.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS                                                            !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    d9c1151ac686be204e2bdf368130fdb972668d3090b9f9fb0d0e60ebae473776
 
Date...........: 2019-11-18
Family.........: HelloWorld
File name......: xfs.dll
File size......: 25.50 KB
Type file......: DLL/Windows
Virscan........: VT - HA
Additional note: Similar to: 867991ade335186baa19a227e3a044c8321a6cef96c23c98eef21fe6b87edf6a

Entropy:


Binary Histogram:



=== SCREENSHOT === 



=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 144 0x90 blocks_in_file: 3 3 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 0 0 max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 0 0 reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 256 0x100 === DOS STUB === 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| === RICH Header === LIB_ID VERSION TIMES_USED 93 5d 4035 fc3 10 a 149 95 30729 7809 8 8 132 84 30729 7809 13 d 1 1 0 0 160 a0 147 93 30729 7809 3 3 131 83 30729 7809 60 3c 126 7e 50727 c627 1 1 229 e5 30501 7725 12 c 220 dc 30501 7725 1 1 219 db 21005 520d 1 1 222 de 30501 7725 1 1 === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 5 5 TimeDateStamp: "2019-10-19 16:17:17" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 8450 0x2102 EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 12.0 SizeOfCode: 12288 0x3000 SizeOfInitializedData: 27136 0x6a00 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 6027 0x178b BaseOfCode: 4096 0x1000 BaseOfData: 16384 0x4000 ImageBase: 268435456 0x10000000 SectionAlignment: 4096 0x1000 FileAlignment: 512 0x200 OperatingSystemVersion: 5.1 ImageVersion: 0.0 SubsystemVersion: 5.1 Reserved1: 0 0 SizeOfImage: 53248 0xd000 SizeOfHeaders: 1024 0x400 CheckSum: 0 0 Subsystem: 2 2 WINDOWS_GUI DllCharacteristics: 320 0x140 DYNAMIC_BASE, NX_COMPAT SizeOfStackReserve: 1048576 0x100000 SizeOfStackCommit: 4096 0x1000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 4c90 size:0x 4d IMPORT rva:0x 4ce0 size:0x 8c RESOURCE rva:0x b000 size:0x 1e0 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x c000 size:0x 3a0 DEBUG rva:0x 0 size:0x 0 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 0 size:0x 0 LOAD_CONFIG rva:0x 4b30 size:0x 40 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 4000 size:0x 11c Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS .text 1000 2e62 3000 400 0 0 0 0 60000020 R-X CODE .rdata 4000 131a 1400 3400 0 0 0 0 40000040 R-- IDATA .data 6000 4fcc 1800 4800 0 0 0 0 c0000040 RW- IDATA .rsrc b000 1e0 200 6000 0 0 0 0 40000040 R-- IDATA .reloc c000 3a0 400 6200 0 0 0 0 42000040 R-- IDATA DISCARDABLE === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0x6060 0 0x409 381 MANIFEST #2 === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME msvcrt.dll 4a6 free msvcrt.dll 101 _amsg_exit msvcrt.dll 1d5 _initterm msvcrt.dll 71 __CxxFrameHandler msvcrt.dll 4de malloc msvcrt.dll 6a _XcptFilter msvcrt.dll 4ee memset msvcrt.dll 534 time msvcrt.dll 4b1 fwrite msvcrt.dll 50e srand msvcrt.dll 495 fflush msvcrt.dll 3c8 _vsnprintf msvcrt.dll 32f _snprintf msvcrt.dll 339 _snwprintf ntdll.dll 352 RtlUnwind ADVAPI32.dll 5f CreateProcessAsUserA SHELL32.dll 107 ShellExecuteA KERNEL32.dll 1c0 GetSystemTimeAsFileTime KERNEL32.dll 13e GetCurrentThreadId KERNEL32.dll 294 QueryPerformanceCounter KERNEL32.dll 336 SetUnhandledExceptionFilter KERNEL32.dll 35b UnhandledExceptionFilter KERNEL32.dll 34a TerminateProcess KERNEL32.dll 21b InterlockedCompareExchange KERNEL32.dll 21d InterlockedExchange KERNEL32.dll 1d4 GetTickCount KERNEL32.dll f0 FreeLibrary KERNEL32.dll 244 LoadLibraryA KERNEL32.dll 198 GetProcAddress KERNEL32.dll 13c GetCurrentProcessId KERNEL32.dll 1de GetVersionExA KERNEL32.dll 27e OutputDebugStringA KERNEL32.dll 96 EnterCriticalSection KERNEL32.dll 175 GetModuleFileNameW KERNEL32.dll 243 LeaveCriticalSection KERNEL32.dll 218 InitializeCriticalSection KERNEL32.dll 179 GetModuleHandleW KERNEL32.dll 37e WaitForSingleObject KERNEL32.dll 342 Sleep KERNEL32.dll 6c CreateThread KERNEL32.dll 31 CloseHandle KERNEL32.dll 13b GetCurrentProcess KERNEL32.dll 168 GetLastError USER32.dll 240 SendMessageW USER32.dll 61 CreateWindowExW USER32.dll 292 ShowWindow USER32.dll 2bb UpdateWindow USER32.dll 215 RedrawWindow USER32.dll 60 CreateWindowExA USER32.dll 8f DefWindowProcW USER32.dll 283 SetWindowPos USER32.dll 26c SetRect USER32.dll 1bc LoadIconW USER32.dll 218 RegisterClassExW USER32.dll 2aa TranslateMessage USER32.dll d BeginPaint USER32.dll 256 SetFocus USER32.dll 1ba LoadCursorW USER32.dll bf DrawTextW USER32.dll e2 FillRect USER32.dll 201 PostQuitMessage USER32.dll 13e GetMessageW USER32.dll 99 DestroyWindow USER32.dll c8 EndPaint USER32.dll a2 DispatchMessageW === EXPORTS === # module "dispenserXFS.dll" # flags=0x0 ts="2019-10-19 16:17:16" version=0.0 ord_base=1 # nFuncs=1 nNames=1 ORD ENTRY_VA NAME 1 28f2 Function1 === Packer / Compiler === MS Visual C++ v7.0 DLL
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 00000000004D 00001000004D 0 !This program cannot be run in DOS mode. 0000000001F8 0000100001F8 0 .text 000000000220 000010000220 0 .rdata 000000000247 000010000247 0 @.data 000000000270 000010000270 0 .rsrc 000000000297 000010000297 0 @.reloc 00000000046F 00001000106F 0 URPQQh 000000000CFB 0000100018FB 0 v N+D$ 000000000D45 000010001945 0 UQPXY]Y[ 00000000114A 000010001D4A 0 f 000000001525 000010002125 0 YYh(C 00000000155F 00001000215F 0 YYh0u 0000000015FC 0000100021FC 0 TSVWH 0000000017B8 0000100023B8 0 QQSVW 0000000018C9 0000100024C9 0 VVVVj 000000001AD7 0000100026D7 0 LSVWh 000000001AF0 0000100026F0 0 PPh(E 000000002170 000010002D70 0 @f;C. 00000000260A 00001000320A 0 @f;C. 00000000269F 00001000329F 0 Wf 000000002EAF 000010003AAF 0 f;B.s 000000002ECD 000010003ACD 0 Cf;Z.r 000000003077 000010003C77 0 QQSVW 0000000030AD 000010003CAD 0 YWSVh 0000000030E1 000010003CE1 0 YWSVh 000000003115 000010003D15 0 YWSVh 000000003149 000010003D49 0 YWSVh 00000000317D 000010003D7D 0 YWSVh 0000000031CB 000010003DCB 0 YWSVh 000000003565 000010004165 0 ('8PW 00000000356E 00001000416E 0 700PP 000000003589 000010004189 0 xppwpp 00000000359C 00001000419C 0 Getting billcount. 0000000035B0 0000100041B0 0 maxbill = %d 0000000035C0 0000100041C0 0 GettingCDMStatus. 0000000035D4 0000100041D4 0 Getting CashUnitStatus. 0000000035EC 0000100041EC 0 User left, cleaning up. 000000003604 000010004204 0 Error locking XFS 000000003618 000010004218 0 Resetting CDM. 000000003628 000010004228 0 %d:[%d] 000000003638 000010004238 0 Error dispensing 0x%08X 000000003650 000010004250 0 No denominations found 000000003668 000010004268 0 %d... 000000003670 000010004270 0 No msxfs installed... 000000003688 000010004288 0 Waiting for freeze msxfs processes... 0000000036B0 0000100042B0 0 Starting WFSManager... 0000000036C8 0000100042C8 0 Connecting... 0000000036DC 0000100042DC 0 Connected. Version: wfs:%d.%d, srvc:%d.%d, spi:%d.%d 000000003714 000010004314 0 Unknown version %d 000000003728 000010004328 0 Disconnecting... 00000000373C 00001000433C 0 Error connecting: %p 000000003754 000010004354 0 Error starting WFS: %p 000000003784 000010004384 0 DISPENSER - WTSGetActiveConsoleSessionId 0000000037B0 0000100043B0 0 DISPENSER - got consoleSession: %d 0000000037D4 0000100043D4 0 DISPENSER - Created process 0000000037F0 0000100043F0 0 DISPENSER - error CreateProcessAsUserA: 0x%08x 000000003820 000010004420 0 DISPENSER - error WTSQueryUserToken: 0x%08x 00000000384C 00001000444C 0 rundll32.exe winsta.dll,WinStationSwitchToServicesSession 000000003888 000010004488 0 rundll32.exe winsta.dll,WinStationRevertFromServicesSession 0000000038C4 0000100044C4 0 -r -t 30 File pos Mem pos ID Text ======== ======= == ==== 0000000038D0 0000100044D0 0 shutdown 0000000038E4 0000100044E4 0 /c "net stop "Diebold XFS" & net start "Diebold XFS"" 00000000391C 00001000451C 0 cmd.exe 000000003928 000010004528 0 ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows /v "NoInteractiveServices" /t REG_DWORD /d "0" /f 0000000039A0 0000100045A0 0 /c "net stop "UI0Detect" & net start "UI0Detect"" 0000000039D4 0000100045D4 0 DISPENSER - GUIMain 0000000039E8 0000100045E8 0 DISPENSER - RegisterClassExW 000000003A08 000010004608 0 DISPENSER - CreateWindowW 000000003A24 000010004624 0 DISPENSER - OnStartDispenser 000000003A44 000010004644 0 msxfs.dll 000000003A50 000010004650 0 kernel32.dll 000000003A60 000010004660 0 wtsapi32.dll 000000003A70 000010004670 0 WTSQueryUserToken 000000003A84 000010004684 0 WTSGetActiveConsoleSessionId 000000003AA4 0000100046A4 0 Error getting maxbill: %p 000000003AC0 0000100046C0 0 state=%d, safedoor=%d, dispenser=%d, stacker=%d 000000003AF4 0000100046F4 0 pos=%d, OutputPosition=%d, shutter=%d, transport=%d 000000003B2C 00001000472C 0 Error getting cdm status: 0x%p. 000000003B4C 00001000474C 0 Id:%s(nr=%d)(l=%d,h=%d), %d|%d|%d of %d [%s][%d][%d],[%d][%d] 000000003B8C 00001000478C 0 Error getting bill status: 0x%p. 000000003BB0 0000100047B0 0 chosen %d | %d 000000003BC0 0000100047C0 0 pos=%d, status=%d, shutter=%d, transport=%d, status=%d 000000003BF8 0000100047F8 0 Id:%s(nr=%d)(l=%d,h=%d), %d|%d|%d of %d [%s][%d][%d],[%d] 000000003C34 000010004834 0 Exchanging cashunits 000000003C78 000010004878 0 USD A 000000003C80 000010004880 0 USD B 000000003C88 000010004888 0 USD C 000000003C90 000010004890 0 USD D 000000003C98 000010004898 0 Exchanged units 000000003CA8 0000100048A8 0 Error ending exchange 0x%08X 000000003CC8 0000100048C8 0 Exchanged units to null 000000003CE0 0000100048E0 0 Error starting exchange 0x%08X 000000003D00 000010004900 0 Getting cashunit infos 000000003D18 000010004918 0 Changing cashunit infos 000000003D30 000010004930 0 Setting cashunit infos 000000003D48 000010004948 0 Set cashunit infos 000000003D5C 00001000495C 0 Error setting cashunit info: 0x%p. 000000003D80 000010004980 0 Error getting cashunit info: 0x%p. 000000003DA4 0000100049A4 0 WFSExecute 000000003DB0 0000100049B0 0 WFSGetInfo 000000003DBC 0000100049BC 0 WFSOpen 000000003DC4 0000100049C4 0 WFSClose 000000003DD0 0000100049D0 0 WFSFreeResult 000000003DE0 0000100049E0 0 WFSStartUp 000000003DEC 0000100049EC 0 WFSCleanUp 000000003DF8 0000100049F8 0 WFSLock 000000003E00 000010004A00 0 WFSUnlock 000000003E0C 000010004A0C 0 Trying Nautilus. 000000003E20 000010004A20 0 CashDispenser 000000003E30 000010004A30 0 Connected Nautilus. 000000003E44 000010004A44 0 Trying Nautilus2. 000000003E58 000010004A58 0 NXCdm 000000003E60 000010004A60 0 Connected Nautilus2. 000000003E78 000010004A78 0 Trying Diabold. 000000003E88 000010004A88 0 DBD_AdvFuncDisp 000000003E98 000010004A98 0 Connected Diabold. 000000003EAC 000010004AAC 0 Trying NCR. 000000003EB8 000010004AB8 0 CurrencyDispenser1 000000003ECC 000010004ACC 0 Connected NCR. 000000003EDC 000010004ADC 0 Trying WINCOR. File pos Mem pos ID Text ======== ======= == ==== 000000003EEC 000010004AEC 0 CDM30 000000003EF4 000010004AF4 0 Connected WINCOR. 000000003F08 000010004B08 0 Trying GENERIC. 000000003F1C 000010004B1C 0 Connected GENERIC. 0000000040C2 000010004CC2 0 dispenserXFS.dll 0000000040D3 000010004CD3 0 Function1 00000000428A 000010004E8A 0 __CxxFrameHandler 00000000429E 000010004E9E 0 _snwprintf 0000000042AC 000010004EAC 0 _snprintf 0000000042B8 000010004EB8 0 _vsnprintf 0000000042C6 000010004EC6 0 fflush 0000000042D0 000010004ED0 0 srand 0000000042D8 000010004ED8 0 fwrite 0000000042E8 000010004EE8 0 msvcrt.dll 0000000042F6 000010004EF6 0 memset 000000004300 000010004F00 0 _XcptFilter 00000000430E 000010004F0E 0 malloc 000000004320 000010004F20 0 _initterm 00000000432C 000010004F2C 0 _amsg_exit 00000000433A 000010004F3A 0 RtlUnwind 000000004344 000010004F44 0 ntdll.dll 000000004350 000010004F50 0 CreateProcessAsUserA 000000004366 000010004F66 0 ADVAPI32.dll 000000004376 000010004F76 0 ShellExecuteA 000000004384 000010004F84 0 SHELL32.dll 000000004392 000010004F92 0 GetCurrentProcess 0000000043A6 000010004FA6 0 GetLastError 0000000043B6 000010004FB6 0 CloseHandle 0000000043C4 000010004FC4 0 CreateThread 0000000043D4 000010004FD4 0 Sleep 0000000043DC 000010004FDC 0 WaitForSingleObject 0000000043F2 000010004FF2 0 GetModuleHandleW 000000004406 000010005006 0 InitializeCriticalSection 000000004422 000010005022 0 LeaveCriticalSection 00000000443A 00001000503A 0 GetModuleFileNameW 000000004450 000010005050 0 EnterCriticalSection 000000004468 000010005068 0 OutputDebugStringA 00000000447E 00001000507E 0 GetVersionExA 00000000448E 00001000508E 0 GetCurrentProcessId 0000000044A4 0000100050A4 0 GetProcAddress 0000000044B6 0000100050B6 0 LoadLibraryA 0000000044C6 0000100050C6 0 FreeLibrary 0000000044D4 0000100050D4 0 GetTickCount 0000000044E4 0000100050E4 0 InterlockedExchange 0000000044FA 0000100050FA 0 InterlockedCompareExchange 000000004518 000010005118 0 TerminateProcess 00000000452C 00001000512C 0 UnhandledExceptionFilter 000000004548 000010005148 0 SetUnhandledExceptionFilter 000000004566 000010005166 0 QueryPerformanceCounter 000000004580 000010005180 0 GetCurrentThreadId 000000004596 000010005196 0 GetSystemTimeAsFileTime 0000000045AE 0000100051AE 0 KERNEL32.dll 0000000045BE 0000100051BE 0 DispatchMessageW 0000000045D2 0000100051D2 0 DefWindowProcW 0000000045E4 0000100051E4 0 UpdateWindow 0000000045F4 0000100051F4 0 SendMessageW 000000004604 000010005204 0 CreateWindowExW 000000004616 000010005216 0 ShowWindow 000000004624 000010005224 0 SetWindowPos 000000004634 000010005234 0 RedrawWindow File pos Mem pos ID Text ======== ======= == ==== 000000004644 000010005244 0 CreateWindowExA 000000004656 000010005256 0 SetRect 000000004660 000010005260 0 LoadIconW 00000000466C 00001000526C 0 RegisterClassExW 000000004680 000010005280 0 TranslateMessage 000000004694 000010005294 0 BeginPaint 0000000046A2 0000100052A2 0 SetFocus 0000000046AE 0000100052AE 0 LoadCursorW 0000000046BC 0000100052BC 0 DrawTextW 0000000046C8 0000100052C8 0 FillRect 0000000046D4 0000100052D4 0 PostQuitMessage 0000000046E6 0000100052E6 0 GetMessageW 0000000046F4 0000100052F4 0 DestroyWindow 000000004704 000010005304 0 EndPaint 00000000470E 00001000530E 0 USER32.dll 000000004A46 000010006246 0 z?aUY 000000004A88 000010006288 0 zc%C1 000000004ADB 0000100062DB 0 -64OS 000000006060 00001000B060 0 <?xml version='1.0' encoding='UTF-8' standalone='yes'?> 000000006099 00001000B099 0 <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> 0000000060E4 00001000B0E4 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> 00000000611C 00001000B11C 0 <security> 00000000612C 00001000B12C 0 <requestedPrivileges> 000000006149 00001000B149 0 <requestedExecutionLevel level='asInvoker' uiAccess='false' /> 000000006191 00001000B191 0 </requestedPrivileges> 0000000061AF 00001000B1AF 0 </security> 0000000061C0 00001000B1C0 0 </trustInfo> 0000000061D0 00001000B1D0 0 </assembly> 000000006208 00001000C008 0 ?0R0u0 00000000622B 00001000C02B 0 4%4:4?4E4]4b4n4~4 000000006253 00001000C053 0 5!525K5U5q5~5 000000006261 00001000C061 0 6#7-7 000000006287 00001000C087 0 8 8)8.848>8G8R8 000000006297 00001000C097 0 8e8k8v8}8+949 0000000062A7 00001000C0A7 0 9Q:n: 0000000062B9 00001000C0B9 0 ;#;/;A;N;V; 0000000062C5 00001000C0C5 0 <F<Y<j<p< 0000000062E9 00001000C0E9 0 >(><> 0000000062F3 00001000C0F3 0 >+???b?v?}? 000000006313 00001000C113 0 0#030 000000006321 00001000C121 0 1(181@1M1V1h1 000000006341 00001000C141 0 1C2T2o2}2 00000000635D 00001000C15D 0 3%3P3t3 000000006375 00001000C175 0 454D4K4e4k4 000000006393 00001000C193 0 575H5N5S5[5f5m5|5 0000000063B5 00001000C1B5 0 6%6.646H6Z6 0000000063C1 00001000C1C1 0 6t6z6 0000000063E5 00001000C1E5 0 7(7-787?7R7h7}7 000000006409 00001000C209 0 8%8+81878=8C8K8S8d8j8p8|8 000000006431 00001000C231 0 929:9|9w: 00000000643B 00001000C23B 0 :$;6; 000000006475 00001000C275 0 1?2G2|2 00000000647F 00001000C27F 0 2"3c3 0000000064AF 00001000C2AF 0 :8:X:s: 0000000064B7 00001000C2B7 0 ;&;0;?;G;W;_;r;x;}; 0000000064FB 00001000C2FB 0 <"<*<0<9<B<K<T<]<f<~< 000000006523 00001000C323 0 =&=-=3=@=Z=a=g=t= 00000000654B 00001000C34B 0 >&>->4><>B>H>N>T>Y> 000000006568 00001000C368 0 (14181l;p; 000000006583 00001000C383 0 < <$<,<0<8<<<D<H<P<T<\< File pos Mem pos ID Text ======== ======= == ==== 000000004B20 000010006320 0 NO_TOKEN 000000004B39 000010006339 0 win32app 00000000004D 00001000004D 0 !This program cannot be run in DOS mode. 0000000001F8 0000100001F8 0 .text 000000000220 000010000220 0 .rdata 000000000247 000010000247 0 @.data 000000000270 000010000270 0 .rsrc 000000000297 000010000297 0 @.reloc 00000000046F 00001000106F 0 URPQQh 000000000CFB 0000100018FB 0 v N+D$ 000000000D45 000010001945 0 UQPXY]Y[ 00000000114A 000010001D4A 0 f 000000001525 000010002125 0 YYh(C 00000000155F 00001000215F 0 YYh0u 0000000015FC 0000100021FC 0 TSVWH 0000000017B8 0000100023B8 0 QQSVW 0000000018C9 0000100024C9 0 VVVVj 000000001AD7 0000100026D7 0 LSVWh 000000001AF0 0000100026F0 0 PPh(E 000000002170 000010002D70 0 @f;C. 00000000260A 00001000320A 0 @f;C. 00000000269F 00001000329F 0 Wf 000000002EAF 000010003AAF 0 f;B.s 000000002ECD 000010003ACD 0 Cf;Z.r 000000003077 000010003C77 0 QQSVW 0000000030AD 000010003CAD 0 YWSVh 0000000030E1 000010003CE1 0 YWSVh 000000003115 000010003D15 0 YWSVh 000000003149 000010003D49 0 YWSVh 00000000317D 000010003D7D 0 YWSVh 0000000031CB 000010003DCB 0 YWSVh 000000003565 000010004165 0 ('8PW 00000000356E 00001000416E 0 700PP 000000003589 000010004189 0 xppwpp 00000000359C 00001000419C 0 Getting billcount. 0000000035B0 0000100041B0 0 maxbill = %d 0000000035C0 0000100041C0 0 GettingCDMStatus. 0000000035D4 0000100041D4 0 Getting CashUnitStatus. 0000000035EC 0000100041EC 0 User left, cleaning up. 000000003604 000010004204 0 Error locking XFS 000000003618 000010004218 0 Resetting CDM. 000000003628 000010004228 0 %d:[%d] 000000003638 000010004238 0 Error dispensing 0x%08X 000000003650 000010004250 0 No denominations found 000000003668 000010004268 0 %d... 000000003670 000010004270 0 No msxfs installed... 000000003688 000010004288 0 Waiting for freeze msxfs processes... 0000000036B0 0000100042B0 0 Starting WFSManager... 0000000036C8 0000100042C8 0 Connecting... 0000000036DC 0000100042DC 0 Connected. Version: wfs:%d.%d, srvc:%d.%d, spi:%d.%d 000000003714 000010004314 0 Unknown version %d 000000003728 000010004328 0 Disconnecting... 00000000373C 00001000433C 0 Error connecting: %p 000000003754 000010004354 0 Error starting WFS: %p 000000003784 000010004384 0 DISPENSER - WTSGetActiveConsoleSessionId 0000000037B0 0000100043B0 0 DISPENSER - got consoleSession: %d 0000000037D4 0000100043D4 0 DISPENSER - Created process 0000000037F0 0000100043F0 0 DISPENSER - error CreateProcessAsUserA: 0x%08x 000000003820 000010004420 0 DISPENSER - error WTSQueryUserToken: 0x%08x 00000000384C 00001000444C 0 rundll32.exe winsta.dll,WinStationSwitchToServicesSession File pos Mem pos ID Text ======== ======= == ==== 000000003888 000010004488 0 rundll32.exe winsta.dll,WinStationRevertFromServicesSession 0000000038C4 0000100044C4 0 -r -t 30 0000000038D0 0000100044D0 0 shutdown 0000000038E4 0000100044E4 0 /c "net stop "Diebold XFS" & net start "Diebold XFS"" 00000000391C 00001000451C 0 cmd.exe 000000003928 000010004528 0 ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows /v "NoInteractiveServices" /t REG_DWORD /d "0" /f 0000000039A0 0000100045A0 0 /c "net stop "UI0Detect" & net start "UI0Detect"" 0000000039D4 0000100045D4 0 DISPENSER - GUIMain 0000000039E8 0000100045E8 0 DISPENSER - RegisterClassExW 000000003A08 000010004608 0 DISPENSER - CreateWindowW 000000003A24 000010004624 0 DISPENSER - OnStartDispenser 000000003A44 000010004644 0 msxfs.dll 000000003A50 000010004650 0 kernel32.dll 000000003A60 000010004660 0 wtsapi32.dll 000000003A70 000010004670 0 WTSQueryUserToken 000000003A84 000010004684 0 WTSGetActiveConsoleSessionId 000000003AA4 0000100046A4 0 Error getting maxbill: %p 000000003AC0 0000100046C0 0 state=%d, safedoor=%d, dispenser=%d, stacker=%d 000000003AF4 0000100046F4 0 pos=%d, OutputPosition=%d, shutter=%d, transport=%d 000000003B2C 00001000472C 0 Error getting cdm status: 0x%p. 000000003B4C 00001000474C 0 Id:%s(nr=%d)(l=%d,h=%d), %d|%d|%d of %d [%s][%d][%d],[%d][%d] 000000003B8C 00001000478C 0 Error getting bill status: 0x%p. 000000003BB0 0000100047B0 0 chosen %d | %d 000000003BC0 0000100047C0 0 pos=%d, status=%d, shutter=%d, transport=%d, status=%d 000000003BF8 0000100047F8 0 Id:%s(nr=%d)(l=%d,h=%d), %d|%d|%d of %d [%s][%d][%d],[%d] 000000003C34 000010004834 0 Exchanging cashunits 000000003C78 000010004878 0 USD A 000000003C80 000010004880 0 USD B 000000003C88 000010004888 0 USD C 000000003C90 000010004890 0 USD D 000000003C98 000010004898 0 Exchanged units 000000003CA8 0000100048A8 0 Error ending exchange 0x%08X 000000003CC8 0000100048C8 0 Exchanged units to null 000000003CE0 0000100048E0 0 Error starting exchange 0x%08X 000000003D00 000010004900 0 Getting cashunit infos 000000003D18 000010004918 0 Changing cashunit infos 000000003D30 000010004930 0 Setting cashunit infos 000000003D48 000010004948 0 Set cashunit infos 000000003D5C 00001000495C 0 Error setting cashunit info: 0x%p. 000000003D80 000010004980 0 Error getting cashunit info: 0x%p. 000000003DA4 0000100049A4 0 WFSExecute 000000003DB0 0000100049B0 0 WFSGetInfo 000000003DBC 0000100049BC 0 WFSOpen 000000003DC4 0000100049C4 0 WFSClose 000000003DD0 0000100049D0 0 WFSFreeResult 000000003DE0 0000100049E0 0 WFSStartUp 000000003DEC 0000100049EC 0 WFSCleanUp 000000003DF8 0000100049F8 0 WFSLock 000000003E00 000010004A00 0 WFSUnlock 000000003E0C 000010004A0C 0 Trying Nautilus. 000000003E20 000010004A20 0 CashDispenser 000000003E30 000010004A30 0 Connected Nautilus. 000000003E44 000010004A44 0 Trying Nautilus2. 000000003E58 000010004A58 0 NXCdm 000000003E60 000010004A60 0 Connected Nautilus2. 000000003E78 000010004A78 0 Trying Diabold. 000000003E88 000010004A88 0 DBD_AdvFuncDisp 000000003E98 000010004A98 0 Connected Diabold. 000000003EAC 000010004AAC 0 Trying NCR. 000000003EB8 000010004AB8 0 CurrencyDispenser1 File pos Mem pos ID Text ======== ======= == ==== 000000003ECC 000010004ACC 0 Connected NCR. 000000003EDC 000010004ADC 0 Trying WINCOR. 000000003EEC 000010004AEC 0 CDM30 000000003EF4 000010004AF4 0 Connected WINCOR. 000000003F08 000010004B08 0 Trying GENERIC. 000000003F1C 000010004B1C 0 Connected GENERIC. 0000000040C2 000010004CC2 0 dispenserXFS.dll 0000000040D3 000010004CD3 0 Function1 00000000428A 000010004E8A 0 __CxxFrameHandler 00000000429E 000010004E9E 0 _snwprintf 0000000042AC 000010004EAC 0 _snprintf 0000000042B8 000010004EB8 0 _vsnprintf 0000000042C6 000010004EC6 0 fflush 0000000042D0 000010004ED0 0 srand 0000000042D8 000010004ED8 0 fwrite 0000000042E8 000010004EE8 0 msvcrt.dll 0000000042F6 000010004EF6 0 memset 000000004300 000010004F00 0 _XcptFilter 00000000430E 000010004F0E 0 malloc 000000004320 000010004F20 0 _initterm 00000000432C 000010004F2C 0 _amsg_exit 00000000433A 000010004F3A 0 RtlUnwind 000000004344 000010004F44 0 ntdll.dll 000000004350 000010004F50 0 CreateProcessAsUserA 000000004366 000010004F66 0 ADVAPI32.dll 000000004376 000010004F76 0 ShellExecuteA 000000004384 000010004F84 0 SHELL32.dll 000000004392 000010004F92 0 GetCurrentProcess 0000000043A6 000010004FA6 0 GetLastError 0000000043B6 000010004FB6 0 CloseHandle 0000000043C4 000010004FC4 0 CreateThread 0000000043D4 000010004FD4 0 Sleep 0000000043DC 000010004FDC 0 WaitForSingleObject 0000000043F2 000010004FF2 0 GetModuleHandleW 000000004406 000010005006 0 InitializeCriticalSection 000000004422 000010005022 0 LeaveCriticalSection 00000000443A 00001000503A 0 GetModuleFileNameW 000000004450 000010005050 0 EnterCriticalSection 000000004468 000010005068 0 OutputDebugStringA 00000000447E 00001000507E 0 GetVersionExA 00000000448E 00001000508E 0 GetCurrentProcessId 0000000044A4 0000100050A4 0 GetProcAddress 0000000044B6 0000100050B6 0 LoadLibraryA 0000000044C6 0000100050C6 0 FreeLibrary 0000000044D4 0000100050D4 0 GetTickCount 0000000044E4 0000100050E4 0 InterlockedExchange 0000000044FA 0000100050FA 0 InterlockedCompareExchange 000000004518 000010005118 0 TerminateProcess 00000000452C 00001000512C 0 UnhandledExceptionFilter 000000004548 000010005148 0 SetUnhandledExceptionFilter 000000004566 000010005166 0 QueryPerformanceCounter 000000004580 000010005180 0 GetCurrentThreadId 000000004596 000010005196 0 GetSystemTimeAsFileTime 0000000045AE 0000100051AE 0 KERNEL32.dll 0000000045BE 0000100051BE 0 DispatchMessageW 0000000045D2 0000100051D2 0 DefWindowProcW 0000000045E4 0000100051E4 0 UpdateWindow 0000000045F4 0000100051F4 0 SendMessageW 000000004604 000010005204 0 CreateWindowExW 000000004616 000010005216 0 ShowWindow File pos Mem pos ID Text ======== ======= == ==== 000000004624 000010005224 0 SetWindowPos 000000004634 000010005234 0 RedrawWindow 000000004644 000010005244 0 CreateWindowExA 000000004656 000010005256 0 SetRect 000000004660 000010005260 0 LoadIconW 00000000466C 00001000526C 0 RegisterClassExW 000000004680 000010005280 0 TranslateMessage 000000004694 000010005294 0 BeginPaint 0000000046A2 0000100052A2 0 SetFocus 0000000046AE 0000100052AE 0 LoadCursorW 0000000046BC 0000100052BC 0 DrawTextW 0000000046C8 0000100052C8 0 FillRect 0000000046D4 0000100052D4 0 PostQuitMessage 0000000046E6 0000100052E6 0 GetMessageW 0000000046F4 0000100052F4 0 DestroyWindow 000000004704 000010005304 0 EndPaint 00000000470E 00001000530E 0 USER32.dll 000000004A46 000010006246 0 z?aUY 000000004A88 000010006288 0 zc%C1 000000004ADB 0000100062DB 0 -64OS 000000006060 00001000B060 0 <?xml version='1.0' encoding='UTF-8' standalone='yes'?> 000000006099 00001000B099 0 <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> 0000000060E4 00001000B0E4 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> 00000000611C 00001000B11C 0 <security> 00000000612C 00001000B12C 0 <requestedPrivileges> 000000006149 00001000B149 0 <requestedExecutionLevel level='asInvoker' uiAccess='false' /> 000000006191 00001000B191 0 </requestedPrivileges> 0000000061AF 00001000B1AF 0 </security> 0000000061C0 00001000B1C0 0 </trustInfo> 0000000061D0 00001000B1D0 0 </assembly> 000000006208 00001000C008 0 ?0R0u0 00000000622B 00001000C02B 0 4%4:4?4E4]4b4n4~4 000000006253 00001000C053 0 5!525K5U5q5~5 000000006261 00001000C061 0 6#7-7 000000006287 00001000C087 0 8 8)8.848>8G8R8 000000006297 00001000C097 0 8e8k8v8}8+949 0000000062A7 00001000C0A7 0 9Q:n: 0000000062B9 00001000C0B9 0 ;#;/;A;N;V; 0000000062C5 00001000C0C5 0 <F<Y<j<p< 0000000062E9 00001000C0E9 0 >(><> 0000000062F3 00001000C0F3 0 >+???b?v?}? 000000006313 00001000C113 0 0#030 000000006321 00001000C121 0 1(181@1M1V1h1 000000006341 00001000C141 0 1C2T2o2}2 00000000635D 00001000C15D 0 3%3P3t3 000000006375 00001000C175 0 454D4K4e4k4 000000006393 00001000C193 0 575H5N5S5[5f5m5|5 0000000063B5 00001000C1B5 0 6%6.646H6Z6 0000000063C1 00001000C1C1 0 6t6z6 0000000063E5 00001000C1E5 0 7(7-787?7R7h7}7 000000006409 00001000C209 0 8%8+81878=8C8K8S8d8j8p8|8 000000006431 00001000C231 0 929:9|9w: 00000000643B 00001000C23B 0 :$;6; 000000006475 00001000C275 0 1?2G2|2 00000000647F 00001000C27F 0 2"3c3 0000000064AF 00001000C2AF 0 :8:X:s: 0000000064B7 00001000C2B7 0 ;&;0;?;G;W;_;r;x;}; 0000000064FB 00001000C2FB 0 <"<*<0<9<B<K<T<]<f<~< 000000006523 00001000C323 0 =&=-=3=@=Z=a=g=t= 00000000654B 00001000C34B 0 >&>->4><>B>H>N>T>Y> File pos Mem pos ID Text ======== ======= == ==== 000000006568 00001000C368 0 (14181l;p; 000000006583 00001000C383 0 < <$<,<0<8<<<D<H<P<T<\< 000000004B20 000010006320 0 NO_TOKEN 000000004B39 000010006339 0 win32app
=== DOWNLOAD ===