ 000000031325 000000431325 0 Qjchh 000000031365 000000431365 0 Qjchh 0000000313A5 0000004313A5 0 Qjchh 0000000313E5 0000004313E5 0 Qjchh 000000031473 000000431473 0 Pjchh 0000000314B3 0000004314B3 0 Pjchh 0000000314F3 0000004314F3 0 Pjchh 000000031533 000000431533 0 Pjchh 000000032106 000000432106 0 Pp!QSV 000000032207 000000432207 0 l$ PWU 0000000322AF 0000004322AF 0 l$ PWU 0000000322E0 0000004322E0 0 QSUVW 000000032470 000000432470 0 QSUVW 000000032648 000000432648 0 L$ PQV 000000032BB1 000000432BB1 0 L$ PQV 000000032BD4 000000432BD4 0 D$$PV 000000032BF4 000000432BF4 0 D$$PV 000000035A18 000000435A18 0 MSVBVM60.DLL 000000035A28 000000435A28 0 __vbaVarTstGt 000000035A38 000000435A38 0 __vbaVarSub 000000035A46 000000435A46 0 __vbaStrI2 000000035A54 000000435A54 0 _CIcos 000000035A5E 000000435A5E 0 _adj_fptan 000000035A6C 000000435A6C 0 __vbaVarMove 000000035A7C 000000435A7C 0 __vbaStrI4 000000035A8A 000000435A8A 0 __vbaVarVargNofree 000000035AA0 000000435AA0 0 __vbaFreeVar 000000035AB0 000000435AB0 0 __vbaAryMove 000000035AC0 000000435AC0 0 __vbaStrVarMove 000000035AD2 000000435AD2 0 __vbaLenBstr 000000035AE2 000000435AE2 0 __vbaLineInputStr 000000035AF6 000000435AF6 0 __vbaLateIdCall 000000035B08 000000435B08 0 __vbaFreeVarList 000000035B1C 000000435B1C 0 __vbaEnd 000000035B28 000000435B28 0 __vbaPut3 000000035B34 000000435B34 0 _adj_fdiv_m64 000000035B44 000000435B44 0 __vbaPut4 000000035B50 000000435B50 0 __vbaLineInputVar 000000035B64 000000435B64 0 __vbaFreeObjList 000000035B78 000000435B78 0 _adj_fprem1 000000035B86 000000435B86 0 __vbaRecAnsiToUni 000000035B9A 000000435B9A 0 __vbaResume 000000035BA8 000000435BA8 0 __vbaStrCat 000000035BB6 000000435BB6 0 __vbaVarCmpNe 000000035BC6 000000435BC6 0 __vbaForEachCollAd 000000035BDC 000000435BDC 0 __vbaError 000000035BEA 000000435BEA 0 __vbaSetSystemError 000000035C00 000000435C00 0 __vbaHresultCheckObj 000000035C18 000000435C18 0 __vbaLenVar 000000035C26 000000435C26 0 _adj_fdiv_m32 000000035C36 000000435C36 0 __vbaAryDestruct 000000035C4A 000000435C4A 0 __vbaExitProc File pos Mem pos ID Text ======== ======= == ==== 000000035C5A 000000435C5A 0 __vbaVarForInit 000000035C6C 000000435C6C 0 __vbaOnError 000000035C7C 000000435C7C 0 __vbaObjSet 000000035C8A 000000435C8A 0 _adj_fdiv_m16i 000000035C9C 000000435C9C 0 __vbaObjSetAddref 000000035CB0 000000435CB0 0 _adj_fdivr_m16i 000000035CC2 000000435CC2 0 __vbaRefVarAry 000000035CD4 000000435CD4 0 __vbaBoolVarNull 000000035CE8 000000435CE8 0 __vbaVarTstLt 000000035CF8 000000435CF8 0 __vbaFpR8 000000035D04 000000435D04 0 _CIsin 000000035D0E 000000435D0E 0 __vbaErase 000000035D1C 000000435D1C 0 __vbaVargVarMove 000000035D30 000000435D30 0 __vbaVarCmpGt 000000035D40 000000435D40 0 __vbaChkstk 000000035D4E 000000435D4E 0 __vbaFileClose 000000035D60 000000435D60 0 EVENT_SINK_AddRef 000000035D74 000000435D74 0 __vbaGenerateBoundsError 000000035D90 000000435D90 0 __vbaStrCmp 000000035D9E 000000435D9E 0 __vbaVarTstEq 000000035DAE 000000435DAE 0 __vbaAryConstruct2 000000035DC4 000000435DC4 0 __vbaPutOwner4 000000035DD6 000000435DD6 0 __vbaI2I4 000000035DE2 000000435DE2 0 __vbaObjVar 000000035DF0 000000435DF0 0 DllFunctionCall 000000035E02 000000435E02 0 __vbaVarOr 000000035E10 000000435E10 0 __vbaStrR4 000000035E1E 000000435E1E 0 _adj_fpatan 000000035E2C 000000435E2C 0 __vbaLateIdCallLd 000000035E40 000000435E40 0 __vbaStrR8 000000035E4E 000000435E4E 0 __vbaRedim 000000035E5C 000000435E5C 0 __vbaRecUniToAnsi 000000035E70 000000435E70 0 EVENT_SINK_Release 000000035E86 000000435E86 0 __vbaNew 000000035E92 000000435E92 0 __vbaUI1I2 000000035EA0 000000435EA0 0 _CIsqrt 000000035EAA 000000435EAA 0 __vbaVarAnd 000000035EB8 000000435EB8 0 EVENT_SINK_QueryInterface 000000035ED4 000000435ED4 0 __vbaUI1I4 000000035EE2 000000435EE2 0 __vbaStr2Vec 000000035EF2 000000435EF2 0 __vbaVarMul 000000035F00 000000435F00 0 __vbaExceptHandler 000000035F16 000000435F16 0 __vbaStrToUnicode 000000035F2A 000000435F2A 0 __vbaPrintFile 000000035F3C 000000435F3C 0 _adj_fprem 000000035F4A 000000435F4A 0 _adj_fdivr_m64 000000035F5C 000000435F5C 0 __vbaFPException 000000035F70 000000435F70 0 __vbaUbound 000000035F7E 000000435F7E 0 __vbaStrVarVal 000000035F90 000000435F90 0 __vbaVarCat 000000035F9E 000000435F9E 0 __vbaGetOwner4 000000035FB0 000000435FB0 0 __vbaI2Var 000000035FBE 000000435FBE 0 _CIlog 000000035FC8 000000435FC8 0 __vbaErrorOverflow 000000035FDE 000000435FDE 0 __vbaFileOpen 000000035FEE 000000435FEE 0 __vbaNew2 000000035FFA 000000435FFA 0 __vbaR8Str 000000036008 000000436008 0 __vbaVarLateMemCallLdRf 000000036022 000000436022 0 __vbaVarInt 000000036030 000000436030 0 _adj_fdiv_m32i File pos Mem pos ID Text ======== ======= == ==== 000000036042 000000436042 0 _adj_fdivr_m32i 000000036054 000000436054 0 __vbaStrCopy 000000036064 000000436064 0 __vbaI4Str 000000036072 000000436072 0 __vbaFreeStrList 000000036086 000000436086 0 _adj_fdivr_m32 000000036098 000000436098 0 _adj_fdiv_r 0000000360A6 0000004360A6 0 __vbaVarTstNe 0000000360B6 0000004360B6 0 __vbaVarSetVar 0000000360C8 0000004360C8 0 __vbaI4Var 0000000360D6 0000004360D6 0 __vbaVarCmpEq 0000000360E6 0000004360E6 0 __vbaAryLock 0000000360F6 0000004360F6 0 __vbaVarAdd 000000036104 000000436104 0 __vbaLateMemCall 000000036118 000000436118 0 __vbaStrToAnsi 00000003612A 00000043612A 0 __vbaVarDup 000000036138 000000436138 0 __vbaFpI2 000000036144 000000436144 0 __vbaVarMod 000000036152 000000436152 0 __vbaVarCopy 000000036162 000000436162 0 __vbaVarLateMemCallLd 00000003617A 00000043617A 0 __vbaFpI4 000000036186 000000436186 0 __vbaLateMemCallLd 00000003619C 00000043619C 0 _CIatan 0000000361A6 0000004361A6 0 __vbaAryCopy 0000000361B6 0000004361B6 0 __vbaStrMove 0000000361C6 0000004361C6 0 __vbaCastObj 0000000361D6 0000004361D6 0 __vbaStrVarCopy 0000000361E8 0000004361E8 0 _allmul 0000000361F2 0000004361F2 0 __vbaLateIdSt 000000036202 000000436202 0 _CItan 00000003620C 00000043620C 0 __vbaNextEachCollAd 000000036222 000000436222 0 __vbaFPInt 000000036230 000000436230 0 __vbaAryUnlock 000000036242 000000436242 0 __vbaVarForNext 000000036254 000000436254 0 _CIexp 00000003625E 00000043625E 0 __vbaFreeStr 00000003626E 00000043626E 0 __vbaFreeObj 00000000364B 00000040364B 0 fff3f 0000000036DB 0000004036DB 0 3f333 000000005530 000000405530 0 9999999999 00000000554C 00000040554C 0 3089701 000000005810 000000405810 0 C:\Program Files\Diebold\ABC\css.ini 000000005860 000000405860 0 C:\Program Files\Diebold\ABC 0000000058A0 0000004058A0 0 C:\Diebold\CSS\css.ini 0000000058D4 0000004058D4 0 C:\Diebold\CSS 0000000058F8 0000004058F8 0 111011110111100101010111100010101111111000111111 000000005960 000000405960 0 010011110101011100111111101110010101110110101011 0000000059C8 0000004059C8 0 9999999911 0000000059F0 0000004059F0 0 111011111001000111011101100011100111101000110111 000000005A58 000000405A58 0 000111111100101011101011111101110110101111110100 000000005AC0 000000405AC0 0 101110110111100110111010101100011000101111011011 000000005B28 000000405B28 0 101111000010111111001101110101111011011000010111 000000005B90 000000405B90 0 13081001031504021106071200051409 000000005BDC 000000405BDC 0 010100110111111000011101011111110010011111101100 000000005C44 000000405C44 0 010011011011110111110100001110001111100111001111 000000005CAC 000000405CAC 0 110100111110010100111100011111100010110111101101 000000005D14 000000405D14 0 110011001000111110110111101010101111100111011011 000000005D7C 000000405D7C 0 00140711100413010508120609030215 000000005DC8 000000405DC8 0 111101111011101000101111011001111111011100110011 000000005E30 000000405E30 0 101010111011011011100010111111110000110101101010 000000005E98 000000405E98 0 111110000101111011111110110011001101101101011110 File pos Mem pos ID Text ======== ======= == ==== 000000005F00 000000405F00 0 111101001111001101011000010101011111011011111100 000000005F68 000000405F68 0 03130407150208141200011006091105 000000005FB4 000000405FB4 0 000001101101111101110111111110011001110011101001 00000000601C 00000040601C 0 101111101110011101010001011110111111011010111100 000000006084 000000406084 0 000110010100001001100110000111100001100100010100 0000000060EC 0000004060EC 0 001001011000111000011000100111000000000010110110 000000006154 000000406154 0 15010814061103040907021312000510 0000000061A0 0000004061A0 0 010001100011000010000010110001010110101011000001 000000006208 000000406208 0 001110101000110001010000001100101010001001011001 000000006270 000000406270 0 010011000110000000001010101100111001010100000110 0000000062D8 0000004062D8 0 001000101000010100011100000011000010011110100010 000000006340 000000406340 0 15120802040901070511031410000613 00000000638C 00000040638C 0 010011000000100000000011011111000110100001000101 0000000063F4 0000004063F4 0 001000111010100000111000011000101100000011011010 00000000645C 00000040645C 0 100000001101000010001101110000101010110110011010 0000000064C4 0000004064C4 0 000100010000001101000110001011010001011100011001 00000000652C 00000040652C 0 04011408130602111512090703100500 000000006578 000000406578 0 001000000101100010100001010110110101000001100010 0000000065E0 0000004065E0 0 100100010010000101100100010001001100100100101100 000000006648 000000406648 0 100000000100011010010001100000000011110011011100 0000000066B0 0000004066B0 0 010101010001001100100100111010011001001010110001 000000006718 000000406718 0 00150704140213011006121109050308 000000006764 000000406764 0 100000101001000011000001000100110100111000101011 0000000067CC 0000004067CC 0 110010000010000000010011001100000101111100000110 00000000690C 00000040690C 0 5749413325170901585042342618100259514335271911036052443663554739312315076254463830221406615345372921130528201204 0000000069F4 0000004069F4 0 141711240105032815062110231912042608160727201302415231374755304051453348444939563453464250362932 000000006ABC 000000406ABC 0 FCBALANCE: 99999.99 000000006AF8 000000406AF8 0 58504234261810026052443628201204625446383022140664564840322416085749413325170901595143352719110361534537292113056355473931231507 000000006C00 000000406C00 0 320102030405040506070809080910111213121314151617161718192021202122232425242526272829282930313201 000000006CC8 000000406CC8 0 RedirectOutput 000000006CEC 000000406CEC 0 40084816562464323907471555236331380646145422623037054513532161293604441252206028350343115119592734024210501858263301410949175725 000000006DF4 000000406DF4 0 1607202129122817011523260518311002082414322703091913300622110425 000000006E7C 000000406E7C 0 14041301021511080310061205090007 000000006EC4 000000406EC4 0 5701701 000000006EDC 000000406EDC 0 10000914060315050113120711040208 000000006F24 000000406F24 0 13070009030406100208051412111501 000000006F6C 000000406F6C 0 13060409081503001101021205101407 000000006FB4 000000406FB4 0 01101300060908070415140311050212 000000006FFC 000000406FFC 0 07131403000609100102080511120415 000000007044 000000407044 0 13081105061500030407021201101409 00000000708C 00000040708C 0 RebootOnCrash 0000000070BC 0000004070BC 0 10060900121107131501031405020804 000000007104 000000407104 0 03150006100113080904051112070214 00000000714C 00000040714C 0 02120401071011060805031513001409 000000007194 000000407194 0 14110212040713010500151003090806 0000000071DC 0000004071DC 0 04020111101307081509120506030014 000000007224 000000407224 0 11081207011402130615000910040503 00000000726C 00000040726C 0 ShutdownCommand 000000007290 000000407290 0 12011015090206080013030414070511 0000000072D8 0000004072D8 0 10150402071209050601131400110308 000000007320 000000407320 0 09141505020812030700041001131106 000000007368 000000407368 0 04030212090515101114010706000813 0000000073B0 0000004073B0 0 04110214150008130312090705100601 0000000073F8 0000004073F8 0 13001107040901101403051202150806 000000007440 000000407440 0 ShowWindow 00000000745C 00000040745C 0 normal 000000007470 000000407470 0 01041113120307141015060800050902 0000000074B8 0000004074B8 0 06111308010410070905001514020312 000000007500 000000407500 0 13020804061511011009031405001207 000000007548 000000407548 0 01151308100307041205061100140902 File pos Mem pos ID Text ======== ======= == ==== 000000007590 000000407590 0 07110401091214020006101315030508 0000000075D8 0000004075D8 0 02011407041008131512090003050611 000000007620 000000407620 0 \devicex.ini 000000007648 000000407648 0 Por Favor Ingrese la Clave de instalacion Proporcione el siguiente numero 0000000076E4 0000004076E4 0 Ingrese Codigo de Instalacion 000000007724 000000407724 0 Codigo Incorrecto 000000007754 000000407754 0 Communications Subsystem 00000000778C 00000040778C 0 Software\Microsoft\Windows\CurrentVersion\Run 0000000077EC 0000004077EC 0 WINCSS 000000007800 000000407800 0 \CSS1.EXE 000000007818 000000407818 0 SOFTWARE\Diebold\Agilis Startup\110AbcTrace 000000007874 000000407874 0 Active 000000007888 000000407888 0 SOFTWARE\Diebold\Agilis Startup\270AbcTrace 0000000078E4 0000004078E4 0 DisplayString 000000007904 000000407904 0 Agilis Base Communications Trace and Monitor 000000007964 000000407964 0 RunCommand 000000007980 000000407980 0 \css1.exe 000000007998 000000407998 0 ChangeDirectory 0000000079BC 0000004079BC 0 HideConsole 0000000079E8 0000004079E8 0 SOFTWARE\Diebold\TCS\DEVICE.INI\encryption decryption 000000007A58 000000407A58 0 ditparam 000000007A70 000000407A70 0 instalacion realizada con exito 000000007AC4 000000407AC4 0 \css.init 000000007ADC 000000407ADC 0 \Casas.txt 000000007B04 000000407B04 0 \conta.ttt 000000007B20 000000407B20 0 Scripting.FileSystemObject 000000007B58 000000407B58 0 GetFile 000000007B68 000000407B68 0 DateCreated 000000007BA8 000000407BA8 0 169183014201050015104013166230147018159114023118 000000007C20 000000407C20 0 dd/mm/yy 000000007C38 000000407C38 0 HH:mm:ss 000000007C50 000000407C50 0 -------- 000000007C8C 000000407C8C 0 999999 000000007CB4 000000407CB4 0 3083701 000000007CC8 000000407CC8 0 FCBALANCE: 0.00 000000007D2C 000000407D2C 0 8068701 000000007D50 000000407D50 0 FC 000000007D7C 000000407D7C 0 5018701 000000007DA8 000000407DA8 0 EJ00000000008410046474 000000007DDC 000000407DDC 0 G;0.00 000000007DF0 000000407DF0 0 H;0.00 000000007E04 000000407E04 0 I;11.79 000000007E18 000000407E18 0 K;11.79 000000007E2C 000000407E2C 0 L;11.79 000000007E4C 000000407E4C 0 3082701 000000007E74 000000407E74 0 ( FECHA: 000000007E94 000000407E94 0 HORA: 000000007EA8 000000407EA8 0 Cajetin Bajo: 000000007ED0 000000407ED0 0 Cajetin Alto: 000000007EF8 000000407EF8 0 9999999989 000000007F14 000000407F14 0 \Devices.ini 000000007F34 000000407F34 0 \Devices2.ini 000000007F54 000000407F54 0 \casas.txt 000000007F70 000000407F70 0 \casas.enc 000000007F8C 000000407F8C 0 \casaA 000000007FB0 000000407FB0 0 \CasaA 000000007FC4 000000407FC4 0 \casaB 000000007FD8 000000407FD8 0 \CasaB 000000007FEC 000000407FEC 0 \borrar.exe 000000008008 000000408008 0 SYSTEM\CurrentControlSet\Services\USBSTOR File pos Mem pos ID Text ======== ======= == ==== 000000008060 000000408060 0 Start 000000008070 000000408070 0 Enter the 'A' Key 000000008098 000000408098 0 FailureActions 0000000080BC 0000004080BC 0 Escriba la clave 'A' 0000000080FC 0000004080FC 0 Enter the 'B' Key 000000008124 000000408124 0 Escriba la clave 'B' 000000008154 000000408154 0 :\key.xxx 00000000816C 00000040816C 0 BORRADO DE LLAVE 0000000081A0 0000004081A0 0 133253051036068027192138186136236098112237138099 000000008208 000000408208 0 :\tumbar.xxx 000000008228 000000408228 0 SYSTEM\CurrentControlSet\Services\SmcService 000000008288 000000408288 0 C:\WINDOWS\system32\taskkill.exe /F /IM SMC.exe 0000000082EC 0000004082EC 0 D:\copiar.xxx 00000000830C 00000040830C 0 D:\CasaA 000000008324 000000408324 0 D:\CasaB 00000000833C 00000040833C 0 D:\message.enc 000000008360 000000408360 0 SmcService 00000000837C 00000040837C 0 E:\copiar.xxx 00000000839C 00000040839C 0 E:\CasaA 0000000083B4 0000004083B4 0 E:\CasaB 0000000083CC 0000004083CC 0 E:\message.enc 0000000083F0 0000004083F0 0 F:\copiar.xxx 000000008410 000000408410 0 F:\CasaA 000000008428 000000408428 0 F:\CasaB 000000008440 000000408440 0 F:\message.enc 000000008464 000000408464 0 G:\copiar.xxx 000000008484 000000408484 0 G:\CasaA 00000000849C 00000040849C 0 G:\CasaB 0000000084B4 0000004084B4 0 G:\message.enc 0000000084D8 0000004084D8 0 H:\copiar.xxx 0000000084F8 0000004084F8 0 H:\CasaA 000000008510 000000408510 0 H:\CasaB 000000008528 000000408528 0 H:\message.enc 00000000854C 00000040854C 0 D:\borrar.xxx 00000000856C 00000040856C 0 D:\borrar.exe 00000000858C 00000040858C 0 E:\borrar.xxx 0000000085AC 0000004085AC 0 \Wincss.exe 0000000085C8 0000004085C8 0 E:\borrar.exe 0000000085E8 0000004085E8 0 IpHost= 0000000085FC 0000004085FC 0 F:\borrar.xxx 00000000861C 00000040861C 0 F:\borrar.exe 00000000863C 00000040863C 0 G:\borrar.xxx 00000000865C 00000040865C 0 G:\borrar.exe 00000000867C 00000040867C 0 H:\borrar.xxx 00000000869C 00000040869C 0 H:\borrar.exe 0000000086BC 0000004086BC 0 \CSS1.exe 0000000086D4 0000004086D4 0 \devices2.ini 0000000086F4 0000004086F4 0 \devices.ini 000000008714 000000408714 0 \devices.init 000000008734 000000408734 0 [App=AFW, Name=HICOMM] 000000008770 000000408770 0 RemotePort= 00000000878C 00000040878C 0 Port= 0000000087BC 0000004087BC 0 127.0.0.1 000000008C5C 000000408C5C 0 PokeT 000000008C6C 000000408C6C 0 .,1684,. 000000008CA4 000000408CA4 0 winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2 000000008D1C 000000408D1C 0 Select * from Win32_Service Where Name =' 000000008D78 000000408D78 0 ExecQuery 000000008D8C 000000408D8C 0 StopService 000000008DA4 000000408DA4 0 StartService File pos Mem pos ID Text ======== ======= == ==== 0000000380F6 0000004380F6 0 VS_VERSION_INFO 000000038152 000000438152 0 VarFileInfo 000000038172 000000438172 0 Translation 000000038196 000000438196 0 StringFileInfo 0000000381BA 0000004381BA 0 0C0A04B0 0000000381D2 0000004381D2 0 CompanyName 0000000381EC 0000004381EC 0 Wincss MFC Application 000000038222 000000438222 0 ProductName 00000003823C 00000043823C 0 Wincss Application 00000003826A 00000043826A 0 FileVersion 000000038296 000000438296 0 ProductVersion 0000000382C6 0000004382C6 0 InternalName 0000000382F2 0000004382F2 0 OriginalFilename 000000038314 000000438314 0 Css1.exe 000000038596 000000438596 0 fff3f 000000038626 000000438626 0 3f333 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000001B0 0000004001B0 0 .text 0000000001D8 0000004001D8 0 .data 000000000200 000000400200 0 .rsrc 000000000238 000000400238 0 MSVBVM60.DLL 00000000101D 00000040101D 0 rJs1hJs 000000001036 000000401036 0 JsbrJs 00000000103E 00000040103E 0 Fs>UHs 000000001046 000000401046 0 IswUHs 000000001062 000000401062 0 Gs&HHs 00000000107A 00000040107A 0 GskbIs 0000000010DA 0000004010DA 0 Gs0sJs 0000000010E2 0000004010E2 0 JssnHs*aIs 000000001152 000000401152 0 Hs@:Js 000000001159 000000401159 0 vJs$FHsx 00000000118D 00000040118D 0 UHsfLHs 0000000011A2 0000004011A2 0 Fs];Gs 0000000011AE 0000004011AE 0 Hs\THs 0000000011D2 0000004011D2 0 HsEjHs 0000000011EE 0000004011EE 0 GstLHs" 000000001209 000000401209 0 mJsYuJs 00000000121E 00000040121E 0 JspuJs 000000001232 000000401232 0 FstjHs 00000000127A 00000040127A 0 Hs0jHs 000000003342 000000403342 0 nta.ttWincss 0000000033B8 0000004033B8 0 Form1 0000000033C2 0000004033C2 0 Wincss 000000003C9C 000000403C9C 0 Form1 000000003CC0 000000403CC0 0 TcpLocal 000000003CCC 000000403CCC 0 MSWinsockLib.Winsock 000000003D25 000000403D25 0 Text1 000000003D41 000000403D41 0 Text3 000000003D5D 000000403D5D 0 Timer2 000000003D7F 000000403D7F 0 Timer1 000000003DA1 000000403DA1 0 TcpRemote 000000003DAE 000000403DAE 0 MSWinsockLib.Winsock 000000003E54 000000403E54 0 VB5!6&VB6ES.DLL 000000003ED1 000000403ED1 0 Wincss 000000003ED9 000000403ED9 0 Wincss 0000000040D0 0000004040D0 0 MSWINSCK.OCX 0000000040DD 0000004040DD 0 MSWinsockLib.Winsock 0000000040F2 0000004040F2 0 Winsock 000000004D30 000000404D30 0 Form1 000000004D38 000000404D38 0 CRijndael File pos Mem pos ID Text ======== ======= == ==== 000000004D44 000000404D44 0 Wincss 000000004D9C 000000404D9C 0 Text1 000000004DB4 000000404DB4 0 C:\Archivos de programa\Microsoft Visual Studio\VB98\VB6.OLB 000000004E30 000000404E30 0 TcpRemote 000000004E4C 000000404E4C 0 C:\WINDOWS\system32\MSWINSCK.oca 000000004E70 000000404E70 0 MSWinsockLib 000000004EA8 000000404EA8 0 Text3 000000004EC8 000000404EC8 0 TcpLocal 000000004EE4 000000404EE4 0 Timer2 000000004EEC 000000404EEC 0 Timer1 000000004F3C 000000404F3C 0 user32 000000004F48 000000404F48 0 GetKeyState 000000004F8C 000000404F8C 0 FindWindowA 000000004FD0 000000404FD0 0 kernel32 000000004FE0 000000404FE0 0 CreateFileA 000000005024 000000405024 0 WriteFile 000000005068 000000405068 0 CloseHandle 0000000050AC 0000004050AC 0 FindFirstFileA 0000000050F4 0000004050F4 0 FindClose 000000005138 000000405138 0 CopyFileA 00000000517C 00000040517C 0 DeleteFileA 0000000051C0 0000004051C0 0 SetFileAttributesA 00000000520C 00000040520C 0 advapi32.dll 000000005220 000000405220 0 RegCloseKey 000000005264 000000405264 0 RegEnumKeyExA 0000000052AC 0000004052AC 0 RegEnumValueA 0000000052F4 0000004052F4 0 RegCreateKeyExA 00000000533C 00000040533C 0 RegOpenKeyExA 000000005384 000000405384 0 RegQueryValueExA 0000000053D0 0000004053D0 0 RegSetValueExA 000000005418 000000405418 0 RegQueryValueA 000000005460 000000405460 0 RegDeleteKeyA 0000000054A8 0000004054A8 0 RegDeleteValueA 000000008858 000000408858 0 Class 000000008870 000000408870 0 C:\WINDOWS\system32\msvbvm60.dll\3 000000008894 000000408894 0 VBRUN 0000000088C8 0000004088C8 0 RtlMoveMemory 00000000890C 00000040890C 0 gentables 000000008920 000000408920 0 Encrypt 000000008928 000000408928 0 Decrypt 000000008930 000000408930 0 EncryptData 00000000893C 00000040893C 0 DecryptData 000000008948 000000408948 0 __vbaPutOwner4 000000008DC0 000000408DC0 0 VBA6.DLL 000000008DCC 000000408DCC 0 __vbaNextEachCollAd 000000008DE4 000000408DE4 0 __vbaLateMemCall 000000008DF8 000000408DF8 0 __vbaForEachCollAd 000000008E0C 000000408E0C 0 __vbaLateMemCallLd 000000008E20 000000408E20 0 __vbaObjVar 000000008E2C 000000408E2C 0 __vbaVarMul 000000008E38 000000408E38 0 __vbaVarAdd 000000008E44 000000408E44 0 __vbaVarForNext 000000008E54 000000408E54 0 __vbaVarForInit 000000008E64 000000408E64 0 __vbaFpI4 000000008E70 000000408E70 0 __vbaVarCmpNe 000000008E80 000000408E80 0 __vbaFpR8 000000008E8C 000000408E8C 0 __vbaCastObj 000000008E9C 000000408E9C 0 __vbaErase 000000008EA8 000000408EA8 0 __vbaGetOwner4 000000008EB8 000000408EB8 0 __vbaRedim File pos Mem pos ID Text ======== ======= == ==== 000000008EC4 000000408EC4 0 __vbaNew 000000008ED0 000000408ED0 0 __vbaObjSetAddref 000000008EE4 000000408EE4 0 __vbaVarSub 000000008EF0 000000408EF0 0 __vbaAryConstruct2 000000008F04 000000408F04 0 __vbaRecAnsiToUni 000000008F18 000000408F18 0 __vbaRecUniToAnsi 000000008F2C 000000408F2C 0 __vbaAryDestruct 000000008F40 000000408F40 0 __vbaAryUnlock 000000008F50 000000408F50 0 __vbaAryLock 000000008F60 000000408F60 0 __vbaStr2Vec 000000008F70 000000408F70 0 __vbaAryMove 000000008F80 000000408F80 0 __vbaVarInt 000000008F8C 000000408F8C 0 __vbaVarMod 000000008F98 000000408F98 0 __vbaFreeObjList 000000008FAC 000000408FAC 0 __vbaVarOr 000000008FB8 000000408FB8 0 __vbaFPInt 000000008FC4 000000408FC4 0 __vbaStrR4 000000008FD0 000000408FD0 0 __vbaVarTstEq 000000008FE0 000000408FE0 0 __vbaI2I4 000000008FEC 000000408FEC 0 __vbaPut3 000000008FF8 000000408FF8 0 __vbaVarTstLt 000000009008 000000409008 0 __vbaVarTstNe 000000009018 000000409018 0 __vbaStrVarCopy 000000009028 000000409028 0 __vbaVarSetVar 000000009038 000000409038 0 __vbaLineInputVar 00000000904C 00000040904C 0 __vbaLateIdCallLd 000000009060 000000409060 0 __vbaI2Var 00000000906C 00000040906C 0 __vbaVarLateMemCallLdRf 000000009084 000000409084 0 __vbaVarLateMemCallLd 00000000909C 00000040909C 0 __vbaFpI2 0000000090A8 0000004090A8 0 __vbaPut4 0000000090B4 0000004090B4 0 __vbaLateIdCall 0000000090C4 0000004090C4 0 __vbaLateIdSt 0000000090D4 0000004090D4 0 __vbaLineInputStr 0000000090E8 0000004090E8 0 __vbaObjSet 0000000090F4 0000004090F4 0 __vbaStrI2 000000009100 000000409100 0 __vbaI4Str 00000000910C 00000040910C 0 __vbaStrVarVal 00000000911C 00000040911C 0 __vbaGenerateBoundsError 000000009138 000000409138 0 __vbaLenVar 000000009144 000000409144 0 __vbaStrI4 000000009150 000000409150 0 __vbaFileClose 000000009160 000000409160 0 __vbaPrintFile 000000009170 000000409170 0 __vbaFileOpen 000000009180 000000409180 0 __vbaVarDup 00000000918C 00000040918C 0 __vbaStrCat 000000009198 000000409198 0 __vbaStrCmp 0000000091A4 0000004091A4 0 __vbaR8Str 0000000091B0 0000004091B0 0 __vbaStrR8 0000000091BC 0000004091BC 0 __vbaVarCmpGt 0000000091CC 0000004091CC 0 __vbaVarCmpEq 0000000091DC 0000004091DC 0 __vbaVarAnd 0000000091E8 0000004091E8 0 __vbaBoolVarNull 0000000091FC 0000004091FC 0 __vbaVarTstGt 00000000920C 00000040920C 0 __vbaEnd 000000009218 000000409218 0 __vbaFreeObj 000000009228 000000409228 0 __vbaHresultCheckObj 000000009240 000000409240 0 __vbaNew2 000000009254 000000409254 0 __vbaVarCopy 000000009264 000000409264 0 __vbaFreeVar File pos Mem pos ID Text ======== ======= == ==== 000000009274 000000409274 0 __vbaVarMove 000000009284 000000409284 0 __vbaErrorOverflow 000000009298 000000409298 0 __vbaExitProc 0000000092A8 0000004092A8 0 __vbaResume 0000000092B4 0000004092B4 0 __vbaVargVarMove 0000000092C8 0000004092C8 0 __vbaError 0000000092D4 0000004092D4 0 __vbaOnError 0000000092E4 0000004092E4 0 __vbaStrCopy 0000000092F4 0000004092F4 0 __vbaFreeStr 000000009304 000000409304 0 __vbaI4Var 000000009310 000000409310 0 __vbaFreeStrList 000000009324 000000409324 0 __vbaStrToUnicode 000000009338 000000409338 0 __vbaSetSystemError 00000000934C 00000040934C 0 __vbaStrToAnsi 00000000935C 00000040935C 0 __vbaStrMove 00000000936C 00000040936C 0 __vbaUI1I4 000000009378 000000409378 0 __vbaLenBstr 000000009388 000000409388 0 __vbaFreeVarList 00000000939C 00000040939C 0 __vbaVarVargNofree 0000000093B0 0000004093B0 0 __vbaVarCat 0000000093BC 0000004093BC 0 __vbaStrVarMove 000000009430 000000409430 0 __vbaRefVarAry 000000009440 000000409440 0 __vbaUbound 00000000944C 00000040944C 0 __vbaAryCopy 00000000945C 00000040945C 0 __vbaUI1I2 000000009740 000000409740 0 bytMessage 00000000974C 00000040974C 0 bytPassword 000000009758 000000409758 0 bytIn 000000009FCC 000000409FCC 0 QPj?PP 00000000A3BB 00000040A3BB 0 }#jhh 00000000A4E6 00000040A4E6 0 }#j|h 00000000B5A6 00000040B5A6 0 QhDh@ 00000000B655 00000040B655 0 QhXh@ 00000000B704 00000040B704 0 Qhph@ 00000000CDD8 00000040CDD8 0 }#jPh 00000000CE53 00000040CE53 0 HlQh v@ 00000000CEA1 00000040CEA1 0 BlPh v@ 00000000D336 00000040D336 0 BlPh v@ 00000000DCD8 00000040DCD8 0 Ph\t@ 00000000DD63 00000040DD63 0 Ph@v@ 00000000ED87 00000040ED87 0 }#j\h 00000000F384 00000040F384 0 HlQh v@ 00000000F3FE 00000040F3FE 0 BlPh v@ 00000000F477 00000040F477 0 BlPh v@ 00000000F999 00000040F999 0 QlRh v@ 00000000FA13 00000040FA13 0 HlQh v@ 00000000FA86 00000040FA86 0 HlQh v@ 000000010ADA 000000410ADA 0 PhP|@ 000000010D3C 000000410D3C 0 Phx|@ 0000000124CE 0000004124CE 0 PhDh@ 000000012DD9 000000412DD9 0 B\f-&# 0000000136E6 0000004136E6 0 B\f-&# 0000000178B2 0000004178B2 0 BlPh4 000000017908 000000417908 0 HlQh4 000000017A53 000000417A53 0 BlPhT 000000017AA1 000000417AA1 0 QlRhp 000000017AEF 000000417AEF 0 HlQh v@ 000000019357 000000419357 0 PhP|@ 0000000195B9 0000004195B9 0 Phx|@ 00000001A23B 00000041A23B 0 RhP|@ File pos Mem pos ID Text ======== ======= == ==== 00000001A485 00000041A485 0 Rhx|@ 00000001CBAC 00000041CBAC 0 }#j\h 00000001D59F 00000041D59F 0 }#j\h 00000001DD9D 00000041DD9D 0 }#j\h 00000001E45C 00000041E45C 0 }#j\h 00000001E5D4 00000041E5D4 0 HlQhT 00000001E697 00000041E697 0 QlRhT 00000001E838 00000041E838 0 HlQh4 00000001E8FB 00000041E8FB 0 QlRh4 00000001F137 00000041F137 0 QhP|@ 00000001FB3A 00000041FB3A 0 }#j\h 0000000200DC 0000004200DC 0 QlRhp 00000002016B 00000042016B 0 QlRhp 0000000201CE 0000004201CE 0 QlRhp 000000020228 000000420228 0 HlQhp 0000000202D7 0000004202D7 0 }#j\h 0000000205A4 0000004205A4 0 }#j\h 000000020B46 000000420B46 0 QlRhp 000000020BD5 000000420BD5 0 QlRhp 000000020C38 000000420C38 0 QlRhp 000000020C92 000000420C92 0 HlQhp 000000020D41 000000420D41 0 }#j\h 00000002100E 00000042100E 0 }#j\h 0000000215B0 0000004215B0 0 QlRhp 00000002163F 00000042163F 0 QlRhp 0000000216A2 0000004216A2 0 QlRhp 0000000216FC 0000004216FC 0 HlQhp 0000000217AB 0000004217AB 0 }#j\h 000000021A78 000000421A78 0 }#j\h 00000002201A 00000042201A 0 QlRhp 0000000220A9 0000004220A9 0 QlRhp 00000002210C 00000042210C 0 QlRhp 000000022166 000000422166 0 HlQhp 000000022215 000000422215 0 }#j\h 0000000224E2 0000004224E2 0 }#j\h 000000022A84 000000422A84 0 QlRhp 000000022B13 000000422B13 0 QlRhp 000000022B76 000000422B76 0 QlRhp 000000022BD0 000000422BD0 0 HlQhp 000000022C7F 000000422C7F 0 }#j\h 000000022F3A 000000422F3A 0 }#j\h 000000023067 000000423067 0 QlRh4 0000000230CF 0000004230CF 0 BlPh4 00000002324A 00000042324A 0 QlRhT 0000000232A4 0000004232A4 0 HlQhp 0000000232FE 0000004232FE 0 BlPh v@ 00000002410A 00000042410A 0 }#j\h 0000000241FC 0000004241FC 0 }#j\h 000000024329 000000424329 0 BlPh4 000000024391 000000424391 0 HlQh4 00000002450C 00000042450C 0 BlPhT 000000024566 000000424566 0 QlRhp 0000000245C0 0000004245C0 0 HlQh v@ 000000025426 000000425426 0 }#j\h 000000025518 000000425518 0 }#j\h 000000025645 000000425645 0 BlPh4 0000000256AD 0000004256AD 0 HlQh4 000000025828 000000425828 0 BlPhT 000000025882 000000425882 0 QlRhp 0000000258DC 0000004258DC 0 HlQh v@ File pos Mem pos ID Text ======== ======= == ==== 000000026742 000000426742 0 }#j\h 000000026834 000000426834 0 }#j\h 000000026961 000000426961 0 BlPh4 0000000269C9 0000004269C9 0 HlQh4 000000026B44 000000426B44 0 BlPhT 000000026B9E 000000426B9E 0 QlRhp 000000026BF8 000000426BF8 0 HlQh v@ 000000027A5E 000000427A5E 0 }#j\h 000000027B50 000000427B50 0 }#j\h 000000027C7D 000000427C7D 0 BlPh4 000000027CE5 000000427CE5 0 HlQh4 000000027E60 000000427E60 0 BlPhT 000000027EBA 000000427EBA 0 QlRhp 000000027F14 000000427F14 0 HlQh v@ 000000028D7A 000000428D7A 0 }#j\h 00000002A421 00000042A421 0 }#jPh 00000002A59A 00000042A59A 0 }#jPh 00000002A799 00000042A799 0 ph<C@ 00000002A7BE 00000042A7BE 0 NlQhT 00000002AB24 00000042AB24 0 VlRhp 000000030BAA 000000430BAA 0 Ph@v@ 000000030BCA 000000430BCA 0 Ph@v@ 000000030C43 000000430C43 0 Ph@v@ 000000030D62 000000430D62 0 Ph@v@ 000000031325 000000431325 0 Qjchh 000000031365 000000431365 0 Qjchh 0000000313A5 0000004313A5 0 Qjchh 0000000313E5 0000004313E5 0 Qjchh 000000031473 000000431473 0 Pjchh 0000000314B3 0000004314B3 0 Pjchh 0000000314F3 0000004314F3 0 Pjchh 000000031533 000000431533 0 Pjchh 000000032106 000000432106 0 Pp!QSV 000000032207 000000432207 0 l$ PWU 0000000322AF 0000004322AF 0 l$ PWU 0000000322E0 0000004322E0 0 QSUVW 000000032470 000000432470 0 QSUVW 000000032648 000000432648 0 L$ PQV 000000032BB1 000000432BB1 0 L$ PQV 000000032BD4 000000432BD4 0 D$$PV 000000032BF4 000000432BF4 0 D$$PV 000000035A18 000000435A18 0 MSVBVM60.DLL 000000035A28 000000435A28 0 __vbaVarTstGt 000000035A38 000000435A38 0 __vbaVarSub 000000035A46 000000435A46 0 __vbaStrI2 000000035A54 000000435A54 0 _CIcos 000000035A5E 000000435A5E 0 _adj_fptan 000000035A6C 000000435A6C 0 __vbaVarMove 000000035A7C 000000435A7C 0 __vbaStrI4 000000035A8A 000000435A8A 0 __vbaVarVargNofree 000000035AA0 000000435AA0 0 __vbaFreeVar 000000035AB0 000000435AB0 0 __vbaAryMove 000000035AC0 000000435AC0 0 __vbaStrVarMove 000000035AD2 000000435AD2 0 __vbaLenBstr 000000035AE2 000000435AE2 0 __vbaLineInputStr 000000035AF6 000000435AF6 0 __vbaLateIdCall 000000035B08 000000435B08 0 __vbaFreeVarList 000000035B1C 000000435B1C 0 __vbaEnd 000000035B28 000000435B28 0 __vbaPut3 000000035B34 000000435B34 0 _adj_fdiv_m64 File pos Mem pos ID Text ======== ======= == ==== 000000035B44 000000435B44 0 __vbaPut4 000000035B50 000000435B50 0 __vbaLineInputVar 000000035B64 000000435B64 0 __vbaFreeObjList 000000035B78 000000435B78 0 _adj_fprem1 000000035B86 000000435B86 0 __vbaRecAnsiToUni 000000035B9A 000000435B9A 0 __vbaResume 000000035BA8 000000435BA8 0 __vbaStrCat 000000035BB6 000000435BB6 0 __vbaVarCmpNe 000000035BC6 000000435BC6 0 __vbaForEachCollAd 000000035BDC 000000435BDC 0 __vbaError 000000035BEA 000000435BEA 0 __vbaSetSystemError 000000035C00 000000435C00 0 __vbaHresultCheckObj 000000035C18 000000435C18 0 __vbaLenVar 000000035C26 000000435C26 0 _adj_fdiv_m32 000000035C36 000000435C36 0 __vbaAryDestruct 000000035C4A 000000435C4A 0 __vbaExitProc 000000035C5A 000000435C5A 0 __vbaVarForInit 000000035C6C 000000435C6C 0 __vbaOnError 000000035C7C 000000435C7C 0 __vbaObjSet 000000035C8A 000000435C8A 0 _adj_fdiv_m16i 000000035C9C 000000435C9C 0 __vbaObjSetAddref 000000035CB0 000000435CB0 0 _adj_fdivr_m16i 000000035CC2 000000435CC2 0 __vbaRefVarAry 000000035CD4 000000435CD4 0 __vbaBoolVarNull 000000035CE8 000000435CE8 0 __vbaVarTstLt 000000035CF8 000000435CF8 0 __vbaFpR8 000000035D04 000000435D04 0 _CIsin 000000035D0E 000000435D0E 0 __vbaErase 000000035D1C 000000435D1C 0 __vbaVargVarMove 000000035D30 000000435D30 0 __vbaVarCmpGt 000000035D40 000000435D40 0 __vbaChkstk 000000035D4E 000000435D4E 0 __vbaFileClose 000000035D60 000000435D60 0 EVENT_SINK_AddRef 000000035D74 000000435D74 0 __vbaGenerateBoundsError 000000035D90 000000435D90 0 __vbaStrCmp 000000035D9E 000000435D9E 0 __vbaVarTstEq 000000035DAE 000000435DAE 0 __vbaAryConstruct2 000000035DC4 000000435DC4 0 __vbaPutOwner4 000000035DD6 000000435DD6 0 __vbaI2I4 000000035DE2 000000435DE2 0 __vbaObjVar 000000035DF0 000000435DF0 0 DllFunctionCall 000000035E02 000000435E02 0 __vbaVarOr 000000035E10 000000435E10 0 __vbaStrR4 000000035E1E 000000435E1E 0 _adj_fpatan 000000035E2C 000000435E2C 0 __vbaLateIdCallLd 000000035E40 000000435E40 0 __vbaStrR8 000000035E4E 000000435E4E 0 __vbaRedim 000000035E5C 000000435E5C 0 __vbaRecUniToAnsi 000000035E70 000000435E70 0 EVENT_SINK_Release 000000035E86 000000435E86 0 __vbaNew 000000035E92 000000435E92 0 __vbaUI1I2 000000035EA0 000000435EA0 0 _CIsqrt 000000035EAA 000000435EAA 0 __vbaVarAnd 000000035EB8 000000435EB8 0 EVENT_SINK_QueryInterface 000000035ED4 000000435ED4 0 __vbaUI1I4 000000035EE2 000000435EE2 0 __vbaStr2Vec 000000035EF2 000000435EF2 0 __vbaVarMul 000000035F00 000000435F00 0 __vbaExceptHandler 000000035F16 000000435F16 0 __vbaStrToUnicode 000000035F2A 000000435F2A 0 __vbaPrintFile File pos Mem pos ID Text ======== ======= == ==== 000000035F3C 000000435F3C 0 _adj_fprem 000000035F4A 000000435F4A 0 _adj_fdivr_m64 000000035F5C 000000435F5C 0 __vbaFPException 000000035F70 000000435F70 0 __vbaUbound 000000035F7E 000000435F7E 0 __vbaStrVarVal 000000035F90 000000435F90 0 __vbaVarCat 000000035F9E 000000435F9E 0 __vbaGetOwner4 000000035FB0 000000435FB0 0 __vbaI2Var 000000035FBE 000000435FBE 0 _CIlog 000000035FC8 000000435FC8 0 __vbaErrorOverflow 000000035FDE 000000435FDE 0 __vbaFileOpen 000000035FEE 000000435FEE 0 __vbaNew2 000000035FFA 000000435FFA 0 __vbaR8Str 000000036008 000000436008 0 __vbaVarLateMemCallLdRf 000000036022 000000436022 0 __vbaVarInt 000000036030 000000436030 0 _adj_fdiv_m32i 000000036042 000000436042 0 _adj_fdivr_m32i 000000036054 000000436054 0 __vbaStrCopy 000000036064 000000436064 0 __vbaI4Str 000000036072 000000436072 0 __vbaFreeStrList 000000036086 000000436086 0 _adj_fdivr_m32 000000036098 000000436098 0 _adj_fdiv_r 0000000360A6 0000004360A6 0 __vbaVarTstNe 0000000360B6 0000004360B6 0 __vbaVarSetVar 0000000360C8 0000004360C8 0 __vbaI4Var 0000000360D6 0000004360D6 0 __vbaVarCmpEq 0000000360E6 0000004360E6 0 __vbaAryLock 0000000360F6 0000004360F6 0 __vbaVarAdd 000000036104 000000436104 0 __vbaLateMemCall 000000036118 000000436118 0 __vbaStrToAnsi 00000003612A 00000043612A 0 __vbaVarDup 000000036138 000000436138 0 __vbaFpI2 000000036144 000000436144 0 __vbaVarMod 000000036152 000000436152 0 __vbaVarCopy 000000036162 000000436162 0 __vbaVarLateMemCallLd 00000003617A 00000043617A 0 __vbaFpI4 000000036186 000000436186 0 __vbaLateMemCallLd 00000003619C 00000043619C 0 _CIatan 0000000361A6 0000004361A6 0 __vbaAryCopy 0000000361B6 0000004361B6 0 __vbaStrMove 0000000361C6 0000004361C6 0 __vbaCastObj 0000000361D6 0000004361D6 0 __vbaStrVarCopy 0000000361E8 0000004361E8 0 _allmul 0000000361F2 0000004361F2 0 __vbaLateIdSt 000000036202 000000436202 0 _CItan 00000003620C 00000043620C 0 __vbaNextEachCollAd 000000036222 000000436222 0 __vbaFPInt 000000036230 000000436230 0 __vbaAryUnlock 000000036242 000000436242 0 __vbaVarForNext 000000036254 000000436254 0 _CIexp 00000003625E 00000043625E 0 __vbaFreeStr 00000003626E 00000043626E 0 __vbaFreeObj 00000000364B 00000040364B 0 fff3f 0000000036DB 0000004036DB 0 3f333 000000005530 000000405530 0 9999999999 00000000554C 00000040554C 0 3089701 000000005810 000000405810 0 C:\Program Files\Diebold\ABC\css.ini 000000005860 000000405860 0 C:\Program Files\Diebold\ABC 0000000058A0 0000004058A0 0 C:\Diebold\CSS\css.ini 0000000058D4 0000004058D4 0 C:\Diebold\CSS File pos Mem pos ID Text ======== ======= == ==== 0000000058F8 0000004058F8 0 111011110111100101010111100010101111111000111111 000000005960 000000405960 0 010011110101011100111111101110010101110110101011 0000000059C8 0000004059C8 0 9999999911 0000000059F0 0000004059F0 0 111011111001000111011101100011100111101000110111 000000005A58 000000405A58 0 000111111100101011101011111101110110101111110100 000000005AC0 000000405AC0 0 101110110111100110111010101100011000101111011011 000000005B28 000000405B28 0 101111000010111111001101110101111011011000010111 000000005B90 000000405B90 0 13081001031504021106071200051409 000000005BDC 000000405BDC 0 010100110111111000011101011111110010011111101100 000000005C44 000000405C44 0 010011011011110111110100001110001111100111001111 000000005CAC 000000405CAC 0 110100111110010100111100011111100010110111101101 000000005D14 000000405D14 0 110011001000111110110111101010101111100111011011 000000005D7C 000000405D7C 0 00140711100413010508120609030215 000000005DC8 000000405DC8 0 111101111011101000101111011001111111011100110011 000000005E30 000000405E30 0 101010111011011011100010111111110000110101101010 000000005E98 000000405E98 0 111110000101111011111110110011001101101101011110 000000005F00 000000405F00 0 111101001111001101011000010101011111011011111100 000000005F68 000000405F68 0 03130407150208141200011006091105 000000005FB4 000000405FB4 0 000001101101111101110111111110011001110011101001 00000000601C 00000040601C 0 101111101110011101010001011110111111011010111100 000000006084 000000406084 0 000110010100001001100110000111100001100100010100 0000000060EC 0000004060EC 0 001001011000111000011000100111000000000010110110 000000006154 000000406154 0 15010814061103040907021312000510 0000000061A0 0000004061A0 0 010001100011000010000010110001010110101011000001 000000006208 000000406208 0 001110101000110001010000001100101010001001011001 000000006270 000000406270 0 010011000110000000001010101100111001010100000110 0000000062D8 0000004062D8 0 001000101000010100011100000011000010011110100010 000000006340 000000406340 0 15120802040901070511031410000613 00000000638C 00000040638C 0 010011000000100000000011011111000110100001000101 0000000063F4 0000004063F4 0 001000111010100000111000011000101100000011011010 00000000645C 00000040645C 0 100000001101000010001101110000101010110110011010 0000000064C4 0000004064C4 0 000100010000001101000110001011010001011100011001 00000000652C 00000040652C 0 04011408130602111512090703100500 000000006578 000000406578 0 001000000101100010100001010110110101000001100010 0000000065E0 0000004065E0 0 100100010010000101100100010001001100100100101100 000000006648 000000406648 0 100000000100011010010001100000000011110011011100 0000000066B0 0000004066B0 0 010101010001001100100100111010011001001010110001 000000006718 000000406718 0 00150704140213011006121109050308 000000006764 000000406764 0 100000101001000011000001000100110100111000101011 0000000067CC 0000004067CC 0 110010000010000000010011001100000101111100000110 00000000690C 00000040690C 0 5749413325170901585042342618100259514335271911036052443663554739312315076254463830221406615345372921130528201204 0000000069F4 0000004069F4 0 141711240105032815062110231912042608160727201302415231374755304051453348444939563453464250362932 000000006ABC 000000406ABC 0 FCBALANCE: 99999.99 000000006AF8 000000406AF8 0 58504234261810026052443628201204625446383022140664564840322416085749413325170901595143352719110361534537292113056355473931231507 000000006C00 000000406C00 0 320102030405040506070809080910111213121314151617161718192021202122232425242526272829282930313201 000000006CC8 000000406CC8 0 RedirectOutput 000000006CEC 000000406CEC 0 40084816562464323907471555236331380646145422623037054513532161293604441252206028350343115119592734024210501858263301410949175725 000000006DF4 000000406DF4 0 1607202129122817011523260518311002082414322703091913300622110425 000000006E7C 000000406E7C 0 14041301021511080310061205090007 000000006EC4 000000406EC4 0 5701701 000000006EDC 000000406EDC 0 10000914060315050113120711040208 000000006F24 000000406F24 0 13070009030406100208051412111501 000000006F6C 000000406F6C 0 13060409081503001101021205101407 000000006FB4 000000406FB4 0 01101300060908070415140311050212 000000006FFC 000000406FFC 0 07131403000609100102080511120415 000000007044 000000407044 0 13081105061500030407021201101409 00000000708C 00000040708C 0 RebootOnCrash 0000000070BC 0000004070BC 0 10060900121107131501031405020804 000000007104 000000407104 0 03150006100113080904051112070214 00000000714C 00000040714C 0 02120401071011060805031513001409 File pos Mem pos ID Text ======== ======= == ==== 000000007194 000000407194 0 14110212040713010500151003090806 0000000071DC 0000004071DC 0 04020111101307081509120506030014 000000007224 000000407224 0 11081207011402130615000910040503 00000000726C 00000040726C 0 ShutdownCommand 000000007290 000000407290 0 12011015090206080013030414070511 0000000072D8 0000004072D8 0 10150402071209050601131400110308 000000007320 000000407320 0 09141505020812030700041001131106 000000007368 000000407368 0 04030212090515101114010706000813 0000000073B0 0000004073B0 0 04110214150008130312090705100601 0000000073F8 0000004073F8 0 13001107040901101403051202150806 000000007440 000000407440 0 ShowWindow 00000000745C 00000040745C 0 normal 000000007470 000000407470 0 01041113120307141015060800050902 0000000074B8 0000004074B8 0 06111308010410070905001514020312 000000007500 000000407500 0 13020804061511011009031405001207 000000007548 000000407548 0 01151308100307041205061100140902 000000007590 000000407590 0 07110401091214020006101315030508 0000000075D8 0000004075D8 0 02011407041008131512090003050611 000000007620 000000407620 0 \devicex.ini 000000007648 000000407648 0 Por Favor Ingrese la Clave de instalacion Proporcione el siguiente numero 0000000076E4 0000004076E4 0 Ingrese Codigo de Instalacion 000000007724 000000407724 0 Codigo Incorrecto 000000007754 000000407754 0 Communications Subsystem 00000000778C 00000040778C 0 Software\Microsoft\Windows\CurrentVersion\Run 0000000077EC 0000004077EC 0 WINCSS 000000007800 000000407800 0 \CSS1.EXE 000000007818 000000407818 0 SOFTWARE\Diebold\Agilis Startup\110AbcTrace 000000007874 000000407874 0 Active 000000007888 000000407888 0 SOFTWARE\Diebold\Agilis Startup\270AbcTrace 0000000078E4 0000004078E4 0 DisplayString 000000007904 000000407904 0 Agilis Base Communications Trace and Monitor 000000007964 000000407964 0 RunCommand 000000007980 000000407980 0 \css1.exe 000000007998 000000407998 0 ChangeDirectory 0000000079BC 0000004079BC 0 HideConsole 0000000079E8 0000004079E8 0 SOFTWARE\Diebold\TCS\DEVICE.INI\encryption decryption 000000007A58 000000407A58 0 ditparam 000000007A70 000000407A70 0 instalacion realizada con exito 000000007AC4 000000407AC4 0 \css.init 000000007ADC 000000407ADC 0 \Casas.txt 000000007B04 000000407B04 0 \conta.ttt 000000007B20 000000407B20 0 Scripting.FileSystemObject 000000007B58 000000407B58 0 GetFile 000000007B68 000000407B68 0 DateCreated 000000007BA8 000000407BA8 0 169183014201050015104013166230147018159114023118 000000007C20 000000407C20 0 dd/mm/yy 000000007C38 000000407C38 0 HH:mm:ss 000000007C50 000000407C50 0 -------- 000000007C8C 000000407C8C 0 999999 000000007CB4 000000407CB4 0 3083701 000000007CC8 000000407CC8 0 FCBALANCE: 0.00 000000007D2C 000000407D2C 0 8068701 000000007D50 000000407D50 0 FC 000000007D7C 000000407D7C 0 5018701 000000007DA8 000000407DA8 0 EJ00000000008410046474 000000007DDC 000000407DDC 0 G;0.00 000000007DF0 000000407DF0 0 H;0.00 000000007E04 000000407E04 0 I;11.79 000000007E18 000000407E18 0 K;11.79 000000007E2C 000000407E2C 0 L;11.79 File pos Mem pos ID Text ======== ======= == ==== 000000007E4C 000000407E4C 0 3082701 000000007E74 000000407E74 0 ( FECHA: 000000007E94 000000407E94 0 HORA: 000000007EA8 000000407EA8 0 Cajetin Bajo: 000000007ED0 000000407ED0 0 Cajetin Alto: 000000007EF8 000000407EF8 0 9999999989 000000007F14 000000407F14 0 \Devices.ini 000000007F34 000000407F34 0 \Devices2.ini 000000007F54 000000407F54 0 \casas.txt 000000007F70 000000407F70 0 \casas.enc 000000007F8C 000000407F8C 0 \casaA 000000007FB0 000000407FB0 0 \CasaA 000000007FC4 000000407FC4 0 \casaB 000000007FD8 000000407FD8 0 \CasaB 000000007FEC 000000407FEC 0 \borrar.exe 000000008008 000000408008 0 SYSTEM\CurrentControlSet\Services\USBSTOR 000000008060 000000408060 0 Start 000000008070 000000408070 0 Enter the 'A' Key 000000008098 000000408098 0 FailureActions 0000000080BC 0000004080BC 0 Escriba la clave 'A' 0000000080FC 0000004080FC 0 Enter the 'B' Key 000000008124 000000408124 0 Escriba la clave 'B' 000000008154 000000408154 0 :\key.xxx 00000000816C 00000040816C 0 BORRADO DE LLAVE 0000000081A0 0000004081A0 0 133253051036068027192138186136236098112237138099 000000008208 000000408208 0 :\tumbar.xxx 000000008228 000000408228 0 SYSTEM\CurrentControlSet\Services\SmcService 000000008288 000000408288 0 C:\WINDOWS\system32\taskkill.exe /F /IM SMC.exe 0000000082EC 0000004082EC 0 D:\copiar.xxx 00000000830C 00000040830C 0 D:\CasaA 000000008324 000000408324 0 D:\CasaB 00000000833C 00000040833C 0 D:\message.enc 000000008360 000000408360 0 SmcService 00000000837C 00000040837C 0 E:\copiar.xxx 00000000839C 00000040839C 0 E:\CasaA 0000000083B4 0000004083B4 0 E:\CasaB 0000000083CC 0000004083CC 0 E:\message.enc 0000000083F0 0000004083F0 0 F:\copiar.xxx 000000008410 000000408410 0 F:\CasaA 000000008428 000000408428 0 F:\CasaB 000000008440 000000408440 0 F:\message.enc 000000008464 000000408464 0 G:\copiar.xxx 000000008484 000000408484 0 G:\CasaA 00000000849C 00000040849C 0 G:\CasaB 0000000084B4 0000004084B4 0 G:\message.enc 0000000084D8 0000004084D8 0 H:\copiar.xxx 0000000084F8 0000004084F8 0 H:\CasaA 000000008510 000000408510 0 H:\CasaB 000000008528 000000408528 0 H:\message.enc 00000000854C 00000040854C 0 D:\borrar.xxx 00000000856C 00000040856C 0 D:\borrar.exe 00000000858C 00000040858C 0 E:\borrar.xxx 0000000085AC 0000004085AC 0 \Wincss.exe 0000000085C8 0000004085C8 0 E:\borrar.exe 0000000085E8 0000004085E8 0 IpHost= 0000000085FC 0000004085FC 0 F:\borrar.xxx 00000000861C 00000040861C 0 F:\borrar.exe 00000000863C 00000040863C 0 G:\borrar.xxx 00000000865C 00000040865C 0 G:\borrar.exe 00000000867C 00000040867C 0 H:\borrar.xxx File pos Mem pos ID Text ======== ======= == ==== 00000000869C 00000040869C 0 H:\borrar.exe 0000000086BC 0000004086BC 0 \CSS1.exe 0000000086D4 0000004086D4 0 \devices2.ini 0000000086F4 0000004086F4 0 \devices.ini 000000008714 000000408714 0 \devices.init 000000008734 000000408734 0 [App=AFW, Name=HICOMM] 000000008770 000000408770 0 RemotePort= 00000000878C 00000040878C 0 Port= 0000000087BC 0000004087BC 0 127.0.0.1 000000008C5C 000000408C5C 0 PokeT 000000008C6C 000000408C6C 0 .,1684,. 000000008CA4 000000408CA4 0 winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2 000000008D1C 000000408D1C 0 Select * from Win32_Service Where Name =' 000000008D78 000000408D78 0 ExecQuery 000000008D8C 000000408D8C 0 StopService 000000008DA4 000000408DA4 0 StartService 0000000380F6 0000004380F6 0 VS_VERSION_INFO 000000038152 000000438152 0 VarFileInfo 000000038172 000000438172 0 Translation 000000038196 000000438196 0 StringFileInfo 0000000381BA 0000004381BA 0 0C0A04B0 0000000381D2 0000004381D2 0 CompanyName 0000000381EC 0000004381EC 0 Wincss MFC Application 000000038222 000000438222 0 ProductName 00000003823C 00000043823C 0 Wincss Application 00000003826A 00000043826A 0 FileVersion 000000038296 000000438296 0 ProductVersion 0000000382C6 0000004382C6 0 InternalName 0000000382F2 0000004382F2 0 OriginalFilename 000000038314 000000438314 0 Css1.exe 000000038596 000000438596 0 fff3f 000000038626 000000438626 0 3f333
=== DOWNLOAD === Mirror provided by vx-underground.org, thx!