.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------.
! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV !
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
8770f760af320d30681a4eb4ded331eab2481f54c657aac607df8babe8c11a6b
Date...........: 2016-08-02
Family.........: ATMSpitter
File name......: cngdisp.exe
File size......: 51.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Additional note: Date check (2018) at 0x408748 and 0x40875F
Entropy:
Binary Histogram:
=== SCREENSHOT ===
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 144 0x90
blocks_in_file: 3 3
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 0 0
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 0 0
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 232 0xe8
=== DOS STUB ===
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
=== RICH Header ===
LIB_ID VERSION TIMES_USED
171 ab 30319 766f 23 17
158 9e 30319 766f 17 11
170 aa 30319 766f 87 57
147 93 30729 7809 4 4
4 4 8447 20ff 3 3
1 1 0 0 83 53
174 ae 30319 766f 1 1
157 9d 30319 766f 1 1
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 5 5
TimeDateStamp: "2018-11-27 10:02:53"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 10.0
SizeOfCode: 31232 0x7a00
SizeOfInitializedData: 19968 0x4e00
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 5355 0x14eb
BaseOfCode: 4096 0x1000
BaseOfData: 36864 0x9000
ImageBase: 4194304 0x400000
SectionAlignment: 4096 0x1000
FileAlignment: 512 0x200
OperatingSystemVersion: 5.1
ImageVersion: 0.0
SubsystemVersion: 5.1
Reserved1: 0 0
SizeOfImage: 69632 0x11000
SizeOfHeaders: 1024 0x400
CheckSum: 113742 0x1bc4e
Subsystem: 3 3 WINDOWS_CUI
DllCharacteristics: 33088 0x8140 DYNAMIC_BASE, NX_COMPAT
TERMINAL_SERVER_AWARE
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 4096 0x1000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x b7e4 size:0x 50
RESOURCE rva:0x f000 size:0x 1b4
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x 10000 size:0x 7d8
DEBUG rva:0x 0 size:0x 0
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 0 size:0x 0
LOAD_CONFIG rva:0x b4c0 size:0x 40
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 9000 size:0x 12c
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
.text 1000 79ee 7a00 400 0 0 0 0 60000020 R-X CODE
.rdata 9000 2e52 3000 7e00 0 0 0 0 40000040 R-- IDATA
.data c000 2ba4 e00 ae00 0 0 0 0 c0000040 RW- IDATA
.rsrc f000 1b4 200 bc00 0 0 0 0 40000040 R-- IDATA
.reloc 10000 ca6 e00 be00 0 0 0 0 42000040 R-- IDATA DISCARDABLE
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0xbc58 1252 0x409 346 MANIFEST #1
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
CSCWCNG.dll 16
CSCWCNG.dll 2b
CSCWCNG.dll 2a
CSCWCNG.dll 15
KERNEL32.dll 88 CreateFileA
KERNEL32.dll 466 SetFilePointer
KERNEL32.dll 54d lstrlenA
KERNEL32.dll 525 WriteFile
KERNEL32.dll 52 CloseHandle
KERNEL32.dll 277 GetSystemTime
KERNEL32.dll 157 FlushFileBuffers
KERNEL32.dll 202 GetLastError
KERNEL32.dll 2cf HeapFree
KERNEL32.dll 2cb HeapAlloc
KERNEL32.dll 186 GetCommandLineA
KERNEL32.dll 2d3 HeapSetInformation
KERNEL32.dll ca DecodePointer
KERNEL32.dll 4d3 UnhandledExceptionFilter
KERNEL32.dll 4a5 SetUnhandledExceptionFilter
KERNEL32.dll 300 IsDebuggerPresent
KERNEL32.dll ea EncodePointer
KERNEL32.dll 4c0 TerminateProcess
KERNEL32.dll 1c0 GetCurrentProcess
KERNEL32.dll 2cd HeapCreate
KERNEL32.dll 245 GetProcAddress
KERNEL32.dll 218 GetModuleHandleW
KERNEL32.dll 119 ExitProcess
KERNEL32.dll 264 GetStdHandle
KERNEL32.dll 214 GetModuleFileNameW
KERNEL32.dll ee EnterCriticalSection
KERNEL32.dll 339 LeaveCriticalSection
KERNEL32.dll 213 GetModuleFileNameA
KERNEL32.dll 161 FreeEnvironmentStringsW
KERNEL32.dll 511 WideCharToMultiByte
KERNEL32.dll 1da GetEnvironmentStringsW
KERNEL32.dll 46f SetHandleCount
KERNEL32.dll 2e3 InitializeCriticalSectionAndSpinCount
KERNEL32.dll 1f3 GetFileType
KERNEL32.dll 263 GetStartupInfoW
KERNEL32.dll d1 DeleteCriticalSection
KERNEL32.dll 4c5 TlsAlloc
KERNEL32.dll 4c7 TlsGetValue
KERNEL32.dll 4c8 TlsSetValue
KERNEL32.dll 4c6 TlsFree
KERNEL32.dll 2ef InterlockedIncrement
KERNEL32.dll 473 SetLastError
KERNEL32.dll 1c5 GetCurrentThreadId
KERNEL32.dll 2eb InterlockedDecrement
KERNEL32.dll 3a7 QueryPerformanceCounter
KERNEL32.dll 293 GetTickCount
KERNEL32.dll 1c1 GetCurrentProcessId
KERNEL32.dll 279 GetSystemTimeAsFileTime
KERNEL32.dll 19a GetConsoleCP
KERNEL32.dll 1ac GetConsoleMode
KERNEL32.dll 172 GetCPInfo
KERNEL32.dll 168 GetACP
KERNEL32.dll 237 GetOEMCP
KERNEL32.dll 30a IsValidCodePage
KERNEL32.dll 4b2 Sleep
KERNEL32.dll 33f LoadLibraryW
KERNEL32.dll 418 RtlUnwind
KERNEL32.dll 487 SetStdHandle
KERNEL32.dll 524 WriteConsoleW
KERNEL32.dll 367 MultiByteToWideChar
KERNEL32.dll 32d LCMapStringW
KERNEL32.dll 269 GetStringTypeW
KERNEL32.dll 2d2 HeapReAlloc
KERNEL32.dll 304 IsProcessorFeaturePresent
KERNEL32.dll 2d4 HeapSize
KERNEL32.dll 8f CreateFileW
USER32.dll 334 wvsprintfA
USER32.dll 332 wsprintfA
=== Packer / Compiler ===
MS Visual C++ v8.0
=== Strings ===
File pos Mem pos ID Text
======== ======= == ====
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001E0 0000004001E0 0 .text
000000000208 000000400208 0 .rdata
00000000022F 00000040022F 0 @.data
000000000258 000000400258 0 .rsrc
00000000027F 00000040027F 0 @.reloc
000000000D3D 00000040193D 0 t%HHt
000000000F7F 000000401B7F 0 HHtXHHt
00000000106F 000000401C6F 0 HHty+
0000000014D5 0000004020D5 0 ?If90t
0000000018BF 0000004024BF 0 PPPPP
000000001A61 000000402661 0 uTVWh
000000001D47 000000402947 0 PPPPP
000000001DC9 0000004029C9 0 SSSSS
000000002860 000000403460 0 t?VSP
0000000028BA 0000004034BA 0 PPPPP
0000000029EB 0000004035EB 0 < tK< tG
000000002B35 000000403735 0 wf93t
000000002B5A 00000040375A 0 @PSVV
000000002C2A 00000040382A 0 SWf9M
000000004A02 000000405602 0 QSWVj
000000004B4B 00000040574B 0 v N+D$
0000000057BA 0000004063BA 0 ~,WPV
00000000593F 00000040653F 0 URPQQh
000000005A5A 00000040665A 0 Rhff@
000000005F23 000000406B23 0 9](SS
000000006069 000000406C69 0 t"SS9] u
000000006129 000000406D29 0 9] SS
0000000065EB 0000004071EB 0 v4;5\
0000000066E9 0000004072E9 0 vL;5t
000000006DE6 0000004079E6 0 PPPPPPPP
000000006EC6 000000407AC6 0 PPPPPPPP
0000000070C3 000000407CC3 0 SVWUj
000000007164 000000407D64 0 ;t$,v-
0000000071E9 000000407DE9 0 UQPXY]Y[
000000007742 000000408342 0 wctO
00000000774E 00000040834E 0 t3It
0000000078B8 0000004084B8 0 w9t(-
0000000078C4 0000004084C4 0 Hu7hD
0000000078F8 0000004084F8 0 (t%Ht
0000000078FF 0000004084FF 0 E$Ph(
0000000079B8 0000004085B8 0
000000007B43 000000408743 0 f9L$P
000000007D00 000000408900 0 T$LQRhT
000000007F78 000000409178 0 (null)
000000007FA1 0000004091A1 0 ( 8PX
000000007FA9 0000004091A9 0 700WP
000000007FC1 0000004091C1 0 xpxxxx
000000007FDC 0000004091DC 0 CorExitProcess
000000008AB4 000000409CB4 0 FlsFree
000000008ABC 000000409CBC 0 FlsSetValue
000000008AC8 000000409CC8 0 FlsGetValue
000000008AD4 000000409CD4 0 FlsAlloc
000000008D04 000000409F04 0 HH:mm:ss
000000008D10 000000409F10 0 dddd, MMMM dd, yyyy
000000008D24 000000409F24 0 MM/dd/yy
000000008D38 000000409F38 0 December
000000008D44 000000409F44 0 November
000000008D50 000000409F50 0 October
000000008D58 000000409F58 0 September
File pos Mem pos ID Text
======== ======= == ====
000000008D64 000000409F64 0 August
000000008D7C 000000409F7C 0 April
000000008D84 000000409F84 0 March
000000008D8C 000000409F8C 0 February
000000008D98 000000409F98 0 January
000000008DD0 000000409FD0 0 Saturday
000000008DDC 000000409FDC 0 Friday
000000008DE4 000000409FE4 0 Thursday
000000008DF0 000000409FF0 0 Wednesday
000000008DFC 000000409FFC 0 Tuesday
000000008E04 00000040A004 0 Monday
000000008E0C 00000040A00C 0 Sunday
000000008E55 00000040A055 0 ('8PW
000000008E5E 00000040A05E 0 700PP
000000008E79 00000040A079 0 xppwpp
000000008E8C 00000040A08C 0 GetProcessWindowStation
000000008EA4 00000040A0A4 0 GetUserObjectInformationW
000000008EC0 00000040A0C0 0 GetLastActivePopup
000000008ED4 00000040A0D4 0 GetActiveWindow
000000008EE4 00000040A0E4 0 MessageBoxW
000000008F27 00000040A127 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
000000008F68 00000040A168 0 abcdefghijklmnopqrstuvwxyz{|}~
000000009530 00000040A730 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]
000000009571 00000040A771 0 abcdefghijklmnopqrstuvwxyz{|}~
0000000096B0 00000040A8B0 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
0000000096F1 00000040A8F1 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0000000097A8 00000040A9A8 0 StClass =
0000000097B8 00000040A9B8 0 STCLASS_OK
0000000097C4 00000040A9C4 0 STCLASS_ERROR_COMM
0000000097D8 00000040A9D8 0 STCLASS_ERROR_CNG
0000000097EC 00000040A9EC 0 STCLASS_ERROR_EDS
000000009800 00000040AA00 0 STCLASS_ERROR_INI
000000009814 00000040AA14 0 STCLASS_ERROR_LDR
00000000982C 00000040AA2C 0 StCode =
00000000983C 00000040AA3C 0 CSC_INVALID_SPEC
000000009850 00000040AA50 0 CSC_INVALID_HANDLE
000000009864 00000040AA64 0 CSC_INVALID_LOGICAL_ID
00000000987C 00000040AA7C 0 CSC_INVALID_PINDATA
000000009894 00000040AA94 0 CSC_INVALID_INLEN
0000000098A8 00000040AAA8 0 CSC_INVALID_OUTLEN
0000000098BC 00000040AABC 0 CSC_INVALID_POUTDATA
0000000098D4 00000040AAD4 0 CSC_DEVICE_ALREADY_OPENED
0000000098F0 00000040AAF0 0 CNG_INVALID_VARIANT
000000009908 00000040AB08 0 CNG_INVALID_RESPONSE
000000009920 00000040AB20 0 CNG_INVALID_RECOVERY
000000009938 00000040AB38 0 CNG_FIRMWARE_INCOMPLETE
000000009958 00000040AB58 0 CNG_FRM_CONTEXT (<nSTA>!=R --> cassette error; <TF>=N --> transport path is not free; <SHERR>=B --> shutter error; <TER>=M --> possible manipulation)
0000000099F0 00000040ABF0 0 CNG_FRM_SYNTAX (Invalid cassette ID; Too many tries to dispense (> 10); Number of notes > maximum value (standard CNG: 60; ProCash Compact: 20))
000000009A84 00000040AC84 0 CNG_FRM_SW_MISSING (Firmware not loaded)
000000009AB0 00000040ACB0 0 CNG_FRM_ACCESS_ERROR
000000009AC8 00000040ACC8 0 CNG_FRM_ACCESS_CONTEXT
000000009AE0 00000040ACE0 0 CNG_FRM_SCOP
000000009AF0 00000040ACF0 0 CNG_FRM_ACCESS_DEVICE_NOT_READY
000000009B18 00000040AD18 0 CNG_FRM_DEVICE_NOT_READY (<S_SW>=O --> safety switch open; <DLOC>=Y --> device lock activated; <CAS>=N --> minimum configuration (reject box + cash-out cassette); <SR>=R --> single reject switch defective (is in reject direction); <TER>=J --> banknote jam; <OR>=Y --> operator request; <TST>=Y --> self-test active)
000000009C58 00000040AE58 0 CNG_FRM_ERROR (<nSTA>=E --> the cassette is empty; <DIS>=M --> too many banknotes with wrong size; <nSTA>=R --> timeout: no receipts for dispensing available (for printing cassette only); <DIS>=S --> too many multiple-banknote dispensing operations; <DIS>=N --> banknote dispensing is not possible*; <DIS>=J --> banknote jam has occurred during dispensing; <DIS>=E --> too many bundle rejects)
000000009DE4 00000040AFE4 0 CNG_FRM_ERROR_DECRYPTION
000000009E00 00000040B000 0 StWarn =
000000009E10 00000040B010 0 CNG_WARN_MONEY_NOT_REMOVED
000000009E2C 00000040B02C 0 CNG_WARN_MONEY_REMOVED
000000009E44 00000040B044 0 CNG_NO_FIRMWARE
File pos Mem pos ID Text
======== ======= == ====
000000009E58 00000040B058 0 CNG_NO_ACTUAL_FIRMWARE
000000009E70 00000040B070 0 CNG_WARN_LED
000000009E80 00000040B080 0 displog.txt
000000009E90 00000040B090 0 Congratulations! You are very skilled in reverse engineering! :)
000000009ED4 00000040B0D4 0 CSCCNG
000000009EE0 00000040B0E0 0 Usage: %s <Cassette Slot Number (D)> <Banknotes Count (DD)> <Dispenses Count>
000000009F30 00000040B130 0 Invalid Parameter: Cassette Slot Number. Must be a digit from 1 to 9
000000009F78 00000040B178 0 Invalid Parameter: Banknotes Count. Must be a digit from 1 to 60
000000009FC0 00000040B1C0 0 Invalid Parameter: Dispenses Count. Must be a digit from 1 to 100
00000000A004 00000040B204 0 %s,%s;
00000000A00C 00000040B20C 0 Connecting to the CNG...
00000000A028 00000040B228 0 CscCngOpen/CscCdmOpen failed with error:
00000000A054 00000040B254 0 CscCngOpen/CscCdmOpen failed with error:
00000000A07D 00000040B27D 0 System Failure
00000000A090 00000040B290 0 Successfully connected!
00000000A0AC 00000040B2AC 0 Dispense Operation # %d of %d
00000000A0CC 00000040B2CC 0 Dispensing cash to collection tray...
00000000A0F4 00000040B2F4 0 CscCngDispense/CscCdmDispense failed with error:
00000000A128 00000040B328 0 Dispensed Successfully! Raw Response: %s
00000000A154 00000040B354 0 Transporting cash to wait pos...
00000000A178 00000040B378 0 CscCngTransport failed with error:
00000000A19C 00000040B39C 0 Cash successfully transported to the wait pos.
00000000A1CC 00000040B3CC 0 Transporting cash to customer...
00000000A1F0 00000040B3F0 0 CscCngTransport/CscCdmTransport failed with error:
00000000A224 00000040B424 0 Cash successfully transported to the customer!
00000000A254 00000040B454 0 %s:%s
00000000A25C 00000040B45C 0 Disconnecting from CNG...
00000000A278 00000040B478 0 CscCngClose/CscCdmClose failed with error:
00000000A2A4 00000040B4A4 0 Successfully disconnected.
00000000A760 00000040B960 0 CSCWCNG.dll
00000000A76E 00000040B96E 0 CreateFileA
00000000A77C 00000040B97C 0 SetFilePointer
00000000A78E 00000040B98E 0 lstrlenA
00000000A79A 00000040B99A 0 WriteFile
00000000A7A6 00000040B9A6 0 CloseHandle
00000000A7B4 00000040B9B4 0 GetSystemTime
00000000A7C2 00000040B9C2 0 KERNEL32.dll
00000000A7D2 00000040B9D2 0 wvsprintfA
00000000A7E0 00000040B9E0 0 wsprintfA
00000000A7EA 00000040B9EA 0 USER32.dll
00000000A7F8 00000040B9F8 0 GetLastError
00000000A808 00000040BA08 0 HeapFree
00000000A814 00000040BA14 0 HeapAlloc
00000000A820 00000040BA20 0 GetCommandLineA
00000000A832 00000040BA32 0 HeapSetInformation
00000000A848 00000040BA48 0 DecodePointer
00000000A858 00000040BA58 0 UnhandledExceptionFilter
00000000A874 00000040BA74 0 SetUnhandledExceptionFilter
00000000A892 00000040BA92 0 IsDebuggerPresent
00000000A8A6 00000040BAA6 0 EncodePointer
00000000A8B6 00000040BAB6 0 TerminateProcess
00000000A8CA 00000040BACA 0 GetCurrentProcess
00000000A8DE 00000040BADE 0 HeapCreate
00000000A8EC 00000040BAEC 0 GetProcAddress
00000000A8FE 00000040BAFE 0 GetModuleHandleW
00000000A912 00000040BB12 0 ExitProcess
00000000A920 00000040BB20 0 GetStdHandle
00000000A930 00000040BB30 0 GetModuleFileNameW
00000000A946 00000040BB46 0 EnterCriticalSection
00000000A95E 00000040BB5E 0 LeaveCriticalSection
File pos Mem pos ID Text
======== ======= == ====
00000000A976 00000040BB76 0 GetModuleFileNameA
00000000A98C 00000040BB8C 0 FreeEnvironmentStringsW
00000000A9A6 00000040BBA6 0 WideCharToMultiByte
00000000A9BC 00000040BBBC 0 GetEnvironmentStringsW
00000000A9D6 00000040BBD6 0 SetHandleCount
00000000A9E8 00000040BBE8 0 InitializeCriticalSectionAndSpinCount
00000000AA10 00000040BC10 0 GetFileType
00000000AA1E 00000040BC1E 0 GetStartupInfoW
00000000AA30 00000040BC30 0 DeleteCriticalSection
00000000AA48 00000040BC48 0 TlsAlloc
00000000AA54 00000040BC54 0 TlsGetValue
00000000AA62 00000040BC62 0 TlsSetValue
00000000AA70 00000040BC70 0 TlsFree
00000000AA7A 00000040BC7A 0 InterlockedIncrement
00000000AA92 00000040BC92 0 SetLastError
00000000AAA2 00000040BCA2 0 GetCurrentThreadId
00000000AAB8 00000040BCB8 0 InterlockedDecrement
00000000AAD0 00000040BCD0 0 QueryPerformanceCounter
00000000AAEA 00000040BCEA 0 GetTickCount
00000000AAFA 00000040BCFA 0 GetCurrentProcessId
00000000AB10 00000040BD10 0 GetSystemTimeAsFileTime
00000000AB2A 00000040BD2A 0 GetConsoleCP
00000000AB3A 00000040BD3A 0 GetConsoleMode
00000000AB4C 00000040BD4C 0 GetCPInfo
00000000AB58 00000040BD58 0 GetACP
00000000AB62 00000040BD62 0 GetOEMCP
00000000AB6E 00000040BD6E 0 IsValidCodePage
00000000AB80 00000040BD80 0 Sleep
00000000AB88 00000040BD88 0 LoadLibraryW
00000000AB98 00000040BD98 0 RtlUnwind
00000000ABA4 00000040BDA4 0 SetStdHandle
00000000ABB4 00000040BDB4 0 WriteConsoleW
00000000ABC4 00000040BDC4 0 MultiByteToWideChar
00000000ABDA 00000040BDDA 0 LCMapStringW
00000000ABEA 00000040BDEA 0 GetStringTypeW
00000000ABFC 00000040BDFC 0 HeapReAlloc
00000000AC0A 00000040BE0A 0 IsProcessorFeaturePresent
00000000AC26 00000040BE26 0 HeapSize
00000000AC32 00000040BE32 0 FlushFileBuffers
00000000AC46 00000040BE46 0 CreateFileW
00000000B2CE 00000040C4CE 0
00000000B3AE 00000040C5AE 0 abcdefghijklmnopqrstuvwxyz
00000000B3CE 00000040C5CE 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ
00000000B4D2 00000040C6D2 0
00000000B5B9 00000040C7B9 0 abcdefghijklmnopqrstuvwxyz
00000000B5D9 00000040C7D9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ
00000000BC58 00000040F058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
00000000BCA3 00000040F0A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
00000000BCDB 00000040F0DB 0 <security>
00000000BCEB 00000040F0EB 0 <requestedPrivileges>
00000000BD08 00000040F108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
00000000BD68 00000040F168 0 </requestedPrivileges>
00000000BD86 00000040F186 0 </security>
00000000BD97 00000040F197 0 </trustInfo>
00000000BDA7 00000040F1A7 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
00000000BE0B 00000041000B 0 0*0L0{0
00000000BE17 000000410017 0 2L3W3h3
00000000BE2F 00000041002F 0 31464@4z4
00000000BE4B 00000041004B 0 7+8I8o8
00000000BE57 000000410057 0 8G<7=
File pos Mem pos ID Text
======== ======= == ====
00000000BE75 000000410075 0 3#3'3+3/3<3N3.484E4
00000000BE95 000000410095 0 5,5c5o5|5
00000000BEA5 0000004100A5 0 5)616D6O6T6f6p6u6
00000000BEC9 0000004100C9 0 7I7S7y7
00000000BEE7 0000004100E7 0 9%939g9t9
00000000BEF5 0000004100F5 0 9#:Q:x:
00000000BF0F 00000041010F 0 >->4>C>O>\>
00000000BF27 000000410127 0 ?'?0?T?
00000000BF53 000000410153 0 324<4}4
00000000BF71 000000410171 0 7&7N7
00000000BF81 000000410181 0 8[8b8w8
00000000BF8F 00000041018F 0 9)9M9}9
00000000BFA1 0000004101A1 0 9 :%:F:M:Y:_:k:q:z:
00000000BFEB 0000004101EB 0 <?=E=[=
00000000BFF3 0000004101F3 0 =h=n=u={=
00000000C025 000000410225 0 >#>(>0>5><>K>P>V>_>
00000000C04B 00000041024B 0 ?@?H?
00000000C0A1 0000004102A1 0 ;3<><H<a<k<~<
00000000C0C5 0000004102C5 0 ?+?F?N?V?m?
00000000C0E9 0000004102E9 0 0/0C0
00000000C0F1 0000004102F1 0 0&1z1=2k2
00000000C0FF 0000004102FF 0 3G3{3
00000000C113 000000410313 0 4J4S4_4
00000000C129 000000410329 0 8$8;8I8O8r8y8
00000000C159 000000410359 0 :H:N:V:
00000000C171 000000410371 0 ;h;q;w;
00000000C17D 00000041037D 0 <%<-<
00000000C199 000000410399 0 >1>7>
00000000C1B3 0000004103B3 0 ?'?-?7?@?K?P?Y?c?n?
00000000C1DD 0000004103DD 0 3!3H3U3Z3h3C4f4q4
00000000C1F1 0000004103F1 0 4E5Q5\6_7r7
00000000C201 000000410401 0 7%8>8Z8
00000000C23F 00000041043F 0 2'292K2]2o2
00000000C257 000000410457 0 2E3K3U3
00000000C265 000000410465 0 4$4A4G4M4S4Y4_4f4m4t4{4
00000000C2A1 0000004104A1 0 5.555
00000000C2BF 0000004104BF 0 7=7D7H7L7P7T7X7\7
00000000C2DB 0000004104DB 0 7"8-8H8O8T8X8\8}8
00000000C2FF 0000004104FF 0 8F9L9P9T9X9
00000000C313 000000410513 0 <.<d<n<
00000000C31B 00000041051B 0 <1===
00000000C32D 00000041052D 0 >(>v?
00000000C341 000000410541 0 020Z0d1z1
00000000C359 000000410559 0 2"2'262E2T2c2r2
00000000C379 000000410579 0 3a3s3
00000000C38F 00000041058F 0 4.4=4L4[4j4y4
00000000C3AB 0000004105AB 0 5!5054585<5@5D5H5l5p5t5x5|5
00000000C3E5 0000004105E5 0 636I6
00000000C3F3 0000004105F3 0 6:7X7f7
00000000C403 000000410603 0 7$818P8\8
00000000C419 000000410619 0 9(9G9S9u9
00000000C434 000000410634 0 81<1@1D1H1T1X1
00000000C467 000000410667 0 ;$;,;4;
00000000C487 000000410687 0 5H5d5h5
00000000C49B 00000041069B 0 686X6x6
00000000C4AF 0000004106AF 0 787X7d7
00000000C4CF 0000004106CF 0 1x8x9|9
00000000C525 000000410725 0 : :0:4:8:<:@:D:H:L:P:T:X:\:
00000000C541 000000410741 0 :d:h:l:p:t:x:|:
00000000C57D 00000041077D 0 :8;H;X;h;x;
File pos Mem pos ID Text
======== ======= == ====
00000000C5AD 0000004107AD 0 =(=,=0=4=8=<=@=D=H=L=X=\=
00000000C5C7 0000004107C7 0 =d=h=l=p=t=x=|=
000000007F68 000000409168 0 (null)
000000007FEC 0000004091EC 0 mscoree.dll
000000008004 000000409204 0 runtime error
000000008937 000000409B37 0 @Microsoft Visual C++ Runtime Library
000000008994 000000409B94 0 <program name unknown>
0000000089E4 000000409BE4 0 Program:
000000008A98 000000409C98 0 KERNEL32.DLL
000000008AE0 000000409CE0 0 HH:mm:ss
000000008AF4 000000409CF4 0 dddd, MMMM dd, yyyy
000000008B1C 000000409D1C 0 MM/dd/yy
000000008B40 000000409D40 0 December
000000008B54 000000409D54 0 November
000000008B68 000000409D68 0 October
000000008B78 000000409D78 0 September
000000008B8C 000000409D8C 0 August
000000008BB4 000000409DB4 0 April
000000008BC0 000000409DC0 0 March
000000008BCC 000000409DCC 0 February
000000008BE0 000000409DE0 0 January
000000008C50 000000409E50 0 Saturday
000000008C64 000000409E64 0 Friday
000000008C74 000000409E74 0 Thursday
000000008C88 000000409E88 0 Wednesday
000000008C9C 000000409E9C 0 Tuesday
000000008CAC 000000409EAC 0 Monday
000000008CBC 000000409EBC 0 Sunday
000000008EEF 00000040A0EF 0 WUSER32.DLL
000000009797 00000040A997 0 @CONOUT$
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001E0 0000004001E0 0 .text
000000000208 000000400208 0 .rdata
00000000022F 00000040022F 0 @.data
000000000258 000000400258 0 .rsrc
00000000027F 00000040027F 0 @.reloc
000000000D3D 00000040193D 0 t%HHt
000000000F7F 000000401B7F 0 HHtXHHt
00000000106F 000000401C6F 0 HHty+
0000000014D5 0000004020D5 0 ?If90t
0000000018BF 0000004024BF 0 PPPPP
000000001A61 000000402661 0 uTVWh
000000001D47 000000402947 0 PPPPP
000000001DC9 0000004029C9 0 SSSSS
000000002860 000000403460 0 t?VSP
0000000028BA 0000004034BA 0 PPPPP
0000000029EB 0000004035EB 0 < tK< tG
000000002B35 000000403735 0 wf93t
000000002B5A 00000040375A 0 @PSVV
000000002C2A 00000040382A 0 SWf9M
000000004A02 000000405602 0 QSWVj
000000004B4B 00000040574B 0 v N+D$
0000000057BA 0000004063BA 0 ~,WPV
00000000593F 00000040653F 0 URPQQh
000000005A5A 00000040665A 0 Rhff@
000000005F23 000000406B23 0 9](SS
000000006069 000000406C69 0 t"SS9] u
000000006129 000000406D29 0 9] SS
0000000065EB 0000004071EB 0 v4;5\
0000000066E9 0000004072E9 0 vL;5t
File pos Mem pos ID Text
======== ======= == ====
000000006DE6 0000004079E6 0 PPPPPPPP
000000006EC6 000000407AC6 0 PPPPPPPP
0000000070C3 000000407CC3 0 SVWUj
000000007164 000000407D64 0 ;t$,v-
0000000071E9 000000407DE9 0 UQPXY]Y[
000000007742 000000408342 0 wctO
00000000774E 00000040834E 0 t3It
0000000078B8 0000004084B8 0 w9t(-
0000000078C4 0000004084C4 0 Hu7hD
0000000078F8 0000004084F8 0 (t%Ht
0000000078FF 0000004084FF 0 E$Ph(
0000000079B8 0000004085B8 0
000000007B43 000000408743 0 f9L$P
000000007D00 000000408900 0 T$LQRhT
000000007F78 000000409178 0 (null)
000000007FA1 0000004091A1 0 ( 8PX
000000007FA9 0000004091A9 0 700WP
000000007FC1 0000004091C1 0 xpxxxx
000000007FDC 0000004091DC 0 CorExitProcess
000000008AB4 000000409CB4 0 FlsFree
000000008ABC 000000409CBC 0 FlsSetValue
000000008AC8 000000409CC8 0 FlsGetValue
000000008AD4 000000409CD4 0 FlsAlloc
000000008D04 000000409F04 0 HH:mm:ss
000000008D10 000000409F10 0 dddd, MMMM dd, yyyy
000000008D24 000000409F24 0 MM/dd/yy
000000008D38 000000409F38 0 December
000000008D44 000000409F44 0 November
000000008D50 000000409F50 0 October
000000008D58 000000409F58 0 September
000000008D64 000000409F64 0 August
000000008D7C 000000409F7C 0 April
000000008D84 000000409F84 0 March
000000008D8C 000000409F8C 0 February
000000008D98 000000409F98 0 January
000000008DD0 000000409FD0 0 Saturday
000000008DDC 000000409FDC 0 Friday
000000008DE4 000000409FE4 0 Thursday
000000008DF0 000000409FF0 0 Wednesday
000000008DFC 000000409FFC 0 Tuesday
000000008E04 00000040A004 0 Monday
000000008E0C 00000040A00C 0 Sunday
000000008E55 00000040A055 0 ('8PW
000000008E5E 00000040A05E 0 700PP
000000008E79 00000040A079 0 xppwpp
000000008E8C 00000040A08C 0 GetProcessWindowStation
000000008EA4 00000040A0A4 0 GetUserObjectInformationW
000000008EC0 00000040A0C0 0 GetLastActivePopup
000000008ED4 00000040A0D4 0 GetActiveWindow
000000008EE4 00000040A0E4 0 MessageBoxW
000000008F27 00000040A127 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
000000008F68 00000040A168 0 abcdefghijklmnopqrstuvwxyz{|}~
000000009530 00000040A730 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]
000000009571 00000040A771 0 abcdefghijklmnopqrstuvwxyz{|}~
0000000096B0 00000040A8B0 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
0000000096F1 00000040A8F1 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0000000097A8 00000040A9A8 0 StClass =
0000000097B8 00000040A9B8 0 STCLASS_OK
0000000097C4 00000040A9C4 0 STCLASS_ERROR_COMM
0000000097D8 00000040A9D8 0 STCLASS_ERROR_CNG
File pos Mem pos ID Text
======== ======= == ====
0000000097EC 00000040A9EC 0 STCLASS_ERROR_EDS
000000009800 00000040AA00 0 STCLASS_ERROR_INI
000000009814 00000040AA14 0 STCLASS_ERROR_LDR
00000000982C 00000040AA2C 0 StCode =
00000000983C 00000040AA3C 0 CSC_INVALID_SPEC
000000009850 00000040AA50 0 CSC_INVALID_HANDLE
000000009864 00000040AA64 0 CSC_INVALID_LOGICAL_ID
00000000987C 00000040AA7C 0 CSC_INVALID_PINDATA
000000009894 00000040AA94 0 CSC_INVALID_INLEN
0000000098A8 00000040AAA8 0 CSC_INVALID_OUTLEN
0000000098BC 00000040AABC 0 CSC_INVALID_POUTDATA
0000000098D4 00000040AAD4 0 CSC_DEVICE_ALREADY_OPENED
0000000098F0 00000040AAF0 0 CNG_INVALID_VARIANT
000000009908 00000040AB08 0 CNG_INVALID_RESPONSE
000000009920 00000040AB20 0 CNG_INVALID_RECOVERY
000000009938 00000040AB38 0 CNG_FIRMWARE_INCOMPLETE
000000009958 00000040AB58 0 CNG_FRM_CONTEXT (<nSTA>!=R --> cassette error; <TF>=N --> transport path is not free; <SHERR>=B --> shutter error; <TER>=M --> possible manipulation)
0000000099F0 00000040ABF0 0 CNG_FRM_SYNTAX (Invalid cassette ID; Too many tries to dispense (> 10); Number of notes > maximum value (standard CNG: 60; ProCash Compact: 20))
000000009A84 00000040AC84 0 CNG_FRM_SW_MISSING (Firmware not loaded)
000000009AB0 00000040ACB0 0 CNG_FRM_ACCESS_ERROR
000000009AC8 00000040ACC8 0 CNG_FRM_ACCESS_CONTEXT
000000009AE0 00000040ACE0 0 CNG_FRM_SCOP
000000009AF0 00000040ACF0 0 CNG_FRM_ACCESS_DEVICE_NOT_READY
000000009B18 00000040AD18 0 CNG_FRM_DEVICE_NOT_READY (<S_SW>=O --> safety switch open; <DLOC>=Y --> device lock activated; <CAS>=N --> minimum configuration (reject box + cash-out cassette); <SR>=R --> single reject switch defective (is in reject direction); <TER>=J --> banknote jam; <OR>=Y --> operator request; <TST>=Y --> self-test active)
000000009C58 00000040AE58 0 CNG_FRM_ERROR (<nSTA>=E --> the cassette is empty; <DIS>=M --> too many banknotes with wrong size; <nSTA>=R --> timeout: no receipts for dispensing available (for printing cassette only); <DIS>=S --> too many multiple-banknote dispensing operations; <DIS>=N --> banknote dispensing is not possible*; <DIS>=J --> banknote jam has occurred during dispensing; <DIS>=E --> too many bundle rejects)
000000009DE4 00000040AFE4 0 CNG_FRM_ERROR_DECRYPTION
000000009E00 00000040B000 0 StWarn =
000000009E10 00000040B010 0 CNG_WARN_MONEY_NOT_REMOVED
000000009E2C 00000040B02C 0 CNG_WARN_MONEY_REMOVED
000000009E44 00000040B044 0 CNG_NO_FIRMWARE
000000009E58 00000040B058 0 CNG_NO_ACTUAL_FIRMWARE
000000009E70 00000040B070 0 CNG_WARN_LED
000000009E80 00000040B080 0 displog.txt
000000009E90 00000040B090 0 Congratulations! You are very skilled in reverse engineering! :)
000000009ED4 00000040B0D4 0 CSCCNG
000000009EE0 00000040B0E0 0 Usage: %s <Cassette Slot Number (D)> <Banknotes Count (DD)> <Dispenses Count>
000000009F30 00000040B130 0 Invalid Parameter: Cassette Slot Number. Must be a digit from 1 to 9
000000009F78 00000040B178 0 Invalid Parameter: Banknotes Count. Must be a digit from 1 to 60
000000009FC0 00000040B1C0 0 Invalid Parameter: Dispenses Count. Must be a digit from 1 to 100
00000000A004 00000040B204 0 %s,%s;
00000000A00C 00000040B20C 0 Connecting to the CNG...
00000000A028 00000040B228 0 CscCngOpen/CscCdmOpen failed with error:
00000000A054 00000040B254 0 CscCngOpen/CscCdmOpen failed with error:
00000000A07D 00000040B27D 0 System Failure
00000000A090 00000040B290 0 Successfully connected!
00000000A0AC 00000040B2AC 0 Dispense Operation # %d of %d
00000000A0CC 00000040B2CC 0 Dispensing cash to collection tray...
00000000A0F4 00000040B2F4 0 CscCngDispense/CscCdmDispense failed with error:
00000000A128 00000040B328 0 Dispensed Successfully! Raw Response: %s
00000000A154 00000040B354 0 Transporting cash to wait pos...
00000000A178 00000040B378 0 CscCngTransport failed with error:
00000000A19C 00000040B39C 0 Cash successfully transported to the wait pos.
00000000A1CC 00000040B3CC 0 Transporting cash to customer...
00000000A1F0 00000040B3F0 0 CscCngTransport/CscCdmTransport failed with error:
00000000A224 00000040B424 0 Cash successfully transported to the customer!
00000000A254 00000040B454 0 %s:%s
00000000A25C 00000040B45C 0 Disconnecting from CNG...
00000000A278 00000040B478 0 CscCngClose/CscCdmClose failed with error:
00000000A2A4 00000040B4A4 0 Successfully disconnected.
00000000A760 00000040B960 0 CSCWCNG.dll
File pos Mem pos ID Text
======== ======= == ====
00000000A76E 00000040B96E 0 CreateFileA
00000000A77C 00000040B97C 0 SetFilePointer
00000000A78E 00000040B98E 0 lstrlenA
00000000A79A 00000040B99A 0 WriteFile
00000000A7A6 00000040B9A6 0 CloseHandle
00000000A7B4 00000040B9B4 0 GetSystemTime
00000000A7C2 00000040B9C2 0 KERNEL32.dll
00000000A7D2 00000040B9D2 0 wvsprintfA
00000000A7E0 00000040B9E0 0 wsprintfA
00000000A7EA 00000040B9EA 0 USER32.dll
00000000A7F8 00000040B9F8 0 GetLastError
00000000A808 00000040BA08 0 HeapFree
00000000A814 00000040BA14 0 HeapAlloc
00000000A820 00000040BA20 0 GetCommandLineA
00000000A832 00000040BA32 0 HeapSetInformation
00000000A848 00000040BA48 0 DecodePointer
00000000A858 00000040BA58 0 UnhandledExceptionFilter
00000000A874 00000040BA74 0 SetUnhandledExceptionFilter
00000000A892 00000040BA92 0 IsDebuggerPresent
00000000A8A6 00000040BAA6 0 EncodePointer
00000000A8B6 00000040BAB6 0 TerminateProcess
00000000A8CA 00000040BACA 0 GetCurrentProcess
00000000A8DE 00000040BADE 0 HeapCreate
00000000A8EC 00000040BAEC 0 GetProcAddress
00000000A8FE 00000040BAFE 0 GetModuleHandleW
00000000A912 00000040BB12 0 ExitProcess
00000000A920 00000040BB20 0 GetStdHandle
00000000A930 00000040BB30 0 GetModuleFileNameW
00000000A946 00000040BB46 0 EnterCriticalSection
00000000A95E 00000040BB5E 0 LeaveCriticalSection
00000000A976 00000040BB76 0 GetModuleFileNameA
00000000A98C 00000040BB8C 0 FreeEnvironmentStringsW
00000000A9A6 00000040BBA6 0 WideCharToMultiByte
00000000A9BC 00000040BBBC 0 GetEnvironmentStringsW
00000000A9D6 00000040BBD6 0 SetHandleCount
00000000A9E8 00000040BBE8 0 InitializeCriticalSectionAndSpinCount
00000000AA10 00000040BC10 0 GetFileType
00000000AA1E 00000040BC1E 0 GetStartupInfoW
00000000AA30 00000040BC30 0 DeleteCriticalSection
00000000AA48 00000040BC48 0 TlsAlloc
00000000AA54 00000040BC54 0 TlsGetValue
00000000AA62 00000040BC62 0 TlsSetValue
00000000AA70 00000040BC70 0 TlsFree
00000000AA7A 00000040BC7A 0 InterlockedIncrement
00000000AA92 00000040BC92 0 SetLastError
00000000AAA2 00000040BCA2 0 GetCurrentThreadId
00000000AAB8 00000040BCB8 0 InterlockedDecrement
00000000AAD0 00000040BCD0 0 QueryPerformanceCounter
00000000AAEA 00000040BCEA 0 GetTickCount
00000000AAFA 00000040BCFA 0 GetCurrentProcessId
00000000AB10 00000040BD10 0 GetSystemTimeAsFileTime
00000000AB2A 00000040BD2A 0 GetConsoleCP
00000000AB3A 00000040BD3A 0 GetConsoleMode
00000000AB4C 00000040BD4C 0 GetCPInfo
00000000AB58 00000040BD58 0 GetACP
00000000AB62 00000040BD62 0 GetOEMCP
00000000AB6E 00000040BD6E 0 IsValidCodePage
00000000AB80 00000040BD80 0 Sleep
00000000AB88 00000040BD88 0 LoadLibraryW
00000000AB98 00000040BD98 0 RtlUnwind
File pos Mem pos ID Text
======== ======= == ====
00000000ABA4 00000040BDA4 0 SetStdHandle
00000000ABB4 00000040BDB4 0 WriteConsoleW
00000000ABC4 00000040BDC4 0 MultiByteToWideChar
00000000ABDA 00000040BDDA 0 LCMapStringW
00000000ABEA 00000040BDEA 0 GetStringTypeW
00000000ABFC 00000040BDFC 0 HeapReAlloc
00000000AC0A 00000040BE0A 0 IsProcessorFeaturePresent
00000000AC26 00000040BE26 0 HeapSize
00000000AC32 00000040BE32 0 FlushFileBuffers
00000000AC46 00000040BE46 0 CreateFileW
00000000B2CE 00000040C4CE 0
00000000B3AE 00000040C5AE 0 abcdefghijklmnopqrstuvwxyz
00000000B3CE 00000040C5CE 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ
00000000B4D2 00000040C6D2 0
00000000B5B9 00000040C7B9 0 abcdefghijklmnopqrstuvwxyz
00000000B5D9 00000040C7D9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ
00000000BC58 00000040F058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
00000000BCA3 00000040F0A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
00000000BCDB 00000040F0DB 0 <security>
00000000BCEB 00000040F0EB 0 <requestedPrivileges>
00000000BD08 00000040F108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
00000000BD68 00000040F168 0 </requestedPrivileges>
00000000BD86 00000040F186 0 </security>
00000000BD97 00000040F197 0 </trustInfo>
00000000BDA7 00000040F1A7 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
00000000BE0B 00000041000B 0 0*0L0{0
00000000BE17 000000410017 0 2L3W3h3
00000000BE2F 00000041002F 0 31464@4z4
00000000BE4B 00000041004B 0 7+8I8o8
00000000BE57 000000410057 0 8G<7=
00000000BE75 000000410075 0 3#3'3+3/3<3N3.484E4
00000000BE95 000000410095 0 5,5c5o5|5
00000000BEA5 0000004100A5 0 5)616D6O6T6f6p6u6
00000000BEC9 0000004100C9 0 7I7S7y7
00000000BEE7 0000004100E7 0 9%939g9t9
00000000BEF5 0000004100F5 0 9#:Q:x:
00000000BF0F 00000041010F 0 >->4>C>O>\>
00000000BF27 000000410127 0 ?'?0?T?
00000000BF53 000000410153 0 324<4}4
00000000BF71 000000410171 0 7&7N7
00000000BF81 000000410181 0 8[8b8w8
00000000BF8F 00000041018F 0 9)9M9}9
00000000BFA1 0000004101A1 0 9 :%:F:M:Y:_:k:q:z:
00000000BFEB 0000004101EB 0 <?=E=[=
00000000BFF3 0000004101F3 0 =h=n=u={=
00000000C025 000000410225 0 >#>(>0>5><>K>P>V>_>
00000000C04B 00000041024B 0 ?@?H?
00000000C0A1 0000004102A1 0 ;3<><H<a<k<~<
00000000C0C5 0000004102C5 0 ?+?F?N?V?m?
00000000C0E9 0000004102E9 0 0/0C0
00000000C0F1 0000004102F1 0 0&1z1=2k2
00000000C0FF 0000004102FF 0 3G3{3
00000000C113 000000410313 0 4J4S4_4
00000000C129 000000410329 0 8$8;8I8O8r8y8
00000000C159 000000410359 0 :H:N:V:
00000000C171 000000410371 0 ;h;q;w;
00000000C17D 00000041037D 0 <%<-<
00000000C199 000000410399 0 >1>7>
00000000C1B3 0000004103B3 0 ?'?-?7?@?K?P?Y?c?n?
00000000C1DD 0000004103DD 0 3!3H3U3Z3h3C4f4q4
File pos Mem pos ID Text
======== ======= == ====
00000000C1F1 0000004103F1 0 4E5Q5\6_7r7
00000000C201 000000410401 0 7%8>8Z8
00000000C23F 00000041043F 0 2'292K2]2o2
00000000C257 000000410457 0 2E3K3U3
00000000C265 000000410465 0 4$4A4G4M4S4Y4_4f4m4t4{4
00000000C2A1 0000004104A1 0 5.555
00000000C2BF 0000004104BF 0 7=7D7H7L7P7T7X7\7
00000000C2DB 0000004104DB 0 7"8-8H8O8T8X8\8}8
00000000C2FF 0000004104FF 0 8F9L9P9T9X9
00000000C313 000000410513 0 <.<d<n<
00000000C31B 00000041051B 0 <1===
00000000C32D 00000041052D 0 >(>v?
00000000C341 000000410541 0 020Z0d1z1
00000000C359 000000410559 0 2"2'262E2T2c2r2
00000000C379 000000410579 0 3a3s3
00000000C38F 00000041058F 0 4.4=4L4[4j4y4
00000000C3AB 0000004105AB 0 5!5054585<5@5D5H5l5p5t5x5|5
00000000C3E5 0000004105E5 0 636I6
00000000C3F3 0000004105F3 0 6:7X7f7
00000000C403 000000410603 0 7$818P8\8
00000000C419 000000410619 0 9(9G9S9u9
00000000C434 000000410634 0 81<1@1D1H1T1X1
00000000C467 000000410667 0 ;$;,;4;
00000000C487 000000410687 0 5H5d5h5
00000000C49B 00000041069B 0 686X6x6
00000000C4AF 0000004106AF 0 787X7d7
00000000C4CF 0000004106CF 0 1x8x9|9
00000000C525 000000410725 0 : :0:4:8:<:@:D:H:L:P:T:X:\:
00000000C541 000000410741 0 :d:h:l:p:t:x:|:
00000000C57D 00000041077D 0 :8;H;X;h;x;
00000000C5AD 0000004107AD 0 =(=,=0=4=8=<=@=D=H=L=X=\=
00000000C5C7 0000004107C7 0 =d=h=l=p=t=x=|=
000000007F68 000000409168 0 (null)
000000007FEC 0000004091EC 0 mscoree.dll
000000008004 000000409204 0 runtime error
000000008937 000000409B37 0 @Microsoft Visual C++ Runtime Library
000000008994 000000409B94 0 <program name unknown>
0000000089E4 000000409BE4 0 Program:
000000008A98 000000409C98 0 KERNEL32.DLL
000000008AE0 000000409CE0 0 HH:mm:ss
000000008AF4 000000409CF4 0 dddd, MMMM dd, yyyy
000000008B1C 000000409D1C 0 MM/dd/yy
000000008B40 000000409D40 0 December
000000008B54 000000409D54 0 November
000000008B68 000000409D68 0 October
000000008B78 000000409D78 0 September
000000008B8C 000000409D8C 0 August
000000008BB4 000000409DB4 0 April
000000008BC0 000000409DC0 0 March
000000008BCC 000000409DCC 0 February
000000008BE0 000000409DE0 0 January
000000008C50 000000409E50 0 Saturday
000000008C64 000000409E64 0 Friday
000000008C74 000000409E74 0 Thursday
000000008C88 000000409E88 0 Wednesday
000000008C9C 000000409E9C 0 Tuesday
000000008CAC 000000409EAC 0 Monday
000000008CBC 000000409EBC 0 Sunday
000000008EEF 00000040A0EF 0 WUSER32.DLL
000000009797 00000040A997 0 @CONOUT$
=== DOWNLOAD ===
Mirror provided by vx-underground.org, thx!