API tools faq
paste
Advertisement
BaSs_HaXoR

GTA V V20 LTS #PwN3D By: BaSs_HaXoR

BaSs_HaXoR
Mar 7th, 2015
957
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.14 KB | None | 0 0
raw download clone embed print report
  1. ##################################################################################################
  2. # Here's your proof at the moment. Enigma removed, netseal is next... http://prntscr.com/6dr5nc #
  3. ##################################################################################################
  4.  
  5. Used enigma 3.7 with a private key and a private obfuscator "Alcatraz Security".
  6.  
  7. **************************************************
  8. * Fix -> #GUID and System.outofboundsException
  9. * DEOB/Encrypt -> alcatraz encryption (used
  10. ** or **
  11. * bypass netseal via Olly
  12. **************************************************
  13. ##################################################################################################
  14.  
  15. [!] Enigma Protector v3.70 Build 2015/02/19 21:04:32 detected !
  16. [!] Protected with a Personal license (1)
  17. ------------------------------------------------------[03/07/15] 1:31AM
  18.  
  19. ModuleEntryPoint - 00A397F8
  20.  
  21. MOV EDX, 94E7CF43
  22.  
  23. CCAPI Not in dir check - 7588BFBC
  24.  
  25. 00A39C16 ^E9 C8FFFFFF JMP LastTeam.00A39BE3
  26.  
  27. ------------------------------------------------------[03/07/15] 3:19AM
  28.  
  29. [Results of File Scan]
  30.  
  31. File Name: C:\Users\BaSs_HaXoR\Desktop\LTS_V20\MODIFYING\x\LastTeamStanding - Tool v2.0_dump2_patched.exe
  32. Number of Matching Signatures: 1
  33. Deep Scan: Yes
  34. Best Match: Microsoft Visual Studio .NET
  35. All Matches:
  36. Signature: Microsoft Visual Studio .NET - Matches: 40
  37.  
  38. 7588BFBC C3 RETN = START
  39. 7726C93C C2 0800 RETN 8 = QUIT
  40.  
  41.  
  42. 75887390 C745 C0 94758875 MOV DWORD PTR SS:[EBP-40],USER32.7588759>; ASCII "DefWindowProcA"
  43. 75887397 C745 C4 A4758875 MOV DWORD PTR SS:[EBP-3C],USER32.758875A>; ASCII "NTDLL.NtdllDefWindowProc_A"
  44. 7588739E C745 C8 A0038875 MOV DWORD PTR SS:[EBP-38],USER32.758803A>
  45. 758873A5 C745 D4 C0758875 MOV DWORD PTR SS:[EBP-2C],USER32.758875C>; ASCII "DefDlgProcW"
  46. 758873AC C745 D8 CC758875 MOV DWORD PTR SS:[EBP-28],USER32.758875C>; ASCII "NTDLL.NtdllDialogWndProc_W"
  47. 758873B3 C745 DC D0F48875 MOV DWORD PTR SS:[EBP-24],USER32.7588F4D>
  48. 758873BA C745 E8 E8758875 MOV DWORD PTR SS:[EBP-18],USER32.758875E>; ASCII "DefDlgProcA"
  49. 758873C1 C745 EC F4758875 MOV DWORD PTR SS:[EBP-14],USER32.758875F>; ASCII "NTDLL.NtdllDialogWndProc_A"
  50. 758873C8 C745 F0 E0298A75 MOV DWORD PTR SS:[EBP-10],USER32.758A29E>
  51.  
  52. --------------------------
  53. v4.0.30319
  54.  
  55. cmt 6F42AC,"EP_CheckUpStartupPasswordHashString"
  56. bp 6F42AC
  57. cmt 6F42FC,"EP_CheckupCopies"
  58. bp 6F42FC
  59. cmt 6F430C,"EP_CheckupCopiesCurrent"
  60. bp 6F430C
  61. cmt 6F4304,"EP_CheckupCopiesTotal"
  62. bp 6F4304
  63. cmt 6F4364,"EP_CheckupFindProcess"
  64. bp 6F4364
  65. cmt 6F4364,"EP_CheckupFindProcessA"
  66. bp 6F4364
  67. cmt 6F436C,"EP_CheckupFindProcessW"
  68. bp 6F436C
  69. cmt 6F431C,"EP_CheckupIsEnigmaOk"
  70. bp 6F431C
  71. cmt 6F4314,"EP_CheckupIsProtected"
  72. bp 6F4314
  73. cmt 6F4324,"EP_CheckupVirtualizationTools"
  74. bp 6F4324
  75. cmt 6F4344,"EP_CryptDecryptBuffer"
  76. bp 6F4344
  77. cmt 6F434C,"EP_CryptDecryptBufferEx"
  78. bp 6F434C
  79. cmt 6F4334,"EP_CryptEncryptBuffer"
  80. bp 6F4334
  81. cmt 6F433C,"EP_CryptEncryptBufferEx"
  82. bp 6F433C
  83. cmt 6F42D4,"EP_CryptHashBuffer"
  84. bp 6F42D4
  85. cmt 6F42DC,"EP_CryptHashFileA"
  86. bp 6F42DC
  87. cmt 6F42E4,"EP_CryptHashFileW"
  88. bp 6F42E4
  89. cmt 6F42EC,"EP_CryptHashStringA"
  90. bp 6F42EC
  91. cmt 6F42F4,"EP_CryptHashStringW"
  92. bp 6F42F4
  93. cmt 6F432C,"EP_EnigmaVersion"
  94. bp 6F432C
  95. cmt 6F42BC,"EP_MiscCountryCode"
  96. bp 6F42BC
  97. cmt 6F42B4,"EP_MiscGetWatermark"
  98. bp 6F42B4
  99. cmt 6F42C4,"EP_ProtectedStringByID"
  100. bp 6F42C4
  101. cmt 6F42CC,"EP_ProtectedStringByKey"
  102. bp 6F42CC
  103. cmt 6F415C,"EP_RegCheckAndSaveKey"
  104. bp 6F415C
  105. cmt 6F4164,"EP_RegCheckAndSaveKeyA"
  106. bp 6F4164
  107. cmt 6F416C,"EP_RegCheckAndSaveKeyW"
  108. bp 6F416C
  109. cmt 6F410C,"EP_RegCheckKey"
  110. bp 6F410C
  111. cmt 6F4114,"EP_RegCheckKeyA"
  112. bp 6F4114
  113. cmt 6F4294,"EP_RegCheckKeyEx"
  114. bp 6F4294
  115. cmt 6F411C,"EP_RegCheckKeyW"
  116. bp 6F411C
  117. cmt 6F439C,"EP_RegDecryptRegistrationInformation"
  118. bp 6F439C
  119. cmt 6F4174,"EP_RegDeleteKey"
  120. bp 6F4174
  121. cmt 6F4394,"EP_RegEncryptRegistrationInformation"
  122. bp 6F4394
  123. cmt 6F40F4,"EP_RegHardwareID"
  124. bp 6F40F4
  125. cmt 6F40FC,"EP_RegHardwareIDA"
  126. bp 6F40FC
  127. cmt 6F4104,"EP_RegHardwareIDW"
  128. bp 6F4104
  129. cmt 6F418C,"EP_RegKeyCreationDate"
  130. bp 6F418C
  131. cmt 6F4194,"EP_RegKeyCreationDateEx"
  132. bp 6F4194
  133. cmt 6F41B4,"EP_RegKeyDays"
  134. bp 6F41B4
  135. cmt 6F41C4,"EP_RegKeyDaysLeft"
  136. bp 6F41C4
  137. cmt 6F41BC,"EP_RegKeyDaysTotal"
  138. bp 6F41BC
  139. cmt 6F419C,"EP_RegKeyExecutions"
  140. bp 6F419C
  141. cmt 6F41AC,"EP_RegKeyExecutionsLeft"
  142. bp 6F41AC
  143. cmt 6F41A4,"EP_RegKeyExecutionsTotal"
  144. bp 6F41A4
  145. cmt 6F417C,"EP_RegKeyExpirationDate"
  146. bp 6F417C
  147. cmt 6F4184,"EP_RegKeyExpirationDateEx"
  148. bp 6F4184
  149. cmt 6F41E4,"EP_RegKeyGlobalTime"
  150. bp 6F41E4
  151. cmt 6F41F4,"EP_RegKeyGlobalTimeLeft"
  152. bp 6F41F4
  153. cmt 6F41EC,"EP_RegKeyGlobalTimeTotal"
  154. bp 6F41EC
  155. cmt 6F4374,"EP_RegKeyInformation"
  156. bp 6F4374
  157. cmt 6F4374,"EP_RegKeyInformationA"
  158. bp 6F4374
  159. cmt 6F437C,"EP_RegKeyInformationW"
  160. bp 6F437C
  161. cmt 6F41FC,"EP_RegKeyRegisterAfterDate"
  162. bp 6F41FC
  163. cmt 6F4204,"EP_RegKeyRegisterAfterDateEx"
  164. bp 6F4204
  165. cmt 6F420C,"EP_RegKeyRegisterBeforeDate"
  166. bp 6F420C
  167. cmt 6F4214,"EP_RegKeyRegisterBeforeDateEx"
  168. bp 6F4214
  169. cmt 6F41CC,"EP_RegKeyRuntime"
  170. bp 6F41CC
  171. cmt 6F41DC,"EP_RegKeyRuntimeLeft"
  172. bp 6F41DC
  173. cmt 6F41D4,"EP_RegKeyRuntimeTotal"
  174. bp 6F41D4
  175. cmt 6F4384,"EP_RegKeyStatus"
  176. bp 6F4384
  177. cmt 6F4154,"EP_RegLoadAndCheckKey"
  178. bp 6F4154
  179. cmt 6F413C,"EP_RegLoadKey"
  180. bp 6F413C
  181. cmt 6F4144,"EP_RegLoadKeyA"
  182. bp 6F4144
  183. cmt 6F42A4,"EP_RegLoadKeyEx"
  184. bp 6F42A4
  185. cmt 6F414C,"EP_RegLoadKeyW"
  186. bp 6F414C
  187. cmt 6F4124,"EP_RegSaveKey"
  188. bp 6F4124
  189. cmt 6F412C,"EP_RegSaveKeyA"
  190. bp 6F412C
  191. cmt 6F429C,"EP_RegSaveKeyEx"
  192. bp 6F429C
  193. cmt 6F4134,"EP_RegSaveKeyW"
  194. bp 6F4134
  195. cmt 6F438C,"EP_RegShowDialog"
  196. bp 6F438C
  197. cmt 6F435C,"EP_SplashScreenHide"
  198. bp 6F435C
  199. cmt 6F4354,"EP_SplashScreenShow"
  200. bp 6F4354
  201. cmt 6F428C,"EP_TrialClockReversedDays"
  202. bp 6F428C
  203. cmt 6F425C,"EP_TrialDateTillDate"
  204. bp 6F425C
  205. cmt 6F426C,"EP_TrialDateTillDateEndEx"
  206. bp 6F426C
  207. cmt 6F4264,"EP_TrialDateTillDateStartEx"
  208. bp 6F4264
  209. cmt 6F4234,"EP_TrialDays"
  210. bp 6F4234
  211. cmt 6F4244,"EP_TrialDaysLeft"
  212. bp 6F4244
  213. cmt 6F423C,"EP_TrialDaysTotal"
  214. bp 6F423C
  215. cmt 6F4274,"EP_TrialExecutionTime"
  216. bp 6F4274
  217. cmt 6F4284,"EP_TrialExecutionTimeLeft"
  218. bp 6F4284
  219. cmt 6F427C,"EP_TrialExecutionTimeTotal"
  220. bp 6F427C
  221. cmt 6F421C,"EP_TrialExecutions"
  222. bp 6F421C
  223. cmt 6F422C,"EP_TrialExecutionsLeft"
  224. bp 6F422C
  225. cmt 6F4224,"EP_TrialExecutionsTotal"
  226. bp 6F4224
  227. cmt 6F424C,"EP_TrialExpirationDate"
  228. bp 6F424C
  229. cmt 6F4254,"EP_TrialExpirationDateEx"
  230. bp 6F4254
  231. cmt 716014,"Start"
  232. bp 716014
  233.  
  234. ##########################################################
  235.  
  236. RVA: C82AC | VA: 6F42AC | Func: EP_CheckUpStartupPasswordHashString
  237. RVA: C82FC | VA: 6F42FC | Func: EP_CheckupCopies
  238. RVA: C830C | VA: 6F430C | Func: EP_CheckupCopiesCurrent
  239. RVA: C8304 | VA: 6F4304 | Func: EP_CheckupCopiesTotal
  240. RVA: C8364 | VA: 6F4364 | Func: EP_CheckupFindProcess
  241. RVA: C8364 | VA: 6F4364 | Func: EP_CheckupFindProcessA
  242. RVA: C836C | VA: 6F436C | Func: EP_CheckupFindProcessW
  243. RVA: C831C | VA: 6F431C | Func: EP_CheckupIsEnigmaOk
  244. RVA: C8314 | VA: 6F4314 | Func: EP_CheckupIsProtected
  245. RVA: C8324 | VA: 6F4324 | Func: EP_CheckupVirtualizationTools
  246. RVA: C8344 | VA: 6F4344 | Func: EP_CryptDecryptBuffer
  247. RVA: C834C | VA: 6F434C | Func: EP_CryptDecryptBufferEx
  248. RVA: C8334 | VA: 6F4334 | Func: EP_CryptEncryptBuffer
  249. RVA: C833C | VA: 6F433C | Func: EP_CryptEncryptBufferEx
  250. RVA: C82D4 | VA: 6F42D4 | Func: EP_CryptHashBuffer
  251. RVA: C82DC | VA: 6F42DC | Func: EP_CryptHashFileA
  252. RVA: C82E4 | VA: 6F42E4 | Func: EP_CryptHashFileW
  253. RVA: C82EC | VA: 6F42EC | Func: EP_CryptHashStringA
  254. RVA: C82F4 | VA: 6F42F4 | Func: EP_CryptHashStringW
  255. RVA: C832C | VA: 6F432C | Func: EP_EnigmaVersion
  256. RVA: C82BC | VA: 6F42BC | Func: EP_MiscCountryCode
  257. RVA: C82B4 | VA: 6F42B4 | Func: EP_MiscGetWatermark
  258. RVA: C82C4 | VA: 6F42C4 | Func: EP_ProtectedStringByID
  259. RVA: C82CC | VA: 6F42CC | Func: EP_ProtectedStringByKey
  260. RVA: C815C | VA: 6F415C | Func: EP_RegCheckAndSaveKey
  261. RVA: C8164 | VA: 6F4164 | Func: EP_RegCheckAndSaveKeyA
  262. RVA: C816C | VA: 6F416C | Func: EP_RegCheckAndSaveKeyW
  263. RVA: C810C | VA: 6F410C | Func: EP_RegCheckKey
  264. RVA: C8114 | VA: 6F4114 | Func: EP_RegCheckKeyA
  265. RVA: C8294 | VA: 6F4294 | Func: EP_RegCheckKeyEx
  266. RVA: C811C | VA: 6F411C | Func: EP_RegCheckKeyW
  267. RVA: C839C | VA: 6F439C | Func: EP_RegDecryptRegistrationInformation
  268. RVA: C8174 | VA: 6F4174 | Func: EP_RegDeleteKey
  269. RVA: C8394 | VA: 6F4394 | Func: EP_RegEncryptRegistrationInformation
  270. RVA: C80F4 | VA: 6F40F4 | Func: EP_RegHardwareID
  271. RVA: C80FC | VA: 6F40FC | Func: EP_RegHardwareIDA
  272. RVA: C8104 | VA: 6F4104 | Func: EP_RegHardwareIDW
  273. RVA: C818C | VA: 6F418C | Func: EP_RegKeyCreationDate
  274. RVA: C8194 | VA: 6F4194 | Func: EP_RegKeyCreationDateEx
  275. RVA: C81B4 | VA: 6F41B4 | Func: EP_RegKeyDays
  276. RVA: C81C4 | VA: 6F41C4 | Func: EP_RegKeyDaysLeft
  277. RVA: C81BC | VA: 6F41BC | Func: EP_RegKeyDaysTotal
  278. RVA: C819C | VA: 6F419C | Func: EP_RegKeyExecutions
  279. RVA: C81AC | VA: 6F41AC | Func: EP_RegKeyExecutionsLeft
  280. RVA: C81A4 | VA: 6F41A4 | Func: EP_RegKeyExecutionsTotal
  281. RVA: C817C | VA: 6F417C | Func: EP_RegKeyExpirationDate
  282. RVA: C8184 | VA: 6F4184 | Func: EP_RegKeyExpirationDateEx
  283. RVA: C81E4 | VA: 6F41E4 | Func: EP_RegKeyGlobalTime
  284. RVA: C81F4 | VA: 6F41F4 | Func: EP_RegKeyGlobalTimeLeft
  285. RVA: C81EC | VA: 6F41EC | Func: EP_RegKeyGlobalTimeTotal
  286. RVA: C8374 | VA: 6F4374 | Func: EP_RegKeyInformation
  287. RVA: C8374 | VA: 6F4374 | Func: EP_RegKeyInformationA
  288. RVA: C837C | VA: 6F437C | Func: EP_RegKeyInformationW
  289. RVA: C81FC | VA: 6F41FC | Func: EP_RegKeyRegisterAfterDate
  290. RVA: C8204 | VA: 6F4204 | Func: EP_RegKeyRegisterAfterDateEx
  291. RVA: C820C | VA: 6F420C | Func: EP_RegKeyRegisterBeforeDate
  292. RVA: C8214 | VA: 6F4214 | Func: EP_RegKeyRegisterBeforeDateEx
  293. RVA: C81CC | VA: 6F41CC | Func: EP_RegKeyRuntime
  294. RVA: C81DC | VA: 6F41DC | Func: EP_RegKeyRuntimeLeft
  295. RVA: C81D4 | VA: 6F41D4 | Func: EP_RegKeyRuntimeTotal
  296. RVA: C8384 | VA: 6F4384 | Func: EP_RegKeyStatus
  297. RVA: C8154 | VA: 6F4154 | Func: EP_RegLoadAndCheckKey
  298. RVA: C813C | VA: 6F413C | Func: EP_RegLoadKey
  299. RVA: C8144 | VA: 6F4144 | Func: EP_RegLoadKeyA
  300. RVA: C82A4 | VA: 6F42A4 | Func: EP_RegLoadKeyEx
  301. RVA: C814C | VA: 6F414C | Func: EP_RegLoadKeyW
  302. RVA: C8124 | VA: 6F4124 | Func: EP_RegSaveKey
  303. RVA: C812C | VA: 6F412C | Func: EP_RegSaveKeyA
  304. RVA: C829C | VA: 6F429C | Func: EP_RegSaveKeyEx
  305. RVA: C8134 | VA: 6F4134 | Func: EP_RegSaveKeyW
  306. RVA: C838C | VA: 6F438C | Func: EP_RegShowDialog
  307. RVA: C835C | VA: 6F435C | Func: EP_SplashScreenHide
  308. RVA: C8354 | VA: 6F4354 | Func: EP_SplashScreenShow
  309. RVA: C828C | VA: 6F428C | Func: EP_TrialClockReversedDays
  310. RVA: C825C | VA: 6F425C | Func: EP_TrialDateTillDate
  311. RVA: C826C | VA: 6F426C | Func: EP_TrialDateTillDateEndEx
  312. RVA: C8264 | VA: 6F4264 | Func: EP_TrialDateTillDateStartEx
  313. RVA: C8234 | VA: 6F4234 | Func: EP_TrialDays
  314. RVA: C8244 | VA: 6F4244 | Func: EP_TrialDaysLeft
  315. RVA: C823C | VA: 6F423C | Func: EP_TrialDaysTotal
  316. RVA: C8274 | VA: 6F4274 | Func: EP_TrialExecutionTime
  317. RVA: C8284 | VA: 6F4284 | Func: EP_TrialExecutionTimeLeft
  318. RVA: C827C | VA: 6F427C | Func: EP_TrialExecutionTimeTotal
  319. RVA: C821C | VA: 6F421C | Func: EP_TrialExecutions
  320. RVA: C822C | VA: 6F422C | Func: EP_TrialExecutionsLeft
  321. RVA: C8224 | VA: 6F4224 | Func: EP_TrialExecutionsTotal
  322. RVA: C824C | VA: 6F424C | Func: EP_TrialExpirationDate
  323. RVA: C8254 | VA: 6F4254 | Func: EP_TrialExpirationDateEx
  324. RVA: EA014 | VA: 716014 | Func: Start
  325.  
  326.  
  327. ##################################################################################
  328.  
  329.  
  330. http://sealnimoru.com/Base/https://s3amazonaws.com/nimoru
  331.  
  332.  
  333. Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F Ascii
  334.  
  335. 00000000 00 16 01 00 11 41 6C 63 61 74 72 61 7A 53 65 63 ..AlcatrazSec
  336. 00000010 75 72 69 74 79 00 00 00 08 B7 7A 5C 56 19 34 E0 urity...·z\V4à
  337. 00000020 89 03 20 00 01 04 01 00 00 00 02 06 1C 02 06 08 ‰.....
  338. 00000030 03 06 1D 05 03 06 11 2C 03 06 12 09 03 06 11 30 ,.0
  339. 00000040 07 00 02 12 0D 0E 12 11 04 00 01 08 0E 06 00 03 ....
  340. 00000050 0E 08 08 08 03 00 00 01 04 00 01 01 1C 09 00 04 .....
  341. 00000060 02 0F 05 08 09 10 09 06 00 01 1D 05 1D 05 06 10 ...
  342. 00000070 01 01 1E 00 09 07 00 02 12 09 1C 12 15 02 06 09 .....
  343. 00000080 05 20 01 09 12 10 04 06 1D 11 08 04 20 01 01 08 ...
  344. 00000090 0A 00 04 09 1D 11 08 09 12 10 08 03 06 12 21 05 ....!
  345. 000000A0 20 01 01 12 21 04 20 01 09 08 03 06 12 18 03 06 .!..
  346. 000000B0 12 1C 03 06 12 24 04 06 1D 11 0C 03 06 12 10 02 $ 
  347. 000000C0 06 02 03 06 11 0C 04 20 01 01 09 05 20 02 01 08  ...
  348. 000000D0 08 07 20 02 01 12 21 12 21 09 20 04 01 12 21 12 .!!..!
  349. 000000E0 21 0A 0A 05 20 01 01 1D 05 04 00 01 09 09 03 06 !......
  350. 000000F0 11 08 06 20 02 09 12 10 09 04 06 1D 11 20 05 20 .....
  351. 00000100 02 09 09 05 07 20 03 05 12 10 09 05 08 20 04 05 .....
  352. 00000110 12 10 09 05 05 05 20 01 05 12 10 06 20 02 05 12 ...
  353. 00000120 10 05 06 20 02 01 12 21 02 05 20 02 01 09 09 04 .!...
  354. 00000130 20 01 01 05 04 20 01 05 09 03 20 00 02 02 06 0E .....
  355. 00000140 38 68 00 74 00 74 00 70 00 3A 00 2F 00 2F 00 73 8h.t.t.p.:././.s
  356. 00000150 00 65 00 61 00 6C 00 2E 00 6E 00 69 00 6D 00 6F .e.a.l...n.i.m.o
  357. 00000160 00 72 00 75 00 2E 00 63 00 6F 00 6D 00 2F 00 42 .r.u...c.o.m./.B
  358. 00000170 00 61 00 73 00 65 00 2F 00 40 68 00 74 00 74 00 .a.s.e./.@h.t.t.
  359. 00000180 70 00 73 00 3A 00 2F 00 2F 00 73 00 33 00 2E 00 p.s.:././.s.3...
  360. 00000190 61 00 6D 00 61 00 7A 00 6F 00 6E 00 61 00 77 00 a.m.a.z.o.n.a.w.
  361. 000001A0 73 00 2E 00 63 00 6F 00 6D 00 2F 00 6E 00 69 00 s...c.o.m./.n.i.
  362. 000001B0 6D 00 6F 00 72 00 75 00 2F 00 84 m.o.r.u./.„
  363.  
  364.  
  365. Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F Ascii
  366.  
  367. 00000BB0 80 E8 05 08 00 12 80 E8 1E 01 ۏ.ۏ
  368. 00000BC0 00 01 00 54 02 16 57 72 61 70 4E 6F 6E 45 78 63 ..TWrapNonExc
  369. 00000BD0 65 70 74 69 6F 6E 54 68 72 6F 77 73 01 29 01 00 eptionThrows).
  370. 00000BE0 24 64 30 35 32 33 35 64 62 2D 35 30 30 63 2D 34 $d05235db-500c-4
  371. 00000BF0 37 35 37 2D 61 33 37 34 2D 62 36 62 31 37 61 36 757-a374-b6b17a6
  372. 00000C00 35 38 65 66 36 00 00 05 01 00 00 00 00 17 01 00 58ef6.......
  373. 00000C10 12 43 6F 70 79 72 69 67 68 74 20 C2 A9 20 20 32 Copyright.©..2
  374. 00000C20 30 31 34 00 00 09 01 00 04 47 74 61 76 00 00 49 014....Gtav..I
  375. 00000C30 01 00 1A 2E 4E 45 54 46 72 61 6D 65 77 6F 72 6B ..NETFramework
  376. 00000C40 2C 56 65 72 73 69 6F 6E 3D 76 34 2E 35 01 00 54 ,Version=v4.5.T
  377. 00000C50 0E 14 46 72 61 6D 65 77 6F 72 6B 44 69 73 70 6C FrameworkDispl
  378. 00000C60 61 79 4E 61 6D 65 12 2E 4E 45 54 20 46 72 61 6D ayName.NET.Fram
  379. 00000C70 65 77 6F 72 6B 20 34 2E 35 08 01 00 08 00 00 00 ework.4.5....
  380. 00000C80 00 00 0C 01 00 07 31 2E 30 2E 30 2E 30 00 00 06 .. .1.0.0.0..
  381. 00000C90 20 01 01 11 81 AD 08 01 00 07 01 00 00 00 00 06 .­.....
  382. 00000CA0 20 01 01 11 81 B5 08 01 00 02 00 00 00 00 00 06 .µ......
  383. 00000CB0 20 01 01 11 81 BD 08 01 00 01 00 00 00 00 00 29 .½......)
  384. 00000CC0 01 00 24 39 46 44 39 33 43 43 46 2D 33 32 38 30 .$9FD93CCF-3280
  385. 00000CD0 2D 34 33 39 31 2D 42 33 41 39 2D 39 36 45 31 43 -4391-B3A9-96E1C
  386. 00000CE0 44 45 37 37 43 38 44 00 00 29 01 00 24 44 33 33 DE77C8D..).$D33
  387. 00000CF0 32 44 42 39 45 2D 42 39 42 33 2D 34 31 32 35 2D 2DB9E-B9B3-4125-
  388. 00000D00 38 32 30 37 2D 41 31 34 38 38 34 46 35 33 32 31 8207-A14884F5321
  389. 00000D10 36 00 00 29 01 00 24 42 44 33 39 44 31 44 32 2D 6..).$BD39D1D2-
  390. 00000D20 42 41 32 46 2D 34 38 36 41 2D 38 39 42 30 2D 42 BA2F-486A-89B0-B
  391. 00000D30 34 42 30 43 42 34 36 36 38 39 31 00 00 4B0CB466891..
  392.  
  393.  
  394.  
  395.  
  396. ############################## /03/07/2016/ ####################################
  397.  
  398. Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F Ascii
  399.  
  400. 00000000 90 02 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 4...V.S._.V.E.
  401. 00000010 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 R.S.I.O.N._.I.N.
  402. 00000020 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 F.O.....½ïþ...
  403. 00000030 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 ..............
  404. 00000040 3F 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 ?.............
  405. 00000050 00 00 00 00 00 00 00 00 00 00 00 00 44 00 00 00 ............D...
  406. 00000060 01 00 56 00 61 00 72 00 46 00 69 00 6C 00 65 00 .V.a.r.F.i.l.e.
  407. 00000070 49 00 6E 00 66 00 6F 00 00 00 00 00 24 00 04 00 I.n.f.o.....$..
  408. 00000080 00 00 54 00 72 00 61 00 6E 00 73 00 6C 00 61 00 ..T.r.a.n.s.l.a.
  409. 00000090 74 00 69 00 6F 00 6E 00 00 00 00 00 00 00 B0 04 t.i.o.n.......°
  410. 000000A0 F0 01 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 ð...S.t.r.i.n.
  411. 000000B0 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 g.F.i.l.e.I.n.f.
  412. 000000C0 6F 00 00 00 CC 01 00 00 01 00 30 00 30 00 30 00 o...Ì...0.0.0.
  413. 000000D0 30 00 30 00 34 00 62 00 30 00 00 00 34 00 05 00 0.0.4.b.0...4..
  414. 000000E0 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 .F.i.l.e.D.e.s.
  415. 000000F0 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 c.r.i.p.t.i.o.n.
  416. 00000100 00 00 00 00 47 00 74 00 61 00 76 00 00 00 00 00 ....G.t.a.v.....
  417. 00000110 30 00 08 00 01 00 46 00 69 00 6C 00 65 00 56 00 0...F.i.l.e.V.
  418. 00000120 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 e.r.s.i.o.n.....
  419. 00000130 31 00 2E 00 30 00 2E 00 30 00 2E 00 30 00 00 00 1...0...0...0...
  420. 00000140 34 00 09 00 01 00 49 00 6E 00 74 00 65 00 72 00 4....I.n.t.e.r.
  421. 00000150 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 n.a.l.N.a.m.e...
  422. 00000160 47 00 74 00 61 00 76 00 2E 00 65 00 78 00 65 00 G.t.a.v...e.x.e.
  423. 00000170 00 00 00 00 48 00 12 00 01 00 4C 00 65 00 67 00 ....H...L.e.g.
  424. 00000180 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 a.l.C.o.p.y.r.i.
  425. 00000190 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 g.h.t...C.o.p.y.
  426. 000001A0 72 00 69 00 67 00 68 00 74 00 20 00 A9 00 20 00 r.i.g.h.t...©...
  427. 000001B0 20 00 32 00 30 00 31 00 34 00 00 00 3C 00 09 00 ..2.0.1.4...<...
  428. 000001C0 01 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 .O.r.i.g.i.n.a.
  429. 000001D0 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 l.F.i.l.e.n.a.m.
  430. 000001E0 65 00 00 00 47 00 74 00 61 00 76 00 2E 00 65 00 e...G.t.a.v...e.
  431. 000001F0 78 00 65 00 00 00 00 00 2C 00 05 00 01 00 50 00 x.e.....,...P.
  432. 00000200 72 00 6F 00 64 00 75 00 63 00 74 00 4E 00 61 00 r.o.d.u.c.t.N.a.
  433. 00000210 6D 00 65 00 00 00 00 00 47 00 74 00 61 00 76 00 m.e.....G.t.a.v.
  434. 00000220 00 00 00 00 34 00 08 00 01 00 50 00 72 00 6F 00 ....4...P.r.o.
  435. 00000230 64 00 75 00 63 00 74 00 56 00 65 00 72 00 73 00 d.u.c.t.V.e.r.s.
  436. 00000240 69 00 6F 00 6E 00 00 00 31 00 2E 00 30 00 2E 00 i.o.n...1...0...
  437. 00000250 30 00 2E 00 30 00 00 00 38 00 08 00 01 00 41 00 0...0...8...A.
  438. 00000260 73 00 73 00 65 00 6D 00 62 00 6C 00 79 00 20 00 s.s.e.m.b.l.y...
  439. 00000270 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 V.e.r.s.i.o.n...
  440. 00000280 31 00 2E 00 30 00 2E 00 30 00 2E 00 30 00 00 00 1...0...0...0...
  441.  
  442.  
  443.  
  444. #####################################################################################
  445.  
  446. Text strings referenced in System_W:.data, item 17
  447. Address=6DE62E33
  448. Disassembly=ADD DWORD PTR DS:[ESI],3890000
  449. Text string=UNICODE "KeyToken=b77a5c561934e089"
  450.  
  451. Text strings referenced in System_W:.data, item 2
  452. Address=6DE0BDBD
  453. Disassembly=ADD EAX,1982000
  454. Text string=UNICODE "{9374C3F4-959F-4f6a-BAA9-D55C8DA81F1C}"
  455.  
  456. #####################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!