.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------.
! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV !
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
cde6f7fb2fbdefffe22a012295ab157cffc07cab26ba0e34ced0bae484355187
Date...........: 2018-10-03
Family.........: Trojan.Skimer.39
File name......: 11111.exe
File size......: 104.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Entropy:
Binary Histogram:
=== SCREENSHOT ===
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 80 0x50
blocks_in_file: 2 2
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 15 0xf
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 26 0x1a
reserved0: 1954858752 0x7484c700
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 256 0x100
=== DOS STUB ===
00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus|
00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........|
00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 8 8
TimeDateStamp: "1992-06-19 22:22:17"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 33166 0x818e EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO
32BIT_MACHINE, BYTES_REVERSED_HI
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 2.25
SizeOfCode: 98816 0x18200
SizeOfInitializedData: 6656 0x1a00
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 101224 0x18b68
BaseOfCode: 4096 0x1000
BaseOfData: 106496 0x1a000
ImageBase: 4194304 0x400000
SectionAlignment: 4096 0x1000
FileAlignment: 512 0x200
OperatingSystemVersion: 4.0
ImageVersion: 0.0
SubsystemVersion: 4.0
Reserved1: 0 0
SizeOfImage: 135168 0x21000
SizeOfHeaders: 1024 0x400
CheckSum: 106883 0x1a183
Subsystem: 2 2 WINDOWS_GUI
DllCharacteristics: 0 0
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 16384 0x4000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x 1c000 size:0x ae0
RESOURCE rva:0x 20000 size:0x 200
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x 1f000 size:0x 6bc
DEBUG rva:0x 0 size:0x 0
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 1e000 size:0x 18
LOAD_CONFIG rva:0x 0 size:0x 0
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 0 size:0x 0
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
CODE 1000 18008 18200 400 0 0 0 0 60000020 R-X CODE
DATA 1a000 1c4 200 18600 0 0 0 0 c0000040 RW- IDATA
BSS 1b000 b71 0 18800 0 0 0 0 c0000000 RW-
.idata 1c000 ae0 c00 18800 0 0 0 0 c0000040 RW- IDATA
.tls 1d000 8 0 19400 0 0 0 0 c0000000 RW-
.rdata 1e000 18 200 19400 0 0 0 0 50000040 R-- IDATA SHARED
.reloc 1f000 6bc 800 19600 0 0 0 0 50000040 R-- IDATA SHARED
.rsrc 20000 200 200 19e00 0 0 0 0 50000040 R-- IDATA SHARED
=== TLS ===
RAW_START RAW_END INDEX CALLBKS ZEROFILL FLAGS
41d000 41d008 41a084 41e010 0 0
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0x19eb0 0 0 16 RCDATA DVCLAL
0x19ec0 0 0 68 RCDATA PACKAGEINFO
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
kernel32.dll 0 DeleteCriticalSection
kernel32.dll 0 LeaveCriticalSection
kernel32.dll 0 EnterCriticalSection
kernel32.dll 0 InitializeCriticalSection
kernel32.dll 0 VirtualFree
kernel32.dll 0 VirtualAlloc
kernel32.dll 0 LocalFree
kernel32.dll 0 LocalAlloc
kernel32.dll 0 GetVersion
kernel32.dll 0 GetCurrentThreadId
kernel32.dll 0 GetThreadLocale
kernel32.dll 0 GetStartupInfoA
kernel32.dll 0 GetLocaleInfoA
kernel32.dll 0 GetCommandLineA
kernel32.dll 0 FreeLibrary
kernel32.dll 0 ExitProcess
kernel32.dll 0 WriteFile
kernel32.dll 0 UnhandledExceptionFilter
kernel32.dll 0 RtlUnwind
kernel32.dll 0 RaiseException
kernel32.dll 0 GetStdHandle
user32.dll 0 GetKeyboardType
user32.dll 0 MessageBoxA
advapi32.dll 0 RegQueryValueExA
advapi32.dll 0 RegOpenKeyExA
advapi32.dll 0 RegCloseKey
kernel32.dll 0 TlsSetValue
kernel32.dll 0 TlsGetValue
kernel32.dll 0 LocalAlloc
kernel32.dll 0 GetModuleHandleA
advapi32.dll 0 RegSetKeySecurity
advapi32.dll 0 RegQueryValueExA
advapi32.dll 0 RegQueryInfoKeyA
advapi32.dll 0 RegOpenKeyExA
advapi32.dll 0 RegEnumKeyA
advapi32.dll 0 RegDeleteKeyA
advapi32.dll 0 RegCloseKey
advapi32.dll 0 OpenProcessToken
advapi32.dll 0 InitializeSecurityDescriptor
kernel32.dll 0 lstrlenA
kernel32.dll 0 lstrcpyA
kernel32.dll 0 lstrcmpiA
kernel32.dll 0 lstrcatA
kernel32.dll 0 WriteFile
kernel32.dll 0 WaitForSingleObject
kernel32.dll 0 Sleep
kernel32.dll 0 SetLastError
kernel32.dll 0 SetFileTime
kernel32.dll 0 SetFilePointer
kernel32.dll 0 SetFileAttributesA
kernel32.dll 0 SetEndOfFile
kernel32.dll 0 ReadFile
kernel32.dll 0 OpenProcess
kernel32.dll 0 LocalReAlloc
kernel32.dll 0 LocalFree
kernel32.dll 0 LocalAlloc
kernel32.dll 0 LoadLibraryA
kernel32.dll 0 GetWindowsDirectoryA
kernel32.dll 0 GetVolumeInformationA
kernel32.dll 0 GetVersionExA
kernel32.dll 0 GetTickCount
kernel32.dll 0 GetSystemTime
kernel32.dll 0 GetSystemDirectoryA
kernel32.dll 0 GetProcAddress
kernel32.dll 0 GetModuleHandleA
kernel32.dll 0 GetModuleFileNameA
kernel32.dll 0 GetLocalTime
kernel32.dll 0 GetLastError
kernel32.dll 0 GetFileTime
kernel32.dll 0 GetFileSize
kernel32.dll 0 GetFileAttributesA
kernel32.dll 0 GetExitCodeThread
kernel32.dll 0 GetCurrentThreadId
kernel32.dll 0 GetCurrentProcess
kernel32.dll 0 FormatMessageA
kernel32.dll 0 DeleteFileA
kernel32.dll 0 CreateMutexA
kernel32.dll 0 CreateFileA
kernel32.dll 0 CopyFileA
kernel32.dll 0 CloseHandle
version.dll 0 VerQueryValueA
version.dll 0 GetFileVersionInfoA
gdi32.dll 0 GetTextMetricsA
user32.dll 0 CreateWindowExA
user32.dll 0 UnregisterClassA
user32.dll 0 TranslateMessage
user32.dll 0 SetTimer
user32.dll 0 SetFocus
user32.dll 0 SendMessageA
user32.dll 0 RegisterClassA
user32.dll 0 PeekMessageA
user32.dll 0 LoadIconA
user32.dll 0 LoadCursorA
user32.dll 0 GetWindowTextA
user32.dll 0 GetWindowDC
user32.dll 0 GetSystemMetrics
user32.dll 0 GetMessageA
user32.dll 0 GetDesktopWindow
user32.dll 0 GetClientRect
user32.dll 0 ExitWindowsEx
user32.dll 0 DrawTextA
user32.dll 0 DispatchMessageA
user32.dll 0 DestroyWindow
user32.dll 0 DefWindowProcA
kernel32.dll 0 GetTickCount
kernel32.dll 0 VirtualProtect
shlwapi.dll 0 SHDeleteKeyA
user32.dll 0 wsprintfA
IMAGEHLP.DLL 0 MapFileAndCheckSumA
=== Packer / Compiler ===
BobSoft Mini Delphi (BoB / BobSoft)
File pos Mem pos ID Text
======== ======= == ====
000000000050 000000400050 0 This program must be run under Win32
000000000270 000000400270 0 .idata
0000000002C0 0000004002C0 0 .rdata
0000000002E7 0000004002E7 0 P.reloc
00000000030F 00000040030F 0 P.rsrc
00000000087C 00000040147C 0 wE;\$
000000001E03 000000402A03 0 ~KxI[)
000000001F2C 000000402B2C 0 SOFTWARE\Borland\Delphi\RTL
000000001F48 000000402B48 0 FPUMaskValue
000000001F95 000000402B95 0 PPRTj
00000000210F 000000402D0F 0 YZXtp
00000000212B 000000402D2B 0 Ph8-@
000000002286 000000402E86 0 t=HtN
000000002339 000000402F39 0 PhF/@
000000002408 000000403008 0 Uh=0@
000000002620 000000403220 0 SVWUQ
000000002854 000000403454 0 SVWRP
0000000029CF 0000004035CF 0 Uh=6@
000000002D09 000000403909 0 Uh)9@
000000002D41 000000403941 0 Uha9@
0000000030F9 000000403CF9 0 +tM"W
000000003554 000000404154 0 Hp>\o
0000000037CC 0000004043CC 0 v:qNgJ
000000003A4F 00000040464F 0 2w0&
000000003AE9 0000004046E9 0 j\50]
000000003B22 000000404722 0 ."pu]Dk
000000003B81 000000404781 0 0Lh&m
000000003CB6 0000004048B6 0 0]&i-
000000003D14 000000404914 0 z8hV
000000003D67 000000404967 0 .P.Gy
000000003FF2 000000404BF2 0 Y*9D7
00000000418F 000000404D8F 0 VJH*&
0000000041AD 000000404DAD 0 ]T-8RV
0000000041B5 000000404DB5 0 ['J8<
000000004220 000000404E20 0 q*W'.
00000000431D 000000404F1D 0 SSztL
0000000043F0 000000404FF0 0 jndIQ
00000000456A 00000040516A 0 .\XHW
00000000489F 00000040549F 0 Kf)nn
0000000048BE 0000004054BE 0 seAil
0000000049CE 0000004055CE 0 $I/3H
0000000049EA 0000004055EA 0 &FDoI
000000004A1F 00000040561F 0 ,x4x[
000000004A5D 00000040565D 0 d2oI6
000000004C7C 00000040587C 0 ]DK?1
000000004C8A 00000040588A 0 Y;1F9
000000004E89 000000405A89 0 C=|:x
000000004F0C 000000405B0C 0 )c6*c
000000004F31 000000405B31 0 w2BJn
000000005048 000000405C48 0 6<\Hn
00000000506D 000000405C6D 0 >BkA}
00000000522F 000000405E2F 0 5 8(g
0000000052C7 000000405EC7 0 })"$pI
000000005312 000000405F12 0 MYl\}
0000000053B7 000000405FB7 0 vUp<U
0000000053F4 000000405FF4 0 .F4+x
000000005448 000000406048 0 /K ~!
0000000054B8 0000004060B8 0 -ie4ZR
0000000056E1 0000004062E1 0 4D:\1
000000005740 000000406340 0 J>i6%lYqJ
File pos Mem pos ID Text
======== ======= == ====
00000000582E 00000040642E 0 .h}z7
000000005AA1 0000004066A1 0 rqL?<j
000000005B7E 00000040677E 0 'VP#C
000000005C4B 00000040684B 0 ,=2*Y/
000000005D8E 00000040698E 0 >2;o'=/
000000005E4F 000000406A4F 0 o.yv :5
000000005E88 000000406A88 0 lV]$X
000000005EB3 000000406AB3 0 mqZG%
0000000060D9 000000406CD9 0 k[#r(
0000000060E8 000000406CE8 0 -{3#J
00000000617B 000000406D7B 0 8;,!#wZ
0000000061E7 000000406DE7 0 Te?th5[
00000000624F 000000406E4F 0 U}BFk
0000000062BE 000000406EBE 0 ApI% mo
000000006397 000000406F97 0 R)m\e
0000000063D8 000000406FD8 0 .%-y
000000006705 000000407305 0 '#@~8/
00000000683C 00000040743C 0 77A&O
000000006948 000000407548 0 naw'#
000000006A45 000000407645 0 :.6PS]n
000000006C51 000000407851 0 E[,KH
000000006DA5 0000004079A5 0 5pf@O
000000006E08 000000407A08 0 G1";q
000000006F0A 000000407B0A 0 ISSb0
000000006FFE 000000407BFE 0 (=|oQz
000000007040 000000407C40 0 ,2aJZ
0000000070BB 000000407CBB 0 'rKdO
000000007102 000000407D02 0 3h);"(
000000007113 000000407D13 0 A*'4|
00000000726F 000000407E6F 0 Ff7Lb3
000000007312 000000407F12 0 ZuNJJ
000000007464 000000408064 0 :tb4$
000000007525 000000408125 0 #<x14X
000000007556 000000408156 0 'yD=:
000000007722 000000408322 0 f@[*$1\
0000000078B4 0000004084B4 0 ?hL}~
0000000078D2 0000004084D2 0 2m[&
0000000079B0 0000004085B0 0 8ugqpa
000000007A78 000000408678 0 IrJum
000000007BA3 0000004087A3 0 /@ MYGW
000000007C03 000000408803 0 xXbPr
000000008189 000000408D89 0 )]/O9
0000000082D4 000000408ED4 0 \]$LfE
000000008420 000000409020 0 K+DxQ
0000000085CD 0000004091CD 0 UqgKo
000000008629 000000409229 0 -L]*Z
0000000086AE 0000004092AE 0 FyLac
0000000086F0 0000004092F0 0 }Ve hD
0000000086F8 0000004092F8 0 .w;op
000000008702 000000409302 0 jc]&V
000000008776 000000409376 0 V!G+,
0000000087FA 0000004093FA 0 emL;H
0000000088BC 0000004094BC 0 .) h]'[
000000008961 000000409561 0 m>%kP
00000000897B 00000040957B 0 z'[+,
000000008A02 000000409602 0 /jB _
000000008A5E 00000040965E 0 RQ7.c
000000008AA6 0000004096A6 0 B:@OF
000000008AB6 0000004096B6 0 "{~ZC
000000008C70 000000409870 0 '+81Yqpb
File pos Mem pos ID Text
======== ======= == ====
000000008CF4 0000004098F4 0 (T#4ch
000000008D53 000000409953 0 6n 'nnP
000000008D6D 00000040996D 0 S)<,-
000000008F13 000000409B13 0 hccBZ
000000008F68 000000409B68 0 \E#]1
000000008F7B 000000409B7B 0 D!ZV1
000000008FB7 000000409BB7 0 eiN+F
0000000090FD 000000409CFD 0 gOv=K5
00000000919C 000000409D9C 0 ?9IV|
000000009278 000000409E78 0 {3?z{
0000000093F7 000000409FF7 0 >,]#}X7
00000000948C 00000040A08C 0 >fQPW
0000000094AA 00000040A0AA 0 ~k]v~j
000000009732 00000040A332 0 mE+U&
000000009754 00000040A354 0 slknm
0000000098CE 00000040A4CE 0 hbCXT
00000000999F 00000040A59F 0 Tn:M,
000000009A41 00000040A641 0 P49nag
000000009C67 00000040A867 0 <>?2x}|d
000000009C86 00000040A886 0 d/t:64
000000009FEC 00000040ABEC 0 T"QPjL
00000000A03B 00000040AC3B 0 54y=k?
00000000A0D5 00000040ACD5 0 WCCo,,
00000000A152 00000040AD52 0 :A3@/AH
00000000A4A4 00000040B0A4 0 EfTdI%"fm
00000000A4F5 00000040B0F5 0 X0_z]35
00000000A540 00000040B140 0 f$fjO
00000000A5B2 00000040B1B2 0 =C5O{
00000000A810 00000040B410 0 4>["Lv
00000000A896 00000040B496 0 5r_DO
00000000A988 00000040B588 0 R}sqo
00000000A99C 00000040B59C 0 =Cdw7}
00000000A9CB 00000040B5CB 0 xol}y
00000000AA4E 00000040B64E 0 j>7Z_
00000000AAEF 00000040B6EF 0 Gr5+\n
00000000AB41 00000040B741 0 pMJ7
00000000AC5E 00000040B85E 0 P;8hR
00000000AD10 00000040B910 0 T%}[W
00000000AF9B 00000040BB9B 0 ig'S;v
00000000AFD0 00000040BBD0 0 %1S wb
00000000AFE2 00000040BBE2 0 ,C1L#
00000000B067 00000040BC67 0 !2dpBd
00000000B0F8 00000040BCF8 0 ,Ov]X
00000000B120 00000040BD20 0 7J&t*
00000000B32C 00000040BF2C 0 }52)~E
00000000B402 00000040C002 0 ',EM#|
00000000B492 00000040C092 0 !famU
00000000B53D 00000040C13D 0 g2BmL
00000000B6C6 00000040C2C6 0 $G<P?
00000000B870 00000040C470 0 Za!g=
00000000B962 00000040C562 0 9/-~q
00000000B9B4 00000040C5B4 0 .f{_(
00000000BA5C 00000040C65C 0 < 45x@
00000000BC6C 00000040C86C 0 2[YUq
00000000BD56 00000040C956 0 2+@
00000000BFA9 00000040CBA9 0 ~C[yGv,
00000000C035 00000040CC35 0 !j+e6
00000000C0AF 00000040CCAF 0 u405iU(t
00000000C19D 00000040CD9D 0 'c"B$8
00000000C1FC 00000040CDFC 0 #]|#:
File pos Mem pos ID Text
======== ======= == ====
00000000C220 00000040CE20 0 $?wdG
00000000C2DE 00000040CEDE 0 ozVX'
00000000C377 00000040CF77 0 CD;px
00000000C478 00000040D078 0 ?+Y$M
00000000C4F2 00000040D0F2 0 )QT6C/,B
00000000C861 00000040D461 0 Wx{n'
00000000C9DD 00000040D5DD 0 E=m{b
00000000CA96 00000040D696 0 ;2w:wd
00000000CAEF 00000040D6EF 0 Fj\)"
00000000CC2F 00000040D82F 0 vN$kUH
00000000CE44 00000040DA44 0 aUtbnG
00000000CFC6 00000040DBC6 0 %Yy+H
00000000D040 00000040DC40 0 %WU~.VU
00000000D0EB 00000040DCEB 0 #"!egdg
00000000D2E7 00000040DEE7 0 5xkuE
00000000D443 00000040E043 0 9j3u <
00000000D530 00000040E130 0 GV)zfG
00000000D71D 00000040E31D 0 z[645
00000000D752 00000040E352 0 h'VR(
00000000D8DA 00000040E4DA 0 oO sT]M
00000000D8FF 00000040E4FF 0 u}8>+
00000000DB0B 00000040E70B 0 UPO/n+Q
00000000DB32 00000040E732 0 }V]*?D
00000000DCB9 00000040E8B9 0 + |%\
00000000DCF5 00000040E8F5 0 qSw4n\
00000000DE77 00000040EA77 0 }#KX1
00000000DEF8 00000040EAF8 0 AF[0Ye
00000000DF48 00000040EB48 0 p.,&#
00000000E054 00000040EC54 0 m U#2
00000000E093 00000040EC93 0 "\mEE
00000000E160 00000040ED60 0 9 %6"
00000000E1F9 00000040EDF9 0 =Z|;,
00000000E39E 00000040EF9E 0 60|&lS#
00000000E505 00000040F105 0 %u=$q
00000000E52B 00000040F12B 0 EH82b
00000000E6A1 00000040F2A1 0 >X?I
00000000E6DD 00000040F2DD 0 ,mCnQ
00000000E73D 00000040F33D 0 7w:"k
00000000E8A9 00000040F4A9 0 ?6<Zt
00000000E98C 00000040F58C 0 azv J
00000000EC21 00000040F821 0 ghI&w
00000000EC2F 00000040F82F 0 L$&\!
00000000EC63 00000040F863 0 +4?RW
00000000EC77 00000040F877 0 X&F!N\
00000000EDD4 00000040F9D4 0 x ay28K
00000000EF37 00000040FB37 0 P|vNk
00000000EF65 00000040FB65 0 BK{]l
00000000F0E8 00000040FCE8 0 cTqVb
00000000F313 00000040FF13 0 9KaWV
00000000F486 000000410086 0 - 7@Z
00000000F5ED 0000004101ED 0 Z+<d?Rg
00000000F607 000000410207 0 kzE5Z
00000000F63D 00000041023D 0 ,+bsbR
00000000F745 000000410345 0 REXbm
00000000F963 000000410563 0 3O0bZ"Z
00000000F9CE 0000004105CE 0 _HX|Ao3<
00000000F9E6 0000004105E6 0 &p)cM
00000000FAF5 0000004106F5 0 C.FfX
00000000FB6E 00000041076E 0 (h(s9/
00000000FCCD 0000004108CD 0 :g'Cw&
File pos Mem pos ID Text
======== ======= == ====
00000000FFC3 000000410BC3 0 *8=G|pz
00000001007F 000000410C7F 0 prb:2
00000001009C 000000410C9C 0 i R0)5
00000001013A 000000410D3A 0 BJj4Y
00000001017E 000000410D7E 0 iJo<%j!
0000000101C1 000000410DC1 0 ";R2'
000000010216 000000410E16 0 {zsj|
0000000102AA 000000410EAA 0 -lRR[
0000000102E5 000000410EE5 0 %$h>KH9_
00000001052C 00000041112C 0 >(6&}R
00000001054E 00000041114E 0 k)IV(
0000000105C1 0000004111C1 0 4uf(i
0000000106B2 0000004112B2 0 ,Ef!]
0000000107DD 0000004113DD 0 #~cmE
000000010838 000000411438 0 .$FhD
000000010A0A 00000041160A 0 !4q @i
000000010A6E 00000041166E 0 ,k:jY
000000010A85 000000411685 0 js&x_
000000010B5A 00000041175A 0 41[@kc
000000010B96 000000411796 0 sb0#j
000000010CEC 0000004118EC 0 K<h'i
000000010CF2 0000004118F2 0 ;~Y[owu
000000010D89 000000411989 0 BHKSG
000000010F4B 000000411B4B 0 rDK9$
000000011174 000000411D74 0 5k[9<>
000000011494 000000412094 0 ,-"Q\~
0000000114B2 0000004120B2 0 W1D/P
000000011560 000000412160 0 q8k++C
000000011624 000000412224 0 g7]#
000000011721 000000412321 0 ,#]<eG
000000011880 000000412480 0 6E[fk
000000011B67 000000412767 0 {sx07
000000011BB0 0000004127B0 0 @9=[hY<I/
000000011BF2 0000004127F2 0 o@597=T
000000011F44 000000412B44 0 *sK0&
00000001213D 000000412D3D 0 c}"pw
000000012161 000000412D61 0 i/[hu2}
0000000121B6 000000412DB6 0 l[}V;
000000012280 000000412E80 0 1J9@|
00000001230D 000000412F0D 0 ;-G&CZ
00000001237D 000000412F7D 0 )j XP
000000012591 000000413191 0 ;#6Z,GlP
0000000126CE 0000004132CE 0 ! pyB@
000000012EDC 000000413ADC 0 =L[h
000000012F61 000000413B61 0 &[8/M
0000000135A7 0000004141A7 0 ,OORb>
0000000136E7 0000004142E7 0 )A %
000000013970 000000414570 0 4yxxi
000000013991 000000414591 0 /bskcF
000000013A8C 00000041468C 0 Ut 6+
000000013AAC 0000004146AC 0 g/:c:jl
000000013C04 000000414804 0 L#/=8u
000000013DB1 0000004149B1 0 $\R6t$
000000013EEE 000000414AEE 0 \yi.9
00000001419A 000000414D9A 0 _tGAw
000000014357 000000414F57 0 .Wp+~
0000000143DE 000000414FDE 0 Q4u4hi
0000000146CD 0000004152CD 0 3cH$.
000000014CEA 0000004158EA 0 RESERV_END
000000014D68 000000415968 0 TagConstBegin
File pos Mem pos ID Text
======== ======= == ====
000000014D78 000000415978 0 kernel32.dll
000000014D88 000000415988 0 VirtualAllocEx
000000014D98 000000415998 0 VirtualFreeEx
000000014DA8 0000004159A8 0 WriteProcessMemory
000000014DBC 0000004159BC 0 CreateRemoteThread
000000014DD0 0000004159D0 0 GetWindowsDirectoryA
000000014DE8 0000004159E8 0 TerminateProcess
000000014DFC 0000004159FC 0 CreateToolhelp32Snapshot
000000014E18 000000415A18 0 Process32First
000000014E28 000000415A28 0 Process32Next
000000014E38 000000415A38 0 Module32First
000000014E48 000000415A48 0 Module32Next
000000014E58 000000415A58 0 advapi32.dll
000000014E68 000000415A68 0 OpenSCManagerA
000000014E78 000000415A78 0 OpenServiceA
000000014E88 000000415A88 0 QueryServiceStatus
000000014E9C 000000415A9C 0 ControlService
000000014EAC 000000415AAC 0 CloseServiceHandle
000000014EC0 000000415AC0 0 LookupPrivilegeValueA
000000014ED8 000000415AD8 0 AdjustTokenPrivileges
000000014EF0 000000415AF0 0 shell32.dll
000000014EFC 000000415AFC 0 IsUserAnAdmin
000000014F0C 000000415B0C 0 user32.dll
000000014F18 000000415B18 0 CloseDesktop
000000014F28 000000415B28 0 CloseWindowStation
000000014F3C 000000415B3C 0 CreateDesktopA
000000014F4C 000000415B4C 0 EnumDisplayMonitors
000000014F60 000000415B60 0 GetMonitorInfoA
000000014F70 000000415B70 0 GetProcessWindowStation
000000014F88 000000415B88 0 GetThreadDesktop
000000014F9C 000000415B9C 0 OpenDesktopA
000000014FAC 000000415BAC 0 OpenWindowStationA
000000014FC0 000000415BC0 0 SetProcessWindowStation
000000014FD8 000000415BD8 0 SetThreadDesktop
000000014FEC 000000415BEC 0 SwitchDesktop
000000014FFC 000000415BFC 0 psapi.dll
000000015008 000000415C08 0 EnumProcesses
000000015018 000000415C18 0 GetModuleBaseNameA
00000001502C 000000415C2C 0 GetModuleFileNameExA
000000015044 000000415C44 0 \Prefetch\
000000015050 000000415C50 0 SpiService.exe
000000015060 000000415C60 0 C:\Program Files\Diebold\AgilisXFS\bin\SpiService.exe
000000015098 000000415C98 0 AgilisShell.exe
0000000150A8 000000415CA8 0 mu.exe
0000000150B0 000000415CB0 0 /setupapi.log
0000000150C4 000000415CC4 0 netmgr.dll
0000000150D0 000000415CD0 0 \trl2
0000000150E4 000000415CE4 0 \attrib
0000000150F0 000000415CF0 0 \attrib2
0000000150FC 000000415CFC 0 \win.ini:attrib
000000015110 000000415D10 0 \win.ini:attrib2
000000015124 000000415D24 0 Diebold XFS
000000015130 000000415D30 0 \system32\netmgr.dll
000000015148 000000415D48 0 C:\Program Files\Diebold\AgilisXFS\bin\SpiService.exe:#13
000000015184 000000415D84 0 SOFTWARE\Diebold\Agilis 91x Applications
0000000151B0 000000415DB0 0 SOFTWARE\Diebold\Agilis 91x Core
0000000151D4 000000415DD4 0 SOFTWARE\Diebold\Agilis 91x
0000000151F0 000000415DF0 0 SOFTWARE\Diebold\Agilis Power
000000015210 000000415E10 0 Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
00000001524C 000000415E4C 0 Software\Microsoft\Windows\ShellNoRoam\MUICache
File pos Mem pos ID Text
======== ======= == ====
00000001527C 000000415E7C 0 SYSTEM\CurrentControlSet\Enum\
00000001529C 000000415E9C 0 TagConstEnd
0000000152A8 000000415EA8 0 LoadFile
000000015770 000000416370 0 WinSta0
000000015778 000000416378 0 MyDesktop
000000015790 000000416390 0 ATMDialog
00000001579C 00000041639C 0 hello
0000000157A4 0000004163A4 0 STATIC
0000000157BC 0000004163BC 0 default
000000015864 000000416464 0 $ZXs?
00000001586B 00000041646B 0 ZX}9j
000000015990 000000416590 0 CreateFile
00000001599C 00000041659C 0 WriteFile
0000000159A8 0000004165A8 0 ReadFile
000000015A1C 00000041661C 0 CreateFile
000000015A5B 00000041665B 0 PhtfA
000000015A78 000000416678 0 %.2d/%.2d/%.2d %.2d:%.2d:%.2d
000000015BD0 0000004167D0 0 Error
000000015C78 000000416878 0 CreateFile1
000000015D90 000000416990 0 OpenProcessToken
000000015DA4 0000004169A4 0 LookupPrivilegeValue
000000015DBC 0000004169BC 0 AdjustTokenPrivileges
000000016092 000000416C92 0 ]hxV4
00000001633C 000000416F3C 0 LocalRealloc
00000001634C 000000416F4C 0 LoadLibraryA
00000001635C 000000416F5C 0 kernel32
000000016438 000000417038 0 CreateFile
000000016444 000000417044 0 WriteFile
0000000165C8 0000004171C8 0 dll CRC error
0000000165D8 0000004171D8 0 Error
0000000165E0 0000004171E0 0 dll file length>128k
00000001669C 00000041729C 0 SeDebugPrivilege
0000000167A4 0000004173A4 0 TimeOutSrvStop
000000016870 000000417470 0 OpenService
00000001687C 00000041747C 0 Stop
000000016884 000000417484 0 ControlService
000000016A8C 00000041768C 0 A.I. Error
000000016A98 000000417698 0 Warning
000000016C00 000000417800 0 OpenProcess
000000016C0C 00000041780C 0 GetExitCodeThread
000000016DF8 0000004179F8 0 kernel32.dll
000000016E08 000000417A08 0 FindFirstFileA
000000016E18 000000417A18 0 FindNextFileA
000000016E28 000000417A28 0 FindClose
000000016E34 000000417A34 0 lstrcpy
000000016E3C 000000417A3C 0 DeleteFileA
000000016E48 000000417A48 0 Sleep
000000016E50 000000417A50 0 -*.pf
000000016E9D 000000417A9D 0 $ZXuz
000000016F2C 000000417B2C 0 LoadLibrary
000000016F38 000000417B38 0 GetProcAddress
000000017104 000000417D04 0 Product Version
000000017118 000000417D18 0 version
0000000172D8 000000417ED8 0 used,
0000000172E4 000000417EE4 0 ver: %X.%X.%X.%X
000000017404 000000418004 0 SeDebugPrivilege
000000017525 000000418125 0 8NTFS
0000000175D0 0000004181D0 0 %s %x.%d %d, %s, Monitors:%d
000000017742 000000418342 0 Admin
0000000177C7 0000004183C7 0 EZX~A
File pos Mem pos ID Text
======== ======= == ====
000000017A17 000000418617 0 UZX~Q
000000017C10 000000418810 0 RegDeleteKey
000000017CFC 0000004188FC 0 8I121u_
000000017D74 000000418974 0 [%.4d/%.2d/%.2d
000000017D88 000000418988 0 USB\VID_
000000017D94 000000418994 0 USBSTOR\DISK&VEN_
000000017DA8 0000004189A8 0 STORAGE\REMOVABLEMEDIA\
000000017DC0 0000004189C0 0 TagDecoderU
000000017DD0 0000004189D0 0 ]hUUUU
000000017EF8 000000418AF8 0 TagEndDecoder
0000000182D0 000000418ED0 0 memo.txt
0000000182E4 000000418EE4 0 SundBox
0000000182F0 000000418EF0 0 LinInst2
0000000182FE 000000418EFE 0 Before
000000018308 000000418F08 0 SeTtInGs
000000018314 000000418F14 0 Setup v 3.1.0
00000001832A 000000418F2A 0 Agent v %s
00000001833D 000000418F3D 0 MenuCode %d
000000018350 000000418F50 0 SingleCmdCode %d
000000018363 000000418F63 0 OWner ID %d
000000018376 000000418F76 0 Instrument ID %d
00000001838E 000000418F8E 0 Country - %s
0000000183A0 000000418FA0 0 No Settings
0000000183AC 000000418FAC 0 Installation Error
0000000183C0 000000418FC0 0 Installation OK
0000000183D0 000000418FD0 0 DbdDevService.exe
0000000183E6 000000418FE6 0 After
0000000183F0 000000418FF0 0 SeShutdownPrivilege
00000001864C 00000041A04C 0 Error
000000018654 00000041A054 0 Runtime error at 00000000
000000018674 00000041A074 0 0123456789ABCDEF
000000018B00 00000041C300 0 kernel32.dll
000000018B10 00000041C310 0 DeleteCriticalSection
000000018B28 00000041C328 0 LeaveCriticalSection
000000018B40 00000041C340 0 EnterCriticalSection
000000018B58 00000041C358 0 InitializeCriticalSection
000000018B74 00000041C374 0 VirtualFree
000000018B82 00000041C382 0 VirtualAlloc
000000018B92 00000041C392 0 LocalFree
000000018B9E 00000041C39E 0 LocalAlloc
000000018BAC 00000041C3AC 0 GetVersion
000000018BBA 00000041C3BA 0 GetCurrentThreadId
000000018BD0 00000041C3D0 0 GetThreadLocale
000000018BE2 00000041C3E2 0 GetStartupInfoA
000000018BF4 00000041C3F4 0 GetLocaleInfoA
000000018C06 00000041C406 0 GetCommandLineA
000000018C18 00000041C418 0 FreeLibrary
000000018C26 00000041C426 0 ExitProcess
000000018C34 00000041C434 0 WriteFile
000000018C40 00000041C440 0 UnhandledExceptionFilter
000000018C5C 00000041C45C 0 RtlUnwind
000000018C68 00000041C468 0 RaiseException
000000018C7A 00000041C47A 0 GetStdHandle
000000018C88 00000041C488 0 user32.dll
000000018C96 00000041C496 0 GetKeyboardType
000000018CA8 00000041C4A8 0 MessageBoxA
000000018CB4 00000041C4B4 0 advapi32.dll
000000018CC4 00000041C4C4 0 RegQueryValueExA
000000018CD8 00000041C4D8 0 RegOpenKeyExA
000000018CE8 00000041C4E8 0 RegCloseKey
File pos Mem pos ID Text
======== ======= == ====
000000018CF4 00000041C4F4 0 kernel32.dll
000000018D04 00000041C504 0 TlsSetValue
000000018D12 00000041C512 0 TlsGetValue
000000018D20 00000041C520 0 LocalAlloc
000000018D2E 00000041C52E 0 GetModuleHandleA
000000018D40 00000041C540 0 advapi32.dll
000000018D50 00000041C550 0 RegSetKeySecurity
000000018D64 00000041C564 0 RegQueryValueExA
000000018D78 00000041C578 0 RegQueryInfoKeyA
000000018D8C 00000041C58C 0 RegOpenKeyExA
000000018D9C 00000041C59C 0 RegEnumKeyA
000000018DAA 00000041C5AA 0 RegDeleteKeyA
000000018DBA 00000041C5BA 0 RegCloseKey
000000018DC8 00000041C5C8 0 OpenProcessToken
000000018DDC 00000041C5DC 0 InitializeSecurityDescriptor
000000018DFA 00000041C5FA 0 kernel32.dll
000000018E0A 00000041C60A 0 lstrlenA
000000018E16 00000041C616 0 lstrcpyA
000000018E22 00000041C622 0 lstrcmpiA
000000018E2E 00000041C62E 0 lstrcatA
000000018E3A 00000041C63A 0 WriteFile
000000018E46 00000041C646 0 WaitForSingleObject
000000018E5C 00000041C65C 0 Sleep
000000018E64 00000041C664 0 SetLastError
000000018E74 00000041C674 0 SetFileTime
000000018E82 00000041C682 0 SetFilePointer
000000018E94 00000041C694 0 SetFileAttributesA
000000018EAA 00000041C6AA 0 SetEndOfFile
000000018EBA 00000041C6BA 0 ReadFile
000000018EC6 00000041C6C6 0 OpenProcess
000000018ED4 00000041C6D4 0 LocalReAlloc
000000018EE4 00000041C6E4 0 LocalFree
000000018EF0 00000041C6F0 0 LocalAlloc
000000018EFE 00000041C6FE 0 LoadLibraryA
000000018F0E 00000041C70E 0 GetWindowsDirectoryA
000000018F26 00000041C726 0 GetVolumeInformationA
000000018F3E 00000041C73E 0 GetVersionExA
000000018F4E 00000041C74E 0 GetTickCount
000000018F5E 00000041C75E 0 GetSystemTime
000000018F6E 00000041C76E 0 GetSystemDirectoryA
000000018F84 00000041C784 0 GetProcAddress
000000018F96 00000041C796 0 GetModuleHandleA
000000018FAA 00000041C7AA 0 GetModuleFileNameA
000000018FC0 00000041C7C0 0 GetLocalTime
000000018FD0 00000041C7D0 0 GetLastError
000000018FE0 00000041C7E0 0 GetFileTime
000000018FEE 00000041C7EE 0 GetFileSize
000000018FFC 00000041C7FC 0 GetFileAttributesA
000000019012 00000041C812 0 GetExitCodeThread
000000019026 00000041C826 0 GetCurrentThreadId
00000001903C 00000041C83C 0 GetCurrentProcess
000000019050 00000041C850 0 FormatMessageA
000000019062 00000041C862 0 DeleteFileA
000000019070 00000041C870 0 CreateMutexA
000000019080 00000041C880 0 CreateFileA
00000001908E 00000041C88E 0 CopyFileA
00000001909A 00000041C89A 0 CloseHandle
0000000190A6 00000041C8A6 0 version.dll
0000000190B4 00000041C8B4 0 VerQueryValueA
0000000190C6 00000041C8C6 0 GetFileVersionInfoA
File pos Mem pos ID Text
======== ======= == ====
0000000190DA 00000041C8DA 0 gdi32.dll
0000000190E6 00000041C8E6 0 GetTextMetricsA
0000000190F6 00000041C8F6 0 user32.dll
000000019104 00000041C904 0 CreateWindowExA
000000019116 00000041C916 0 UnregisterClassA
00000001912A 00000041C92A 0 TranslateMessage
00000001913E 00000041C93E 0 SetTimer
00000001914A 00000041C94A 0 SetFocus
000000019156 00000041C956 0 SendMessageA
000000019166 00000041C966 0 RegisterClassA
000000019178 00000041C978 0 PeekMessageA
000000019188 00000041C988 0 LoadIconA
000000019194 00000041C994 0 LoadCursorA
0000000191A2 00000041C9A2 0 GetWindowTextA
0000000191B4 00000041C9B4 0 GetWindowDC
0000000191C2 00000041C9C2 0 GetSystemMetrics
0000000191D6 00000041C9D6 0 GetMessageA
0000000191E4 00000041C9E4 0 GetDesktopWindow
0000000191F8 00000041C9F8 0 GetClientRect
000000019208 00000041CA08 0 ExitWindowsEx
000000019218 00000041CA18 0 DrawTextA
000000019224 00000041CA24 0 DispatchMessageA
000000019238 00000041CA38 0 DestroyWindow
000000019248 00000041CA48 0 DefWindowProcA
000000019258 00000041CA58 0 kernel32.dll
000000019268 00000041CA68 0 GetTickCount
000000019278 00000041CA78 0 VirtualProtect
000000019288 00000041CA88 0 shlwapi.dll
000000019296 00000041CA96 0 SHDeleteKeyA
0000000192A4 00000041CAA4 0 user32.dll
0000000192B2 00000041CAB2 0 wsprintfA
0000000192BC 00000041CABC 0 IMAGEHLP.DLL
0000000192CC 00000041CACC 0 MapFileAndCheckSumA
00000001960F 00000041F00F 0 0"0*020:0B0J0R0Z0b0j0r0z0
000000019653 00000041F053 0 6S6b6
000000019667 00000041F067 0 9$9.989N9T9b9w9
000000019691 00000041F091 0 :?:I:S:]:g:z:
0000000196B9 00000041F0B9 0 ;H<h<
0000000196C3 00000041F0C3 0 =Q>]>
0000000196F5 00000041F0F5 0 081A1[1
000000019707 00000041F107 0 2O2X2h2p2v2
000000019727 00000041F127 0 3 383D3L3m3|3
000000019741 00000041F141 0 4B4v4
00000001974D 00000041F14D 0 4$5,52585E5K5
000000019785 00000041F185 0 858F8[8h8
0000000197A3 00000041F1A3 0 ;#;];r;
0000000197B7 00000041F1B7 0 <&<:<D<W<
0000000197C9 00000041F1C9 0 <-=4=V=
0000000197D5 00000041F1D5 0 ?;?B?Z?|?
0000000197F1 00000041F1F1 0 0b0{0
00000001980B 00000041F20B 0 1@1K1h1r1
000000019827 00000041F227 0 2&2+2M2a2m2
00000001983F 00000041F23F 0 4e5v5
000000019865 00000041F265 0 7&7*70747:7A7E7_7h7q7}7
00000001988D 00000041F28D 0 738e8v8{8
0000000198AD 00000041F2AD 0 9$969C9O9\9n9v9~9
0000000198DD 00000041F2DD 0 :&:.:6:>:F:N:V:
0000000198ED 00000041F2ED 0 :f:n:v:~:
00000001991D 00000041F31D 0 ;&;.;6;>;F;N;V;
00000001992D 00000041F32D 0 ;f;n;v;~;
File pos Mem pos ID Text
======== ======= == ====
000000019965 00000041F365 0 9*929:9B9J9R9Z9b9
00000001997D 00000041F37D 0 ?"?,?2?=?i?x?
0000000199C3 00000041F3C3 0 3&3,393C3M3W3a3
0000000199EF 00000041F3EF 0 9&9/9c9l9
0000000199F9 00000041F3F9 0 9W:d:
000000019A1B 00000041F41B 0 0:1D1
000000019A41 00000041F441 0 4"474<4X4b4
000000019A51 00000041F451 0 5&595T5e5
000000019A6B 00000041F46B 0 6U6Z6_6
000000019A75 00000041F475 0 7O7l7
000000019A8B 00000041F48B 0 9&9G9L9
000000019A9D 00000041F49D 0 :_;q;w;
000000019AB3 00000041F4B3 0 <U<e<
000000019ABD 00000041F4BD 0 <]=x=
000000019AC3 00000041F4C3 0 = >c>
000000019AC9 00000041F4C9 0 >M?\?
000000019ADC 00000041F4DC 0 ;0h0x0
000000019AE7 00000041F4E7 0 1-151
000000019AEF 00000041F4EF 0 1 2)292G2j2x2
000000019B0D 00000041F50D 0 3*30495
000000019B1F 00000041F51F 0 788=8
000000019B27 00000041F527 0 9%9F9
000000019B3D 00000041F53D 0 ;";4;8;<;@;D;H;L;P;T;X;\;d;o;~;
000000019B7F 00000041F57F 0 <(<9<T<Y<
000000019B89 00000041F589 0 <u<z<
000000019BB1 00000041F5B1 0 = =&=/=5=:=D=O=
000000019BC1 00000041F5C1 0 =l=r=w=
000000019BF1 00000041F5F1 0 >">,>1>>>C>N>
000000019BFF 00000041F5FF 0 >j>u>~>
000000019C1C 00000041F61C 0 $0(0,0
000000019C5B 00000041F65B 0 1 1$1(1,1014181@1D1H1L1T1X1\1
000000019C79 00000041F679 0 1d1h1l1p1t1x1|1
000000019ECE 0000004200CE 0 lineyka
000000019ED7 0000004200D7 0 UTypes
000000019EE0 0000004200E0 0 System
000000019EE9 0000004200E9 0 SysInit
000000019EF3 0000004200F3 0 Reserv
000000019EFB 0000004200FB 0 KWindows
000000019E98 000000420098 0 PACKAGEINFO
000000000050 000000400050 0 This program must be run under Win32
000000000270 000000400270 0 .idata
0000000002C0 0000004002C0 0 .rdata
0000000002E7 0000004002E7 0 P.reloc
00000000030F 00000040030F 0 P.rsrc
00000000087C 00000040147C 0 wE;\$
000000001E03 000000402A03 0 ~KxI[)
000000001F2C 000000402B2C 0 SOFTWARE\Borland\Delphi\RTL
000000001F48 000000402B48 0 FPUMaskValue
000000001F95 000000402B95 0 PPRTj
00000000210F 000000402D0F 0 YZXtp
00000000212B 000000402D2B 0 Ph8-@
000000002286 000000402E86 0 t=HtN
000000002339 000000402F39 0 PhF/@
000000002408 000000403008 0 Uh=0@
000000002620 000000403220 0 SVWUQ
000000002854 000000403454 0 SVWRP
0000000029CF 0000004035CF 0 Uh=6@
000000002D09 000000403909 0 Uh)9@
000000002D41 000000403941 0 Uha9@
0000000030F9 000000403CF9 0 +tM"W
File pos Mem pos ID Text
======== ======= == ====
000000003554 000000404154 0 Hp>\o
0000000037CC 0000004043CC 0 v:qNgJ
000000003A4F 00000040464F 0 2w0&
000000003AE9 0000004046E9 0 j\50]
000000003B22 000000404722 0 ."pu]Dk
000000003B81 000000404781 0 0Lh&m
000000003CB6 0000004048B6 0 0]&i-
000000003D14 000000404914 0 z8hV
000000003D67 000000404967 0 .P.Gy
000000003FF2 000000404BF2 0 Y*9D7
00000000418F 000000404D8F 0 VJH*&
0000000041AD 000000404DAD 0 ]T-8RV
0000000041B5 000000404DB5 0 ['J8<
000000004220 000000404E20 0 q*W'.
00000000431D 000000404F1D 0 SSztL
0000000043F0 000000404FF0 0 jndIQ
00000000456A 00000040516A 0 .\XHW
00000000489F 00000040549F 0 Kf)nn
0000000048BE 0000004054BE 0 seAil
0000000049CE 0000004055CE 0 $I/3H
0000000049EA 0000004055EA 0 &FDoI
000000004A1F 00000040561F 0 ,x4x[
000000004A5D 00000040565D 0 d2oI6
000000004C7C 00000040587C 0 ]DK?1
000000004C8A 00000040588A 0 Y;1F9
000000004E89 000000405A89 0 C=|:x
000000004F0C 000000405B0C 0 )c6*c
000000004F31 000000405B31 0 w2BJn
000000005048 000000405C48 0 6<\Hn
00000000506D 000000405C6D 0 >BkA}
00000000522F 000000405E2F 0 5 8(g
0000000052C7 000000405EC7 0 })"$pI
000000005312 000000405F12 0 MYl\}
0000000053B7 000000405FB7 0 vUp<U
0000000053F4 000000405FF4 0 .F4+x
000000005448 000000406048 0 /K ~!
0000000054B8 0000004060B8 0 -ie4ZR
0000000056E1 0000004062E1 0 4D:\1
000000005740 000000406340 0 J>i6%lYqJ
00000000582E 00000040642E 0 .h}z7
000000005AA1 0000004066A1 0 rqL?<j
000000005B7E 00000040677E 0 'VP#C
000000005C4B 00000040684B 0 ,=2*Y/
000000005D8E 00000040698E 0 >2;o'=/
000000005E4F 000000406A4F 0 o.yv :5
000000005E88 000000406A88 0 lV]$X
000000005EB3 000000406AB3 0 mqZG%
0000000060D9 000000406CD9 0 k[#r(
0000000060E8 000000406CE8 0 -{3#J
00000000617B 000000406D7B 0 8;,!#wZ
0000000061E7 000000406DE7 0 Te?th5[
00000000624F 000000406E4F 0 U}BFk
0000000062BE 000000406EBE 0 ApI% mo
000000006397 000000406F97 0 R)m\e
0000000063D8 000000406FD8 0 .%-y
000000006705 000000407305 0 '#@~8/
00000000683C 00000040743C 0 77A&O
000000006948 000000407548 0 naw'#
000000006A45 000000407645 0 :.6PS]n
000000006C51 000000407851 0 E[,KH
File pos Mem pos ID Text
======== ======= == ====
000000006DA5 0000004079A5 0 5pf@O
000000006E08 000000407A08 0 G1";q
000000006F0A 000000407B0A 0 ISSb0
000000006FFE 000000407BFE 0 (=|oQz
000000007040 000000407C40 0 ,2aJZ
0000000070BB 000000407CBB 0 'rKdO
000000007102 000000407D02 0 3h);"(
000000007113 000000407D13 0 A*'4|
00000000726F 000000407E6F 0 Ff7Lb3
000000007312 000000407F12 0 ZuNJJ
000000007464 000000408064 0 :tb4$
000000007525 000000408125 0 #<x14X
000000007556 000000408156 0 'yD=:
000000007722 000000408322 0 f@[*$1\
0000000078B4 0000004084B4 0 ?hL}~
0000000078D2 0000004084D2 0 2m[&
0000000079B0 0000004085B0 0 8ugqpa
000000007A78 000000408678 0 IrJum
000000007BA3 0000004087A3 0 /@ MYGW
000000007C03 000000408803 0 xXbPr
000000008189 000000408D89 0 )]/O9
0000000082D4 000000408ED4 0 \]$LfE
000000008420 000000409020 0 K+DxQ
0000000085CD 0000004091CD 0 UqgKo
000000008629 000000409229 0 -L]*Z
0000000086AE 0000004092AE 0 FyLac
0000000086F0 0000004092F0 0 }Ve hD
0000000086F8 0000004092F8 0 .w;op
000000008702 000000409302 0 jc]&V
000000008776 000000409376 0 V!G+,
0000000087FA 0000004093FA 0 emL;H
0000000088BC 0000004094BC 0 .) h]'[
000000008961 000000409561 0 m>%kP
00000000897B 00000040957B 0 z'[+,
000000008A02 000000409602 0 /jB _
000000008A5E 00000040965E 0 RQ7.c
000000008AA6 0000004096A6 0 B:@OF
000000008AB6 0000004096B6 0 "{~ZC
000000008C70 000000409870 0 '+81Yqpb
000000008CF4 0000004098F4 0 (T#4ch
000000008D53 000000409953 0 6n 'nnP
000000008D6D 00000040996D 0 S)<,-
000000008F13 000000409B13 0 hccBZ
000000008F68 000000409B68 0 \E#]1
000000008F7B 000000409B7B 0 D!ZV1
000000008FB7 000000409BB7 0 eiN+F
0000000090FD 000000409CFD 0 gOv=K5
00000000919C 000000409D9C 0 ?9IV|
000000009278 000000409E78 0 {3?z{
0000000093F7 000000409FF7 0 >,]#}X7
00000000948C 00000040A08C 0 >fQPW
0000000094AA 00000040A0AA 0 ~k]v~j
000000009732 00000040A332 0 mE+U&
000000009754 00000040A354 0 slknm
0000000098CE 00000040A4CE 0 hbCXT
00000000999F 00000040A59F 0 Tn:M,
000000009A41 00000040A641 0 P49nag
000000009C67 00000040A867 0 <>?2x}|d
000000009C86 00000040A886 0 d/t:64
000000009FEC 00000040ABEC 0 T"QPjL
File pos Mem pos ID Text
======== ======= == ====
00000000A03B 00000040AC3B 0 54y=k?
00000000A0D5 00000040ACD5 0 WCCo,,
00000000A152 00000040AD52 0 :A3@/AH
00000000A4A4 00000040B0A4 0 EfTdI%"fm
00000000A4F5 00000040B0F5 0 X0_z]35
00000000A540 00000040B140 0 f$fjO
00000000A5B2 00000040B1B2 0 =C5O{
00000000A810 00000040B410 0 4>["Lv
00000000A896 00000040B496 0 5r_DO
00000000A988 00000040B588 0 R}sqo
00000000A99C 00000040B59C 0 =Cdw7}
00000000A9CB 00000040B5CB 0 xol}y
00000000AA4E 00000040B64E 0 j>7Z_
00000000AAEF 00000040B6EF 0 Gr5+\n
00000000AB41 00000040B741 0 pMJ7
00000000AC5E 00000040B85E 0 P;8hR
00000000AD10 00000040B910 0 T%}[W
00000000AF9B 00000040BB9B 0 ig'S;v
00000000AFD0 00000040BBD0 0 %1S wb
00000000AFE2 00000040BBE2 0 ,C1L#
00000000B067 00000040BC67 0 !2dpBd
00000000B0F8 00000040BCF8 0 ,Ov]X
00000000B120 00000040BD20 0 7J&t*
00000000B32C 00000040BF2C 0 }52)~E
00000000B402 00000040C002 0 ',EM#|
00000000B492 00000040C092 0 !famU
00000000B53D 00000040C13D 0 g2BmL
00000000B6C6 00000040C2C6 0 $G<P?
00000000B870 00000040C470 0 Za!g=
00000000B962 00000040C562 0 9/-~q
00000000B9B4 00000040C5B4 0 .f{_(
00000000BA5C 00000040C65C 0 < 45x@
00000000BC6C 00000040C86C 0 2[YUq
00000000BD56 00000040C956 0 2+@
00000000BFA9 00000040CBA9 0 ~C[yGv,
00000000C035 00000040CC35 0 !j+e6
00000000C0AF 00000040CCAF 0 u405iU(t
00000000C19D 00000040CD9D 0 'c"B$8
00000000C1FC 00000040CDFC 0 #]|#:
00000000C220 00000040CE20 0 $?wdG
00000000C2DE 00000040CEDE 0 ozVX'
00000000C377 00000040CF77 0 CD;px
00000000C478 00000040D078 0 ?+Y$M
00000000C4F2 00000040D0F2 0 )QT6C/,B
00000000C861 00000040D461 0 Wx{n'
00000000C9DD 00000040D5DD 0 E=m{b
00000000CA96 00000040D696 0 ;2w:wd
00000000CAEF 00000040D6EF 0 Fj\)"
00000000CC2F 00000040D82F 0 vN$kUH
00000000CE44 00000040DA44 0 aUtbnG
00000000CFC6 00000040DBC6 0 %Yy+H
00000000D040 00000040DC40 0 %WU~.VU
00000000D0EB 00000040DCEB 0 #"!egdg
00000000D2E7 00000040DEE7 0 5xkuE
00000000D443 00000040E043 0 9j3u <
00000000D530 00000040E130 0 GV)zfG
00000000D71D 00000040E31D 0 z[645
00000000D752 00000040E352 0 h'VR(
00000000D8DA 00000040E4DA 0 oO sT]M
00000000D8FF 00000040E4FF 0 u}8>+
File pos Mem pos ID Text
======== ======= == ====
00000000DB0B 00000040E70B 0 UPO/n+Q
00000000DB32 00000040E732 0 }V]*?D
00000000DCB9 00000040E8B9 0 + |%\
00000000DCF5 00000040E8F5 0 qSw4n\
00000000DE77 00000040EA77 0 }#KX1
00000000DEF8 00000040EAF8 0 AF[0Ye
00000000DF48 00000040EB48 0 p.,&#
00000000E054 00000040EC54 0 m U#2
00000000E093 00000040EC93 0 "\mEE
00000000E160 00000040ED60 0 9 %6"
00000000E1F9 00000040EDF9 0 =Z|;,
00000000E39E 00000040EF9E 0 60|&lS#
00000000E505 00000040F105 0 %u=$q
00000000E52B 00000040F12B 0 EH82b
00000000E6A1 00000040F2A1 0 >X?I
00000000E6DD 00000040F2DD 0 ,mCnQ
00000000E73D 00000040F33D 0 7w:"k
00000000E8A9 00000040F4A9 0 ?6<Zt
00000000E98C 00000040F58C 0 azv J
00000000EC21 00000040F821 0 ghI&w
00000000EC2F 00000040F82F 0 L$&\!
00000000EC63 00000040F863 0 +4?RW
00000000EC77 00000040F877 0 X&F!N\
00000000EDD4 00000040F9D4 0 x ay28K
00000000EF37 00000040FB37 0 P|vNk
00000000EF65 00000040FB65 0 BK{]l
00000000F0E8 00000040FCE8 0 cTqVb
00000000F313 00000040FF13 0 9KaWV
00000000F486 000000410086 0 - 7@Z
00000000F5ED 0000004101ED 0 Z+<d?Rg
00000000F607 000000410207 0 kzE5Z
00000000F63D 00000041023D 0 ,+bsbR
00000000F745 000000410345 0 REXbm
00000000F963 000000410563 0 3O0bZ"Z
00000000F9CE 0000004105CE 0 _HX|Ao3<
00000000F9E6 0000004105E6 0 &p)cM
00000000FAF5 0000004106F5 0 C.FfX
00000000FB6E 00000041076E 0 (h(s9/
00000000FCCD 0000004108CD 0 :g'Cw&
00000000FFC3 000000410BC3 0 *8=G|pz
00000001007F 000000410C7F 0 prb:2
00000001009C 000000410C9C 0 i R0)5
00000001013A 000000410D3A 0 BJj4Y
00000001017E 000000410D7E 0 iJo<%j!
0000000101C1 000000410DC1 0 ";R2'
000000010216 000000410E16 0 {zsj|
0000000102AA 000000410EAA 0 -lRR[
0000000102E5 000000410EE5 0 %$h>KH9_
00000001052C 00000041112C 0 >(6&}R
00000001054E 00000041114E 0 k)IV(
0000000105C1 0000004111C1 0 4uf(i
0000000106B2 0000004112B2 0 ,Ef!]
0000000107DD 0000004113DD 0 #~cmE
000000010838 000000411438 0 .$FhD
000000010A0A 00000041160A 0 !4q @i
000000010A6E 00000041166E 0 ,k:jY
000000010A85 000000411685 0 js&x_
000000010B5A 00000041175A 0 41[@kc
000000010B96 000000411796 0 sb0#j
000000010CEC 0000004118EC 0 K<h'i
File pos Mem pos ID Text
======== ======= == ====
000000010CF2 0000004118F2 0 ;~Y[owu
000000010D89 000000411989 0 BHKSG
000000010F4B 000000411B4B 0 rDK9$
000000011174 000000411D74 0 5k[9<>
000000011494 000000412094 0 ,-"Q\~
0000000114B2 0000004120B2 0 W1D/P
000000011560 000000412160 0 q8k++C
000000011624 000000412224 0 g7]#
000000011721 000000412321 0 ,#]<eG
000000011880 000000412480 0 6E[fk
000000011B67 000000412767 0 {sx07
000000011BB0 0000004127B0 0 @9=[hY<I/
000000011BF2 0000004127F2 0 o@597=T
000000011F44 000000412B44 0 *sK0&
00000001213D 000000412D3D 0 c}"pw
000000012161 000000412D61 0 i/[hu2}
0000000121B6 000000412DB6 0 l[}V;
000000012280 000000412E80 0 1J9@|
00000001230D 000000412F0D 0 ;-G&CZ
00000001237D 000000412F7D 0 )j XP
000000012591 000000413191 0 ;#6Z,GlP
0000000126CE 0000004132CE 0 ! pyB@
000000012EDC 000000413ADC 0 =L[h
000000012F61 000000413B61 0 &[8/M
0000000135A7 0000004141A7 0 ,OORb>
0000000136E7 0000004142E7 0 )A %
000000013970 000000414570 0 4yxxi
000000013991 000000414591 0 /bskcF
000000013A8C 00000041468C 0 Ut 6+
000000013AAC 0000004146AC 0 g/:c:jl
000000013C04 000000414804 0 L#/=8u
000000013DB1 0000004149B1 0 $\R6t$
000000013EEE 000000414AEE 0 \yi.9
00000001419A 000000414D9A 0 _tGAw
000000014357 000000414F57 0 .Wp+~
0000000143DE 000000414FDE 0 Q4u4hi
0000000146CD 0000004152CD 0 3cH$.
000000014CEA 0000004158EA 0 RESERV_END
000000014D68 000000415968 0 TagConstBegin
000000014D78 000000415978 0 kernel32.dll
000000014D88 000000415988 0 VirtualAllocEx
000000014D98 000000415998 0 VirtualFreeEx
000000014DA8 0000004159A8 0 WriteProcessMemory
000000014DBC 0000004159BC 0 CreateRemoteThread
000000014DD0 0000004159D0 0 GetWindowsDirectoryA
000000014DE8 0000004159E8 0 TerminateProcess
000000014DFC 0000004159FC 0 CreateToolhelp32Snapshot
000000014E18 000000415A18 0 Process32First
000000014E28 000000415A28 0 Process32Next
000000014E38 000000415A38 0 Module32First
000000014E48 000000415A48 0 Module32Next
000000014E58 000000415A58 0 advapi32.dll
000000014E68 000000415A68 0 OpenSCManagerA
000000014E78 000000415A78 0 OpenServiceA
000000014E88 000000415A88 0 QueryServiceStatus
000000014E9C 000000415A9C 0 ControlService
000000014EAC 000000415AAC 0 CloseServiceHandle
000000014EC0 000000415AC0 0 LookupPrivilegeValueA
000000014ED8 000000415AD8 0 AdjustTokenPrivileges
000000014EF0 000000415AF0 0 shell32.dll
File pos Mem pos ID Text
======== ======= == ====
000000014EFC 000000415AFC 0 IsUserAnAdmin
000000014F0C 000000415B0C 0 user32.dll
000000014F18 000000415B18 0 CloseDesktop
000000014F28 000000415B28 0 CloseWindowStation
000000014F3C 000000415B3C 0 CreateDesktopA
000000014F4C 000000415B4C 0 EnumDisplayMonitors
000000014F60 000000415B60 0 GetMonitorInfoA
000000014F70 000000415B70 0 GetProcessWindowStation
000000014F88 000000415B88 0 GetThreadDesktop
000000014F9C 000000415B9C 0 OpenDesktopA
000000014FAC 000000415BAC 0 OpenWindowStationA
000000014FC0 000000415BC0 0 SetProcessWindowStation
000000014FD8 000000415BD8 0 SetThreadDesktop
000000014FEC 000000415BEC 0 SwitchDesktop
000000014FFC 000000415BFC 0 psapi.dll
000000015008 000000415C08 0 EnumProcesses
000000015018 000000415C18 0 GetModuleBaseNameA
00000001502C 000000415C2C 0 GetModuleFileNameExA
000000015044 000000415C44 0 \Prefetch\
000000015050 000000415C50 0 SpiService.exe
000000015060 000000415C60 0 C:\Program Files\Diebold\AgilisXFS\bin\SpiService.exe
000000015098 000000415C98 0 AgilisShell.exe
0000000150A8 000000415CA8 0 mu.exe
0000000150B0 000000415CB0 0 /setupapi.log
0000000150C4 000000415CC4 0 netmgr.dll
0000000150D0 000000415CD0 0 \trl2
0000000150E4 000000415CE4 0 \attrib
0000000150F0 000000415CF0 0 \attrib2
0000000150FC 000000415CFC 0 \win.ini:attrib
000000015110 000000415D10 0 \win.ini:attrib2
000000015124 000000415D24 0 Diebold XFS
000000015130 000000415D30 0 \system32\netmgr.dll
000000015148 000000415D48 0 C:\Program Files\Diebold\AgilisXFS\bin\SpiService.exe:#13
000000015184 000000415D84 0 SOFTWARE\Diebold\Agilis 91x Applications
0000000151B0 000000415DB0 0 SOFTWARE\Diebold\Agilis 91x Core
0000000151D4 000000415DD4 0 SOFTWARE\Diebold\Agilis 91x
0000000151F0 000000415DF0 0 SOFTWARE\Diebold\Agilis Power
000000015210 000000415E10 0 Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
00000001524C 000000415E4C 0 Software\Microsoft\Windows\ShellNoRoam\MUICache
00000001527C 000000415E7C 0 SYSTEM\CurrentControlSet\Enum\
00000001529C 000000415E9C 0 TagConstEnd
0000000152A8 000000415EA8 0 LoadFile
000000015770 000000416370 0 WinSta0
000000015778 000000416378 0 MyDesktop
000000015790 000000416390 0 ATMDialog
00000001579C 00000041639C 0 hello
0000000157A4 0000004163A4 0 STATIC
0000000157BC 0000004163BC 0 default
000000015864 000000416464 0 $ZXs?
00000001586B 00000041646B 0 ZX}9j
000000015990 000000416590 0 CreateFile
00000001599C 00000041659C 0 WriteFile
0000000159A8 0000004165A8 0 ReadFile
000000015A1C 00000041661C 0 CreateFile
000000015A5B 00000041665B 0 PhtfA
000000015A78 000000416678 0 %.2d/%.2d/%.2d %.2d:%.2d:%.2d
000000015BD0 0000004167D0 0 Error
000000015C78 000000416878 0 CreateFile1
000000015D90 000000416990 0 OpenProcessToken
000000015DA4 0000004169A4 0 LookupPrivilegeValue
File pos Mem pos ID Text
======== ======= == ====
000000015DBC 0000004169BC 0 AdjustTokenPrivileges
000000016092 000000416C92 0 ]hxV4
00000001633C 000000416F3C 0 LocalRealloc
00000001634C 000000416F4C 0 LoadLibraryA
00000001635C 000000416F5C 0 kernel32
000000016438 000000417038 0 CreateFile
000000016444 000000417044 0 WriteFile
0000000165C8 0000004171C8 0 dll CRC error
0000000165D8 0000004171D8 0 Error
0000000165E0 0000004171E0 0 dll file length>128k
00000001669C 00000041729C 0 SeDebugPrivilege
0000000167A4 0000004173A4 0 TimeOutSrvStop
000000016870 000000417470 0 OpenService
00000001687C 00000041747C 0 Stop
000000016884 000000417484 0 ControlService
000000016A8C 00000041768C 0 A.I. Error
000000016A98 000000417698 0 Warning
000000016C00 000000417800 0 OpenProcess
000000016C0C 00000041780C 0 GetExitCodeThread
000000016DF8 0000004179F8 0 kernel32.dll
000000016E08 000000417A08 0 FindFirstFileA
000000016E18 000000417A18 0 FindNextFileA
000000016E28 000000417A28 0 FindClose
000000016E34 000000417A34 0 lstrcpy
000000016E3C 000000417A3C 0 DeleteFileA
000000016E48 000000417A48 0 Sleep
000000016E50 000000417A50 0 -*.pf
000000016E9D 000000417A9D 0 $ZXuz
000000016F2C 000000417B2C 0 LoadLibrary
000000016F38 000000417B38 0 GetProcAddress
000000017104 000000417D04 0 Product Version
000000017118 000000417D18 0 version
0000000172D8 000000417ED8 0 used,
0000000172E4 000000417EE4 0 ver: %X.%X.%X.%X
000000017404 000000418004 0 SeDebugPrivilege
000000017525 000000418125 0 8NTFS
0000000175D0 0000004181D0 0 %s %x.%d %d, %s, Monitors:%d
000000017742 000000418342 0 Admin
0000000177C7 0000004183C7 0 EZX~A
000000017A17 000000418617 0 UZX~Q
000000017C10 000000418810 0 RegDeleteKey
000000017CFC 0000004188FC 0 8I121u_
000000017D74 000000418974 0 [%.4d/%.2d/%.2d
000000017D88 000000418988 0 USB\VID_
000000017D94 000000418994 0 USBSTOR\DISK&VEN_
000000017DA8 0000004189A8 0 STORAGE\REMOVABLEMEDIA\
000000017DC0 0000004189C0 0 TagDecoderU
000000017DD0 0000004189D0 0 ]hUUUU
000000017EF8 000000418AF8 0 TagEndDecoder
0000000182D0 000000418ED0 0 memo.txt
0000000182E4 000000418EE4 0 SundBox
0000000182F0 000000418EF0 0 LinInst2
0000000182FE 000000418EFE 0 Before
000000018308 000000418F08 0 SeTtInGs
000000018314 000000418F14 0 Setup v 3.1.0
00000001832A 000000418F2A 0 Agent v %s
00000001833D 000000418F3D 0 MenuCode %d
000000018350 000000418F50 0 SingleCmdCode %d
000000018363 000000418F63 0 OWner ID %d
000000018376 000000418F76 0 Instrument ID %d
File pos Mem pos ID Text
======== ======= == ====
00000001838E 000000418F8E 0 Country - %s
0000000183A0 000000418FA0 0 No Settings
0000000183AC 000000418FAC 0 Installation Error
0000000183C0 000000418FC0 0 Installation OK
0000000183D0 000000418FD0 0 DbdDevService.exe
0000000183E6 000000418FE6 0 After
0000000183F0 000000418FF0 0 SeShutdownPrivilege
00000001864C 00000041A04C 0 Error
000000018654 00000041A054 0 Runtime error at 00000000
000000018674 00000041A074 0 0123456789ABCDEF
000000018B00 00000041C300 0 kernel32.dll
000000018B10 00000041C310 0 DeleteCriticalSection
000000018B28 00000041C328 0 LeaveCriticalSection
000000018B40 00000041C340 0 EnterCriticalSection
000000018B58 00000041C358 0 InitializeCriticalSection
000000018B74 00000041C374 0 VirtualFree
000000018B82 00000041C382 0 VirtualAlloc
000000018B92 00000041C392 0 LocalFree
000000018B9E 00000041C39E 0 LocalAlloc
000000018BAC 00000041C3AC 0 GetVersion
000000018BBA 00000041C3BA 0 GetCurrentThreadId
000000018BD0 00000041C3D0 0 GetThreadLocale
000000018BE2 00000041C3E2 0 GetStartupInfoA
000000018BF4 00000041C3F4 0 GetLocaleInfoA
000000018C06 00000041C406 0 GetCommandLineA
000000018C18 00000041C418 0 FreeLibrary
000000018C26 00000041C426 0 ExitProcess
000000018C34 00000041C434 0 WriteFile
000000018C40 00000041C440 0 UnhandledExceptionFilter
000000018C5C 00000041C45C 0 RtlUnwind
000000018C68 00000041C468 0 RaiseException
000000018C7A 00000041C47A 0 GetStdHandle
000000018C88 00000041C488 0 user32.dll
000000018C96 00000041C496 0 GetKeyboardType
000000018CA8 00000041C4A8 0 MessageBoxA
000000018CB4 00000041C4B4 0 advapi32.dll
000000018CC4 00000041C4C4 0 RegQueryValueExA
000000018CD8 00000041C4D8 0 RegOpenKeyExA
000000018CE8 00000041C4E8 0 RegCloseKey
000000018CF4 00000041C4F4 0 kernel32.dll
000000018D04 00000041C504 0 TlsSetValue
000000018D12 00000041C512 0 TlsGetValue
000000018D20 00000041C520 0 LocalAlloc
000000018D2E 00000041C52E 0 GetModuleHandleA
000000018D40 00000041C540 0 advapi32.dll
000000018D50 00000041C550 0 RegSetKeySecurity
000000018D64 00000041C564 0 RegQueryValueExA
000000018D78 00000041C578 0 RegQueryInfoKeyA
000000018D8C 00000041C58C 0 RegOpenKeyExA
000000018D9C 00000041C59C 0 RegEnumKeyA
000000018DAA 00000041C5AA 0 RegDeleteKeyA
000000018DBA 00000041C5BA 0 RegCloseKey
000000018DC8 00000041C5C8 0 OpenProcessToken
000000018DDC 00000041C5DC 0 InitializeSecurityDescriptor
000000018DFA 00000041C5FA 0 kernel32.dll
000000018E0A 00000041C60A 0 lstrlenA
000000018E16 00000041C616 0 lstrcpyA
000000018E22 00000041C622 0 lstrcmpiA
000000018E2E 00000041C62E 0 lstrcatA
000000018E3A 00000041C63A 0 WriteFile
File pos Mem pos ID Text
======== ======= == ====
000000018E46 00000041C646 0 WaitForSingleObject
000000018E5C 00000041C65C 0 Sleep
000000018E64 00000041C664 0 SetLastError
000000018E74 00000041C674 0 SetFileTime
000000018E82 00000041C682 0 SetFilePointer
000000018E94 00000041C694 0 SetFileAttributesA
000000018EAA 00000041C6AA 0 SetEndOfFile
000000018EBA 00000041C6BA 0 ReadFile
000000018EC6 00000041C6C6 0 OpenProcess
000000018ED4 00000041C6D4 0 LocalReAlloc
000000018EE4 00000041C6E4 0 LocalFree
000000018EF0 00000041C6F0 0 LocalAlloc
000000018EFE 00000041C6FE 0 LoadLibraryA
000000018F0E 00000041C70E 0 GetWindowsDirectoryA
000000018F26 00000041C726 0 GetVolumeInformationA
000000018F3E 00000041C73E 0 GetVersionExA
000000018F4E 00000041C74E 0 GetTickCount
000000018F5E 00000041C75E 0 GetSystemTime
000000018F6E 00000041C76E 0 GetSystemDirectoryA
000000018F84 00000041C784 0 GetProcAddress
000000018F96 00000041C796 0 GetModuleHandleA
000000018FAA 00000041C7AA 0 GetModuleFileNameA
000000018FC0 00000041C7C0 0 GetLocalTime
000000018FD0 00000041C7D0 0 GetLastError
000000018FE0 00000041C7E0 0 GetFileTime
000000018FEE 00000041C7EE 0 GetFileSize
000000018FFC 00000041C7FC 0 GetFileAttributesA
000000019012 00000041C812 0 GetExitCodeThread
000000019026 00000041C826 0 GetCurrentThreadId
00000001903C 00000041C83C 0 GetCurrentProcess
000000019050 00000041C850 0 FormatMessageA
000000019062 00000041C862 0 DeleteFileA
000000019070 00000041C870 0 CreateMutexA
000000019080 00000041C880 0 CreateFileA
00000001908E 00000041C88E 0 CopyFileA
00000001909A 00000041C89A 0 CloseHandle
0000000190A6 00000041C8A6 0 version.dll
0000000190B4 00000041C8B4 0 VerQueryValueA
0000000190C6 00000041C8C6 0 GetFileVersionInfoA
0000000190DA 00000041C8DA 0 gdi32.dll
0000000190E6 00000041C8E6 0 GetTextMetricsA
0000000190F6 00000041C8F6 0 user32.dll
000000019104 00000041C904 0 CreateWindowExA
000000019116 00000041C916 0 UnregisterClassA
00000001912A 00000041C92A 0 TranslateMessage
00000001913E 00000041C93E 0 SetTimer
00000001914A 00000041C94A 0 SetFocus
000000019156 00000041C956 0 SendMessageA
000000019166 00000041C966 0 RegisterClassA
000000019178 00000041C978 0 PeekMessageA
000000019188 00000041C988 0 LoadIconA
000000019194 00000041C994 0 LoadCursorA
0000000191A2 00000041C9A2 0 GetWindowTextA
0000000191B4 00000041C9B4 0 GetWindowDC
0000000191C2 00000041C9C2 0 GetSystemMetrics
0000000191D6 00000041C9D6 0 GetMessageA
0000000191E4 00000041C9E4 0 GetDesktopWindow
0000000191F8 00000041C9F8 0 GetClientRect
000000019208 00000041CA08 0 ExitWindowsEx
000000019218 00000041CA18 0 DrawTextA
File pos Mem pos ID Text
======== ======= == ====
000000019224 00000041CA24 0 DispatchMessageA
000000019238 00000041CA38 0 DestroyWindow
000000019248 00000041CA48 0 DefWindowProcA
000000019258 00000041CA58 0 kernel32.dll
000000019268 00000041CA68 0 GetTickCount
000000019278 00000041CA78 0 VirtualProtect
000000019288 00000041CA88 0 shlwapi.dll
000000019296 00000041CA96 0 SHDeleteKeyA
0000000192A4 00000041CAA4 0 user32.dll
0000000192B2 00000041CAB2 0 wsprintfA
0000000192BC 00000041CABC 0 IMAGEHLP.DLL
0000000192CC 00000041CACC 0 MapFileAndCheckSumA
00000001960F 00000041F00F 0 0"0*020:0B0J0R0Z0b0j0r0z0
000000019653 00000041F053 0 6S6b6
000000019667 00000041F067 0 9$9.989N9T9b9w9
000000019691 00000041F091 0 :?:I:S:]:g:z:
0000000196B9 00000041F0B9 0 ;H<h<
0000000196C3 00000041F0C3 0 =Q>]>
0000000196F5 00000041F0F5 0 081A1[1
000000019707 00000041F107 0 2O2X2h2p2v2
000000019727 00000041F127 0 3 383D3L3m3|3
000000019741 00000041F141 0 4B4v4
00000001974D 00000041F14D 0 4$5,52585E5K5
000000019785 00000041F185 0 858F8[8h8
0000000197A3 00000041F1A3 0 ;#;];r;
0000000197B7 00000041F1B7 0 <&<:<D<W<
0000000197C9 00000041F1C9 0 <-=4=V=
0000000197D5 00000041F1D5 0 ?;?B?Z?|?
0000000197F1 00000041F1F1 0 0b0{0
00000001980B 00000041F20B 0 1@1K1h1r1
000000019827 00000041F227 0 2&2+2M2a2m2
00000001983F 00000041F23F 0 4e5v5
000000019865 00000041F265 0 7&7*70747:7A7E7_7h7q7}7
00000001988D 00000041F28D 0 738e8v8{8
0000000198AD 00000041F2AD 0 9$969C9O9\9n9v9~9
0000000198DD 00000041F2DD 0 :&:.:6:>:F:N:V:
0000000198ED 00000041F2ED 0 :f:n:v:~:
00000001991D 00000041F31D 0 ;&;.;6;>;F;N;V;
00000001992D 00000041F32D 0 ;f;n;v;~;
000000019965 00000041F365 0 9*929:9B9J9R9Z9b9
00000001997D 00000041F37D 0 ?"?,?2?=?i?x?
0000000199C3 00000041F3C3 0 3&3,393C3M3W3a3
0000000199EF 00000041F3EF 0 9&9/9c9l9
0000000199F9 00000041F3F9 0 9W:d:
000000019A1B 00000041F41B 0 0:1D1
000000019A41 00000041F441 0 4"474<4X4b4
000000019A51 00000041F451 0 5&595T5e5
000000019A6B 00000041F46B 0 6U6Z6_6
000000019A75 00000041F475 0 7O7l7
000000019A8B 00000041F48B 0 9&9G9L9
000000019A9D 00000041F49D 0 :_;q;w;
000000019AB3 00000041F4B3 0 <U<e<
000000019ABD 00000041F4BD 0 <]=x=
000000019AC3 00000041F4C3 0 = >c>
000000019AC9 00000041F4C9 0 >M?\?
000000019ADC 00000041F4DC 0 ;0h0x0
000000019AE7 00000041F4E7 0 1-151
000000019AEF 00000041F4EF 0 1 2)292G2j2x2
000000019B0D 00000041F50D 0 3*30495
000000019B1F 00000041F51F 0 788=8
File pos Mem pos ID Text
======== ======= == ====
000000019B27 00000041F527 0 9%9F9
000000019B3D 00000041F53D 0 ;";4;8;<;@;D;H;L;P;T;X;\;d;o;~;
000000019B7F 00000041F57F 0 <(<9<T<Y<
000000019B89 00000041F589 0 <u<z<
000000019BB1 00000041F5B1 0 = =&=/=5=:=D=O=
000000019BC1 00000041F5C1 0 =l=r=w=
000000019BF1 00000041F5F1 0 >">,>1>>>C>N>
000000019BFF 00000041F5FF 0 >j>u>~>
000000019C1C 00000041F61C 0 $0(0,0
000000019C5B 00000041F65B 0 1 1$1(1,1014181@1D1H1L1T1X1\1
000000019C79 00000041F679 0 1d1h1l1p1t1x1|1
000000019ECE 0000004200CE 0 lineyka
000000019ED7 0000004200D7 0 UTypes
000000019EE0 0000004200E0 0 System
000000019EE9 0000004200E9 0 SysInit
000000019EF3 0000004200F3 0 Reserv
000000019EFB 0000004200FB 0 KWindows
000000019E98 000000420098 0 PACKAGEINFO