.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------.
! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV !
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
d10a0e0621a164fad0d7f3690b5d63ecb9561e5ad30a66f353a98395b774384e
Date...........: 2016-02-11
Family.........: Prilex
File name......: hkcmd2.exe
File size......: 428.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Documentation..: https://securelist.com/atm-malware-from-latin-america-to-the-world/83836/
Entropy:
Binary Histogram:
=== SCREENSHOT ===
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 144 0x90
blocks_in_file: 3 3
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 0 0
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 0 0
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 184 0xb8
=== DOS STUB ===
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
=== RICH Header ===
LIB_ID VERSION TIMES_USED
13 d 8169 1fe9 1 1
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 3 3
TimeDateStamp: "2016-02-08 08:28:15"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 271 0x10f RELOCS_STRIPPED, EXECUTABLE_IMAGE
LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED
32BIT_MACHINE
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 6.0
SizeOfCode: 430080 0x69000
SizeOfInitializedData: 24576 0x6000
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 4852 0x12f4
BaseOfCode: 4096 0x1000
BaseOfData: 434176 0x6a000
ImageBase: 4194304 0x400000
SectionAlignment: 4096 0x1000
FileAlignment: 4096 0x1000
OperatingSystemVersion: 4.0
ImageVersion: 1.3
SubsystemVersion: 4.0
Reserved1: 0 0
SizeOfImage: 458752 0x70000
SizeOfHeaders: 4096 0x1000
CheckSum: 487639 0x770d7
Subsystem: 2 2 WINDOWS_GUI
DllCharacteristics: 0 0
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 4096 0x1000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x 69874 size:0x 28
RESOURCE rva:0x 6f000 size:0x 8d8
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x 0 size:0x 0
DEBUG rva:0x 0 size:0x 0
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 0 size:0x 0
LOAD_CONFIG rva:0x 0 size:0x 0
Bound_IAT rva:0x 228 size:0x 20
IAT rva:0x 1000 size:0x 130
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
.text 1000 68acc 69000 1000 0 0 0 0 60000020 R-X CODE
.data 6a000 40ac 0 0 0 0 0 0 c0000040 RW- IDATA
.rsrc 6f000 8d8 1000 6a000 0 0 0 0 40000040 R-- IDATA
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0x6a7a8 1200 0 304 ICON #30001
0x6a4c0 1200 0 744 ICON #30002
0x6a398 1200 0 296 ICON #30003
0x6a368 1200 0 48 GROUP_ICON #1
0x6a150 1200 0x409 536 VERSION #1
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
MSVBVM60.DLL 0 EVENT_SINK_GetIDsOfNames
MSVBVM60.DLL 0 MethCallEngine
MSVBVM60.DLL 0 EVENT_SINK_Invoke
MSVBVM60.DLL 204
MSVBVM60.DLL 206
MSVBVM60.DLL 272
MSVBVM60.DLL 229
MSVBVM60.DLL 294
MSVBVM60.DLL 0 Zombie_GetTypeInfo
MSVBVM60.DLL 250
MSVBVM60.DLL 251
MSVBVM60.DLL 12c
MSVBVM60.DLL 252
MSVBVM60.DLL 12d
MSVBVM60.DLL 12f
MSVBVM60.DLL 256
MSVBVM60.DLL 131
MSVBVM60.DLL 132
MSVBVM60.DLL 208
MSVBVM60.DLL 133
MSVBVM60.DLL 135
MSVBVM60.DLL 20d
MSVBVM60.DLL 278
MSVBVM60.DLL 20e
MSVBVM60.DLL 0 EVENT_SINK_AddRef
MSVBVM60.DLL 210
MSVBVM60.DLL 211
MSVBVM60.DLL 231
MSVBVM60.DLL 0 DllFunctionCall
MSVBVM60.DLL 233
MSVBVM60.DLL 29e
MSVBVM60.DLL 0 Zombie_GetTypeInfoCount
MSVBVM60.DLL 0 EVENT_SINK_Release
MSVBVM60.DLL 258
MSVBVM60.DLL 137
MSVBVM60.DLL 0 EVENT_SINK_QueryInterface
MSVBVM60.DLL 0 __vbaExceptHandler
MSVBVM60.DLL 2c7
MSVBVM60.DLL 139
MSVBVM60.DLL 2c8
MSVBVM60.DLL 25e
MSVBVM60.DLL 25f
MSVBVM60.DLL 2cb
MSVBVM60.DLL 260
MSVBVM60.DLL 212
MSVBVM60.DLL 2cc
MSVBVM60.DLL 213
MSVBVM60.DLL 2cd
MSVBVM60.DLL 13f
MSVBVM60.DLL 0 ProcCallEngine
MSVBVM60.DLL 217
MSVBVM60.DLL 219
MSVBVM60.DLL 284
MSVBVM60.DLL 285
MSVBVM60.DLL 288
MSVBVM60.DLL 23b
MSVBVM60.DLL 23d
MSVBVM60.DLL 2a9
MSVBVM60.DLL 240
MSVBVM60.DLL 242
MSVBVM60.DLL 2ad
MSVBVM60.DLL 64
MSVBVM60.DLL 243
MSVBVM60.DLL 140
MSVBVM60.DLL 141
MSVBVM60.DLL 265
MSVBVM60.DLL 268
MSVBVM60.DLL 269
MSVBVM60.DLL 26a
MSVBVM60.DLL 26b
MSVBVM60.DLL 21e
MSVBVM60.DLL 221
MSVBVM60.DLL 28c
MSVBVM60.DLL 222
MSVBVM60.DLL 245
=== VERSION INFO ===
# VS_FIXEDFILEINFO:
FileVersion : 1.3.0.4
ProductVersion : 1.3.0.4
StrucVersion : 0x10000
FileFlagsMask : 0
FileFlags : 0
FileOS : 4
FileType : 1
FileSubtype : 0
VarFileInfo : [ 0x409, 0x4b0 ]
# StringTable 040904B0:
CompanyName : "dell"
ProductName : "Rundll32"
FileVersion : "1.03.0004"
ProductVersion : "1.03.0004"
InternalName : "hkcmd2"
OriginalFilename : "hkcmd2.exe"
=== Packer / Compiler ===
MS Visual Basic v5.0/v6.0
File pos Mem pos ID Text
======== ======= == ====
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001B0 0000004001B0 0 .text
0000000001D8 0000004001D8 0 .data
000000000200 000000400200 0 .rsrc
000000000238 000000400238 0 MSVBVM60.DLL
000000001002 000000401002 0 6sh;:s
00000000100A 00000040100A 0 6sOp8s8u8sb
000000001051 000000401051 0 _9sQ}8s
00000000108E 00000040108E 0 6swG8sk}9sAa9sT
0000000010B6 0000004010B6 0 7s \7s
0000000010F9 0000004010F9 0 a7s1a9s
000000001106 000000401106 0 8s2m8sEm8s6n8sIn8s4
000000001330 000000401330 0 scvhost
0000000013A0 0000004013A0 0 Rundll32
0000000013AD 0000004013AD 0 scvhost
0000000013C1 0000004013C1 0 Form1
0000000013E7 0000004013E7 0 tmrTrans
00000000140B 00000040140B 0 tmrRun
00000000142D 00000040142D 0 tmrIdle
000000001455 000000401455 0 tmrEnd
000000001477 000000401477 0 tmrFindOrigin
0000000014A0 0000004014A0 0 tmrStartCospe
0000000014CE 0000004014CE 0 tmrStartWork
0000000014F6 0000004014F6 0 tmrKeepAlive
00000000151E 00000040151E 0 tmrTela
000000001541 000000401541 0 tmrChrono
000000001566 000000401566 0 tmrBlockFlush
00000000158F 00000040158F 0 tmrPass
0000000015B2 0000004015B2 0 tmrPing
0000000015D5 0000004015D5 0 Timer2
0000000015F7 0000004015F7 0 tmrComandos
000000001623 000000401623 0 tmrCapScreen
00000000164B 00000040164B 0 tmrWdg
00000000166F 00000040166F 0 Sock1
000000001678 000000401678 0 MSWinsockLib.Winsock
0000000016D4 0000004016D4 0 tmrStopSnapShot
0000000016FF 0000004016FF 0 tmrDebug
00000000171E 00000040171E 0 tmrRegiao
000000001743 000000401743 0 tmrSnapShot
00000000176A 00000040176A 0 tmrMemAtack
000000001791 000000401791 0 tmrProcessos
0000000017B9 0000004017B9 0 Timer1
0000000017D6 0000004017D6 0 tmrCleanTrash
000000001804 000000401804 0 tmrConnect
00000000182F 00000040182F 0 tmrChangeScreen
00000000185A 00000040185A 0 tmrKeys
00000000187D 00000040187D 0 tmrSaveData
0000000018A4 0000004018A4 0 Label1
0000000018AF 0000004018AF 0 teste
0000000018CD 0000004018CD 0 MS Sans Serif
000000001958 000000401958 0 hkcmd2
00000000195F 00000040195F 0 Rundll32
000000001969 000000401969 0 scvhost
000000002314 000000402314 0 mswinsck.ocx
000000002321 000000402321 0 MSWinsockLib.Winsock
000000002336 000000402336 0 Winsock
000000009724 000000409724 0 The maximum length allow
00000000976A 00000040976A 0 Indicates "No module handle."
00000000979A 00000040979A 0 Indicates "No process p
0000000097D0 0000004097D0 0 tes "No process id."
File pos Mem pos ID Text
======== ======= == ====
0000000097FA 0000004097FA 0 Indicates "No thread id."
000000009940 000000409940 0 oi s4
000000009A14 000000409A14 0 clsAppli
000000009DD0 000000409DD0 0 Rundll32
000000009DDC 000000409DDC 0 clsTransaction
000000009DEC 000000409DEC 0 clsPacote
000000009DF8 000000409DF8 0 clsFile
000000009E00 000000409E00 0 clsMember
000000009E0C 000000409E0C 0 clsPcLogin
000000009E18 000000409E18 0 mocCapImage
000000009E24 000000409E24 0 clsTexto
000000009E30 000000409E30 0 clsClass
000000009E3C 000000409E3C 0 clsRegion
000000009E48 000000409E48 0 clsMemAtack
000000009E54 000000409E54 0 clsApplication
000000009E64 000000409E64 0 clsSetStartup
000000009E74 000000409E74 0 modMemAtack
000000009E80 000000409E80 0 clsScanning
000000009E8C 000000409E8C 0 clsComm
000000009E94 000000409E94 0 clsPercentScan
000000009EA4 000000409EA4 0 clsSnapShot
000000009EB0 000000409EB0 0 clsDebug
000000009EBC 000000409EBC 0 clsStartScan
000000009ECC 000000409ECC 0 modComum
000000009ED8 000000409ED8 0 clsCapRegions
000000009EE8 000000409EE8 0 clsPackDebug
000000009EF8 000000409EF8 0 clsResources
000000009F08 000000409F08 0 clsAprova
000000009F14 000000409F14 0 frmAguarde
000000009F20 000000409F20 0 frmBlack
000000009F2C 000000409F2C 0 frmFlush
000000009F38 000000409F38 0 frmChave
000000009F44 000000409F44 0 scvhost
00000000A28C 00000040A28C 0 SendMessageA
00000000A2A0 00000040A2A0 0 WaitForSingleObject
00000000A2B4 00000040A2B4 0 tmrProcessos
00000000A494 00000040A494 0 CreateToolhelp32Snapshot
00000000A630 00000040A630 0 kernel32
00000000A640 00000040A640 0 GetCurrentProcessId
00000000A68C 00000040A68C 0 FindWindowA
00000000A830 00000040A830 0 User32
00000000A83C 00000040A83C 0 ExitWindowsEx
00000000B428 00000040B428 0 SetForegroundWindow
00000000B474 00000040B474 0 User32.dll
00000000B484 00000040B484 0 SetCursorPos
00000000B4CC 00000040B4CC 0 GetCursorPos
00000000B514 00000040B514 0 mouse_event
00000000B558 00000040B558 0 SetWindowPos
00000000B5A0 00000040B5A0 0 msvbvm60
00000000B5B0 00000040B5B0 0 GetMem1
00000000B5F0 00000040B5F0 0 GetMem2
00000000B630 00000040B630 0 GetMem4
00000000B670 00000040B670 0 GetMem8
00000000B6B0 00000040B6B0 0 advapi32.dll
00000000B6C4 00000040B6C4 0 LookupPrivilegeValueA
00000000B714 00000040B714 0 AdjustTokenPrivileges
00000000B764 00000040B764 0 GetCurrentProcess
00000000B7B0 00000040B7B0 0 OpenProcessToken
00000000B7FC 00000040B7FC 0 psapi.dll
00000000B80C 00000040B80C 0 EnumProcessModules
File pos Mem pos ID Text
======== ======= == ====
00000000B858 00000040B858 0 GetModuleFileNameExA
00000000B8A8 00000040B8A8 0 EnumProcesses
00000000B8F0 00000040B8F0 0 ReadProcessMemory
00000000B938 00000040B938 0 tmrKeys
00000000B97C 00000040B97C 0 Process32First
00000000B9C4 00000040B9C4 0 OpenProcess
00000000BA08 00000040BA08 0 GetSystemInfo
00000000BA50 00000040BA50 0 Process32Next
00000000BA98 00000040BA98 0 RegOpenKeyExA
00000000BAE0 00000040BAE0 0 RegQueryValueExA
00000000BAF4 00000040BAF4 0 tmrDebug
00000000BB00 00000040BB00 0 Timer1
00000000BB44 00000040BB44 0 RegCloseKey
00000000BB88 00000040BB88 0 RegCreateKeyExA
00000000BBD0 00000040BBD0 0 RegSetValueExA
00000000BC18 00000040BC18 0 RegDeleteValueA
00000000BC60 00000040BC60 0 GetModuleHandleA
00000000BCAC 00000040BCAC 0 CloseHandle
00000000BCB8 00000040BCB8 0 tmrRegiao
00000000BD0C 00000040BD0C 0 GetComputerNameA
00000000BD58 00000040BD58 0 RtlMoveMemory
00000000BDA0 00000040BDA0 0 GetForegroundWindow
00000000BDEC 00000040BDEC 0 GetWindowTextA
00000000BE58 00000040BE58 0 tmrFindOrigin
00000000BE68 00000040BE68 0 tmrCapScreen
00000000BE78 00000040BE78 0 tmrRun
00000000BE80 00000040BE80 0 tmrStopSnapShot
00000000C000 00000040C000 0 tmrWdg
00000000C018 00000040C018 0 C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
00000000C050 00000040C050 0 tmrSnapShot
00000000C060 00000040C060 0 tmrChangeScreen
00000000C070 00000040C070 0 Timer2
00000000C078 00000040C078 0 tmrSaveData
00000000C084 00000040C084 0 tmrConnect
00000000C090 00000040C090 0 tmrCleanTrash
00000000C0A0 00000040C0A0 0 tmrEnd
00000000C0A8 00000040C0A8 0 tmrChrono
00000000C0C4 00000040C0C4 0 Sock1
00000000C0DC 00000040C0DC 0 c:\windows\system32\mswinsck.oca
00000000C100 00000040C100 0 MSWinsockLib
00000000C138 00000040C138 0 tmrIdle
00000000C14F 00000040C14F 0 RcComCli
00000000C158 00000040C158 0 tmrTrans
00000000C164 00000040C164 0 tmrBlockFlush
00000000C184 00000040C184 0 Label1
00000000C18C 00000040C18C 0 tmrPass
00000000C194 00000040C194 0 tmrTela
00000000C19C 00000040C19C 0 tmrKeepAlive
00000000C1AC 00000040C1AC 0 tmrComandos
00000000C1B8 00000040C1B8 0 tmrPing
00000000C1C0 00000040C1C0 0 tmrStartWork
00000000C1D0 00000040C1D0 0 tmrStartCospe
00000000C1E0 00000040C1E0 0 tmrMemAtack
00000000C20B 00000040C20B 0 FC:\Program Files\Microsoft Visual Studio\VB98\VBA6.dll
00000000C280 00000040C280 0 GetAsyncKeyState
00000000C2CC 00000040C2CC 0 GetKeyState
00000000C30C 00000040C30C 0 subAddLogData
00000000C31C 00000040C31C 0 salvaLista
00000000C328 00000040C328 0 searchList
00000000C334 00000040C334 0 replaceLista
File pos Mem pos ID Text
======== ======= == ====
00000000C344 00000040C344 0 cComCli_ClientConnect
00000000C35C 00000040C35C 0 tmrKeepAlive_Timer
00000000C370 00000040C370 0 tmrKeys_Timer
00000000C380 00000040C380 0 subEnviaDados
00000000C390 00000040C390 0 cComCli_SendComplete
00000000C3A8 00000040C3A8 0 cComCli_ReceiveComplete
00000000C3C0 00000040C3C0 0 cComCli_SocketError
00000000C3D4 00000040C3D4 0 cComCli_TimeOut
00000000C3E4 00000040C3E4 0 createCospe
00000000C3F0 00000040C3F0 0 tmrTrans_Timer
00000000C4E4 00000040C4E4 0 VBA6.DLL
00000000C4F4 00000040C4F4 0 GetWindowThreadProcessId
00000000C510 00000040C510 0 scanMemory
00000000C548 00000040C548 0 GetParent
00000000C58C 00000040C58C 0 SetParent
00000000C5CC 00000040C5CC 0 subCleanRegions
00000000C614 00000040C614 0 GetWindow
00000000C658 00000040C658 0 LockWindowUpdate
00000000C6A4 00000040C6A4 0 GetDesktopWindow
00000000C6F0 00000040C6F0 0 DestroyWindow
00000000C738 00000040C738 0 SetFocus
00000000C77C 00000040C77C 0 TerminateProcess
00000000C790 00000040C790 0 saveMemory
00000000C81C 00000040C81C 0 Class
00000000C834 00000040C834 0 C:\WINDOWS\system32\msvbvm60.dll\3
00000000C858 00000040C858 0 VBRUN
00000000C88C 00000040C88C 0 Kernel32.dll
00000000C8A0 00000040C8A0 0 FormatMessageA
00000000C8E8 00000040C8E8 0 GetModuleInformation
00000000C938 00000040C938 0 WriteProcessMemory
00000000C984 00000040C984 0 VirtualQueryEx
00000000C9C8 00000040C9C8 0 Align
00000000C9D0 00000040C9D0 0 TrashCollection
00000000C9E0 00000040C9E0 0 HaveToScan
00000000C9EC 00000040C9EC 0 Titulo
00000000C9F4 00000040C9F4 0 ExceptionAt
00000000CA00 00000040CA00 0 Conteudo
00000000CA0C 00000040CA0C 0 putContent
00000000CA18 00000040CA18 0 ExeName
00000000CA20 00000040CA20 0 CleanExceptions
00000000CA30 00000040CA30 0 AddException
00000000CA40 00000040CA40 0 Exceptions
00000000CA4C 00000040CA4C 0 funProcess
00000000CA58 00000040CA58 0 GetPid
00000000CA60 00000040CA60 0 KillOthers
00000000CA6C 00000040CA6C 0 GetHandle
00000000CA78 00000040CA78 0 PauseProcess
00000000CA88 00000040CA88 0 ResumeProcess
00000000CA98 00000040CA98 0 funTakeRegions
00000000CAA8 00000040CAA8 0 funModules
00000000CAB4 00000040CAB4 0 IsModuleRunning
00000000CAC4 00000040CAC4 0 TestMemory
00000000CAD0 00000040CAD0 0 scanCard
00000000CADC 00000040CADC 0 findOrigin
00000000CAE8 00000040CAE8 0 OldscanMemory
00000000CAF8 00000040CAF8 0 PesquisaMemoria
00000000CB08 00000040CB08 0 PesquisaMemoria2
00000000CB1C 00000040CB1C 0 subCapRegion
00000000CB2C 00000040CB2C 0 Scanning
00000000CB38 00000040CB38 0 subCleanTrash
File pos Mem pos ID Text
======== ======= == ====
00000000CB48 00000040CB48 0 RegionAtual
00000000CB54 00000040CB54 0 HighSize
00000000CB60 00000040CB60 0 LowSize
00000000CB68 00000040CB68 0 HighAddress
00000000CB74 00000040CB74 0 LowAddress
00000000CB80 00000040CB80 0 LastTimer
00000000CB8C 00000040CB8C 0 BaseAddressAtual
00000000CBA0 00000040CBA0 0 CleanData
00000000CBAC 00000040CBAC 0 subKillProcess
00000000CBBC 00000040CBBC 0 funGetTimer
00000000CBC8 00000040CBC8 0 subStartTimer
00000000CBD8 00000040CBD8 0 funRedimFindCard
00000000CBEC 00000040CBEC 0 funFinCard
00000000CBF8 00000040CBF8 0 subAddRegion
00000000CC08 00000040CC08 0 funNumRegions
00000000CC18 00000040CC18 0 funGetRegion
00000000CC28 00000040CC28 0 startWork
00000000CC34 00000040CC34 0 FindCospe
00000000CC40 00000040CC40 0 startCospe
00000000CC4C 00000040CC4C 0 salvaCospe
00000000CC58 00000040CC58 0 Cospe
00000000CC60 00000040CC60 0 waitCospeReturn
00000000CC70 00000040CC70 0 Entrega
00000000CC78 00000040CC78 0 Acorda
00000000CC80 00000040CC80 0 Status
00000000CC88 00000040CC88 0 Conta
00000000CC90 00000040CC90 0 stopWork
00000000CC9C 00000040CC9C 0 getTela
00000000CCA4 00000040CCA4 0 ShowData
00000000CCB0 00000040CCB0 0 prepareMemory
00000000CCC0 00000040CCC0 0 startChronoTrigger
00000000CCD4 00000040CCD4 0 receiveBytes
00000000CCE4 00000040CCE4 0 putSpecial
00000000CCF0 00000040CCF0 0 chronoTrigger
00000000CD00 00000040CD00 0 restart
00000000CD08 00000040CD08 0 Inject
00000000CD10 00000040CD10 0 Flush
00000000CD18 00000040CD18 0 WriteCheckProcessMemory
00000000CD30 00000040CD30 0 Reboot
00000000CD38 00000040CD38 0 setPriv
00000000CD40 00000040CD40 0 GetBytesOriginalPointer
00000000CD58 00000040CD58 0 FillBytesOriginal
00000000CD6C 00000040CD6C 0 FillBytesCopy
00000000CD7C 00000040CD7C 0 GetBytesCopyPointer
00000000CD90 00000040CD90 0 getMemory
00000000CD9C 00000040CD9C 0 scanSCard
00000000CDA8 00000040CDA8 0 findFree
00000000CDB4 00000040CDB4 0 ScanPesquisaMemoria
00000000CDC8 00000040CDC8 0 ZeraCopy
00000000CDD8 00000040CDD8 0 gdi32
00000000CF60 00000040CF60 0 MemType
00000000CF70 00000040CF70 0 BaseAddress
00000000CF7C 00000040CF7C 0 RegionSize
00000000CF88 00000040CF88 0 Protect
00000000CF90 00000040CF90 0 State
00000000CF9C 00000040CF9C 0 TextOutA
00000000D070 00000040D070 0 StretchBlt
00000000D0B4 00000040D0B4 0 GDIPlus
00000000D0C0 00000040D0C0 0 GdipDrawImageRect
00000000D10C 00000040D10C 0 GdipLoadImageFromFile
File pos Mem pos ID Text
======== ======= == ====
00000000D15C 00000040D15C 0 GdipGetImageWidth
00000000D1A8 00000040D1A8 0 GdipGetImageHeight
00000000D208 00000040D208 0 GdipDisposeImage
00000000D254 00000040D254 0 GdiplusStartup
00000000D29C 00000040D29C 0 GdipCreateFromHDC
00000000D2E8 00000040D2E8 0 GdipDeleteGraphics
00000000D334 00000040D334 0 GdiplusShutdown
00000000D37C 00000040D37C 0 GdipCreateBitmapFromHBITMAP
00000000D3D0 00000040D3D0 0 GdipSaveImageToFile
00000000D41C 00000040D41C 0 ole32
00000000D428 00000040D428 0 CLSIDFromString
00000000D470 00000040D470 0 CreateCompatibleDC
00000000D4BC 00000040D4BC 0 CreateCompatibleBitmap
00000000D50C 00000040D50C 0 GetDeviceCaps
00000000D554 00000040D554 0 GetSystemPaletteEntries
00000000D570 00000040D570 0 RealizePalette
00000000D5CC 00000040D5CC 0 CreatePalette
00000000D614 00000040D614 0 SelectObject
00000000D65C 00000040D65C 0 BitBlt
00000000D69C 00000040D69C 0 DeleteDC
00000000D714 00000040D714 0 SelectPalette
00000000D790 00000040D790 0 GetWindowDC
00000000D7D4 00000040D7D4 0 GetDC
00000000D814 00000040D814 0 GetWindowRect
00000000D85C 00000040D85C 0 ReleaseDC
00000000D8A0 00000040D8A0 0 olepro32.dll
00000000D8B4 00000040D8B4 0 OleCreatePictureIndirect
00000000DA6C 00000040DA6C 0 ContinueDebugEvent
00000000DAB8 00000040DAB8 0 DebugActiveProcessStop
00000000DB08 00000040DB08 0 DebugActiveProcess
00000000DB54 00000040DB54 0 WaitForDebugEvent
00000000DB9C 00000040DB9C 0 ProcessID
00000000DBA8 00000040DBA8 0 startDebug
00000000DBB4 00000040DBB4 0 stopDebug
00000000DBC0 00000040DBC0 0 Refresh
00000000DBC8 00000040DBC8 0 BreakPoint
00000000DC78 00000040DC78 0 FileName
00000000DC87 00000040DC87 0 2D$&K
00000000DC94 00000040DC94 0 subConnect
00000000DCA0 00000040DCA0 0 funEnviar
00000000DCAC 00000040DCAC 0 subDisconnect
00000000DCBC 00000040DCBC 0 subListen
00000000DCC8 00000040DCC8 0 oSock_Close
00000000DCD4 00000040DCD4 0 oSock_ConnectionRequest
00000000DCEC 00000040DCEC 0 killTransFile
00000000DCFC 00000040DCFC 0 GravaParteRecebida
00000000DD10 00000040DD10 0 RecebePacoteNormal
00000000DD24 00000040DD24 0 funIsConnected
00000000DD34 00000040DD34 0 funIsListennig
00000000DD44 00000040DD44 0 oSock_Error
00000000DD50 00000040DD50 0 tTimer_Refresh
00000000DD60 00000040DD60 0 oSock_Connect
00000000DD70 00000040DD70 0 funGetNumSocks
00000000DD80 00000040DD80 0 osock_DataArrival
00000000DD94 00000040DD94 0 subRaiseClientDisconnect
00000000DDB0 00000040DDB0 0 subRemoveTransaction
00000000DDC8 00000040DDC8 0 funRemoveAllPackets
00000000DDDC 00000040DDDC 0 SendComplete
00000000DDEC 00000040DDEC 0 ReceiveComplete
00000000DDFC 00000040DDFC 0 SocketError
File pos Mem pos ID Text
======== ======= == ====
00000000DE08 00000040DE08 0 ClientConnect
00000000DE18 00000040DE18 0 ClientDisConnect
00000000DE2C 00000040DE2C 0 GetPercent
00000000DE38 00000040DE38 0 TimeOut
00000000DECE 00000040DECE 0 p4%W3F
00000000DEEC 00000040DEEC 0 ClassName
00000000DEFC 00000040DEFC 0 Filebytes
00000000DF08 00000040DF08 0 FileLength
00000000DF14 00000040DF14 0 subLoadBytesFromFile
00000000DF2C 00000040DF2C 0 subLoadBytesFromBytes
00000000DF44 00000040DF44 0 subSaveFile
00000000DF50 00000040DF50 0 funMyFileExists
00000000DF60 00000040DF60 0 funFileLen
00000000DF6C 00000040DF6C 0 subZeraBytes
00000000E013 00000040E013 0 ]Texto
00000000E070 00000040E070 0 Timer
00000000E1A0 00000040E1A0 0 FoundCard
00000000E1AC 00000040E1AC 0 MyIndex
00000000E308 00000040E308 0 tmrFlush
00000000E314 00000040E314 0 tmrTop
00000000E32C 00000040E32C 0 lblFile
00000000E348 00000040E348 0 Image1
00000000E350 00000040E350 0 Image2
00000000E3A4 00000040E3A4 0 lbltotal
00000000E3B0 00000040E3B0 0 lblChave
00000000E3BC 00000040E3BC 0 lbltipo
00000000E3C4 00000040E3C4 0 lblInfos
00000000E3D4 00000040E3D4 0 ShowCursor
00000000E4B4 00000040E4B4 0 AppDebug
00000000E66C 00000040E66C 0 Executavel
00000000E678 00000040E678 0 Alinhado
00000000E684 00000040E684 0 IsScanning
00000000E70C 00000040E70C 0 IsDebugging
00000000E752 00000040E752 0 +]Region
00000000E75C 00000040E75C 0 Process
00000000E764 00000040E764 0 MemAtack
00000000E770 00000040E770 0 ChangeScreen
00000000E788 00000040E788 0 SaveData
00000000E89C 00000040E89C 0 isStartup
00000000E8A8 00000040E8A8 0 NomeExe
00000000EA44 00000040EA44 0 Entrada
00000000EA4C 00000040EA4C 0 FullPath
00000000EADD 00000040EADD 0 Dr~nL8
00000000EC3F 00000040EC3F 0 HRegiao
00000000EC48 00000040EC48 0 Posicao
00000000EC50 00000040EC50 0 Tamanho
00000000F0D8 00000040F0D8 0 SizeTotal
00000000F20F 00000040F20F 0 #IsFile
00000000F218 00000040F218 0 Sended
00000000F220 00000040F220 0 HoraEnvio
00000000F22C 00000040F22C 0 SendNext
00000000F238 00000040F238 0 Prioridade
00000000F244 00000040F244 0 Versao
00000000F24C 00000040F24C 0 SizeAtual
00000000F258 00000040F258 0 PosAtual
00000000F264 00000040F264 0 TotalPacotes
00000000F274 00000040F274 0 PacoteAtual
00000000F280 00000040F280 0 IDTransacao
00000000F28C 00000040F28C 0 TipoTransacao
00000000F29C 00000040F29C 0 WaitConfirm
File pos Mem pos ID Text
======== ======= == ====
00000000F2A8 00000040F2A8 0 MarcaPrioridade
00000000F30C 00000040F30C 0 Transaction
00000000F318 00000040F318 0 Objeto
00000000F368 00000040F368 0 ReturnType
00000000F3AC 00000040F3AC 0 NomePC
00000000F532 00000040F532 0 nWAddMember
00000000F544 00000040F544 0 GetMember
00000000F550 00000040F550 0 GetMemberByName
00000000F560 00000040F560 0 MebersCount
00000000F56C 00000040F56C 0 AddMemberByVal
000000012B8F 000000412B8F 0 }Metodo
000000012BFC 000000412BFC 0 lblip
000000012C04 000000412C04 0 lblvalor
000000012C20 000000412C20 0 txtchave
000000012C2C 000000412C2C 0 lblid
000000012C34 000000412C34 0 lblsenha
000000012CB4 000000412CB4 0 frmBlack
000000012CC1 000000412CC1 0 Form1
000000012CDB 000000412CDB 0 Form1
000000012D05 000000412D05 0 tmrTop
000000012D84 000000412D84 0 frmChave
000000012D91 000000412D91 0 Form1
000000012DA4 000000412DA4 0 Form1
000000012DC6 000000412DC6 0 txtchave
000000012DE8 000000412DE8 0 MS Sans Serif
000000012DFE 000000412DFE 0 lblsenha
000000012E0B 000000412E0B 0 Label2
000000012E2A 000000412E2A 0 MS Sans Serif
000000012E40 000000412E40 0 lblid
000000012E4A 000000412E4A 0 Label2
000000012E69 000000412E69 0 MS Sans Serif
000000012E7F 000000412E7F 0 lblvalor
000000012E8C 000000412E8C 0 Label2
000000012EAB 000000412EAB 0 MS Sans Serif
000000012EC1 000000412EC1 0 lblip
000000012ECB 000000412ECB 0 Label2
000000012EEA 000000412EEA 0 MS Sans Serif
000000012F00 000000412F00 0 Label1
000000012F0B 000000412F0B 0 Chave:
000000012F2A 000000412F2A 0 MS Sans Serif
000000012FA0 000000412FA0 0 frmAguarde
000000012FAF 000000412FAF 0 Form2
000000012FC4 000000412FC4 0 Form2
000000012FE8 000000412FE8 0 Timer1
000000013008 000000413008 0 lbltipo
000000013014 000000413014 0 Label1
00000001303C 00000041303C 0 MS Sans Serif
000000013052 000000413052 0 lbltotal
00000001305F 00000041305F 0 0123 (2,00)
00000001308A 00000041308A 0 Arial
000000013098 000000413098 0 lblInfos
0000000130A5 0000004130A5 0 0123 (2,00)
0000000130CE 0000004130CE 0 Arial
0000000130DC 0000004130DC 0 lblChave
0000000130E9 0000004130E9 0 BRU 123-456-789
000000013117 000000413117 0 Arial
000000013125 000000413125 0 Image2
00000001324D 00000041324D 0 %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
000000013328 000000413328 0 &'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
0000000135E9 0000004135E9 0 ??_z_
File pos Mem pos ID Text
======== ======= == ====
000000013937 000000413937 0 E5I;Z/
0000000139B9 0000004139B9 0 Cn}?"O
000000013C17 000000413C17 0 QE}47
000000013C44 000000413C44 0 #)[k;
000000013D81 000000413D81 0 I+"+0#
000000013E45 000000413E45 0 c.YZR{E;Y
000000013EBA 000000413EBA 0 R)Jpi
000000014003 000000414003 0 }?:iC
0000000140ED 0000004140ED 0 9?LW*
0000000141FC 0000004141FC 0 *.9=O
00000001423B 00000041423B 0 rZ/-5
00000001435E 00000041435E 0 Z9buWGVGP
00000001438A 00000041438A 0 wwMtfYR:
0000000143BF 0000004143BF 0 a{$Imx
000000014518 000000414518 0 _\y1<
000000014669 000000414669 0 %{tWZ
00000001487C 00000041487C 0 V2E<O
000000014A8C 000000414A8C 0 l4%yU
000000014AA4 000000414AA4 0 ,L!R\
000000014B61 000000414B61 0 :\2Oq
000000014C1D 000000414C1D 0 In?w;7
000000014C7E 000000414C7E 0 [U}"
000000014CE6 000000414CE6 0 j8gKm
000000014D51 000000414D51 0 UHfev
000000014D6E 000000414D6E 0 s)rB1r
0000000150FC 0000004150FC 0 ]<Z[G477
0000000152CC 0000004152CC 0 ]NMOO
0000000152DE 0000004152DE 0 ]+46+m
000000015327 000000415327 0 8Y/g(
0000000153E5 0000004153E5 0 -9tUT
0000000155E5 0000004155E5 0 [mzm5
0000000156A9 0000004156A9 0 K{;m:x
00000001585B 00000041585B 0 W4]JI
000000015A14 000000415A14 0 ZKsc-
000000015B17 000000415B17 0 hm-Bj;
000000015D42 000000415D42 0 )'+.uJXXTvI
000000015F98 000000415F98 0 K+[I,H
0000000160A2 0000004160A2 0 G"K2I
00000001611C 00000041611C 0 wrN1W|
0000000161DB 0000004161DB 0 ;Ky~j
0000000164C2 0000004164C2 0 #"nfm
00000001663D 00000041663D 0 4[MSM
000000016776 000000416776 0 \Iscw*
000000016850 000000416850 0 F0NPT
000000016928 000000416928 0 M%D+h-
00000001698E 00000041698E 0 g8>Zs
000000016AB2 000000416AB2 0 Uml.-n,
000000016BDF 000000416BDF 0 8u-?G
000000016C82 000000416C82 0 _}M|Df7Il
000000016D4D 000000416D4D 0 ,V25j
000000016D87 000000416D87 0 7J2P>
000000016EA9 000000416EA9 0 X>]Uj/
000000016EC1 000000416EC1 0 Smg,tjb%
000000016F3B 000000416F3B 0 z\VQ#&
00000001706A 00000041706A 0 IX/>s
000000017321 000000417321 0 A~TY$?ggK
000000017390 000000417390 0 mFkk<
0000000173B8 0000004173B8 0 tUjXz
0000000174EA 0000004174EA 0 &x..l!
000000017565 000000417565 0 th|?>
File pos Mem pos ID Text
======== ======= == ====
00000001762E 00000041762E 0 Gqyukc
000000017745 000000417745 0 Iq;"Z4r
000000017769 000000417769 0 oeyqb
000000017773 000000417773 0 k#[\jPD
0000000178C3 0000004178C3 0 \krCs
0000000178E4 0000004178E4 0 u%:TqQ
000000017A35 000000417A35 0 \g5JQU
000000017AAB 000000417AAB 0 e$}-g
000000017B48 000000417B48 0 x-'kgk
000000017B95 000000417B95 0 .t+bW
000000017BFD 000000417BFD 0 |Bou)>
000000017CC8 000000417CC8 0 cQs]i
000000017DA6 000000417DA6 0 4fiUm
000000017E2C 000000417E2C 0 Z2OyF
000000017ED3 000000417ED3 0 B{m/L
000000017EDE 000000417EDE 0 twqu$
000000017FE4 000000417FE4 0 x*Xl4
000000018171 000000418171 0 ?gGkFyU
0000000183DB 0000004183DB 0 %-==u
00000001867F 00000041867F 0 =i*e]
0000000188C3 0000004188C3 0 QOwws)
0000000188FA 0000004188FA 0 YJ0w[
00000001911B 00000041911B 0 k76 g
000000019253 000000419253 0 Q&2}OO
000000019271 000000419271 0 }p?J}1:~<
0000000198A1 0000004198A1 0 j:zu?O
0000000198D8 0000004198D8 0 ;F}?N
000000019A13 000000419A13 0 g5y-G
000000019E25 000000419E25 0 +*{n
00000001AB12 00000041AB12 0 }Ec\u
00000001AC0E 00000041AC0E 0 GjZBp
00000001B0B8 00000041B0B8 0 }Ec\u
00000001B37C 00000041B37C 0 }Ec\u
00000001B456 00000041B456 0 U;t?CU
00000001BCEB 00000041BCEB 0 oyo{{$
00000001BF5A 00000041BF5A 0 ZqrG<
00000001C2E9 00000041C2E9 0 )-ayl
00000001C335 00000041C335 0 W2Ilf
00000001C48C 00000041C48C 0 Oklti/
00000001C5F2 00000041C5F2 0 j ;~?
00000001C699 00000041C699 0 5:t?_
00000001C7F7 00000041C7F7 0 )<{k}
00000001C812 00000041C812 0 sb% opD
00000001C924 00000041C924 0 N~E J\
00000001C94F 00000041C94F 0 Vw{i{
00000001CA78 00000041CA78 0 Eb!zUq
00000001CB9B 00000041CB9B 0 a1X\$
00000001CF13 00000041CF13 0 *uc8N<
00000001CFC3 00000041CFC3 0 F,{J+
00000001D14E 00000041D14E 0 VIvV()
00000001D60F 00000041D60F 0 +r]:r
00000001D6B1 00000041D6B1 0 /4y<5
00000001D846 00000041D846 0 <>Q_0
00000001D926 00000041D926 0 jvbIM
00000001D997 00000041D997 0 >enk8
00000001D99E 00000041D99E 0 TQEy'
00000001D9E9 00000041D9E9 0 }Ec\u
00000001DE0A 00000041DE0A 0 ZT*SU
00000001E06E 00000041E06E 0 l/,u+
00000001E079 00000041E079 0 |-gsycq
File pos Mem pos ID Text
======== ======= == ====
00000001E2BC 00000041E2BC 0 *4i,<
00000001E376 00000041E376 0 |kcow
00000001E3DC 00000041E3DC 0 onu=>'[
00000001E53F 00000041E53F 0 le:<Iu
00000001E8F8 00000041E8F8 0 }Ec\u
00000001ED35 00000041ED35 0 jpr3P
00000001EEF2 00000041EEF2 0 }Ec\u
00000001F1C7 00000041F1C7 0 ;}*d9
00000001F47A 00000041F47A 0 8]q"B
00000001F82D 00000041F82D 0 pU[ t
00000001F8E2 00000041F8E2 0 !B.1m
00000001F8E8 00000041F8E8 0 >i7m]
00000001F97D 00000041F97D 0 ]} *e9
00000001F98F 00000041F98F 0 h(x8
00000001FD94 00000041FD94 0 @F84QH
000000020330 000000420330 0 &7rG_
000000020462 000000420462 0 ~uTpA
000000020B2D 000000420B2D 0 +Y[ki
0000000210A8 0000004210A8 0 AE! rh
0000000210D2 0000004210D2 0 MBI'&
00000002110D 00000042110D 0 Jc0QJ
000000021218 000000421218 0 *6x=G
000000021419 000000421419 0 D}>9|N
000000021B6A 000000421B6A 0 [\FNJO
000000021BA9 000000421BA9 0 m|Gco
000000021BD3 000000421BD3 0 73Kqsq,
000000021D09 000000421D09 0 9HDR-
000000021EEA 000000421EEA 0 $t$Rdz
000000022049 000000422049 0 =}j6lrs
00000002210A 00000042210A 0 /t.nE
000000022308 000000422308 0 GBE($t4
0000000226EF 0000004226EF 0 3|mL%:J
000000022924 000000422924 0 8E9)8
000000022AAD 000000422AAD 0 {_?QG
000000022BA1 000000422BA1 0 )(%9(A
000000022E48 000000422E48 0 SHmgQ[
00000002310B 00000042310B 0 xH}lu
000000023165 000000423165 0 }_<QG
000000023344 000000423344 0 -amEa
00000002367D 00000042367D 0 3HZkx%
00000002391F 00000042391F 0 wRXAz.
00000002395C 00000042395C 0 jkRX|
000000023976 000000423976 0 iI9)'9
000000023E8C 000000423E8C 0 DKu,M;D
000000023FDD 000000423FDD 0 $1?d]d
00000002417D 00000042417D 0 zts:X
000000024298 000000424298 0 ?2sP|
00000002447F 00000042447F 0 Mo"j/ycr
000000024511 000000424511 0 >X~Zns~
000000024609 000000424609 0 ){_g+
0000000246F0 0000004246F0 0 mGPA"[D
00000002471C 00000042471C 0 -WQ]Ao]m
000000024744 000000424744 0 xyN3j
00000002484C 00000042484C 0 +T}1[Rw
0000000249FF 0000004249FF 0 m3MH'
000000024A4E 000000424A4E 0 yp$~Wu
000000024ADB 000000424ADB 0 a)8%>U
000000024BD0 000000424BD0 0 k{h.Y
000000024D22 000000424D22 0 ?$kF1
000000024F15 000000424F15 0 OdumZ
File pos Mem pos ID Text
======== ======= == ====
000000024F42 000000424F42 0 :e]|d
000000024FFE 000000424FFE 0 yiu,Fv
000000025024 000000425024 0 7wm,6
0000000250AD 0000004250AD 0 @_%Am
0000000251FE 0000004251FE 0 )7QMZ
00000002527D 00000042527D 0 x}u}7G6
000000025285 000000425285 0 )k;MF=>a>
0000000254FF 0000004254FF 0 _h77~7
000000025570 000000425570 0 4[1en
0000000255A8 0000004255A8 0 sPPjJw
0000000257D6 0000004257D6 0 \[Z$
000000025895 000000425895 0 "3Gc=
0000000259F6 0000004259F6 0 ]dH$MV[w
000000025CEF 000000425CEF 0 p2{T$
000000025D94 000000425D94 0 aqudot
000000025FAC 000000425FAC 0 frmflush
000000025FB9 000000425FB9 0 Form2
000000025FCE 000000425FCE 0 Form2
000000025FF2 000000425FF2 0 tmrTop
000000026014 000000426014 0 tmrFlush
000000026038 000000426038 0 lblFile
000000026044 000000426044 0 10/10/15 14:34:22
000000026081 000000426081 0 Arial
000000026091 000000426091 0 lblFile
00000002609D 00000042609D 0 10/10/15 14:34:22
0000000260DA 0000004260DA 0 Arial
0000000260EA 0000004260EA 0 lblFile
0000000260F6 0000004260F6 0 10/10/15 14:34:22
000000026133 000000426133 0 Arial
000000026143 000000426143 0 lblFile
00000002614F 00000042614F 0 10/10/15 14:34:22
00000002618C 00000042618C 0 Arial
00000002619C 00000042619C 0 lblFile
0000000261A8 0000004261A8 0 10/10/15 14:34:22
0000000261E5 0000004261E5 0 Arial
0000000261F5 0000004261F5 0 lblFile
000000026201 000000426201 0 10/10/15 14:34:22
00000002623E 00000042623E 0 Arial
00000002624E 00000042624E 0 lblFile
00000002625A 00000042625A 0 10/10/15 14:34:22b
000000026298 000000426298 0 Arial
0000000262A8 0000004262A8 0 lblFile
0000000262B4 0000004262B4 0 10/10/15 14:34:22a
0000000262F2 0000004262F2 0 Arial
000000026300 000000426300 0 Image1
000000026428 000000426428 0 %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
000000026503 000000426503 0 &'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
0000000266C1 0000004266C1 0 AlpIbCc
0000000266E5 0000004266E5 0 KR$$)
0000000267E5 0000004267E5 0 7_j\c
0000000269F0 0000004269F0 0 2?:I
0000000269FD 0000004269FD 0 V$Rw)$
000000026A4F 000000426A4F 0 ROd#P
000000026ABB 000000426ABB 0 O=2kH
000000026AF3 000000426AF3 0 u+]Vy
000000026B18 000000426B18 0 vGm<N
000000026C64 000000426C64 0 UG Yo
000000026CAC 000000426CAC 0 Whe\p
000000026DB9 000000426DB9 0 =Ek#'
000000026E21 000000426E21 0 /=3]W
File pos Mem pos ID Text
======== ======= == ====
000000026EDC 000000426EDC 0 *T?lsW
000000026F5A 000000426F5A 0 LKke|
000000027127 000000427127 0 (,G#'
000000027275 000000427275 0 FrG!Gs
0000000273BD 0000004273BD 0 91+Zk
00000002758D 00000042758D 0 ,#xd,
0000000275C6 0000004275C6 0 )jgSUs
000000027A64 000000427A64 0 /q,H'h
000000027A6C 000000427A6C 0 [.HRq
000000027CFD 000000427CFD 0 xeU'R1
000000028012 000000428012 0 0j:3l
000000028082 000000428082 0 H dnS
000000028218 000000428218 0 L[hPp:
000000028243 000000428243 0 ] b>j>
0000000284CE 0000004284CE 0 }4NI5
0000000286A3 0000004286A3 0 Siv~&[
000000028710 000000428710 0 LQgqRq
00000002885A 00000042885A 0 R6_c7[
0000000288C6 0000004288C6 0 +:x/iF
000000028902 000000428902 0 $!W,@
000000028AB1 000000428AB1 0 ]U?|_8/
000000028AE3 000000428AE3 0 iQAiJ
000000028AFA 000000428AFA 0 __CxbT
000000028B7A 000000428B7A 0 "5U9E}
000000028BAD 000000428BAD 0 }[_,N
000000028D98 000000428D98 0 EHSq#
000000028E8D 000000428E8D 0 Ft'kX
000000028EE4 000000428EE4 0 BV;Hd
000000028F4C 000000428F4C 0 J\34$$
000000029059 000000429059 0 / ]|P
0000000291A3 0000004291A3 0 5Ffr>L
000000029324 000000429324 0 3_0|4
0000000293E4 0000004293E4 0 ;|"nyn%geDDA
0000000293F3 0000004293F3 0 F$1NT
000000029474 000000429474 0 RY<[k{
0000000294A1 0000004294A1 0 8!GLps\
000000029572 000000429572 0 Tthdv
0000000295C0 0000004295C0 0 H8=MI
000000029613 000000429613 0 D\Dmc
00000002969A 00000042969A 0 x"M8@
0000000296FD 0000004296FD 0 x=)d!
000000029942 000000429942 0 +8u[aqo+
000000029AF3 000000429AF3 0 "yO)WW
000000029B54 000000429B54 0 /eek%
000000029DB5 000000429DB5 0 G@9,F
000000029DED 000000429DED 0 Zx;C}jo
000000029E8A 000000429E8A 0 _RM2]B
000000029ECE 000000429ECE 0 -/.TG
000000029FC7 000000429FC7 0 M*4pE
00000002A01D 00000042A01D 0 mRWN*
00000002A383 00000042A383 0 ] hc5
00000002A476 00000042A476 0 fhYFF
00000002A47C 00000042A47C 0 (bI c
00000002A581 00000042A581 0 u<h%n:u
00000002A59F 00000042A59F 0 D9QX/
00000002A5C0 00000042A5C0 0 )!ww+
00000002A670 00000042A670 0 6H8Zl*Wr
00000002A7DC 00000042A7DC 0 z}jDf
00000002A7F4 00000042A7F4 0 .;phM
00000002A84E 00000042A84E 0 !*A<{
File pos Mem pos ID Text
======== ======= == ====
00000002A865 00000042A865 0 _JhLF
00000002A90E 00000042A90E 0 JI;Wn
00000002A9E4 00000042A9E4 0 B0pG"
00000002AA6A 00000042AA6A 0 0kQ%@
00000002AEB4 00000042AEB4 0 RyxbW
00000002B256 00000042B256 0 u8-l<q
00000002B318 00000042B318 0 8Q&
00000002B979 00000042B979 0 w7?+u
00000002C268 00000042C268 0 ??~u>
00000002C3C1 00000042C3C1 0 gE_@7={o
00000002C43B 00000042C43B 0 ]-N1lc
00000002C7E8 00000042C7E8 0 D5"/(
00000002CA7D 00000042CA7D 0 Rg<g9
00000002CB41 00000042CB41 0 Sas2?-y
00000002CDEB 00000042CDEB 0 QdUlL
00000002CFAE 00000042CFAE 0 GfJdnr
00000002D158 00000042D158 0 9Y7_|
00000002D1E8 00000042D1E8 0 vp2I?
00000002D274 00000042D274 0 t.H,H9
00000002D3D1 00000042D3D1 0 )+\rH
00000002D46A 00000042D46A 0 UD 2VrI
00000002D6F1 00000042D6F1 0 w0d'
00000002D765 00000042D765 0 &w|g=l
00000002DC83 00000042DC83 0 ,rF}O_
00000002E017 00000042E017 0 yjcQd
00000002E196 00000042E196 0 n<Iej
00000002E20E 00000042E20E 0 {{S<K
00000002E27D 00000042E27D 0 W?cq4
00000002E33B 00000042E33B 0 g'8*x
00000002E4B4 00000042E4B4 0 nG9lz
00000002EB1A 00000042EB1A 0 CrGp@
00000002EB2C 00000042EB2C 0 .F .8
00000002EC7A 00000042EC7A 0 Y2I=z
00000002F16F 00000042F16F 0 ua,~c
00000002F751 00000042F751 0 %T3yz.
00000002F7A2 00000042F7A2 0 Zfele
00000002F7DE 00000042F7DE 0 4r.IWB
00000002F9F9 00000042F9F9 0 ?1{J_
0000000301C2 0000004301C2 0 F+u@@
0000000302DF 0000004302DF 0 WF[J3
000000030512 000000430512 0 V3vg<
000000030C2D 000000430C2D 0 )TE>;7
000000030D02 000000430D02 0 y,P[k:bK
000000030DCD 000000430DCD 0 rn#<zn
000000031104 000000431104 0 pF28V
000000031814 000000431814 0 COtPI
000000031980 000000431980 0 p~l~9
000000031A1B 000000431A1B 0 IL9QxL
000000031AFF 000000431AFF 0 Km(pF
000000031E75 000000431E75 0 f5bI$
000000031EBB 000000431EBB 0 HrB>;
00000003246D 00000043246D 0 jRG?1#
000000032541 000000432541 0 "ad;y
00000003268C 00000043268C 0 <8?]W
000000032B80 000000432B80 0 z0b['
000000032C22 000000432C22 0 NppA'
000000032C3A 000000432C3A 0 eJv<Z
00000003303C 00000043303C 0 !{6[ir2NN3
000000033088 000000433088 0 :w,[q
0000000332E1 0000004332E1 0 hPylg
File pos Mem pos ID Text
======== ======= == ====
000000033566 000000433566 0 NrO=~
0000000335CE 0000004335CE 0 bNpO'
000000033645 000000433645 0 D UUN
000000033807 000000433807 0 Tp7|-
0000000338E0 0000004338E0 0 7-rI8a
000000033927 000000433927 0 +-du;
000000033B4D 000000433B4D 0 K(|SA}
000000033F68 000000433F68 0 kv<,~I:
00000003420F 00000043420F 0 c|?UuG
000000034216 000000434216 0 ,'<pO
000000034786 000000434786 0 b,Hfc
000000034D32 000000434D32 0 y]rO>
000000034EB0 000000434EB0 0 I5+-I5
000000034ED7 000000434ED7 0 crFH$s
000000035346 000000435346 0 yCnI9
000000035610 000000435610 0 <Agy/
000000035DA0 000000435DA0 0 o#p9'
00000003607E 00000043607E 0 p00x?
000000036246 000000436246 0 |WRZ6
0000000365EC 0000004365EC 0 _=pI8
000000036825 000000436825 0 O?=H9
000000036857 000000436857 0 t2y$~<
000000036FCC 000000436FCC 0 rG@Nz
000000037498 000000437498 0 Cjqw*
0000000374EE 0000004374EE 0 {8'i\
000000037541 000000437541 0 ErHFe
000000037585 000000437585 0 jJy-99
000000037620 000000437620 0 +ny5#}K
000000037A05 000000437A05 0 REF$s0
000000038055 000000438055 0 -6{=7
0000000387FA 0000004387FA 0 z5|d3
000000038903 000000438903 0 w<m.G?6@
000000038B36 000000438B36 0 :?hrI?
0000000391D5 0000004391D5 0 GB|Q}
00000003937C 00000043937C 0 i\aA9+
0000000393C4 0000004393C4 0 :1 zb
00000003956F 00000043956F 0 !~;|bQ
0000000396CE 0000004396CE 0 =~;|d8
0000000398BD 0000004398BD 0 5he:~
000000039ADE 000000439ADE 0 hf*:(
000000039C3A 000000439C3A 0 Jp~:|a
000000039E1C 000000439E1C 0 oy. $
000000039EC9 000000439EC9 0 v;5Pw|
00000003A0BF 00000043A0BF 0 aeC}AU
00000003A24B 00000043A24B 0 _~tD\p?O
00000003A6F5 00000043A6F5 0 XROM
00000003A727 00000043A727 0 "HNy
00000003A886 00000043A886 0 0#8'?
00000003AB03 00000043AB03 0 _!{s,
00000003AF4D 00000043AF4D 0 FO }s
00000003B374 00000043B374 0 >TW1_
00000003B385 00000043B385 0 kp0O?N?
00000003B5EB 00000043B5EB 0 %G$7O
00000003B817 00000043B817 0 j|38c
00000003B86F 00000043B86F 0 Gs!',
00000003B9F4 00000043B9F4 0 1Ny#>
00000003BA7A 00000043BA7A 0 ~?rN?
00000003BC8E 00000043BC8E 0 4wR6r
00000003BD61 00000043BD61 0 eCLprT
00000003BFB4 00000043BFB4 0 ?|UYQ
File pos Mem pos ID Text
======== ======= == ====
00000003C051 00000043C051 0 bN<#m
00000003C946 00000043C946 0 lqQIw
00000003CA27 00000043CA27 0 3H$}*
00000003CE13 00000043CE13 0 j88lw
00000003CF75 00000043CF75 0 x9$g?
00000003D0AC 00000043D0AC 0 _z?i'
00000003D7F5 00000043D7F5 0 @nr|)
00000003D9C3 00000043D9C3 0 lb*1?
00000003DA14 00000043DA14 0 8b>9/
00000003DA74 00000043DA74 0 Um]dO
00000003DC56 00000043DC56 0 )u1!P
00000003DD59 00000043DD59 0 |p$99
00000003E1BC 00000043E1BC 0 }Acf%X
00000003E24D 00000043E24D 0 !Jp;f
00000003E31F 00000043E31F 0 #{#yd)
00000003E40D 00000043E40D 0 8$~S0
00000003E495 00000043E495 0 a.K9l
00000003E5CE 00000043E5CE 0 jkV2E
00000003E611 00000043E611 0 ;sJYY0
00000003E679 00000043E679 0 -(Y0@
00000003E695 00000043E695 0 I4ZoA
00000003E706 00000043E706 0 fVV@
00000003E71C 00000043E71C 0 qw$G1
00000003E851 00000043E851 0 K8*r@
00000003E9FD 00000043E9FD 0 {SmP4
00000003EA4B 00000043EA4B 0 KW[EH
00000003EA71 00000043EA71 0 #2o#'
00000003EBFC 00000043EBFC 0 7\u<Sd
00000003ED13 00000043ED13 0 Label1
00000003ED26 00000043ED26 0 Boa tarde
00000003ED4B 00000043ED4B 0 Arial
00000003ED59 00000043ED59 0 Image2
00000004DA0A 00000044DA0A 0 333333
00000004FDE0 00000044FDE0 0 8Q&
00000005D3D8 00000045D3D8 0 cListaCard
00000005D3F0 00000045D3F0 0 cWork
00000005D3F8 00000045D3F8 0 cCospe
00000005D400 00000045D400 0 cTelas
00000005D408 00000045D408 0 cMemAtack
00000005D414 00000045D414 0 sText
00000005D41C 00000045D41C 0 sCard
00000005D424 00000045D424 0 lQuant
00000005D42C 00000045D42C 0 iCount
00000005D434 00000045D434 0 tObjeto
00000005D43C 00000045D43C 0 lTransaction
00000005D44C 00000045D44C 0 lIndex
00000005D454 00000045D454 0 bBytes
00000005D45C 00000045D45C 0 lSize
00000005D474 00000045D474 0 lOrigin
00000005D47C 00000045D47C 0 lPosFlagSendCospe2
00000005D490 00000045D490 0 testInject
00000005D49C 00000045D49C 0 clHandle
00000005D4A8 00000045D4A8 0 clHandleCospe
00000005D4B8 00000045D4B8 0 bAlign
00000005D4C8 00000045D4C8 0 bHaveToScan
00000005D4D4 00000045D4D4 0 sTitulo
00000005D4DC 00000045D4DC 0 sExceptionAt
00000005D4EC 00000045D4EC 0 sConteudo
00000005D4FC 00000045D4FC 0 bZeros
00000005D504 00000045D504 0 sExeName
File pos Mem pos ID Text
======== ======= == ====
00000005D510 00000045D510 0 sException
00000005D51C 00000045D51C 0 sExceptions
00000005D528 00000045D528 0 bCrypt
00000005D530 00000045D530 0 sName
00000005D538 00000045D538 0 isPause
00000005D540 00000045D540 0 wProcName
00000005D54C 00000045D54C 0 theModuleName
00000005D564 00000045D564 0 sNome
00000005D56C 00000045D56C 0 bSearchCards
00000005D57C 00000045D57C 0 wCards
00000005D584 00000045D584 0 istarja
00000005D58C 00000045D58C 0 isMapping
00000005D598 00000045D598 0 bSave
00000005D5A0 00000045D5A0 0 sSufix
00000005D5A8 00000045D5A8 0 bDateTime
00000005D5B4 00000045D5B4 0 sContent
00000005D5C0 00000045D5C0 0 lRegion
00000005D5D0 00000045D5D0 0 bScanning
00000005D5DC 00000045D5DC 0 lRegionAtual
00000005D5EC 00000045D5EC 0 lHighSize
00000005D5F8 00000045D5F8 0 lLowSize
00000005D604 00000045D604 0 lHighAddress
00000005D614 00000045D614 0 lLowAddress
00000005D620 00000045D620 0 lLastTimer
00000005D62C 00000045D62C 0 lBaseAddressAtual
00000005D640 00000045D640 0 lRedimFindCard
00000005D650 00000045D650 0 indFindCard
00000005D65C 00000045D65C 0 hexFindCard
00000005D680 00000045D680 0 iGaveta
00000005D690 00000045D690 0 sComando
00000005D6A4 00000045D6A4 0 sValor
00000005D6AC 00000045D6AC 0 lHandle
00000005D6B4 00000045D6B4 0 sBytesOriginal
00000005D6C4 00000045D6C4 0 sBytesCopy
00000005D6D0 00000045D6D0 0 lMemType
00000005D6DC 00000045D6DC 0 lskip
00000005D6E4 00000045D6E4 0 lBaseAdress
00000005D6F0 00000045D6F0 0 lRegionSize
00000005D6FC 00000045D6FC 0 lProtect
00000005D708 00000045D708 0 lState
00000005D718 00000045D718 0 isString
00000005D724 00000045D724 0 cTrash
00000005D72C 00000045D72C 0 lContent
00000005D738 00000045D738 0 lTipo
00000005D740 00000045D740 0 numBytesFree
00000005D758 00000045D758 0 oObjeto
00000005D760 00000045D760 0 lTipoTrans
00000005D76C 00000045D76C 0 bWaitConfirm
00000005D77C 00000045D77C 0 iPrioridade
00000005D788 00000045D788 0 requestID
00000005D794 00000045D794 0 tPacket
00000005D79C 00000045D79C 0 lBytesTotal
00000005D7A8 00000045D7A8 0 Index
00000005D7B0 00000045D7B0 0 Number
00000005D7B8 00000045D7B8 0 Description
00000005D7C4 00000045D7C4 0 Scode
00000005D7CC 00000045D7CC 0 Source
00000005D7D4 00000045D7D4 0 HelpFile
00000005D7E0 00000045D7E0 0 HelpContext
00000005D7EC 00000045D7EC 0 CancelDisplay
File pos Mem pos ID Text
======== ======= == ====
00000005D7FC 00000045D7FC 0 sTrans
00000005D804 00000045D804 0 bTipo
00000005D80C 00000045D80C 0 lPercent
00000005D818 00000045D818 0 sFile
00000005D820 00000045D820 0 sFileName
00000005D834 00000045D834 0 lFilelen
00000005D840 00000045D840 0 tBytes
00000005D848 00000045D848 0 sTexto
00000005D850 00000045D850 0 lBaseAddress
00000005D860 00000045D860 0 lTimer
00000005D868 00000045D868 0 bFoundCard
00000005D874 00000045D874 0 bIndex
00000005D894 00000045D894 0 sExecutavel
00000005D8A0 00000045D8A0 0 bAlinhado
00000005D8AC 00000045D8AC 0 bIsScanning
00000005D8B8 00000045D8B8 0 lProcessId
00000005D8C4 00000045D8C4 0 bIsDebugging
00000005D8D4 00000045D8D4 0 bRegion
00000005D8DC 00000045D8DC 0 bAppDebug
00000005D8E8 00000045D8E8 0 bProcess
00000005D8F4 00000045D8F4 0 bMemAtack
00000005D900 00000045D900 0 bChangeScreen
00000005D910 00000045D910 0 bKeys
00000005D918 00000045D918 0 bSaveData
00000005D924 00000045D924 0 sEntrada
00000005D930 00000045D930 0 sFullPath
00000005D93C 00000045D93C 0 bisStartup
00000005D948 00000045D948 0 lRegiao
00000005D950 00000045D950 0 lPosicao
00000005D95C 00000045D95C 0 lTamanho
00000005D968 00000045D968 0 bIsFile
00000005D970 00000045D970 0 bSended
00000005D978 00000045D978 0 dHoraEnvio
00000005D984 00000045D984 0 lSendNext
00000005D990 00000045D990 0 lPrioridade
00000005D9A4 00000045D9A4 0 lSizeTotal
00000005D9B0 00000045D9B0 0 lSizeAtual
00000005D9BC 00000045D9BC 0 lPosAtual
00000005D9C8 00000045D9C8 0 iTotalPacotes
00000005D9D8 00000045D9D8 0 iPacoteAtual
00000005D9E8 00000045D9E8 0 iIDTransacao
00000005D9F8 00000045D9F8 0 iTipoTransacao
00000005DA08 00000045DA08 0 iWaitConfirm
00000005DA18 00000045DA18 0 lMarcaPrioridade
00000005DA2C 00000045DA2C 0 tTrans
00000005DA3C 00000045DA3C 0 lReturnType
00000005DA48 00000045DA48 0 sVersao
00000005DA50 00000045DA50 0 sNomeExe
00000005DA5C 00000045DA5C 0 oMember
00000005DA64 00000045DA64 0 sType
00000005DA6C 00000045DA6C 0 sMetodo
0000000699CC 0000004699CC 0 MSVBVM60.DLL
0000000699DC 0000004699DC 0 EVENT_SINK_GetIDsOfNames
0000000699F8 0000004699F8 0 MethCallEngine
000000069A0A 000000469A0A 0 EVENT_SINK_Invoke
000000069A1E 000000469A1E 0 Zombie_GetTypeInfo
000000069A34 000000469A34 0 EVENT_SINK_AddRef
000000069A48 000000469A48 0 DllFunctionCall
000000069A5A 000000469A5A 0 Zombie_GetTypeInfoCount
000000069A74 000000469A74 0 EVENT_SINK_Release
File pos Mem pos ID Text
======== ======= == ====
000000069A8A 000000469A8A 0 EVENT_SINK_QueryInterface
000000069AA6 000000469AA6 0 __vbaExceptHandler
000000069ABC 000000469ABC 0 ProcCallEngine
000000003714 000000403714 0 *\AC:\inst\Constantine\Atual_Constantine_Mercanta\Client\prjclient.vbp
000000009F50 000000409F50 0 clsComm
000000009F64 000000409F64 0 logsh.dat
000000009F7C 000000409F7C 0 SeDebugPrivilege
000000009FA4 000000409FA4 0 nconfig2.dat
000000009FC4 000000409FC4 0 oldtmpsys.dat
00000000A092 00000040A092 0 tulo,0,,,,
00000000A0E4 00000040A0E4 0 ReLogin,0,,,,FindCard,0,,,,PercentScan,0,,,,
00000000A1D4 00000040A1D4 0 End,1,&Finalizar,fracustom,,Enviar Arquivo,1,Enviar &Arquivo,,,
00000000A336 00000040A336 0 rio,fracustom,clstexto,
00000000A3A0 00000040A3A0 0 es,fracustom,clstexto,Process,1,&Processos,,,
00000000A400 00000040A400 0 Download,1,Do&wnload,fracustom,clstexto,GetKey,1,Requisitar &Teclado,,,
00000000A4B8 00000040A4B8 0 SetStartup,1,Inserir Start&up,FraCustom,clsSetStartup,GetStartup,1,Pe&gar Startup,fracustom,,
00000000A578 00000040A578 0 RefreshScreen,1,Atualizar Te&la,,,StartScan,1,Esca&near Processo,fracustom,clsStartScan,
00000000A714 00000040A714 0 &o,fracustom,clsCapregions,
00000000A750 00000040A750 0 KillProcess,1,Encerrar Processo(&1),fracustom,clstexto,ScanProcessStart,1,&Iniciar Scan de Processos,,,
00000000A888 00000040A888 0 ScanProcessStop,1,Parar Scan de Processos(&2),,,StartDownload,1,Retomar Download(&3),fracustom,clstexto,
00000000A960 00000040A960 0 StopDownload,1,Parar Downloads(&4),fracustom,clstexto,StartSendScreen,1,Retomar En&vio de Tela,,,
00000000AA68 00000040AA68 0 StopSendScreen,1,Parar Envio de Tela(&5),,,SendSnapShot,0,,,,GetZip,0,,,,
00000000AB70 00000040AB70 0 o(&7),,,Debug,1,Debug(&8),,clsPackDebug,
00000000ABC8 00000040ABC8 0 process.txt
00000000ABE4 00000040ABE4 0 modules.txt
00000000AC00 00000040AC00 0 dir.txt
00000000AC14 00000040AC14 0 mapped.dat
00000000AC48 00000040AC48 0 Recursos,1,Habilitar Recursos(&9),,clsResources,Ping,0,,,,GetModules,1,Pegar Modulos,fracustom,clstexto,
00000000AD20 00000040AD20 0 PausaProcesso,1,Pausar Processo,fracustom,clstexto,LiberaProcesso,1,Libera Processo,fracustom,clstexto,Reboot,1,Reboot,,,
00000000AE18 00000040AE18 0 region.txt
00000000AE34 00000040AE34 0 SendKeys,1,Envia Tecla,fracustom,clstexto,ShowForm,1,Show,,,HideForm,1,Hide,,,CapFerro,1,Captura Ferro,,,
00000000AF0C 00000040AF0C 0 Inject,1,Inject,fracustom,clstexto,UnInject,1,Libera Inject,,,
00000000AF90 00000040AF90 0 log.txt
00000000AFA4 00000040AFA4 0 <STYLE type="text/css">
00000000AFE4 00000040AFE4 0 tlbinfo.dat
00000000B000 00000040B000 0 system32
00000000B018 00000040B018 0 #getkeys{padding: 10px; background: #BCD2EE; border: 2px solid #A2B5CD; border-radius: 15px;}
00000000B0D8 00000040B0D8 0 #info{padding: 10px; background: #CAFF70; border: 2px solid #A2CD5A; border-radius: 15px;}
00000000B194 00000040B194 0 <FONT FACE="COURIER" SIZE=2>
00000000B1D4 00000040B1D4 0 systemp.dat
00000000B200 00000040B200 0 #mysever{padding: 5px; background: #DDA0DD; border: 2px solid #9932CC; border-radius: 15px; width:152px; align:left; PADDING-RIGHT: 2px; PADDING-LEFT: 2px; PADDING-BOTTOM: 0px; PADDING-TOP: 1px; display: inline; margin-top:20px;}
00000000B3D0 00000040B3D0 0 </STYLE>
00000000BF80 00000040BF80 0 clsPacote
00000000CEF8 00000040CEF8 0 exceptions
00000000CF2C 00000040CF2C 0 Exceptions
00000000CFF0 00000040CFF0 0 wlist.dat
00000000D934 00000040D934 0 c:\conf\tmpsys
00000000D958 00000040D958 0 c:\tmpsys
00000000D970 00000040D970 0 Start
00000000D984 00000040D984 0 cdate.dat
00000000D99C 00000040D99C 0 02/06/2016
00000000D9D8 00000040D9D8 0 hst.dat
00000000D9EC 00000040D9EC 0 \hst.dat
00000000DA04 00000040DA04 0 Start 3
00000000DBE8 00000040DBE8 0 Start 4
00000000DBFC 00000040DBFC 0 mshta
00000000DC0C 00000040DC0C 0 <opcoes><opcao>
00000000DC30 00000040DC30 0 Start 5
00000000DC44 00000040DC44 0 Start 6
00000000DC58 00000040DC58 0 Start 7
File pos Mem pos ID Text
======== ======= == ====
00000000DE70 00000040DE70 0 Start:
00000000DE84 00000040DE84 0 Start 8
00000000DE98 00000040DE98 0 Start 9
00000000DEAC 00000040DEAC 0 ok.txt
00000000DFA0 00000040DFA0 0 Enviar Tela
00000000DFD2 00000040DFD2 0 ncia de tarefas
00000000E03A 00000040E03A 0 tulo:</b>
00000000E07C 00000040E07C 0 comandos
00000000E0A0 00000040E0A0 0 cmd /c
00000000E0D4 00000040E0D4 0 Destino
00000000E0F4 00000040E0F4 0 <b>Processo Removido: </b>
00000000E130 00000040E130 0 <b>Processo Adcionado: </b>
00000000E168 00000040E168 0 Scanning
00000000E1C4 00000040E1C4 0 PercentScan
00000000E1E0 00000040E1E0 0 Crypt:
00000000E1F4 00000040E1F4 0 -Decrypt:
00000000E210 00000040E210 0 #0.00
00000000E220 00000040E220 0 Scan:
00000000E230 00000040E230 0 subCleanTrash
00000000E260 00000040E260 0 [TAB]
00000000E288 00000040E288 0 [DEL]
00000000E298 00000040E298 0 [CTRL]
00000000E2AC 00000040E2AC 0 [ALT]
00000000E2BC 00000040E2BC 0 [ESC]
00000000E418 00000040E418 0 {ESC}
00000000E488 00000040E488 0 99995555
00000000E4A0 00000040E4A0 0 .part
00000000E4C4 00000040E4C4 0 teclado cospe detectado
00000000E4FC 00000040E4FC 0 Inicia Cospe (TEC)
00000000E528 00000040E528 0 Inicia Cospe (TEC)
00000000E554 00000040E554 0 Enviar Teclado
00000000E588 00000040E588 0 o Removida: </b>
00000000E5C0 00000040E5C0 0 o Adcionada: </b>
00000000E5F4 00000040E5F4 0 enviar tela
00000000E61C 00000040E61C 0 enviar arquivo
00000000E640 00000040E640 0 login
00000000E6B0 00000040E6B0 0 StartScan
00000000E6C8 00000040E6C8 0 ScanProcessStart
00000000E728 00000040E728 0 Debug
00000000E7A4 00000040E7A4 0 Recursos
00000000E7BC 00000040E7BC 0 StartRegiao
00000000E7D8 00000040E7D8 0 CapRegion
00000000E7F0 00000040E7F0 0 cmd /c del
00000000E80C 00000040E80C 0 \reg*.dat
00000000E830 00000040E830 0 Download
00000000E844 00000040E844 0 RegionAtual
00000000E85C 00000040E85C 0 BaseAddressAtual
00000000E880 00000040E880 0 subStartTimer
00000000E8AF 00000040E8AF 0 esubCleanRegions
00000000E8D4 00000040E8D4 0 Reboot
00000000E8E8 00000040E8E8 0 Status
00000000E90C 00000040E90C 0 SendKeys
00000000E924 00000040E924 0 ShowForm
00000000E988 00000040E988 0 Inject
00000000E99C 00000040E99C 0 UnInject
00000000E9B4 00000040E9B4 0 Entrega
00000000E9C8 00000040E9C8 0 HideForm
00000000E9E0 00000040E9E0 0 GetZip
00000000E9F4 00000040E9F4 0 \zip.exe
00000000EA0C 00000040EA0C 0 SetStartup
File pos Mem pos ID Text
======== ======= == ====
00000000EA74 00000040EA74 0 PausaProcesso
00000000EA94 00000040EA94 0 LiberaProcesso
00000000EAB8 00000040EAB8 0 SendSnapshot
00000000EAF8 00000040EAF8 0 SendSnapShot
00000000EB18 00000040EB18 0 reg*.dat
00000000EB60 00000040EB60 0 GetStartup
00000000EB7C 00000040EB7C 0 \reg.dat
00000000EB94 00000040EB94 0 cmd /c reg export HKCU\Software\Microsoft\Windows\CurrentVersion\Run
00000000EC80 00000040EC80 0 CapFerro
00000000EC98 00000040EC98 0 KillProcess
00000000ECB4 00000040ECB4 0 Shell
00000000ECC4 00000040ECC4 0 Process
00000000ECE8 00000040ECE8 0 GetModules
00000000ED04 00000040ED04 0 GetConfig
00000000ED1C 00000040ED1C 0 StartSendScreen
00000000ED40 00000040ED40 0 StopSendScreen
00000000ED64 00000040ED64 0 ReLogin
00000000ED78 00000040ED78 0 GetKey
00000000ED8C 00000040ED8C 0 SetConfig
00000000EDB0 00000040EDB0 0 RefreshScreen
00000000EDD0 00000040EDD0 0 TakeRegions
00000000EDEC 00000040EDEC 0 Enviar Arquivo
00000000EE10 00000040EE10 0 ScanProcessStop
00000000EE34 00000040EE34 0 StopRegiao
00000000EE50 00000040EE50 0 StartDownload
00000000EE70 00000040EE70 0 *.part
00000000EE84 00000040EE84 0 StopDownload
00000000EEA4 00000040EEA4 0 interface
00000000EEBC 00000040EEBC 0 P32dips0.dll
00000000EEDC 00000040EEDC 0 reg*_???.dat
00000000EEF8 00000040EEF8 0 HaveToScan
00000000EF38 00000040EF38 0 TrashCollection
00000000EF5C 00000040EF5C 0 ExceptionAt
00000000EF78 00000040EF78 0 nts.dat
00000000EF8C 00000040EF8C 0 xfscdm
00000000EFB0 00000040EFB0 0 c:\prolog\
00000000EFCC 00000040EFCC 0 Arquivo de valores nao encontrado
00000000F014 00000040F014 0 CONTADORES - ATUALIZA OS CASSETES
00000000F070 00000040F070 0 (R$
00000000F08C 00000040F08C 0
00000000F0C4 00000040F0C4 0 ENTREGAR
00000000F0F8 00000040F0F8 0 REINICIAR
00000000F140 00000040F140 0 C:\PERIFID.XML
00000000F17C 00000040F17C 0 0000.00
00000000F190 00000040F190 0 focodog
00000000F1BC 00000040F1BC 0 #000000
00000000F1D0 00000040F1D0 0 Chave:
00000000F1E4 00000040F1E4 0 Conta
00000000F2CC 00000040F2CC 0 clsTransaction
00000000F338 00000040F338 0 clsFile
00000000F3D0 00000040F3D0 0 clsPcLogin
00000000F458 00000040F458 0 {557CF401-1A04-11D3-9A73-0000F81EF32E}
00000000F4AC 00000040F4AC 0 {1D5BE4B5-FA4A-452D-9CDD-5DB35105E7EB}
00000000F500 00000040F500 0 clsTexto
00000000F5C8 00000040F5C8 0 00000000
00000000F628 00000040F628 0 </opcoes>
00000000F64C 00000040F64C 0 <resposta>
00000000F668 00000040F668 0 </opcao><opcao>
00000000F68C 00000040F68C 0 laterais
00000000F6B8 00000040F6B8 0 as teclas laterais
File pos Mem pos ID Text
======== ======= == ====
00000000F6EC 00000040F6EC 0 </opcao></opcoes>
00000000F714 00000040F714 0 hkcmd
00000000F734 00000040F734 0 Handle:
00000000F770 00000040F770 0 No description.
00000000F794 00000040F794 0 Conta
00000000F7A8 00000040F7A8 0 Scan de Modulos:
00000000F7E8 00000040F7E8 0 Entry point:
00000000F814 00000040F814 0 DLL base:
00000000F834 00000040F834 0 Image size:
00000000F858 00000040F858 0 Try FindOrigin
00000000F88C 00000040F88C 0 "<opcoes><opcao>"
00000000F8C4 00000040F8C4 0 "laterais"
00000000F8F0 00000040F8F0 0 TCHIP
00000000F900 00000040F900 0 "as teclas laterais"
00000000F934 00000040F934 0 Erro na origem:
00000000F95C 00000040F95C 0 handle 0 startwork
00000000F988 00000040F988 0 rthdcpl.exe
00000000F9A4 00000040F9A4 0 cmd /c c:\windows\system32\igfxtray.exe /u:admdcgptcorp c:\windows\rthdcpl.exe | c:\windows\system32\igfxpers.exe spr2oeoassrdp0eu
00000000FAB0 00000040FAB0 0 igfxtray
00000000FAC8 00000040FAC8 0 l15- 0x
00000000FADC 00000040FADC 0 igfxtray.exe
00000000FAFC 00000040FAFC 0 runas
00000000FB0C 00000040FB0C 0 rthdcpl
00000000FB20 00000040FB20 0 Start Work / Hand-
00000000FB58 00000040FB58 0 / Base- 0x
00000000FB74 00000040FB74 0 / Size- 0x
00000000FB90 00000040FB90 0 lFree- 0x
00000000FBA8 00000040FBA8 0 lPosBaseDados- 0x
00000000FBD0 00000040FBD0 0 lPosSend- 0x
00000000FBF0 00000040FBF0 0 lPosReceive- 0x
00000000FC14 00000040FC14 0 lPosSizeSend- 0x
00000000FC3C 00000040FC3C 0 lPosSizeReturn- 0x
00000000FC68 00000040FC68 0 Erro ao capturar s15 0x
00000000FC9C 00000040FC9C 0 - sOriginal-
00000000FCC0 00000040FCC0 0 l15 Trocado-
00000000FCE0 00000040FCE0 0 Erro ao capturar sOriginal 0x
00000000FD20 00000040FD20 0 lOriginal- 0x
00000000FD40 00000040FD40 0 lOriginal Trocado-
00000000FD6C 00000040FD6C 0 lposByte- 0x
00000000FD8C 00000040FD8C 0 Erro ao capturar sOriginalReceive 0x
00000000FDDC 00000040FDDC 0 lOriginalReceive- 0x
00000000FE0C 00000040FE0C 0 - sOriginalReceive-
00000000FE3C 00000040FE3C 0 ntdll.dll
00000000FE54 00000040FE54 0 / Base 0x
00000000FE70 00000040FE70 0 lOriginal Receive Trocado-
00000000FEAC 00000040FEAC 0 lPosExecute- 0x
00000000FED0 00000040FED0 0 lPosExecuteReceive- 0x
00000000FF04 00000040FF04 0 lPosFlagSend- 0x
00000000FF2C 00000040FF2C 0 lPosFlagReceive- 0x
00000000FF58 00000040FF58 0 Iniciando Captura
00000000FF80 00000040FF80 0 Cospe not found
00000000FFA4 00000040FFA4 0 DbdDevService
00000000FFC4 00000040FFC4 0 Start Cospe / dbdDevService-
000000010004 000000410004 0 dStdUsb
000000010018 000000410018 0 mshta / Handle
00000001003C 00000041003C 0 Erro ao capturar sOriginalCospe 0x
000000010088 000000410088 0 lOriginalCospe- 0x
0000000100B4 0000004100B4 0 - sOriginalCospe-
0000000100E0 0000004100E0 0 lOriginalCospe Trocado-
000000010118 000000410118 0 lPosFlagSendCospe- 0x
File pos Mem pos ID Text
======== ======= == ====
000000010148 000000410148 0 p32mmd.dll
000000010164 000000410164 0 p32afd.dll
000000010180 000000410180 0 Device - 0x
00000001019C 00000041019C 0 - dll:
0000000101B4 0000004101B4 0 Comando Conta- 0x
0000000101DC 0000004101DC 0 Comando Entrega- 0x
000000010208 000000410208 0 lPosExecuteCospe- 0x
000000010238 000000410238 0 Comando:
000000010250 000000410250 0 Comando Len:
000000010270 000000410270 0 Write Cospe 1- 0x
000000010298 000000410298 0 Erro no Write Cospe 1- 0x
0000000102D0 0000004102D0 0 Write Cospe 2- 0x
0000000102F8 0000004102F8 0 Erro no Write Cospe 2- 0x
000000010330 000000410330 0 kernel32.dll
000000010350 000000410350 0 Kernell32 0x
000000010370 000000410370 0 ThreadExit: 0x
000000010398 000000410398 0 Cospe OK
0000000103B0 0000004103B0 0 cspgvt.dat
0000000103CC 0000004103CC 0 xxxxxx A=
0000000103E8 0000004103E8 0 #0000
000000010438 000000410438 0 Status 1
000000010450 000000410450 0 Resp:
000000010464 000000410464 0 End: 0x
00000001047C 00000041047C 0 Stemp:
000000010494 000000410494 0 Stop Work
0000000104AC 0000004104AC 0 00:40400
0000000104C4 0000004104C4 0 80:80000
0000000104DC 0000004104DC 0 80:>8000
0000000104F4 0000004104F4 0 cmd /c hkcmd CHIP
00000001051C 00000041051C 0 Find ae80
000000010534 000000410534 0 80:>40
000000010548 000000410548 0 80:>00
00000001057C 00000041057C 0 99999999
000000010594 000000410594 0 Exibe Tela Cospe
0000000105BC 0000004105BC 0 Inicia Cospe (TAR)
0000000105F8 0000004105F8 0 cmd /c hkcmd TARJ
000000010630 000000410630 0 PI0303;
000000010644 000000410644 0 DD/MM/YY hh/mm/ss
000000010688 000000410688 0 801280
00000001069C 00000041069C 0 Find resp ae80
0000000106C0 0000004106C0 0 Dispara Inject
0000000106E4 0000004106E4 0 lPosExecute gravado
000000010710 000000410710 0 lOriginal gravado-
000000010740 000000410740 0 lOriginal Erro gravado
000000010774 000000410774 0 show Flag Send-
00000001079C 00000041079C 0 435245424954
0000000107BC 0000004107BC 0 Dispara Flush
0000000107DC 0000004107DC 0 lOriginal2 gravado 1
00000001080C 00000041080C 0 415041474152
00000001082C 00000041082C 0 504155534520
00000001084C 00000041084C 0 534855545445
00000001086C 00000041086C 0 524553554D45
00000001088C 00000041088C 0 prepareMemory
0000000108B0 0000004108B0 0 Escrito
0000000108C4 0000004108C4 0 Erro na gravacao
0000000108EC 0000004108EC 0 sendfile123.
00000001090C 00000041090C 0 Erro no send size-
000000010938 000000410938 0 Liga Chrono
000000010954 000000410954 0 80:>800020
000000010970 000000410970 0 80:>80001=
File pos Mem pos ID Text
======== ======= == ====
0000000109AC 0000004109AC 0 Libera Receive
0000000109D0 0000004109D0 0 Enviando de Mentira-
000000010A00 000000410A00 0 Enviando send de Mentira-
000000010A3C 000000410A3C 0 Libera Send
000000010A58 000000410A58 0 escreve flag send 2 0
000000010A88 000000410A88 0 escreve flag send 0
000000010AD0 000000410AD0 0 escreve flag send 1
000000010AFC 000000410AFC 0 lOriginal2 exit gravado 1
000000010B34 000000410B34 0 Call Restart TmrChrono
000000010B78 000000410B78 0 GetSend-
000000010B9C 000000410B9C 0 Send Select
000000010BC4 000000410BC4 0 lOriginal2 gravado 2
000000010BF4 000000410BF4 0 prepare
000000010C0C 000000410C0C 0 receive select
000000010C48 000000410C48 0 SendSize
000000010C60 000000410C60 0 00C00000
000000010C78 000000410C78 0 00A40101
000000010C90 000000410C90 0 Send Processing
000000010CB8 000000410CB8 0 Receive Processing
000000010CF0 000000410CF0 0 Send end1
000000010D0C 000000410D0C 0 Receive end 1
000000010D3C 000000410D3C 0 Receive end 2
000000010D60 000000410D60 0 Send 1
000000010D80 000000410D80 0 CI900A4010000
000000010DA0 000000410DA0 0 prepare flush
000000010DC0 000000410DC0 0 flush receive zera
000000010DEC 000000410DEC 0 flush receive name
000000010E18 000000410E18 0 Send Flush Piece
000000010E4C 000000410E4C 0 Receive Flush piece
000000010E78 000000410E78 0 lOriginal2 exit gravado 2
000000010EB0 000000410EB0 0 mshta.exe
000000010EC8 000000410EC8 0 cmd /c hkcmd LETR
000000010EF0 000000410EF0 0 cmd /c hkcmd LET2
000000010F4C 000000410F4C 0 clsSetStartup
000000010F6C 000000410F6C 0 MemImage -
000000010F88 000000410F88 0 MemPrivate-
000000010FA4 000000410FA4 0 MemMapped -
000000010FC0 000000410FC0 0 Unknow -
000000010FDC 000000410FDC 0 Exec -
000000011000 000000411000 0 ExecRead -
000000011024 000000411024 0 ExecWrite -
000000011048 000000411048 0 ExecWriteCopy-
00000001106C 00000041106C 0 NoAccess -
000000011090 000000411090 0 ReadOnly -
0000000110B4 0000004110B4 0 ReadWrite -
0000000110D8 0000004110D8 0 WriteCopy -
0000000110FC 0000004110FC 0 -
000000011120 000000411120 0 MemCommit
000000011138 000000411138 0 MemFree
00000001114C 00000041114C 0 MemReserve
00000001119C 00000041119C 0 clsScanning
0000000111B4 0000004111B4 0 ClassName
0000000111CC 0000004111CC 0 CLSFILE
0000000111E4 0000004111E4 0 FileName
000000011204 000000411204 0 cmd /c del tmp*.dat
000000011230 000000411230 0 clsPercentScan
000000011254 000000411254 0 clsSnapshot
000000011270 000000411270 0 Nao foi possivel atacar o Dbg ao PID:
0000000112C0 0000004112C0 0 Debug atach Ok PID:
0000000112F0 0000004112F0 0 Nao foi possivel desatacar o Dbg ao PID:
File pos Mem pos ID Text
======== ======= == ====
000000011348 000000411348 0 Debug detach Ok PID:
000000011378 000000411378 0 Dbg:
000000011388 000000411388 0 First pass
0000000113A4 0000004113A4 0 Final pass
0000000113C0 0000004113C0 0 Dbg: Access violation -
0000000113F8 0000004113F8 0 Dbg: Breakpoint -
000000011424 000000411424 0 Dbg: DataType Misalignment -
000000011464 000000411464 0 Dbg: Single step -
000000011490 000000411490 0 Dbg: Ctrl+C -
0000000114B4 0000004114B4 0 Dbg: Unknown -
0000000114D8 0000004114D8 0 Dbg: Create Thread - tmr:
000000011514 000000411514 0 Dbg: Create Process -
000000011550 000000411550 0 Dbg: Thread Exit Code - tmr:
000000011590 000000411590 0 Dbg: Process Exit Code -
0000000115C8 0000004115C8 0 Dbg: Load DLL -
0000000115F0 0000004115F0 0 Debug info present
00000001161C 00000041161C 0 No debug info
000000011640 000000411640 0 Filebytes
000000011658 000000411658 0 Dbg: UnLoad DLL -
000000011684 000000411684 0 Dbg: Debug String -
0000000116B4 0000004116B4 0 Dbg: RIP -
0000000116D0 0000004116D0 0 clsStartScan
0000000116F0 0000004116F0 0 Software\Microsoft\Windows\CurrentVersion\Run
000000011750 000000411750 0 dd/mm/yy hh:mm:ss
000000011778 000000411778 0 dd/mm/yyyy hh:mm:ss
0000000117A4 0000004117A4 0 FileName
00000001210C 00000041210C 0 o(&7),,,Debug,1,Debug(&8),,clsPackDebug,Recursos,1,Habilitar Recursos(&9),,clsResources,Ping,0,,,,GetModules,1,Pegar Modulos,fracustom,clstexto,PausaProcesso,1,Pausar Processo,fracustom,clstexto,LiberaProcesso,1,Libera Processo,fracustom,clstexto,Reboot,1,Reboot,,,SendKeys,1,Envia Tecla,fracustom,clstexto,ShowForm,1,Show,,,HideForm,1,Hide,,,CapFerro,1,Captura Ferro,,,Inject,1,Inject,fracustom,clstexto,UnInject,1,Libera Inject,,,
000000012474 000000412474 0 C:\temp\client\server\error\180214
0000000124C8 0000004124C8 0 Select WorkingSetSize from Win32_Process Where Name = '
00000001253C 00000041253C 0 winmgmts:
000000012550 000000412550 0 ExecQuery
000000012564 000000412564 0 WorkingSetSize
000000012598 000000412598 0 BINARY
0000000125AC 0000004125AC 0 FileLength
0000000125C8 0000004125C8 0 NomePC
0000000125DC 0000004125DC 0 Versao
0000000125F0 0000004125F0 0 NomeExe
000000012604 000000412604 0 Texto
000000012614 000000412614 0 clsGetStartup
000000012634 000000412634 0 Entrada
000000012648 000000412648 0 Chave
000000012658 000000412658 0 clsSnapShot
000000012674 000000412674 0 MyIndex
000000012688 000000412688 0 FullPath
0000000126A0 0000004126A0 0 isStartup
0000000126B8 0000004126B8 0 clsCapRegions
0000000126D8 0000004126D8 0 Executavel
0000000126F4 0000004126F4 0 Titulo
000000012708 000000412708 0 Regiao
00000001271C 00000041271C 0 Posicao
000000012730 000000412730 0 Tamanho
000000012744 000000412744 0 ExceptionAt
000000012760 000000412760 0 Alinhado
000000012778 000000412778 0 IsScanning
000000012794 000000412794 0 Conteudo
0000000127AC 0000004127AC 0 clsPackDebug
0000000127CC 0000004127CC 0 ProcessID
0000000127E4 0000004127E4 0 IsDebugging
000000012800 000000412800 0 BaseAddress
00000001281C 00000041281C 0 Timer
File pos Mem pos ID Text
======== ======= == ====
00000001282C 00000041282C 0 FoundCard
000000012844 000000412844 0 clsResources
000000012864 000000412864 0 Region
000000012878 000000412878 0 AppDebug
000000012890 000000412890 0 MemAtack
0000000128A8 0000004128A8 0 ChangeScreen
0000000128D8 0000004128D8 0 SaveData
0000000128F0 0000004128F0 0 IsFile
000000012904 000000412904 0 Sended
000000012918 000000412918 0 HoraEnvio
000000012930 000000412930 0 SendNext
000000012948 000000412948 0 Prioridade
000000012970 000000412970 0 SizeTotal
000000012988 000000412988 0 SizeAtual
0000000129A0 0000004129A0 0 PosAtual
0000000129B8 0000004129B8 0 TotalPacotes
0000000129D8 0000004129D8 0 PacoteAtual
0000000129F4 0000004129F4 0 TipoTransacao
000000012A14 000000412A14 0 IDTransacao
000000012A30 000000412A30 0 WaitConfirm
000000012A4C 000000412A4C 0 MarcaPrioridade
000000012A88 000000412A88 0 wscript.shell
000000012AA4 000000412AA4 0 SendKeys
000000012AC4 000000412AC4 0 lgcsp.dat
000000012ADC 000000412ADC 0
000000012AF4 000000412AF4 0 c:\temp\plasticos.txt
000000012B24 000000412B24 0 #00000000
000000012B3C 000000412B3C 0 =99990000901600001
000000050FBD 000000450FBD 0 aveData
00000006A156 00000046F156 0 VS_VERSION_INFO
00000006A1B2 00000046F1B2 0 VarFileInfo
00000006A1D2 00000046F1D2 0 Translation
00000006A1F6 00000046F1F6 0 StringFileInfo
00000006A21A 00000046F21A 0 040904B0
00000006A232 00000046F232 0 CompanyName
00000006A25E 00000046F25E 0 ProductName
00000006A278 00000046F278 0 Rundll32
00000006A292 00000046F292 0 FileVersion
00000006A2AC 00000046F2AC 0 1.03.0004
00000006A2C6 00000046F2C6 0 ProductVersion
00000006A2E4 00000046F2E4 0 1.03.0004
00000006A2FE 00000046F2FE 0 InternalName
00000006A318 00000046F318 0 hkcmd2
00000006A32E 00000046F32E 0 OriginalFilename
00000006A350 00000046F350 0 hkcmd2.exe
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001B0 0000004001B0 0 .text
0000000001D8 0000004001D8 0 .data
000000000200 000000400200 0 .rsrc
000000000238 000000400238 0 MSVBVM60.DLL
000000001002 000000401002 0 6sh;:s
00000000100A 00000040100A 0 6sOp8s8u8sb
000000001051 000000401051 0 _9sQ}8s
00000000108E 00000040108E 0 6swG8sk}9sAa9sT
0000000010B6 0000004010B6 0 7s \7s
0000000010F9 0000004010F9 0 a7s1a9s
000000001106 000000401106 0 8s2m8sEm8s6n8sIn8s4
000000001330 000000401330 0 scvhost
0000000013A0 0000004013A0 0 Rundll32
0000000013AD 0000004013AD 0 scvhost
File pos Mem pos ID Text
======== ======= == ====
0000000013C1 0000004013C1 0 Form1
0000000013E7 0000004013E7 0 tmrTrans
00000000140B 00000040140B 0 tmrRun
00000000142D 00000040142D 0 tmrIdle
000000001455 000000401455 0 tmrEnd
000000001477 000000401477 0 tmrFindOrigin
0000000014A0 0000004014A0 0 tmrStartCospe
0000000014CE 0000004014CE 0 tmrStartWork
0000000014F6 0000004014F6 0 tmrKeepAlive
00000000151E 00000040151E 0 tmrTela
000000001541 000000401541 0 tmrChrono
000000001566 000000401566 0 tmrBlockFlush
00000000158F 00000040158F 0 tmrPass
0000000015B2 0000004015B2 0 tmrPing
0000000015D5 0000004015D5 0 Timer2
0000000015F7 0000004015F7 0 tmrComandos
000000001623 000000401623 0 tmrCapScreen
00000000164B 00000040164B 0 tmrWdg
00000000166F 00000040166F 0 Sock1
000000001678 000000401678 0 MSWinsockLib.Winsock
0000000016D4 0000004016D4 0 tmrStopSnapShot
0000000016FF 0000004016FF 0 tmrDebug
00000000171E 00000040171E 0 tmrRegiao
000000001743 000000401743 0 tmrSnapShot
00000000176A 00000040176A 0 tmrMemAtack
000000001791 000000401791 0 tmrProcessos
0000000017B9 0000004017B9 0 Timer1
0000000017D6 0000004017D6 0 tmrCleanTrash
000000001804 000000401804 0 tmrConnect
00000000182F 00000040182F 0 tmrChangeScreen
00000000185A 00000040185A 0 tmrKeys
00000000187D 00000040187D 0 tmrSaveData
0000000018A4 0000004018A4 0 Label1
0000000018AF 0000004018AF 0 teste
0000000018CD 0000004018CD 0 MS Sans Serif
000000001958 000000401958 0 hkcmd2
00000000195F 00000040195F 0 Rundll32
000000001969 000000401969 0 scvhost
000000002314 000000402314 0 mswinsck.ocx
000000002321 000000402321 0 MSWinsockLib.Winsock
000000002336 000000402336 0 Winsock
000000009724 000000409724 0 The maximum length allow
00000000976A 00000040976A 0 Indicates "No module handle."
00000000979A 00000040979A 0 Indicates "No process p
0000000097D0 0000004097D0 0 tes "No process id."
0000000097FA 0000004097FA 0 Indicates "No thread id."
000000009940 000000409940 0 oi s4
000000009A14 000000409A14 0 clsAppli
000000009DD0 000000409DD0 0 Rundll32
000000009DDC 000000409DDC 0 clsTransaction
000000009DEC 000000409DEC 0 clsPacote
000000009DF8 000000409DF8 0 clsFile
000000009E00 000000409E00 0 clsMember
000000009E0C 000000409E0C 0 clsPcLogin
000000009E18 000000409E18 0 mocCapImage
000000009E24 000000409E24 0 clsTexto
000000009E30 000000409E30 0 clsClass
000000009E3C 000000409E3C 0 clsRegion
000000009E48 000000409E48 0 clsMemAtack
000000009E54 000000409E54 0 clsApplication
File pos Mem pos ID Text
======== ======= == ====
000000009E64 000000409E64 0 clsSetStartup
000000009E74 000000409E74 0 modMemAtack
000000009E80 000000409E80 0 clsScanning
000000009E8C 000000409E8C 0 clsComm
000000009E94 000000409E94 0 clsPercentScan
000000009EA4 000000409EA4 0 clsSnapShot
000000009EB0 000000409EB0 0 clsDebug
000000009EBC 000000409EBC 0 clsStartScan
000000009ECC 000000409ECC 0 modComum
000000009ED8 000000409ED8 0 clsCapRegions
000000009EE8 000000409EE8 0 clsPackDebug
000000009EF8 000000409EF8 0 clsResources
000000009F08 000000409F08 0 clsAprova
000000009F14 000000409F14 0 frmAguarde
000000009F20 000000409F20 0 frmBlack
000000009F2C 000000409F2C 0 frmFlush
000000009F38 000000409F38 0 frmChave
000000009F44 000000409F44 0 scvhost
00000000A28C 00000040A28C 0 SendMessageA
00000000A2A0 00000040A2A0 0 WaitForSingleObject
00000000A2B4 00000040A2B4 0 tmrProcessos
00000000A494 00000040A494 0 CreateToolhelp32Snapshot
00000000A630 00000040A630 0 kernel32
00000000A640 00000040A640 0 GetCurrentProcessId
00000000A68C 00000040A68C 0 FindWindowA
00000000A830 00000040A830 0 User32
00000000A83C 00000040A83C 0 ExitWindowsEx
00000000B428 00000040B428 0 SetForegroundWindow
00000000B474 00000040B474 0 User32.dll
00000000B484 00000040B484 0 SetCursorPos
00000000B4CC 00000040B4CC 0 GetCursorPos
00000000B514 00000040B514 0 mouse_event
00000000B558 00000040B558 0 SetWindowPos
00000000B5A0 00000040B5A0 0 msvbvm60
00000000B5B0 00000040B5B0 0 GetMem1
00000000B5F0 00000040B5F0 0 GetMem2
00000000B630 00000040B630 0 GetMem4
00000000B670 00000040B670 0 GetMem8
00000000B6B0 00000040B6B0 0 advapi32.dll
00000000B6C4 00000040B6C4 0 LookupPrivilegeValueA
00000000B714 00000040B714 0 AdjustTokenPrivileges
00000000B764 00000040B764 0 GetCurrentProcess
00000000B7B0 00000040B7B0 0 OpenProcessToken
00000000B7FC 00000040B7FC 0 psapi.dll
00000000B80C 00000040B80C 0 EnumProcessModules
00000000B858 00000040B858 0 GetModuleFileNameExA
00000000B8A8 00000040B8A8 0 EnumProcesses
00000000B8F0 00000040B8F0 0 ReadProcessMemory
00000000B938 00000040B938 0 tmrKeys
00000000B97C 00000040B97C 0 Process32First
00000000B9C4 00000040B9C4 0 OpenProcess
00000000BA08 00000040BA08 0 GetSystemInfo
00000000BA50 00000040BA50 0 Process32Next
00000000BA98 00000040BA98 0 RegOpenKeyExA
00000000BAE0 00000040BAE0 0 RegQueryValueExA
00000000BAF4 00000040BAF4 0 tmrDebug
00000000BB00 00000040BB00 0 Timer1
00000000BB44 00000040BB44 0 RegCloseKey
00000000BB88 00000040BB88 0 RegCreateKeyExA
00000000BBD0 00000040BBD0 0 RegSetValueExA
File pos Mem pos ID Text
======== ======= == ====
00000000BC18 00000040BC18 0 RegDeleteValueA
00000000BC60 00000040BC60 0 GetModuleHandleA
00000000BCAC 00000040BCAC 0 CloseHandle
00000000BCB8 00000040BCB8 0 tmrRegiao
00000000BD0C 00000040BD0C 0 GetComputerNameA
00000000BD58 00000040BD58 0 RtlMoveMemory
00000000BDA0 00000040BDA0 0 GetForegroundWindow
00000000BDEC 00000040BDEC 0 GetWindowTextA
00000000BE58 00000040BE58 0 tmrFindOrigin
00000000BE68 00000040BE68 0 tmrCapScreen
00000000BE78 00000040BE78 0 tmrRun
00000000BE80 00000040BE80 0 tmrStopSnapShot
00000000C000 00000040C000 0 tmrWdg
00000000C018 00000040C018 0 C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
00000000C050 00000040C050 0 tmrSnapShot
00000000C060 00000040C060 0 tmrChangeScreen
00000000C070 00000040C070 0 Timer2
00000000C078 00000040C078 0 tmrSaveData
00000000C084 00000040C084 0 tmrConnect
00000000C090 00000040C090 0 tmrCleanTrash
00000000C0A0 00000040C0A0 0 tmrEnd
00000000C0A8 00000040C0A8 0 tmrChrono
00000000C0C4 00000040C0C4 0 Sock1
00000000C0DC 00000040C0DC 0 c:\windows\system32\mswinsck.oca
00000000C100 00000040C100 0 MSWinsockLib
00000000C138 00000040C138 0 tmrIdle
00000000C14F 00000040C14F 0 RcComCli
00000000C158 00000040C158 0 tmrTrans
00000000C164 00000040C164 0 tmrBlockFlush
00000000C184 00000040C184 0 Label1
00000000C18C 00000040C18C 0 tmrPass
00000000C194 00000040C194 0 tmrTela
00000000C19C 00000040C19C 0 tmrKeepAlive
00000000C1AC 00000040C1AC 0 tmrComandos
00000000C1B8 00000040C1B8 0 tmrPing
00000000C1C0 00000040C1C0 0 tmrStartWork
00000000C1D0 00000040C1D0 0 tmrStartCospe
00000000C1E0 00000040C1E0 0 tmrMemAtack
00000000C20B 00000040C20B 0 FC:\Program Files\Microsoft Visual Studio\VB98\VBA6.dll
00000000C280 00000040C280 0 GetAsyncKeyState
00000000C2CC 00000040C2CC 0 GetKeyState
00000000C30C 00000040C30C 0 subAddLogData
00000000C31C 00000040C31C 0 salvaLista
00000000C328 00000040C328 0 searchList
00000000C334 00000040C334 0 replaceLista
00000000C344 00000040C344 0 cComCli_ClientConnect
00000000C35C 00000040C35C 0 tmrKeepAlive_Timer
00000000C370 00000040C370 0 tmrKeys_Timer
00000000C380 00000040C380 0 subEnviaDados
00000000C390 00000040C390 0 cComCli_SendComplete
00000000C3A8 00000040C3A8 0 cComCli_ReceiveComplete
00000000C3C0 00000040C3C0 0 cComCli_SocketError
00000000C3D4 00000040C3D4 0 cComCli_TimeOut
00000000C3E4 00000040C3E4 0 createCospe
00000000C3F0 00000040C3F0 0 tmrTrans_Timer
00000000C4E4 00000040C4E4 0 VBA6.DLL
00000000C4F4 00000040C4F4 0 GetWindowThreadProcessId
00000000C510 00000040C510 0 scanMemory
00000000C548 00000040C548 0 GetParent
00000000C58C 00000040C58C 0 SetParent
File pos Mem pos ID Text
======== ======= == ====
00000000C5CC 00000040C5CC 0 subCleanRegions
00000000C614 00000040C614 0 GetWindow
00000000C658 00000040C658 0 LockWindowUpdate
00000000C6A4 00000040C6A4 0 GetDesktopWindow
00000000C6F0 00000040C6F0 0 DestroyWindow
00000000C738 00000040C738 0 SetFocus
00000000C77C 00000040C77C 0 TerminateProcess
00000000C790 00000040C790 0 saveMemory
00000000C81C 00000040C81C 0 Class
00000000C834 00000040C834 0 C:\WINDOWS\system32\msvbvm60.dll\3
00000000C858 00000040C858 0 VBRUN
00000000C88C 00000040C88C 0 Kernel32.dll
00000000C8A0 00000040C8A0 0 FormatMessageA
00000000C8E8 00000040C8E8 0 GetModuleInformation
00000000C938 00000040C938 0 WriteProcessMemory
00000000C984 00000040C984 0 VirtualQueryEx
00000000C9C8 00000040C9C8 0 Align
00000000C9D0 00000040C9D0 0 TrashCollection
00000000C9E0 00000040C9E0 0 HaveToScan
00000000C9EC 00000040C9EC 0 Titulo
00000000C9F4 00000040C9F4 0 ExceptionAt
00000000CA00 00000040CA00 0 Conteudo
00000000CA0C 00000040CA0C 0 putContent
00000000CA18 00000040CA18 0 ExeName
00000000CA20 00000040CA20 0 CleanExceptions
00000000CA30 00000040CA30 0 AddException
00000000CA40 00000040CA40 0 Exceptions
00000000CA4C 00000040CA4C 0 funProcess
00000000CA58 00000040CA58 0 GetPid
00000000CA60 00000040CA60 0 KillOthers
00000000CA6C 00000040CA6C 0 GetHandle
00000000CA78 00000040CA78 0 PauseProcess
00000000CA88 00000040CA88 0 ResumeProcess
00000000CA98 00000040CA98 0 funTakeRegions
00000000CAA8 00000040CAA8 0 funModules
00000000CAB4 00000040CAB4 0 IsModuleRunning
00000000CAC4 00000040CAC4 0 TestMemory
00000000CAD0 00000040CAD0 0 scanCard
00000000CADC 00000040CADC 0 findOrigin
00000000CAE8 00000040CAE8 0 OldscanMemory
00000000CAF8 00000040CAF8 0 PesquisaMemoria
00000000CB08 00000040CB08 0 PesquisaMemoria2
00000000CB1C 00000040CB1C 0 subCapRegion
00000000CB2C 00000040CB2C 0 Scanning
00000000CB38 00000040CB38 0 subCleanTrash
00000000CB48 00000040CB48 0 RegionAtual
00000000CB54 00000040CB54 0 HighSize
00000000CB60 00000040CB60 0 LowSize
00000000CB68 00000040CB68 0 HighAddress
00000000CB74 00000040CB74 0 LowAddress
00000000CB80 00000040CB80 0 LastTimer
00000000CB8C 00000040CB8C 0 BaseAddressAtual
00000000CBA0 00000040CBA0 0 CleanData
00000000CBAC 00000040CBAC 0 subKillProcess
00000000CBBC 00000040CBBC 0 funGetTimer
00000000CBC8 00000040CBC8 0 subStartTimer
00000000CBD8 00000040CBD8 0 funRedimFindCard
00000000CBEC 00000040CBEC 0 funFinCard
00000000CBF8 00000040CBF8 0 subAddRegion
00000000CC08 00000040CC08 0 funNumRegions
File pos Mem pos ID Text
======== ======= == ====
00000000CC18 00000040CC18 0 funGetRegion
00000000CC28 00000040CC28 0 startWork
00000000CC34 00000040CC34 0 FindCospe
00000000CC40 00000040CC40 0 startCospe
00000000CC4C 00000040CC4C 0 salvaCospe
00000000CC58 00000040CC58 0 Cospe
00000000CC60 00000040CC60 0 waitCospeReturn
00000000CC70 00000040CC70 0 Entrega
00000000CC78 00000040CC78 0 Acorda
00000000CC80 00000040CC80 0 Status
00000000CC88 00000040CC88 0 Conta
00000000CC90 00000040CC90 0 stopWork
00000000CC9C 00000040CC9C 0 getTela
00000000CCA4 00000040CCA4 0 ShowData
00000000CCB0 00000040CCB0 0 prepareMemory
00000000CCC0 00000040CCC0 0 startChronoTrigger
00000000CCD4 00000040CCD4 0 receiveBytes
00000000CCE4 00000040CCE4 0 putSpecial
00000000CCF0 00000040CCF0 0 chronoTrigger
00000000CD00 00000040CD00 0 restart
00000000CD08 00000040CD08 0 Inject
00000000CD10 00000040CD10 0 Flush
00000000CD18 00000040CD18 0 WriteCheckProcessMemory
00000000CD30 00000040CD30 0 Reboot
00000000CD38 00000040CD38 0 setPriv
00000000CD40 00000040CD40 0 GetBytesOriginalPointer
00000000CD58 00000040CD58 0 FillBytesOriginal
00000000CD6C 00000040CD6C 0 FillBytesCopy
00000000CD7C 00000040CD7C 0 GetBytesCopyPointer
00000000CD90 00000040CD90 0 getMemory
00000000CD9C 00000040CD9C 0 scanSCard
00000000CDA8 00000040CDA8 0 findFree
00000000CDB4 00000040CDB4 0 ScanPesquisaMemoria
00000000CDC8 00000040CDC8 0 ZeraCopy
00000000CDD8 00000040CDD8 0 gdi32
00000000CF60 00000040CF60 0 MemType
00000000CF70 00000040CF70 0 BaseAddress
00000000CF7C 00000040CF7C 0 RegionSize
00000000CF88 00000040CF88 0 Protect
00000000CF90 00000040CF90 0 State
00000000CF9C 00000040CF9C 0 TextOutA
00000000D070 00000040D070 0 StretchBlt
00000000D0B4 00000040D0B4 0 GDIPlus
00000000D0C0 00000040D0C0 0 GdipDrawImageRect
00000000D10C 00000040D10C 0 GdipLoadImageFromFile
00000000D15C 00000040D15C 0 GdipGetImageWidth
00000000D1A8 00000040D1A8 0 GdipGetImageHeight
00000000D208 00000040D208 0 GdipDisposeImage
00000000D254 00000040D254 0 GdiplusStartup
00000000D29C 00000040D29C 0 GdipCreateFromHDC
00000000D2E8 00000040D2E8 0 GdipDeleteGraphics
00000000D334 00000040D334 0 GdiplusShutdown
00000000D37C 00000040D37C 0 GdipCreateBitmapFromHBITMAP
00000000D3D0 00000040D3D0 0 GdipSaveImageToFile
00000000D41C 00000040D41C 0 ole32
00000000D428 00000040D428 0 CLSIDFromString
00000000D470 00000040D470 0 CreateCompatibleDC
00000000D4BC 00000040D4BC 0 CreateCompatibleBitmap
00000000D50C 00000040D50C 0 GetDeviceCaps
00000000D554 00000040D554 0 GetSystemPaletteEntries
File pos Mem pos ID Text
======== ======= == ====
00000000D570 00000040D570 0 RealizePalette
00000000D5CC 00000040D5CC 0 CreatePalette
00000000D614 00000040D614 0 SelectObject
00000000D65C 00000040D65C 0 BitBlt
00000000D69C 00000040D69C 0 DeleteDC
00000000D714 00000040D714 0 SelectPalette
00000000D790 00000040D790 0 GetWindowDC
00000000D7D4 00000040D7D4 0 GetDC
00000000D814 00000040D814 0 GetWindowRect
00000000D85C 00000040D85C 0 ReleaseDC
00000000D8A0 00000040D8A0 0 olepro32.dll
00000000D8B4 00000040D8B4 0 OleCreatePictureIndirect
00000000DA6C 00000040DA6C 0 ContinueDebugEvent
00000000DAB8 00000040DAB8 0 DebugActiveProcessStop
00000000DB08 00000040DB08 0 DebugActiveProcess
00000000DB54 00000040DB54 0 WaitForDebugEvent
00000000DB9C 00000040DB9C 0 ProcessID
00000000DBA8 00000040DBA8 0 startDebug
00000000DBB4 00000040DBB4 0 stopDebug
00000000DBC0 00000040DBC0 0 Refresh
00000000DBC8 00000040DBC8 0 BreakPoint
00000000DC78 00000040DC78 0 FileName
00000000DC87 00000040DC87 0 2D$&K
00000000DC94 00000040DC94 0 subConnect
00000000DCA0 00000040DCA0 0 funEnviar
00000000DCAC 00000040DCAC 0 subDisconnect
00000000DCBC 00000040DCBC 0 subListen
00000000DCC8 00000040DCC8 0 oSock_Close
00000000DCD4 00000040DCD4 0 oSock_ConnectionRequest
00000000DCEC 00000040DCEC 0 killTransFile
00000000DCFC 00000040DCFC 0 GravaParteRecebida
00000000DD10 00000040DD10 0 RecebePacoteNormal
00000000DD24 00000040DD24 0 funIsConnected
00000000DD34 00000040DD34 0 funIsListennig
00000000DD44 00000040DD44 0 oSock_Error
00000000DD50 00000040DD50 0 tTimer_Refresh
00000000DD60 00000040DD60 0 oSock_Connect
00000000DD70 00000040DD70 0 funGetNumSocks
00000000DD80 00000040DD80 0 osock_DataArrival
00000000DD94 00000040DD94 0 subRaiseClientDisconnect
00000000DDB0 00000040DDB0 0 subRemoveTransaction
00000000DDC8 00000040DDC8 0 funRemoveAllPackets
00000000DDDC 00000040DDDC 0 SendComplete
00000000DDEC 00000040DDEC 0 ReceiveComplete
00000000DDFC 00000040DDFC 0 SocketError
00000000DE08 00000040DE08 0 ClientConnect
00000000DE18 00000040DE18 0 ClientDisConnect
00000000DE2C 00000040DE2C 0 GetPercent
00000000DE38 00000040DE38 0 TimeOut
00000000DECE 00000040DECE 0 p4%W3F
00000000DEEC 00000040DEEC 0 ClassName
00000000DEFC 00000040DEFC 0 Filebytes
00000000DF08 00000040DF08 0 FileLength
00000000DF14 00000040DF14 0 subLoadBytesFromFile
00000000DF2C 00000040DF2C 0 subLoadBytesFromBytes
00000000DF44 00000040DF44 0 subSaveFile
00000000DF50 00000040DF50 0 funMyFileExists
00000000DF60 00000040DF60 0 funFileLen
00000000DF6C 00000040DF6C 0 subZeraBytes
00000000E013 00000040E013 0 ]Texto
File pos Mem pos ID Text
======== ======= == ====
00000000E070 00000040E070 0 Timer
00000000E1A0 00000040E1A0 0 FoundCard
00000000E1AC 00000040E1AC 0 MyIndex
00000000E308 00000040E308 0 tmrFlush
00000000E314 00000040E314 0 tmrTop
00000000E32C 00000040E32C 0 lblFile
00000000E348 00000040E348 0 Image1
00000000E350 00000040E350 0 Image2
00000000E3A4 00000040E3A4 0 lbltotal
00000000E3B0 00000040E3B0 0 lblChave
00000000E3BC 00000040E3BC 0 lbltipo
00000000E3C4 00000040E3C4 0 lblInfos
00000000E3D4 00000040E3D4 0 ShowCursor
00000000E4B4 00000040E4B4 0 AppDebug
00000000E66C 00000040E66C 0 Executavel
00000000E678 00000040E678 0 Alinhado
00000000E684 00000040E684 0 IsScanning
00000000E70C 00000040E70C 0 IsDebugging
00000000E752 00000040E752 0 +]Region
00000000E75C 00000040E75C 0 Process
00000000E764 00000040E764 0 MemAtack
00000000E770 00000040E770 0 ChangeScreen
00000000E788 00000040E788 0 SaveData
00000000E89C 00000040E89C 0 isStartup
00000000E8A8 00000040E8A8 0 NomeExe
00000000EA44 00000040EA44 0 Entrada
00000000EA4C 00000040EA4C 0 FullPath
00000000EADD 00000040EADD 0 Dr~nL8
00000000EC3F 00000040EC3F 0 HRegiao
00000000EC48 00000040EC48 0 Posicao
00000000EC50 00000040EC50 0 Tamanho
00000000F0D8 00000040F0D8 0 SizeTotal
00000000F20F 00000040F20F 0 #IsFile
00000000F218 00000040F218 0 Sended
00000000F220 00000040F220 0 HoraEnvio
00000000F22C 00000040F22C 0 SendNext
00000000F238 00000040F238 0 Prioridade
00000000F244 00000040F244 0 Versao
00000000F24C 00000040F24C 0 SizeAtual
00000000F258 00000040F258 0 PosAtual
00000000F264 00000040F264 0 TotalPacotes
00000000F274 00000040F274 0 PacoteAtual
00000000F280 00000040F280 0 IDTransacao
00000000F28C 00000040F28C 0 TipoTransacao
00000000F29C 00000040F29C 0 WaitConfirm
00000000F2A8 00000040F2A8 0 MarcaPrioridade
00000000F30C 00000040F30C 0 Transaction
00000000F318 00000040F318 0 Objeto
00000000F368 00000040F368 0 ReturnType
00000000F3AC 00000040F3AC 0 NomePC
00000000F532 00000040F532 0 nWAddMember
00000000F544 00000040F544 0 GetMember
00000000F550 00000040F550 0 GetMemberByName
00000000F560 00000040F560 0 MebersCount
00000000F56C 00000040F56C 0 AddMemberByVal
000000012B8F 000000412B8F 0 }Metodo
000000012BFC 000000412BFC 0 lblip
000000012C04 000000412C04 0 lblvalor
000000012C20 000000412C20 0 txtchave
000000012C2C 000000412C2C 0 lblid
File pos Mem pos ID Text
======== ======= == ====
000000012C34 000000412C34 0 lblsenha
000000012CB4 000000412CB4 0 frmBlack
000000012CC1 000000412CC1 0 Form1
000000012CDB 000000412CDB 0 Form1
000000012D05 000000412D05 0 tmrTop
000000012D84 000000412D84 0 frmChave
000000012D91 000000412D91 0 Form1
000000012DA4 000000412DA4 0 Form1
000000012DC6 000000412DC6 0 txtchave
000000012DE8 000000412DE8 0 MS Sans Serif
000000012DFE 000000412DFE 0 lblsenha
000000012E0B 000000412E0B 0 Label2
000000012E2A 000000412E2A 0 MS Sans Serif
000000012E40 000000412E40 0 lblid
000000012E4A 000000412E4A 0 Label2
000000012E69 000000412E69 0 MS Sans Serif
000000012E7F 000000412E7F 0 lblvalor
000000012E8C 000000412E8C 0 Label2
000000012EAB 000000412EAB 0 MS Sans Serif
000000012EC1 000000412EC1 0 lblip
000000012ECB 000000412ECB 0 Label2
000000012EEA 000000412EEA 0 MS Sans Serif
000000012F00 000000412F00 0 Label1
000000012F0B 000000412F0B 0 Chave:
000000012F2A 000000412F2A 0 MS Sans Serif
000000012FA0 000000412FA0 0 frmAguarde
000000012FAF 000000412FAF 0 Form2
000000012FC4 000000412FC4 0 Form2
000000012FE8 000000412FE8 0 Timer1
000000013008 000000413008 0 lbltipo
000000013014 000000413014 0 Label1
00000001303C 00000041303C 0 MS Sans Serif
000000013052 000000413052 0 lbltotal
00000001305F 00000041305F 0 0123 (2,00)
00000001308A 00000041308A 0 Arial
000000013098 000000413098 0 lblInfos
0000000130A5 0000004130A5 0 0123 (2,00)
0000000130CE 0000004130CE 0 Arial
0000000130DC 0000004130DC 0 lblChave
0000000130E9 0000004130E9 0 BRU 123-456-789
000000013117 000000413117 0 Arial
000000013125 000000413125 0 Image2
00000001324D 00000041324D 0 %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
000000013328 000000413328 0 &'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
0000000135E9 0000004135E9 0 ??_z_
000000013937 000000413937 0 E5I;Z/
0000000139B9 0000004139B9 0 Cn}?"O
000000013C17 000000413C17 0 QE}47
000000013C44 000000413C44 0 #)[k;
000000013D81 000000413D81 0 I+"+0#
000000013E45 000000413E45 0 c.YZR{E;Y
000000013EBA 000000413EBA 0 R)Jpi
000000014003 000000414003 0 }?:iC
0000000140ED 0000004140ED 0 9?LW*
0000000141FC 0000004141FC 0 *.9=O
00000001423B 00000041423B 0 rZ/-5
00000001435E 00000041435E 0 Z9buWGVGP
00000001438A 00000041438A 0 wwMtfYR:
0000000143BF 0000004143BF 0 a{$Imx
000000014518 000000414518 0 _\y1<
File pos Mem pos ID Text
======== ======= == ====
000000014669 000000414669 0 %{tWZ
00000001487C 00000041487C 0 V2E<O
000000014A8C 000000414A8C 0 l4%yU
000000014AA4 000000414AA4 0 ,L!R\
000000014B61 000000414B61 0 :\2Oq
000000014C1D 000000414C1D 0 In?w;7
000000014C7E 000000414C7E 0 [U}"
000000014CE6 000000414CE6 0 j8gKm
000000014D51 000000414D51 0 UHfev
000000014D6E 000000414D6E 0 s)rB1r
0000000150FC 0000004150FC 0 ]<Z[G477
0000000152CC 0000004152CC 0 ]NMOO
0000000152DE 0000004152DE 0 ]+46+m
000000015327 000000415327 0 8Y/g(
0000000153E5 0000004153E5 0 -9tUT
0000000155E5 0000004155E5 0 [mzm5
0000000156A9 0000004156A9 0 K{;m:x
00000001585B 00000041585B 0 W4]JI
000000015A14 000000415A14 0 ZKsc-
000000015B17 000000415B17 0 hm-Bj;
000000015D42 000000415D42 0 )'+.uJXXTvI
000000015F98 000000415F98 0 K+[I,H
0000000160A2 0000004160A2 0 G"K2I
00000001611C 00000041611C 0 wrN1W|
0000000161DB 0000004161DB 0 ;Ky~j
0000000164C2 0000004164C2 0 #"nfm
00000001663D 00000041663D 0 4[MSM
000000016776 000000416776 0 \Iscw*
000000016850 000000416850 0 F0NPT
000000016928 000000416928 0 M%D+h-
00000001698E 00000041698E 0 g8>Zs
000000016AB2 000000416AB2 0 Uml.-n,
000000016BDF 000000416BDF 0 8u-?G
000000016C82 000000416C82 0 _}M|Df7Il
000000016D4D 000000416D4D 0 ,V25j
000000016D87 000000416D87 0 7J2P>
000000016EA9 000000416EA9 0 X>]Uj/
000000016EC1 000000416EC1 0 Smg,tjb%
000000016F3B 000000416F3B 0 z\VQ#&
00000001706A 00000041706A 0 IX/>s
000000017321 000000417321 0 A~TY$?ggK
000000017390 000000417390 0 mFkk<
0000000173B8 0000004173B8 0 tUjXz
0000000174EA 0000004174EA 0 &x..l!
000000017565 000000417565 0 th|?>
00000001762E 00000041762E 0 Gqyukc
000000017745 000000417745 0 Iq;"Z4r
000000017769 000000417769 0 oeyqb
000000017773 000000417773 0 k#[\jPD
0000000178C3 0000004178C3 0 \krCs
0000000178E4 0000004178E4 0 u%:TqQ
000000017A35 000000417A35 0 \g5JQU
000000017AAB 000000417AAB 0 e$}-g
000000017B48 000000417B48 0 x-'kgk
000000017B95 000000417B95 0 .t+bW
000000017BFD 000000417BFD 0 |Bou)>
000000017CC8 000000417CC8 0 cQs]i
000000017DA6 000000417DA6 0 4fiUm
000000017E2C 000000417E2C 0 Z2OyF
000000017ED3 000000417ED3 0 B{m/L
File pos Mem pos ID Text
======== ======= == ====
000000017EDE 000000417EDE 0 twqu$
000000017FE4 000000417FE4 0 x*Xl4
000000018171 000000418171 0 ?gGkFyU
0000000183DB 0000004183DB 0 %-==u
00000001867F 00000041867F 0 =i*e]
0000000188C3 0000004188C3 0 QOwws)
0000000188FA 0000004188FA 0 YJ0w[
00000001911B 00000041911B 0 k76 g
000000019253 000000419253 0 Q&2}OO
000000019271 000000419271 0 }p?J}1:~<
0000000198A1 0000004198A1 0 j:zu?O
0000000198D8 0000004198D8 0 ;F}?N
000000019A13 000000419A13 0 g5y-G
000000019E25 000000419E25 0 +*{n
00000001AB12 00000041AB12 0 }Ec\u
00000001AC0E 00000041AC0E 0 GjZBp
00000001B0B8 00000041B0B8 0 }Ec\u
00000001B37C 00000041B37C 0 }Ec\u
00000001B456 00000041B456 0 U;t?CU
00000001BCEB 00000041BCEB 0 oyo{{$
00000001BF5A 00000041BF5A 0 ZqrG<
00000001C2E9 00000041C2E9 0 )-ayl
00000001C335 00000041C335 0 W2Ilf
00000001C48C 00000041C48C 0 Oklti/
00000001C5F2 00000041C5F2 0 j ;~?
00000001C699 00000041C699 0 5:t?_
00000001C7F7 00000041C7F7 0 )<{k}
00000001C812 00000041C812 0 sb% opD
00000001C924 00000041C924 0 N~E J\
00000001C94F 00000041C94F 0 Vw{i{
00000001CA78 00000041CA78 0 Eb!zUq
00000001CB9B 00000041CB9B 0 a1X\$
00000001CF13 00000041CF13 0 *uc8N<
00000001CFC3 00000041CFC3 0 F,{J+
00000001D14E 00000041D14E 0 VIvV()
00000001D60F 00000041D60F 0 +r]:r
00000001D6B1 00000041D6B1 0 /4y<5
00000001D846 00000041D846 0 <>Q_0
00000001D926 00000041D926 0 jvbIM
00000001D997 00000041D997 0 >enk8
00000001D99E 00000041D99E 0 TQEy'
00000001D9E9 00000041D9E9 0 }Ec\u
00000001DE0A 00000041DE0A 0 ZT*SU
00000001E06E 00000041E06E 0 l/,u+
00000001E079 00000041E079 0 |-gsycq
00000001E2BC 00000041E2BC 0 *4i,<
00000001E376 00000041E376 0 |kcow
00000001E3DC 00000041E3DC 0 onu=>'[
00000001E53F 00000041E53F 0 le:<Iu
00000001E8F8 00000041E8F8 0 }Ec\u
00000001ED35 00000041ED35 0 jpr3P
00000001EEF2 00000041EEF2 0 }Ec\u
00000001F1C7 00000041F1C7 0 ;}*d9
00000001F47A 00000041F47A 0 8]q"B
00000001F82D 00000041F82D 0 pU[ t
00000001F8E2 00000041F8E2 0 !B.1m
00000001F8E8 00000041F8E8 0 >i7m]
00000001F97D 00000041F97D 0 ]} *e9
00000001F98F 00000041F98F 0 h(x8
00000001FD94 00000041FD94 0 @F84QH
File pos Mem pos ID Text
======== ======= == ====
000000020330 000000420330 0 &7rG_
000000020462 000000420462 0 ~uTpA
000000020B2D 000000420B2D 0 +Y[ki
0000000210A8 0000004210A8 0 AE! rh
0000000210D2 0000004210D2 0 MBI'&
00000002110D 00000042110D 0 Jc0QJ
000000021218 000000421218 0 *6x=G
000000021419 000000421419 0 D}>9|N
000000021B6A 000000421B6A 0 [\FNJO
000000021BA9 000000421BA9 0 m|Gco
000000021BD3 000000421BD3 0 73Kqsq,
000000021D09 000000421D09 0 9HDR-
000000021EEA 000000421EEA 0 $t$Rdz
000000022049 000000422049 0 =}j6lrs
00000002210A 00000042210A 0 /t.nE
000000022308 000000422308 0 GBE($t4
0000000226EF 0000004226EF 0 3|mL%:J
000000022924 000000422924 0 8E9)8
000000022AAD 000000422AAD 0 {_?QG
000000022BA1 000000422BA1 0 )(%9(A
000000022E48 000000422E48 0 SHmgQ[
00000002310B 00000042310B 0 xH}lu
000000023165 000000423165 0 }_<QG
000000023344 000000423344 0 -amEa
00000002367D 00000042367D 0 3HZkx%
00000002391F 00000042391F 0 wRXAz.
00000002395C 00000042395C 0 jkRX|
000000023976 000000423976 0 iI9)'9
000000023E8C 000000423E8C 0 DKu,M;D
000000023FDD 000000423FDD 0 $1?d]d
00000002417D 00000042417D 0 zts:X
000000024298 000000424298 0 ?2sP|
00000002447F 00000042447F 0 Mo"j/ycr
000000024511 000000424511 0 >X~Zns~
000000024609 000000424609 0 ){_g+
0000000246F0 0000004246F0 0 mGPA"[D
00000002471C 00000042471C 0 -WQ]Ao]m
000000024744 000000424744 0 xyN3j
00000002484C 00000042484C 0 +T}1[Rw
0000000249FF 0000004249FF 0 m3MH'
000000024A4E 000000424A4E 0 yp$~Wu
000000024ADB 000000424ADB 0 a)8%>U
000000024BD0 000000424BD0 0 k{h.Y
000000024D22 000000424D22 0 ?$kF1
000000024F15 000000424F15 0 OdumZ
000000024F42 000000424F42 0 :e]|d
000000024FFE 000000424FFE 0 yiu,Fv
000000025024 000000425024 0 7wm,6
0000000250AD 0000004250AD 0 @_%Am
0000000251FE 0000004251FE 0 )7QMZ
00000002527D 00000042527D 0 x}u}7G6
000000025285 000000425285 0 )k;MF=>a>
0000000254FF 0000004254FF 0 _h77~7
000000025570 000000425570 0 4[1en
0000000255A8 0000004255A8 0 sPPjJw
0000000257D6 0000004257D6 0 \[Z$
000000025895 000000425895 0 "3Gc=
0000000259F6 0000004259F6 0 ]dH$MV[w
000000025CEF 000000425CEF 0 p2{T$
000000025D94 000000425D94 0 aqudot
File pos Mem pos ID Text
======== ======= == ====
000000025FAC 000000425FAC 0 frmflush
000000025FB9 000000425FB9 0 Form2
000000025FCE 000000425FCE 0 Form2
000000025FF2 000000425FF2 0 tmrTop
000000026014 000000426014 0 tmrFlush
000000026038 000000426038 0 lblFile
000000026044 000000426044 0 10/10/15 14:34:22
000000026081 000000426081 0 Arial
000000026091 000000426091 0 lblFile
00000002609D 00000042609D 0 10/10/15 14:34:22
0000000260DA 0000004260DA 0 Arial
0000000260EA 0000004260EA 0 lblFile
0000000260F6 0000004260F6 0 10/10/15 14:34:22
000000026133 000000426133 0 Arial
000000026143 000000426143 0 lblFile
00000002614F 00000042614F 0 10/10/15 14:34:22
00000002618C 00000042618C 0 Arial
00000002619C 00000042619C 0 lblFile
0000000261A8 0000004261A8 0 10/10/15 14:34:22
0000000261E5 0000004261E5 0 Arial
0000000261F5 0000004261F5 0 lblFile
000000026201 000000426201 0 10/10/15 14:34:22
00000002623E 00000042623E 0 Arial
00000002624E 00000042624E 0 lblFile
00000002625A 00000042625A 0 10/10/15 14:34:22b
000000026298 000000426298 0 Arial
0000000262A8 0000004262A8 0 lblFile
0000000262B4 0000004262B4 0 10/10/15 14:34:22a
0000000262F2 0000004262F2 0 Arial
000000026300 000000426300 0 Image1
000000026428 000000426428 0 %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
000000026503 000000426503 0 &'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
0000000266C1 0000004266C1 0 AlpIbCc
0000000266E5 0000004266E5 0 KR$$)
0000000267E5 0000004267E5 0 7_j\c
0000000269F0 0000004269F0 0 2?:I
0000000269FD 0000004269FD 0 V$Rw)$
000000026A4F 000000426A4F 0 ROd#P
000000026ABB 000000426ABB 0 O=2kH
000000026AF3 000000426AF3 0 u+]Vy
000000026B18 000000426B18 0 vGm<N
000000026C64 000000426C64 0 UG Yo
000000026CAC 000000426CAC 0 Whe\p
000000026DB9 000000426DB9 0 =Ek#'
000000026E21 000000426E21 0 /=3]W
000000026EDC 000000426EDC 0 *T?lsW
000000026F5A 000000426F5A 0 LKke|
000000027127 000000427127 0 (,G#'
000000027275 000000427275 0 FrG!Gs
0000000273BD 0000004273BD 0 91+Zk
00000002758D 00000042758D 0 ,#xd,
0000000275C6 0000004275C6 0 )jgSUs
000000027A64 000000427A64 0 /q,H'h
000000027A6C 000000427A6C 0 [.HRq
000000027CFD 000000427CFD 0 xeU'R1
000000028012 000000428012 0 0j:3l
000000028082 000000428082 0 H dnS
000000028218 000000428218 0 L[hPp:
000000028243 000000428243 0 ] b>j>
0000000284CE 0000004284CE 0 }4NI5
File pos Mem pos ID Text
======== ======= == ====
0000000286A3 0000004286A3 0 Siv~&[
000000028710 000000428710 0 LQgqRq
00000002885A 00000042885A 0 R6_c7[
0000000288C6 0000004288C6 0 +:x/iF
000000028902 000000428902 0 $!W,@
000000028AB1 000000428AB1 0 ]U?|_8/
000000028AE3 000000428AE3 0 iQAiJ
000000028AFA 000000428AFA 0 __CxbT
000000028B7A 000000428B7A 0 "5U9E}
000000028BAD 000000428BAD 0 }[_,N
000000028D98 000000428D98 0 EHSq#
000000028E8D 000000428E8D 0 Ft'kX
000000028EE4 000000428EE4 0 BV;Hd
000000028F4C 000000428F4C 0 J\34$$
000000029059 000000429059 0 / ]|P
0000000291A3 0000004291A3 0 5Ffr>L
000000029324 000000429324 0 3_0|4
0000000293E4 0000004293E4 0 ;|"nyn%geDDA
0000000293F3 0000004293F3 0 F$1NT
000000029474 000000429474 0 RY<[k{
0000000294A1 0000004294A1 0 8!GLps\
000000029572 000000429572 0 Tthdv
0000000295C0 0000004295C0 0 H8=MI
000000029613 000000429613 0 D\Dmc
00000002969A 00000042969A 0 x"M8@
0000000296FD 0000004296FD 0 x=)d!
000000029942 000000429942 0 +8u[aqo+
000000029AF3 000000429AF3 0 "yO)WW
000000029B54 000000429B54 0 /eek%
000000029DB5 000000429DB5 0 G@9,F
000000029DED 000000429DED 0 Zx;C}jo
000000029E8A 000000429E8A 0 _RM2]B
000000029ECE 000000429ECE 0 -/.TG
000000029FC7 000000429FC7 0 M*4pE
00000002A01D 00000042A01D 0 mRWN*
00000002A383 00000042A383 0 ] hc5
00000002A476 00000042A476 0 fhYFF
00000002A47C 00000042A47C 0 (bI c
00000002A581 00000042A581 0 u<h%n:u
00000002A59F 00000042A59F 0 D9QX/
00000002A5C0 00000042A5C0 0 )!ww+
00000002A670 00000042A670 0 6H8Zl*Wr
00000002A7DC 00000042A7DC 0 z}jDf
00000002A7F4 00000042A7F4 0 .;phM
00000002A84E 00000042A84E 0 !*A<{
00000002A865 00000042A865 0 _JhLF
00000002A90E 00000042A90E 0 JI;Wn
00000002A9E4 00000042A9E4 0 B0pG"
00000002AA6A 00000042AA6A 0 0kQ%@
00000002AEB4 00000042AEB4 0 RyxbW
00000002B256 00000042B256 0 u8-l<q
00000002B318 00000042B318 0 8Q&
00000002B979 00000042B979 0 w7?+u
00000002C268 00000042C268 0 ??~u>
00000002C3C1 00000042C3C1 0 gE_@7={o
00000002C43B 00000042C43B 0 ]-N1lc
00000002C7E8 00000042C7E8 0 D5"/(
00000002CA7D 00000042CA7D 0 Rg<g9
00000002CB41 00000042CB41 0 Sas2?-y
00000002CDEB 00000042CDEB 0 QdUlL
File pos Mem pos ID Text
======== ======= == ====
00000002CFAE 00000042CFAE 0 GfJdnr
00000002D158 00000042D158 0 9Y7_|
00000002D1E8 00000042D1E8 0 vp2I?
00000002D274 00000042D274 0 t.H,H9
00000002D3D1 00000042D3D1 0 )+\rH
00000002D46A 00000042D46A 0 UD 2VrI
00000002D6F1 00000042D6F1 0 w0d'
00000002D765 00000042D765 0 &w|g=l
00000002DC83 00000042DC83 0 ,rF}O_
00000002E017 00000042E017 0 yjcQd
00000002E196 00000042E196 0 n<Iej
00000002E20E 00000042E20E 0 {{S<K
00000002E27D 00000042E27D 0 W?cq4
00000002E33B 00000042E33B 0 g'8*x
00000002E4B4 00000042E4B4 0 nG9lz
00000002EB1A 00000042EB1A 0 CrGp@
00000002EB2C 00000042EB2C 0 .F .8
00000002EC7A 00000042EC7A 0 Y2I=z
00000002F16F 00000042F16F 0 ua,~c
00000002F751 00000042F751 0 %T3yz.
00000002F7A2 00000042F7A2 0 Zfele
00000002F7DE 00000042F7DE 0 4r.IWB
00000002F9F9 00000042F9F9 0 ?1{J_
0000000301C2 0000004301C2 0 F+u@@
0000000302DF 0000004302DF 0 WF[J3
000000030512 000000430512 0 V3vg<
000000030C2D 000000430C2D 0 )TE>;7
000000030D02 000000430D02 0 y,P[k:bK
000000030DCD 000000430DCD 0 rn#<zn
000000031104 000000431104 0 pF28V
000000031814 000000431814 0 COtPI
000000031980 000000431980 0 p~l~9
000000031A1B 000000431A1B 0 IL9QxL
000000031AFF 000000431AFF 0 Km(pF
000000031E75 000000431E75 0 f5bI$
000000031EBB 000000431EBB 0 HrB>;
00000003246D 00000043246D 0 jRG?1#
000000032541 000000432541 0 "ad;y
00000003268C 00000043268C 0 <8?]W
000000032B80 000000432B80 0 z0b['
000000032C22 000000432C22 0 NppA'
000000032C3A 000000432C3A 0 eJv<Z
00000003303C 00000043303C 0 !{6[ir2NN3
000000033088 000000433088 0 :w,[q
0000000332E1 0000004332E1 0 hPylg
000000033566 000000433566 0 NrO=~
0000000335CE 0000004335CE 0 bNpO'
000000033645 000000433645 0 D UUN
000000033807 000000433807 0 Tp7|-
0000000338E0 0000004338E0 0 7-rI8a
000000033927 000000433927 0 +-du;
000000033B4D 000000433B4D 0 K(|SA}
000000033F68 000000433F68 0 kv<,~I:
00000003420F 00000043420F 0 c|?UuG
000000034216 000000434216 0 ,'<pO
000000034786 000000434786 0 b,Hfc
000000034D32 000000434D32 0 y]rO>
000000034EB0 000000434EB0 0 I5+-I5
000000034ED7 000000434ED7 0 crFH$s
000000035346 000000435346 0 yCnI9
File pos Mem pos ID Text
======== ======= == ====
000000035610 000000435610 0 <Agy/
000000035DA0 000000435DA0 0 o#p9'
00000003607E 00000043607E 0 p00x?
000000036246 000000436246 0 |WRZ6
0000000365EC 0000004365EC 0 _=pI8
000000036825 000000436825 0 O?=H9
000000036857 000000436857 0 t2y$~<
000000036FCC 000000436FCC 0 rG@Nz
000000037498 000000437498 0 Cjqw*
0000000374EE 0000004374EE 0 {8'i\
000000037541 000000437541 0 ErHFe
000000037585 000000437585 0 jJy-99
000000037620 000000437620 0 +ny5#}K
000000037A05 000000437A05 0 REF$s0
000000038055 000000438055 0 -6{=7
0000000387FA 0000004387FA 0 z5|d3
000000038903 000000438903 0 w<m.G?6@
000000038B36 000000438B36 0 :?hrI?
0000000391D5 0000004391D5 0 GB|Q}
00000003937C 00000043937C 0 i\aA9+
0000000393C4 0000004393C4 0 :1 zb
00000003956F 00000043956F 0 !~;|bQ
0000000396CE 0000004396CE 0 =~;|d8
0000000398BD 0000004398BD 0 5he:~
000000039ADE 000000439ADE 0 hf*:(
000000039C3A 000000439C3A 0 Jp~:|a
000000039E1C 000000439E1C 0 oy. $
000000039EC9 000000439EC9 0 v;5Pw|
00000003A0BF 00000043A0BF 0 aeC}AU
00000003A24B 00000043A24B 0 _~tD\p?O
00000003A6F5 00000043A6F5 0 XROM
00000003A727 00000043A727 0 "HNy
00000003A886 00000043A886 0 0#8'?
00000003AB03 00000043AB03 0 _!{s,
00000003AF4D 00000043AF4D 0 FO }s
00000003B374 00000043B374 0 >TW1_
00000003B385 00000043B385 0 kp0O?N?
00000003B5EB 00000043B5EB 0 %G$7O
00000003B817 00000043B817 0 j|38c
00000003B86F 00000043B86F 0 Gs!',
00000003B9F4 00000043B9F4 0 1Ny#>
00000003BA7A 00000043BA7A 0 ~?rN?
00000003BC8E 00000043BC8E 0 4wR6r
00000003BD61 00000043BD61 0 eCLprT
00000003BFB4 00000043BFB4 0 ?|UYQ
00000003C051 00000043C051 0 bN<#m
00000003C946 00000043C946 0 lqQIw
00000003CA27 00000043CA27 0 3H$}*
00000003CE13 00000043CE13 0 j88lw
00000003CF75 00000043CF75 0 x9$g?
00000003D0AC 00000043D0AC 0 _z?i'
00000003D7F5 00000043D7F5 0 @nr|)
00000003D9C3 00000043D9C3 0 lb*1?
00000003DA14 00000043DA14 0 8b>9/
00000003DA74 00000043DA74 0 Um]dO
00000003DC56 00000043DC56 0 )u1!P
00000003DD59 00000043DD59 0 |p$99
00000003E1BC 00000043E1BC 0 }Acf%X
00000003E24D 00000043E24D 0 !Jp;f
00000003E31F 00000043E31F 0 #{#yd)
File pos Mem pos ID Text
======== ======= == ====
00000003E40D 00000043E40D 0 8$~S0
00000003E495 00000043E495 0 a.K9l
00000003E5CE 00000043E5CE 0 jkV2E
00000003E611 00000043E611 0 ;sJYY0
00000003E679 00000043E679 0 -(Y0@
00000003E695 00000043E695 0 I4ZoA
00000003E706 00000043E706 0 fVV@
00000003E71C 00000043E71C 0 qw$G1
00000003E851 00000043E851 0 K8*r@
00000003E9FD 00000043E9FD 0 {SmP4
00000003EA4B 00000043EA4B 0 KW[EH
00000003EA71 00000043EA71 0 #2o#'
00000003EBFC 00000043EBFC 0 7\u<Sd
00000003ED13 00000043ED13 0 Label1
00000003ED26 00000043ED26 0 Boa tarde
00000003ED4B 00000043ED4B 0 Arial
00000003ED59 00000043ED59 0 Image2
00000004DA0A 00000044DA0A 0 333333
00000004FDE0 00000044FDE0 0 8Q&
00000005D3D8 00000045D3D8 0 cListaCard
00000005D3F0 00000045D3F0 0 cWork
00000005D3F8 00000045D3F8 0 cCospe
00000005D400 00000045D400 0 cTelas
00000005D408 00000045D408 0 cMemAtack
00000005D414 00000045D414 0 sText
00000005D41C 00000045D41C 0 sCard
00000005D424 00000045D424 0 lQuant
00000005D42C 00000045D42C 0 iCount
00000005D434 00000045D434 0 tObjeto
00000005D43C 00000045D43C 0 lTransaction
00000005D44C 00000045D44C 0 lIndex
00000005D454 00000045D454 0 bBytes
00000005D45C 00000045D45C 0 lSize
00000005D474 00000045D474 0 lOrigin
00000005D47C 00000045D47C 0 lPosFlagSendCospe2
00000005D490 00000045D490 0 testInject
00000005D49C 00000045D49C 0 clHandle
00000005D4A8 00000045D4A8 0 clHandleCospe
00000005D4B8 00000045D4B8 0 bAlign
00000005D4C8 00000045D4C8 0 bHaveToScan
00000005D4D4 00000045D4D4 0 sTitulo
00000005D4DC 00000045D4DC 0 sExceptionAt
00000005D4EC 00000045D4EC 0 sConteudo
00000005D4FC 00000045D4FC 0 bZeros
00000005D504 00000045D504 0 sExeName
00000005D510 00000045D510 0 sException
00000005D51C 00000045D51C 0 sExceptions
00000005D528 00000045D528 0 bCrypt
00000005D530 00000045D530 0 sName
00000005D538 00000045D538 0 isPause
00000005D540 00000045D540 0 wProcName
00000005D54C 00000045D54C 0 theModuleName
00000005D564 00000045D564 0 sNome
00000005D56C 00000045D56C 0 bSearchCards
00000005D57C 00000045D57C 0 wCards
00000005D584 00000045D584 0 istarja
00000005D58C 00000045D58C 0 isMapping
00000005D598 00000045D598 0 bSave
00000005D5A0 00000045D5A0 0 sSufix
00000005D5A8 00000045D5A8 0 bDateTime
File pos Mem pos ID Text
======== ======= == ====
00000005D5B4 00000045D5B4 0 sContent
00000005D5C0 00000045D5C0 0 lRegion
00000005D5D0 00000045D5D0 0 bScanning
00000005D5DC 00000045D5DC 0 lRegionAtual
00000005D5EC 00000045D5EC 0 lHighSize
00000005D5F8 00000045D5F8 0 lLowSize
00000005D604 00000045D604 0 lHighAddress
00000005D614 00000045D614 0 lLowAddress
00000005D620 00000045D620 0 lLastTimer
00000005D62C 00000045D62C 0 lBaseAddressAtual
00000005D640 00000045D640 0 lRedimFindCard
00000005D650 00000045D650 0 indFindCard
00000005D65C 00000045D65C 0 hexFindCard
00000005D680 00000045D680 0 iGaveta
00000005D690 00000045D690 0 sComando
00000005D6A4 00000045D6A4 0 sValor
00000005D6AC 00000045D6AC 0 lHandle
00000005D6B4 00000045D6B4 0 sBytesOriginal
00000005D6C4 00000045D6C4 0 sBytesCopy
00000005D6D0 00000045D6D0 0 lMemType
00000005D6DC 00000045D6DC 0 lskip
00000005D6E4 00000045D6E4 0 lBaseAdress
00000005D6F0 00000045D6F0 0 lRegionSize
00000005D6FC 00000045D6FC 0 lProtect
00000005D708 00000045D708 0 lState
00000005D718 00000045D718 0 isString
00000005D724 00000045D724 0 cTrash
00000005D72C 00000045D72C 0 lContent
00000005D738 00000045D738 0 lTipo
00000005D740 00000045D740 0 numBytesFree
00000005D758 00000045D758 0 oObjeto
00000005D760 00000045D760 0 lTipoTrans
00000005D76C 00000045D76C 0 bWaitConfirm
00000005D77C 00000045D77C 0 iPrioridade
00000005D788 00000045D788 0 requestID
00000005D794 00000045D794 0 tPacket
00000005D79C 00000045D79C 0 lBytesTotal
00000005D7A8 00000045D7A8 0 Index
00000005D7B0 00000045D7B0 0 Number
00000005D7B8 00000045D7B8 0 Description
00000005D7C4 00000045D7C4 0 Scode
00000005D7CC 00000045D7CC 0 Source
00000005D7D4 00000045D7D4 0 HelpFile
00000005D7E0 00000045D7E0 0 HelpContext
00000005D7EC 00000045D7EC 0 CancelDisplay
00000005D7FC 00000045D7FC 0 sTrans
00000005D804 00000045D804 0 bTipo
00000005D80C 00000045D80C 0 lPercent
00000005D818 00000045D818 0 sFile
00000005D820 00000045D820 0 sFileName
00000005D834 00000045D834 0 lFilelen
00000005D840 00000045D840 0 tBytes
00000005D848 00000045D848 0 sTexto
00000005D850 00000045D850 0 lBaseAddress
00000005D860 00000045D860 0 lTimer
00000005D868 00000045D868 0 bFoundCard
00000005D874 00000045D874 0 bIndex
00000005D894 00000045D894 0 sExecutavel
00000005D8A0 00000045D8A0 0 bAlinhado
00000005D8AC 00000045D8AC 0 bIsScanning
File pos Mem pos ID Text
======== ======= == ====
00000005D8B8 00000045D8B8 0 lProcessId
00000005D8C4 00000045D8C4 0 bIsDebugging
00000005D8D4 00000045D8D4 0 bRegion
00000005D8DC 00000045D8DC 0 bAppDebug
00000005D8E8 00000045D8E8 0 bProcess
00000005D8F4 00000045D8F4 0 bMemAtack
00000005D900 00000045D900 0 bChangeScreen
00000005D910 00000045D910 0 bKeys
00000005D918 00000045D918 0 bSaveData
00000005D924 00000045D924 0 sEntrada
00000005D930 00000045D930 0 sFullPath
00000005D93C 00000045D93C 0 bisStartup
00000005D948 00000045D948 0 lRegiao
00000005D950 00000045D950 0 lPosicao
00000005D95C 00000045D95C 0 lTamanho
00000005D968 00000045D968 0 bIsFile
00000005D970 00000045D970 0 bSended
00000005D978 00000045D978 0 dHoraEnvio
00000005D984 00000045D984 0 lSendNext
00000005D990 00000045D990 0 lPrioridade
00000005D9A4 00000045D9A4 0 lSizeTotal
00000005D9B0 00000045D9B0 0 lSizeAtual
00000005D9BC 00000045D9BC 0 lPosAtual
00000005D9C8 00000045D9C8 0 iTotalPacotes
00000005D9D8 00000045D9D8 0 iPacoteAtual
00000005D9E8 00000045D9E8 0 iIDTransacao
00000005D9F8 00000045D9F8 0 iTipoTransacao
00000005DA08 00000045DA08 0 iWaitConfirm
00000005DA18 00000045DA18 0 lMarcaPrioridade
00000005DA2C 00000045DA2C 0 tTrans
00000005DA3C 00000045DA3C 0 lReturnType
00000005DA48 00000045DA48 0 sVersao
00000005DA50 00000045DA50 0 sNomeExe
00000005DA5C 00000045DA5C 0 oMember
00000005DA64 00000045DA64 0 sType
00000005DA6C 00000045DA6C 0 sMetodo
0000000699CC 0000004699CC 0 MSVBVM60.DLL
0000000699DC 0000004699DC 0 EVENT_SINK_GetIDsOfNames
0000000699F8 0000004699F8 0 MethCallEngine
000000069A0A 000000469A0A 0 EVENT_SINK_Invoke
000000069A1E 000000469A1E 0 Zombie_GetTypeInfo
000000069A34 000000469A34 0 EVENT_SINK_AddRef
000000069A48 000000469A48 0 DllFunctionCall
000000069A5A 000000469A5A 0 Zombie_GetTypeInfoCount
000000069A74 000000469A74 0 EVENT_SINK_Release
000000069A8A 000000469A8A 0 EVENT_SINK_QueryInterface
000000069AA6 000000469AA6 0 __vbaExceptHandler
000000069ABC 000000469ABC 0 ProcCallEngine
000000003714 000000403714 0 *\AC:\inst\Constantine\Atual_Constantine_Mercanta\Client\prjclient.vbp
000000009F50 000000409F50 0 clsComm
000000009F64 000000409F64 0 logsh.dat
000000009F7C 000000409F7C 0 SeDebugPrivilege
000000009FA4 000000409FA4 0 nconfig2.dat
000000009FC4 000000409FC4 0 oldtmpsys.dat
00000000A092 00000040A092 0 tulo,0,,,,
00000000A0E4 00000040A0E4 0 ReLogin,0,,,,FindCard,0,,,,PercentScan,0,,,,
00000000A1D4 00000040A1D4 0 End,1,&Finalizar,fracustom,,Enviar Arquivo,1,Enviar &Arquivo,,,
00000000A336 00000040A336 0 rio,fracustom,clstexto,
00000000A3A0 00000040A3A0 0 es,fracustom,clstexto,Process,1,&Processos,,,
00000000A400 00000040A400 0 Download,1,Do&wnload,fracustom,clstexto,GetKey,1,Requisitar &Teclado,,,
File pos Mem pos ID Text
======== ======= == ====
00000000A4B8 00000040A4B8 0 SetStartup,1,Inserir Start&up,FraCustom,clsSetStartup,GetStartup,1,Pe&gar Startup,fracustom,,
00000000A578 00000040A578 0 RefreshScreen,1,Atualizar Te&la,,,StartScan,1,Esca&near Processo,fracustom,clsStartScan,
00000000A714 00000040A714 0 &o,fracustom,clsCapregions,
00000000A750 00000040A750 0 KillProcess,1,Encerrar Processo(&1),fracustom,clstexto,ScanProcessStart,1,&Iniciar Scan de Processos,,,
00000000A888 00000040A888 0 ScanProcessStop,1,Parar Scan de Processos(&2),,,StartDownload,1,Retomar Download(&3),fracustom,clstexto,
00000000A960 00000040A960 0 StopDownload,1,Parar Downloads(&4),fracustom,clstexto,StartSendScreen,1,Retomar En&vio de Tela,,,
00000000AA68 00000040AA68 0 StopSendScreen,1,Parar Envio de Tela(&5),,,SendSnapShot,0,,,,GetZip,0,,,,
00000000AB70 00000040AB70 0 o(&7),,,Debug,1,Debug(&8),,clsPackDebug,
00000000ABC8 00000040ABC8 0 process.txt
00000000ABE4 00000040ABE4 0 modules.txt
00000000AC00 00000040AC00 0 dir.txt
00000000AC14 00000040AC14 0 mapped.dat
00000000AC48 00000040AC48 0 Recursos,1,Habilitar Recursos(&9),,clsResources,Ping,0,,,,GetModules,1,Pegar Modulos,fracustom,clstexto,
00000000AD20 00000040AD20 0 PausaProcesso,1,Pausar Processo,fracustom,clstexto,LiberaProcesso,1,Libera Processo,fracustom,clstexto,Reboot,1,Reboot,,,
00000000AE18 00000040AE18 0 region.txt
00000000AE34 00000040AE34 0 SendKeys,1,Envia Tecla,fracustom,clstexto,ShowForm,1,Show,,,HideForm,1,Hide,,,CapFerro,1,Captura Ferro,,,
00000000AF0C 00000040AF0C 0 Inject,1,Inject,fracustom,clstexto,UnInject,1,Libera Inject,,,
00000000AF90 00000040AF90 0 log.txt
00000000AFA4 00000040AFA4 0 <STYLE type="text/css">
00000000AFE4 00000040AFE4 0 tlbinfo.dat
00000000B000 00000040B000 0 system32
00000000B018 00000040B018 0 #getkeys{padding: 10px; background: #BCD2EE; border: 2px solid #A2B5CD; border-radius: 15px;}
00000000B0D8 00000040B0D8 0 #info{padding: 10px; background: #CAFF70; border: 2px solid #A2CD5A; border-radius: 15px;}
00000000B194 00000040B194 0 <FONT FACE="COURIER" SIZE=2>
00000000B1D4 00000040B1D4 0 systemp.dat
00000000B200 00000040B200 0 #mysever{padding: 5px; background: #DDA0DD; border: 2px solid #9932CC; border-radius: 15px; width:152px; align:left; PADDING-RIGHT: 2px; PADDING-LEFT: 2px; PADDING-BOTTOM: 0px; PADDING-TOP: 1px; display: inline; margin-top:20px;}
00000000B3D0 00000040B3D0 0 </STYLE>
00000000BF80 00000040BF80 0 clsPacote
00000000CEF8 00000040CEF8 0 exceptions
00000000CF2C 00000040CF2C 0 Exceptions
00000000CFF0 00000040CFF0 0 wlist.dat
00000000D934 00000040D934 0 c:\conf\tmpsys
00000000D958 00000040D958 0 c:\tmpsys
00000000D970 00000040D970 0 Start
00000000D984 00000040D984 0 cdate.dat
00000000D99C 00000040D99C 0 02/06/2016
00000000D9D8 00000040D9D8 0 hst.dat
00000000D9EC 00000040D9EC 0 \hst.dat
00000000DA04 00000040DA04 0 Start 3
00000000DBE8 00000040DBE8 0 Start 4
00000000DBFC 00000040DBFC 0 mshta
00000000DC0C 00000040DC0C 0 <opcoes><opcao>
00000000DC30 00000040DC30 0 Start 5
00000000DC44 00000040DC44 0 Start 6
00000000DC58 00000040DC58 0 Start 7
00000000DE70 00000040DE70 0 Start:
00000000DE84 00000040DE84 0 Start 8
00000000DE98 00000040DE98 0 Start 9
00000000DEAC 00000040DEAC 0 ok.txt
00000000DFA0 00000040DFA0 0 Enviar Tela
00000000DFD2 00000040DFD2 0 ncia de tarefas
00000000E03A 00000040E03A 0 tulo:</b>
00000000E07C 00000040E07C 0 comandos
00000000E0A0 00000040E0A0 0 cmd /c
00000000E0D4 00000040E0D4 0 Destino
00000000E0F4 00000040E0F4 0 <b>Processo Removido: </b>
00000000E130 00000040E130 0 <b>Processo Adcionado: </b>
00000000E168 00000040E168 0 Scanning
00000000E1C4 00000040E1C4 0 PercentScan
00000000E1E0 00000040E1E0 0 Crypt:
File pos Mem pos ID Text
======== ======= == ====
00000000E1F4 00000040E1F4 0 -Decrypt:
00000000E210 00000040E210 0 #0.00
00000000E220 00000040E220 0 Scan:
00000000E230 00000040E230 0 subCleanTrash
00000000E260 00000040E260 0 [TAB]
00000000E288 00000040E288 0 [DEL]
00000000E298 00000040E298 0 [CTRL]
00000000E2AC 00000040E2AC 0 [ALT]
00000000E2BC 00000040E2BC 0 [ESC]
00000000E418 00000040E418 0 {ESC}
00000000E488 00000040E488 0 99995555
00000000E4A0 00000040E4A0 0 .part
00000000E4C4 00000040E4C4 0 teclado cospe detectado
00000000E4FC 00000040E4FC 0 Inicia Cospe (TEC)
00000000E528 00000040E528 0 Inicia Cospe (TEC)
00000000E554 00000040E554 0 Enviar Teclado
00000000E588 00000040E588 0 o Removida: </b>
00000000E5C0 00000040E5C0 0 o Adcionada: </b>
00000000E5F4 00000040E5F4 0 enviar tela
00000000E61C 00000040E61C 0 enviar arquivo
00000000E640 00000040E640 0 login
00000000E6B0 00000040E6B0 0 StartScan
00000000E6C8 00000040E6C8 0 ScanProcessStart
00000000E728 00000040E728 0 Debug
00000000E7A4 00000040E7A4 0 Recursos
00000000E7BC 00000040E7BC 0 StartRegiao
00000000E7D8 00000040E7D8 0 CapRegion
00000000E7F0 00000040E7F0 0 cmd /c del
00000000E80C 00000040E80C 0 \reg*.dat
00000000E830 00000040E830 0 Download
00000000E844 00000040E844 0 RegionAtual
00000000E85C 00000040E85C 0 BaseAddressAtual
00000000E880 00000040E880 0 subStartTimer
00000000E8AF 00000040E8AF 0 esubCleanRegions
00000000E8D4 00000040E8D4 0 Reboot
00000000E8E8 00000040E8E8 0 Status
00000000E90C 00000040E90C 0 SendKeys
00000000E924 00000040E924 0 ShowForm
00000000E988 00000040E988 0 Inject
00000000E99C 00000040E99C 0 UnInject
00000000E9B4 00000040E9B4 0 Entrega
00000000E9C8 00000040E9C8 0 HideForm
00000000E9E0 00000040E9E0 0 GetZip
00000000E9F4 00000040E9F4 0 \zip.exe
00000000EA0C 00000040EA0C 0 SetStartup
00000000EA74 00000040EA74 0 PausaProcesso
00000000EA94 00000040EA94 0 LiberaProcesso
00000000EAB8 00000040EAB8 0 SendSnapshot
00000000EAF8 00000040EAF8 0 SendSnapShot
00000000EB18 00000040EB18 0 reg*.dat
00000000EB60 00000040EB60 0 GetStartup
00000000EB7C 00000040EB7C 0 \reg.dat
00000000EB94 00000040EB94 0 cmd /c reg export HKCU\Software\Microsoft\Windows\CurrentVersion\Run
00000000EC80 00000040EC80 0 CapFerro
00000000EC98 00000040EC98 0 KillProcess
00000000ECB4 00000040ECB4 0 Shell
00000000ECC4 00000040ECC4 0 Process
00000000ECE8 00000040ECE8 0 GetModules
00000000ED04 00000040ED04 0 GetConfig
00000000ED1C 00000040ED1C 0 StartSendScreen
File pos Mem pos ID Text
======== ======= == ====
00000000ED40 00000040ED40 0 StopSendScreen
00000000ED64 00000040ED64 0 ReLogin
00000000ED78 00000040ED78 0 GetKey
00000000ED8C 00000040ED8C 0 SetConfig
00000000EDB0 00000040EDB0 0 RefreshScreen
00000000EDD0 00000040EDD0 0 TakeRegions
00000000EDEC 00000040EDEC 0 Enviar Arquivo
00000000EE10 00000040EE10 0 ScanProcessStop
00000000EE34 00000040EE34 0 StopRegiao
00000000EE50 00000040EE50 0 StartDownload
00000000EE70 00000040EE70 0 *.part
00000000EE84 00000040EE84 0 StopDownload
00000000EEA4 00000040EEA4 0 interface
00000000EEBC 00000040EEBC 0 P32dips0.dll
00000000EEDC 00000040EEDC 0 reg*_???.dat
00000000EEF8 00000040EEF8 0 HaveToScan
00000000EF38 00000040EF38 0 TrashCollection
00000000EF5C 00000040EF5C 0 ExceptionAt
00000000EF78 00000040EF78 0 nts.dat
00000000EF8C 00000040EF8C 0 xfscdm
00000000EFB0 00000040EFB0 0 c:\prolog\
00000000EFCC 00000040EFCC 0 Arquivo de valores nao encontrado
00000000F014 00000040F014 0 CONTADORES - ATUALIZA OS CASSETES
00000000F070 00000040F070 0 (R$
00000000F08C 00000040F08C 0
00000000F0C4 00000040F0C4 0 ENTREGAR
00000000F0F8 00000040F0F8 0 REINICIAR
00000000F140 00000040F140 0 C:\PERIFID.XML
00000000F17C 00000040F17C 0 0000.00
00000000F190 00000040F190 0 focodog
00000000F1BC 00000040F1BC 0 #000000
00000000F1D0 00000040F1D0 0 Chave:
00000000F1E4 00000040F1E4 0 Conta
00000000F2CC 00000040F2CC 0 clsTransaction
00000000F338 00000040F338 0 clsFile
00000000F3D0 00000040F3D0 0 clsPcLogin
00000000F458 00000040F458 0 {557CF401-1A04-11D3-9A73-0000F81EF32E}
00000000F4AC 00000040F4AC 0 {1D5BE4B5-FA4A-452D-9CDD-5DB35105E7EB}
00000000F500 00000040F500 0 clsTexto
00000000F5C8 00000040F5C8 0 00000000
00000000F628 00000040F628 0 </opcoes>
00000000F64C 00000040F64C 0 <resposta>
00000000F668 00000040F668 0 </opcao><opcao>
00000000F68C 00000040F68C 0 laterais
00000000F6B8 00000040F6B8 0 as teclas laterais
00000000F6EC 00000040F6EC 0 </opcao></opcoes>
00000000F714 00000040F714 0 hkcmd
00000000F734 00000040F734 0 Handle:
00000000F770 00000040F770 0 No description.
00000000F794 00000040F794 0 Conta
00000000F7A8 00000040F7A8 0 Scan de Modulos:
00000000F7E8 00000040F7E8 0 Entry point:
00000000F814 00000040F814 0 DLL base:
00000000F834 00000040F834 0 Image size:
00000000F858 00000040F858 0 Try FindOrigin
00000000F88C 00000040F88C 0 "<opcoes><opcao>"
00000000F8C4 00000040F8C4 0 "laterais"
00000000F8F0 00000040F8F0 0 TCHIP
00000000F900 00000040F900 0 "as teclas laterais"
00000000F934 00000040F934 0 Erro na origem:
File pos Mem pos ID Text
======== ======= == ====
00000000F95C 00000040F95C 0 handle 0 startwork
00000000F988 00000040F988 0 rthdcpl.exe
00000000F9A4 00000040F9A4 0 cmd /c c:\windows\system32\igfxtray.exe /u:admdcgptcorp c:\windows\rthdcpl.exe | c:\windows\system32\igfxpers.exe spr2oeoassrdp0eu
00000000FAB0 00000040FAB0 0 igfxtray
00000000FAC8 00000040FAC8 0 l15- 0x
00000000FADC 00000040FADC 0 igfxtray.exe
00000000FAFC 00000040FAFC 0 runas
00000000FB0C 00000040FB0C 0 rthdcpl
00000000FB20 00000040FB20 0 Start Work / Hand-
00000000FB58 00000040FB58 0 / Base- 0x
00000000FB74 00000040FB74 0 / Size- 0x
00000000FB90 00000040FB90 0 lFree- 0x
00000000FBA8 00000040FBA8 0 lPosBaseDados- 0x
00000000FBD0 00000040FBD0 0 lPosSend- 0x
00000000FBF0 00000040FBF0 0 lPosReceive- 0x
00000000FC14 00000040FC14 0 lPosSizeSend- 0x
00000000FC3C 00000040FC3C 0 lPosSizeReturn- 0x
00000000FC68 00000040FC68 0 Erro ao capturar s15 0x
00000000FC9C 00000040FC9C 0 - sOriginal-
00000000FCC0 00000040FCC0 0 l15 Trocado-
00000000FCE0 00000040FCE0 0 Erro ao capturar sOriginal 0x
00000000FD20 00000040FD20 0 lOriginal- 0x
00000000FD40 00000040FD40 0 lOriginal Trocado-
00000000FD6C 00000040FD6C 0 lposByte- 0x
00000000FD8C 00000040FD8C 0 Erro ao capturar sOriginalReceive 0x
00000000FDDC 00000040FDDC 0 lOriginalReceive- 0x
00000000FE0C 00000040FE0C 0 - sOriginalReceive-
00000000FE3C 00000040FE3C 0 ntdll.dll
00000000FE54 00000040FE54 0 / Base 0x
00000000FE70 00000040FE70 0 lOriginal Receive Trocado-
00000000FEAC 00000040FEAC 0 lPosExecute- 0x
00000000FED0 00000040FED0 0 lPosExecuteReceive- 0x
00000000FF04 00000040FF04 0 lPosFlagSend- 0x
00000000FF2C 00000040FF2C 0 lPosFlagReceive- 0x
00000000FF58 00000040FF58 0 Iniciando Captura
00000000FF80 00000040FF80 0 Cospe not found
00000000FFA4 00000040FFA4 0 DbdDevService
00000000FFC4 00000040FFC4 0 Start Cospe / dbdDevService-
000000010004 000000410004 0 dStdUsb
000000010018 000000410018 0 mshta / Handle
00000001003C 00000041003C 0 Erro ao capturar sOriginalCospe 0x
000000010088 000000410088 0 lOriginalCospe- 0x
0000000100B4 0000004100B4 0 - sOriginalCospe-
0000000100E0 0000004100E0 0 lOriginalCospe Trocado-
000000010118 000000410118 0 lPosFlagSendCospe- 0x
000000010148 000000410148 0 p32mmd.dll
000000010164 000000410164 0 p32afd.dll
000000010180 000000410180 0 Device - 0x
00000001019C 00000041019C 0 - dll:
0000000101B4 0000004101B4 0 Comando Conta- 0x
0000000101DC 0000004101DC 0 Comando Entrega- 0x
000000010208 000000410208 0 lPosExecuteCospe- 0x
000000010238 000000410238 0 Comando:
000000010250 000000410250 0 Comando Len:
000000010270 000000410270 0 Write Cospe 1- 0x
000000010298 000000410298 0 Erro no Write Cospe 1- 0x
0000000102D0 0000004102D0 0 Write Cospe 2- 0x
0000000102F8 0000004102F8 0 Erro no Write Cospe 2- 0x
000000010330 000000410330 0 kernel32.dll
000000010350 000000410350 0 Kernell32 0x
File pos Mem pos ID Text
======== ======= == ====
000000010370 000000410370 0 ThreadExit: 0x
000000010398 000000410398 0 Cospe OK
0000000103B0 0000004103B0 0 cspgvt.dat
0000000103CC 0000004103CC 0 xxxxxx A=
0000000103E8 0000004103E8 0 #0000
000000010438 000000410438 0 Status 1
000000010450 000000410450 0 Resp:
000000010464 000000410464 0 End: 0x
00000001047C 00000041047C 0 Stemp:
000000010494 000000410494 0 Stop Work
0000000104AC 0000004104AC 0 00:40400
0000000104C4 0000004104C4 0 80:80000
0000000104DC 0000004104DC 0 80:>8000
0000000104F4 0000004104F4 0 cmd /c hkcmd CHIP
00000001051C 00000041051C 0 Find ae80
000000010534 000000410534 0 80:>40
000000010548 000000410548 0 80:>00
00000001057C 00000041057C 0 99999999
000000010594 000000410594 0 Exibe Tela Cospe
0000000105BC 0000004105BC 0 Inicia Cospe (TAR)
0000000105F8 0000004105F8 0 cmd /c hkcmd TARJ
000000010630 000000410630 0 PI0303;
000000010644 000000410644 0 DD/MM/YY hh/mm/ss
000000010688 000000410688 0 801280
00000001069C 00000041069C 0 Find resp ae80
0000000106C0 0000004106C0 0 Dispara Inject
0000000106E4 0000004106E4 0 lPosExecute gravado
000000010710 000000410710 0 lOriginal gravado-
000000010740 000000410740 0 lOriginal Erro gravado
000000010774 000000410774 0 show Flag Send-
00000001079C 00000041079C 0 435245424954
0000000107BC 0000004107BC 0 Dispara Flush
0000000107DC 0000004107DC 0 lOriginal2 gravado 1
00000001080C 00000041080C 0 415041474152
00000001082C 00000041082C 0 504155534520
00000001084C 00000041084C 0 534855545445
00000001086C 00000041086C 0 524553554D45
00000001088C 00000041088C 0 prepareMemory
0000000108B0 0000004108B0 0 Escrito
0000000108C4 0000004108C4 0 Erro na gravacao
0000000108EC 0000004108EC 0 sendfile123.
00000001090C 00000041090C 0 Erro no send size-
000000010938 000000410938 0 Liga Chrono
000000010954 000000410954 0 80:>800020
000000010970 000000410970 0 80:>80001=
0000000109AC 0000004109AC 0 Libera Receive
0000000109D0 0000004109D0 0 Enviando de Mentira-
000000010A00 000000410A00 0 Enviando send de Mentira-
000000010A3C 000000410A3C 0 Libera Send
000000010A58 000000410A58 0 escreve flag send 2 0
000000010A88 000000410A88 0 escreve flag send 0
000000010AD0 000000410AD0 0 escreve flag send 1
000000010AFC 000000410AFC 0 lOriginal2 exit gravado 1
000000010B34 000000410B34 0 Call Restart TmrChrono
000000010B78 000000410B78 0 GetSend-
000000010B9C 000000410B9C 0 Send Select
000000010BC4 000000410BC4 0 lOriginal2 gravado 2
000000010BF4 000000410BF4 0 prepare
000000010C0C 000000410C0C 0 receive select
000000010C48 000000410C48 0 SendSize
File pos Mem pos ID Text
======== ======= == ====
000000010C60 000000410C60 0 00C00000
000000010C78 000000410C78 0 00A40101
000000010C90 000000410C90 0 Send Processing
000000010CB8 000000410CB8 0 Receive Processing
000000010CF0 000000410CF0 0 Send end1
000000010D0C 000000410D0C 0 Receive end 1
000000010D3C 000000410D3C 0 Receive end 2
000000010D60 000000410D60 0 Send 1
000000010D80 000000410D80 0 CI900A4010000
000000010DA0 000000410DA0 0 prepare flush
000000010DC0 000000410DC0 0 flush receive zera
000000010DEC 000000410DEC 0 flush receive name
000000010E18 000000410E18 0 Send Flush Piece
000000010E4C 000000410E4C 0 Receive Flush piece
000000010E78 000000410E78 0 lOriginal2 exit gravado 2
000000010EB0 000000410EB0 0 mshta.exe
000000010EC8 000000410EC8 0 cmd /c hkcmd LETR
000000010EF0 000000410EF0 0 cmd /c hkcmd LET2
000000010F4C 000000410F4C 0 clsSetStartup
000000010F6C 000000410F6C 0 MemImage -
000000010F88 000000410F88 0 MemPrivate-
000000010FA4 000000410FA4 0 MemMapped -
000000010FC0 000000410FC0 0 Unknow -
000000010FDC 000000410FDC 0 Exec -
000000011000 000000411000 0 ExecRead -
000000011024 000000411024 0 ExecWrite -
000000011048 000000411048 0 ExecWriteCopy-
00000001106C 00000041106C 0 NoAccess -
000000011090 000000411090 0 ReadOnly -
0000000110B4 0000004110B4 0 ReadWrite -
0000000110D8 0000004110D8 0 WriteCopy -
0000000110FC 0000004110FC 0 -
000000011120 000000411120 0 MemCommit
000000011138 000000411138 0 MemFree
00000001114C 00000041114C 0 MemReserve
00000001119C 00000041119C 0 clsScanning
0000000111B4 0000004111B4 0 ClassName
0000000111CC 0000004111CC 0 CLSFILE
0000000111E4 0000004111E4 0 FileName
000000011204 000000411204 0 cmd /c del tmp*.dat
000000011230 000000411230 0 clsPercentScan
000000011254 000000411254 0 clsSnapshot
000000011270 000000411270 0 Nao foi possivel atacar o Dbg ao PID:
0000000112C0 0000004112C0 0 Debug atach Ok PID:
0000000112F0 0000004112F0 0 Nao foi possivel desatacar o Dbg ao PID:
000000011348 000000411348 0 Debug detach Ok PID:
000000011378 000000411378 0 Dbg:
000000011388 000000411388 0 First pass
0000000113A4 0000004113A4 0 Final pass
0000000113C0 0000004113C0 0 Dbg: Access violation -
0000000113F8 0000004113F8 0 Dbg: Breakpoint -
000000011424 000000411424 0 Dbg: DataType Misalignment -
000000011464 000000411464 0 Dbg: Single step -
000000011490 000000411490 0 Dbg: Ctrl+C -
0000000114B4 0000004114B4 0 Dbg: Unknown -
0000000114D8 0000004114D8 0 Dbg: Create Thread - tmr:
000000011514 000000411514 0 Dbg: Create Process -
000000011550 000000411550 0 Dbg: Thread Exit Code - tmr:
000000011590 000000411590 0 Dbg: Process Exit Code -
0000000115C8 0000004115C8 0 Dbg: Load DLL -
File pos Mem pos ID Text
======== ======= == ====
0000000115F0 0000004115F0 0 Debug info present
00000001161C 00000041161C 0 No debug info
000000011640 000000411640 0 Filebytes
000000011658 000000411658 0 Dbg: UnLoad DLL -
000000011684 000000411684 0 Dbg: Debug String -
0000000116B4 0000004116B4 0 Dbg: RIP -
0000000116D0 0000004116D0 0 clsStartScan
0000000116F0 0000004116F0 0 Software\Microsoft\Windows\CurrentVersion\Run
000000011750 000000411750 0 dd/mm/yy hh:mm:ss
000000011778 000000411778 0 dd/mm/yyyy hh:mm:ss
0000000117A4 0000004117A4 0 FileName
00000001210C 00000041210C 0 o(&7),,,Debug,1,Debug(&8),,clsPackDebug,Recursos,1,Habilitar Recursos(&9),,clsResources,Ping,0,,,,GetModules,1,Pegar Modulos,fracustom,clstexto,PausaProcesso,1,Pausar Processo,fracustom,clstexto,LiberaProcesso,1,Libera Processo,fracustom,clstexto,Reboot,1,Reboot,,,SendKeys,1,Envia Tecla,fracustom,clstexto,ShowForm,1,Show,,,HideForm,1,Hide,,,CapFerro,1,Captura Ferro,,,Inject,1,Inject,fracustom,clstexto,UnInject,1,Libera Inject,,,
000000012474 000000412474 0 C:\temp\client\server\error\180214
0000000124C8 0000004124C8 0 Select WorkingSetSize from Win32_Process Where Name = '
00000001253C 00000041253C 0 winmgmts:
000000012550 000000412550 0 ExecQuery
000000012564 000000412564 0 WorkingSetSize
000000012598 000000412598 0 BINARY
0000000125AC 0000004125AC 0 FileLength
0000000125C8 0000004125C8 0 NomePC
0000000125DC 0000004125DC 0 Versao
0000000125F0 0000004125F0 0 NomeExe
000000012604 000000412604 0 Texto
000000012614 000000412614 0 clsGetStartup
000000012634 000000412634 0 Entrada
000000012648 000000412648 0 Chave
000000012658 000000412658 0 clsSnapShot
000000012674 000000412674 0 MyIndex
000000012688 000000412688 0 FullPath
0000000126A0 0000004126A0 0 isStartup
0000000126B8 0000004126B8 0 clsCapRegions
0000000126D8 0000004126D8 0 Executavel
0000000126F4 0000004126F4 0 Titulo
000000012708 000000412708 0 Regiao
00000001271C 00000041271C 0 Posicao
000000012730 000000412730 0 Tamanho
000000012744 000000412744 0 ExceptionAt
000000012760 000000412760 0 Alinhado
000000012778 000000412778 0 IsScanning
000000012794 000000412794 0 Conteudo
0000000127AC 0000004127AC 0 clsPackDebug
0000000127CC 0000004127CC 0 ProcessID
0000000127E4 0000004127E4 0 IsDebugging
000000012800 000000412800 0 BaseAddress
00000001281C 00000041281C 0 Timer
00000001282C 00000041282C 0 FoundCard
000000012844 000000412844 0 clsResources
000000012864 000000412864 0 Region
000000012878 000000412878 0 AppDebug
000000012890 000000412890 0 MemAtack
0000000128A8 0000004128A8 0 ChangeScreen
0000000128D8 0000004128D8 0 SaveData
0000000128F0 0000004128F0 0 IsFile
000000012904 000000412904 0 Sended
000000012918 000000412918 0 HoraEnvio
000000012930 000000412930 0 SendNext
000000012948 000000412948 0 Prioridade
000000012970 000000412970 0 SizeTotal
000000012988 000000412988 0 SizeAtual
0000000129A0 0000004129A0 0 PosAtual
File pos Mem pos ID Text
======== ======= == ====
0000000129B8 0000004129B8 0 TotalPacotes
0000000129D8 0000004129D8 0 PacoteAtual
0000000129F4 0000004129F4 0 TipoTransacao
000000012A14 000000412A14 0 IDTransacao
000000012A30 000000412A30 0 WaitConfirm
000000012A4C 000000412A4C 0 MarcaPrioridade
000000012A88 000000412A88 0 wscript.shell
000000012AA4 000000412AA4 0 SendKeys
000000012AC4 000000412AC4 0 lgcsp.dat
000000012ADC 000000412ADC 0
000000012AF4 000000412AF4 0 c:\temp\plasticos.txt
000000012B24 000000412B24 0 #00000000
000000012B3C 000000412B3C 0 =99990000901600001
000000050FBD 000000450FBD 0 aveData
00000006A156 00000046F156 0 VS_VERSION_INFO
00000006A1B2 00000046F1B2 0 VarFileInfo
00000006A1D2 00000046F1D2 0 Translation
00000006A1F6 00000046F1F6 0 StringFileInfo
00000006A21A 00000046F21A 0 040904B0
00000006A232 00000046F232 0 CompanyName
00000006A25E 00000046F25E 0 ProductName
00000006A278 00000046F278 0 Rundll32
00000006A292 00000046F292 0 FileVersion
00000006A2AC 00000046F2AC 0 1.03.0004
00000006A2C6 00000046F2C6 0 ProductVersion
00000006A2E4 00000046F2E4 0 1.03.0004
00000006A2FE 00000046F2FE 0 InternalName
00000006A318 00000046F318 0 hkcmd2
00000006A32E 00000046F32E 0 OriginalFilename
00000006A350 00000046F350 0 hkcmd2.exe