.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------.
! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV !
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
aaeee605cb1850dd81da8990fe4115fe85e5d4eb84ddaf2fa8d0b21afdc2b293
Date...........: 2011-06-08
Family.........: Ligsterac
File name......: lsass.exe
File size......: 52.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Documentation..: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Skimer-A.aspx
Entropy:
Binary Histogram:
=== SCREENSHOT ===
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 80 0x50
blocks_in_file: 2 2
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 15 0xf
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 26 0x1a
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 256 0x100
=== DOS STUB ===
00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus|
00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........|
00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 8 8
TimeDateStamp: "1992-06-19 22:22:17"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 33166 0x818e EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO
32BIT_MACHINE, BYTES_REVERSED_HI
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 2.25
SizeOfCode: 40960 0xa000
SizeOfInitializedData: 8704 0x2200
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 44640 0xae60
BaseOfCode: 4096 0x1000
BaseOfData: 45056 0xb000
ImageBase: 4194304 0x400000
SectionAlignment: 4096 0x1000
FileAlignment: 512 0x200
OperatingSystemVersion: 4.0
ImageVersion: 0.0
SubsystemVersion: 4.0
Reserved1: 0 0
SizeOfImage: 77824 0x13000
SizeOfHeaders: 1024 0x400
CheckSum: 0 0
Subsystem: 2 2 WINDOWS_GUI
DllCharacteristics: 0 0
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 16384 0x4000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x e000 size:0x c9a
RESOURCE rva:0x 12000 size:0x 3f0
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x 11000 size:0x 958
DEBUG rva:0x 0 size:0x 0
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 10000 size:0x 18
LOAD_CONFIG rva:0x 0 size:0x 0
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 0 size:0x 0
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
CODE 1000 9ec8 a000 400 0 0 0 0 60000020 R-X CODE
DATA b000 398 400 a400 0 0 0 0 c0000040 RW- IDATA
BSS c000 1c39 0 a800 0 0 0 0 c0000000 RW-
.idata e000 c9a e00 a800 0 0 0 0 c0000040 RW- IDATA
.tls f000 8 0 b600 0 0 0 0 c0000000 RW-
.rdata 10000 18 200 b600 0 0 0 0 50000040 R-- IDATA SHARED
.reloc 11000 958 a00 b800 0 0 0 0 50000040 R-- IDATA SHARED
.rsrc 12000 3f0 400 c200 0 0 0 0 50000040 R-- IDATA SHARED
=== TLS ===
RAW_START RAW_END INDEX CALLBKS ZEROFILL FLAGS
40f000 40f008 40b084 410010 0 0
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0xc258 1252 0x409 920 VERSION #1
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
kernel32.dll 0 DeleteCriticalSection
kernel32.dll 0 LeaveCriticalSection
kernel32.dll 0 EnterCriticalSection
kernel32.dll 0 InitializeCriticalSection
kernel32.dll 0 VirtualFree
kernel32.dll 0 VirtualAlloc
kernel32.dll 0 LocalFree
kernel32.dll 0 LocalAlloc
kernel32.dll 0 GetVersion
kernel32.dll 0 GetCurrentThreadId
kernel32.dll 0 GetThreadLocale
kernel32.dll 0 GetStartupInfoA
kernel32.dll 0 GetLocaleInfoA
kernel32.dll 0 GetCommandLineA
kernel32.dll 0 FreeLibrary
kernel32.dll 0 ExitProcess
kernel32.dll 0 CreateThread
kernel32.dll 0 WriteFile
kernel32.dll 0 UnhandledExceptionFilter
kernel32.dll 0 RtlUnwind
kernel32.dll 0 RaiseException
kernel32.dll 0 GetStdHandle
user32.dll 0 GetKeyboardType
user32.dll 0 MessageBoxA
advapi32.dll 0 RegQueryValueExA
advapi32.dll 0 RegOpenKeyExA
advapi32.dll 0 RegCloseKey
kernel32.dll 0 TlsSetValue
kernel32.dll 0 TlsGetValue
kernel32.dll 0 LocalAlloc
kernel32.dll 0 GetModuleHandleA
advapi32.dll 0 RegQueryValueExA
advapi32.dll 0 RegOpenKeyExA
advapi32.dll 0 RegCloseKey
advapi32.dll 0 OpenProcessToken
advapi32.dll 0 LookupPrivilegeValueA
advapi32.dll 0 InitiateSystemShutdownA
advapi32.dll 0 AdjustTokenPrivileges
kernel32.dll 0 lstrlenA
kernel32.dll 0 lstrcpynA
kernel32.dll 0 lstrcpyA
kernel32.dll 0 lstrcmpiA
kernel32.dll 0 lstrcmpA
kernel32.dll 0 lstrcatA
kernel32.dll 0 WriteProcessMemory
kernel32.dll 0 WriteFile
kernel32.dll 0 WaitForSingleObjectEx
kernel32.dll 0 WaitForSingleObject
kernel32.dll 0 VirtualFreeEx
kernel32.dll 0 VirtualAllocEx
kernel32.dll 0 TerminateThread
kernel32.dll 0 SleepEx
kernel32.dll 0 Sleep
kernel32.dll 0 SetFilePointer
kernel32.dll 0 SetEvent
kernel32.dll 0 ReadFile
kernel32.dll 0 OpenProcess
kernel32.dll 0 LocalUnlock
kernel32.dll 0 LocalSize
kernel32.dll 0 LocalReAlloc
kernel32.dll 0 LocalLock
kernel32.dll 0 LocalFree
kernel32.dll 0 LocalAlloc
kernel32.dll 0 LoadLibraryA
kernel32.dll 0 GetWindowsDirectoryA
kernel32.dll 0 GetTickCount
kernel32.dll 0 GetTempFileNameA
kernel32.dll 0 GetSystemTimeAsFileTime
kernel32.dll 0 GetSystemDirectoryA
kernel32.dll 0 GetProcAddress
kernel32.dll 0 GetModuleHandleA
kernel32.dll 0 GetModuleFileNameA
kernel32.dll 0 GetLocalTime
kernel32.dll 0 GetLastError
kernel32.dll 0 GetFileSize
kernel32.dll 0 GetExitCodeThread
kernel32.dll 0 GetCurrentProcess
kernel32.dll 0 FormatMessageA
kernel32.dll 0 FileTimeToSystemTime
kernel32.dll 0 FileTimeToLocalFileTime
kernel32.dll 0 ExitProcess
kernel32.dll 0 DuplicateHandle
kernel32.dll 0 DeleteFileA
kernel32.dll 0 CreateThread
kernel32.dll 0 CreateRemoteThread
kernel32.dll 0 CreateFileA
kernel32.dll 0 CreateEventA
kernel32.dll 0 CopyFileA
kernel32.dll 0 CloseHandle
gdi32.dll 0 TextOutA
gdi32.dll 0 GetTextMetricsA
gdi32.dll 0 Escape
gdi32.dll 0 EndDoc
gdi32.dll 0 DeleteDC
gdi32.dll 0 CreateDCA
user32.dll 0 CreateWindowExA
user32.dll 0 UnregisterClassA
user32.dll 0 TranslateMessage
user32.dll 0 SetTimer
user32.dll 0 SetForegroundWindow
user32.dll 0 SetFocus
user32.dll 0 SendMessageA
user32.dll 0 RegisterClassA
user32.dll 0 RedrawWindow
user32.dll 0 PostMessageA
user32.dll 0 PeekMessageA
user32.dll 0 LoadIconA
user32.dll 0 LoadCursorA
user32.dll 0 GetWindowTextA
user32.dll 0 GetWindowDC
user32.dll 0 GetSystemMetrics
user32.dll 0 GetMessageA
user32.dll 0 GetForegroundWindow
user32.dll 0 GetDesktopWindow
user32.dll 0 GetClientRect
user32.dll 0 FindWindowExA
user32.dll 0 FindWindowA
user32.dll 0 DrawTextA
user32.dll 0 DispatchMessageA
user32.dll 0 DestroyWindow
user32.dll 0 DefWindowProcA
user32.dll 0 CharUpperA
advapi32.dll 0 StartServiceCtrlDispatcherA
advapi32.dll 0 SetServiceStatus
advapi32.dll 0 RegisterServiceCtrlHandlerA
advapi32.dll 0 OpenServiceA
advapi32.dll 0 OpenSCManagerA
advapi32.dll 0 CloseServiceHandle
advapi32.dll 0 ChangeServiceConfigA
winspool.drv 0 EnumPrintersA
user32.dll 0 wsprintfA
user32.dll 0 GetMonitorInfoA
user32.dll 0 EnumDisplayMonitors
=== VERSION INFO ===
# VS_FIXEDFILEINFO:
FileVersion : 5.1.2600.2180
ProductVersion : 5.1.2600.2180
StrucVersion : 0x10000
FileFlagsMask : 0x3f
FileFlags : 0
FileOS : 0x40004
FileType : 2
FileSubtype : 0
# StringTable 040904B0:
CompanyName : "Microsoft Corporation"
FileDescription : "LSA Shell (Export Version)"
FileVersion : "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
InternalName : "lsass.exe"
LegalCopyright : "\u00A9 Microsoft Corporation. All rights reserved."
OriginalFilename : "lsass.exe"
ProductName : "Microsoft\u00AE Windows\u00AE Operating System"
ProductVersion : "5.1.2600.2180"
VarFileInfo : [ 0x409, 0x4b0 ]
=== Packer / Compiler ===
Borland Delphi 2006
File pos Mem pos ID Text
======== ======= == ====
000000000050 000000400050 0 This program must be run under Win32
000000000270 000000400270 0 .idata
0000000002C0 0000004002C0 0 .rdata
0000000002E7 0000004002E7 0 P.reloc
00000000030F 00000040030F 0 P.rsrc
000000000594 000000401194 0 SVWUQ
0000000007B5 0000004013B5 0 w;;t$
0000000008C0 0000004014C0 0 SVWUQ
0000000017A5 0000004023A5 0 Uh-$@
000000001B4F 00000040274F 0 ~KxI[)
000000001CA8 0000004028A8 0 SOFTWARE\Borland\Delphi\RTL
000000001CC4 0000004028C4 0 FPUMaskValue
000000001D11 000000402911 0 PPRTj
000000001E8B 000000402A8B 0 YZXtp
000000002002 000000402C02 0 t=HtN
000000002724 000000403324 0 SVWRP
000000002904 000000403504 0 Uh#5@
0000000029D2 0000004035D2 0 Uh*6@
000000003274 000000403E74 0 kernel32.dll
000000003284 000000403E84 0 CreateToolhelp32Snapshot
0000000032A0 000000403EA0 0 Heap32ListFirst
0000000032B0 000000403EB0 0 Heap32ListNext
0000000032C0 000000403EC0 0 Heap32First
0000000032CC 000000403ECC 0 Heap32Next
0000000032D8 000000403ED8 0 Toolhelp32ReadProcessMemory
0000000032F4 000000403EF4 0 Process32First
000000003304 000000403F04 0 Process32Next
000000003314 000000403F14 0 Process32FirstW
000000003324 000000403F24 0 Process32NextW
000000003334 000000403F34 0 Thread32First
000000003344 000000403F44 0 Thread32Next
000000003354 000000403F54 0 Module32First
000000003364 000000403F64 0 Module32Next
000000003374 000000403F74 0 Module32FirstW
000000003384 000000403F84 0 Module32NextW
000000003431 000000404031 0 UhQ@@
0000000034A4 0000004040A4 0 ProtectedStorage
0000000034C0 0000004040C0 0 TES TEDafwhicomm
0000000034D4 0000004040D4 0 C:\Program Files\Diebold\AMI\AMITRACE\AMITrace.txt
000000003508 000000404108 0 C:\windows\EpsStmApi.log\
000000003588 000000404188 0 %.2d:%.2d:%.2d
0000000035CA 0000004041CA 0 Uh8C@
000000003873 000000404473 0 PhlG@
00000000389C 00000040449C 0 D$xPj
000000003946 000000404546 0 D$HXC@
0000000039E0 0000004045E0 0 D$LPSj
000000003A93 000000404693 0 D$lPj
000000003AA7 0000004046A7 0 jdj{S
000000003B50 000000404750 0 PhxG@
000000003B78 000000404778 0 ATMDialog
000000003B84 000000404784 0 hello
000000003B8C 00000040478C 0 STATIC
000000003BB7 0000004047B7 0 Uh)H@
000000003C38 000000404838 0 Error
000000003DC4 0000004049C4 0 CreateFile
000000003FB4 000000404BB4 0 %s Error code= %d
0000000040A0 000000404CA0 0 (h<N@
0000000040D4 000000404CD4 0 Ph\N@
0000000040EE 000000404CEE 0 ~;h|N@
0000000041CC 000000404DCC 0 Complete
File pos Mem pos ID Text
======== ======= == ====
0000000041D8 000000404DD8 0 Lock
0000000041E0 000000404DE0 0 RECEIPT_PRINTER_START_GDI
0000000041FC 000000404DFC 0 RECEIPT_PRINTER_EJECT
000000004214 000000404E14 0 CMD=%d
00000000421C 000000404E1C 0 UNSOLICITED
00000000422C 000000404E2C 0 LOCK_requested
00000000423C 000000404E3C 0 RECEIPT_PRINTER_GDI_FINISHED
00000000425C 000000404E5C 0 ID: %d CmdRes: %d State: %d
00000000427C 000000404E7C 0 DATA:
000000004284 000000404E84 0 %.2X
00000000428C 000000404E8C 0 Entities:
000000004298 000000404E98 0 %d %d 0x%x
0000000042A8 000000404EA8 0 c:\mylog.txt
0000000042D6 000000404ED6 0 Lt Jt
000000004315 000000404F15 0 t -"%
0000000044EC 0000004050EC 0 DbdDevExecute(EPP4_ENCODE_DECODE)
000000004510 000000405110 0 DbdDevExecute(EPP4_ENABLE_KEYBOARD_READ)
00000000453C 00000040513C 0 EPP Complete LOCK
000000004550 000000405150 0 EPP Complete ENCODE_DECODE
000000004630 000000405230 0 DBDDevOpen
00000000463C 00000040523C 0 DbdDevRegisterCallback
000000004654 000000405254 0 DbdDevLock
000000004660 000000405260 0 DbdDevUnregisterCallback
00000000467C 00000040527C 0 DBDDevClose
0000000046F8 0000004052F8 0 DbdDevUnlock
000000004708 000000405308 0 bdDevUnregisterCallback
000000004720 000000405320 0 DBDDevClose
000000004808 000000405408 0 DbdDevAPI.dll
000000004818 000000405418 0 DbdDevOpen
000000004824 000000405424 0 DbdDevClose
000000004830 000000405430 0 DbdDevGetInfo
000000004840 000000405440 0 DbdDevRegisterCallback
000000004858 000000405458 0 DbdDevUnregisterCallback
000000004874 000000405474 0 DbdDevLock
000000004880 000000405480 0 DbdDevUnlock
000000004890 000000405490 0 DbdDevExecute
000000004994 000000405594 0 AMI function don
0000000049A5 0000004055A5 0 t return in 1 sec
000000004BC0 0000004057C0 0 RECEIPT
000000004BC8 0000004057C8 0 WINSPOOL
000000004BDC 0000004057DC 0 CreateDC
000000004BE8 0000004057E8 0 hello
000000004BF8 0000004057F8 0 escape
000000004C08 000000405808 0 TextOut
000000004C18 000000405818 0 enddoc
000000004D1C 00000040591C 0 OpenProcessToken
000000004D38 000000405938 0 LookupPrivilegeValue
000000004D58 000000405958 0 AdjustTokenPrivileges
000000004EB8 000000405AB8 0 SeDebugPrivilege
000000004ED4 000000405AD4 0 OpenProcess
000000004EE8 000000405AE8 0 GetExitCodeThread
000000004F04 000000405B04 0 VirtualFreeEx
000000005194 000000405D94 0 kernel32.dll
0000000051A4 000000405DA4 0 GetModuleHandleA
0000000051B8 000000405DB8 0 GetProcAddress
0000000051C8 000000405DC8 0 OASYS.dll
0000000051D4 000000405DD4 0 OasPostMessage
0000000051E4 000000405DE4 0 mu.exe
0000000052B0 000000405EB0 0 kernel32.dll
0000000052C0 000000405EC0 0 GetModuleHandleA
File pos Mem pos ID Text
======== ======= == ====
0000000052D4 000000405ED4 0 GetProcAddress
0000000052E4 000000405EE4 0 DbdDevAPI.dll
0000000052F4 000000405EF4 0 DbdDevOpen
000000005300 000000405F00 0 DbdDevClose
00000000530C 000000405F0C 0 DbdDevUnlock
00000000531C 000000405F1C 0 DbdDevUnregisterCallback
000000005470 000000406070 0 kernel32.dll
000000005480 000000406080 0 GetModuleHandleA
000000005494 000000406094 0 GetProcAddress
0000000054A4 0000004060A4 0 DbdDevAPI.dll
0000000054B4 0000004060B4 0 DbdDevRegisterCallback
0000000054CC 0000004060CC 0 DbdDevLock
0000000054D8 0000004060D8 0 SVWUQ
00000000564C 00000040624C 0 LocalAlloc
000000005660 000000406260 0 LocalLock
000000005B3D 00000040673D 0 t Find Key A
000000005B59 000000406759 0 t Find Key B
000000005CB4 0000004068B4 0 Uh>i@
000000005F33 000000406B33 0 u7IBF
000000005FC2 000000406BC2 0 I(NBu
0000000063B8 000000406FB8 0 %.2d/%.2d/%.2d %.2d:%.2d
000000006519 000000407119 0 tdHuaj
000000006590 000000407190 0 DbdDevExecute(RECEIPT_PRINTER_START_GDI)
0000000065BC 0000004071BC 0 RECEIPT_PRINTER_START_GDI
0000000065D8 0000004071D8 0 DbdDevExecute(RECEIPT_PRINTER_EJECT)
00000000673C 00000040733C 0 DbdDevExecute(AFD_DISPENCE)
000000006758 000000407358 0 DbdDevExecute(AFD_PRESENT)
000000006774 000000407374 0 DbdDevExecute(AFD_RESTORE)
00000000684C 00000040744C 0 t Unlock PRT
000000006868 000000407468 0 t Lock PRT
000000006949 000000407549 0 T$ RSPP
00000000699C 00000040759C 0 kernel32.dll
0000000069AC 0000004075AC 0 WaitForSingleObject
0000000069C0 0000004075C0 0 CloseHandle
0000000069CC 0000004075CC 0 ExitProcess
0000000069D8 0000004075D8 0 DeleteFileA
0000000069E4 0000004075E4 0 mu.exe
0000000069F4 0000004075F4 0 getProcessEntry
000000006A0C 00000040760C 0 OpenProcess
000000006AD0 0000004076D0 0 \lsass.exe
000000006AE4 0000004076E4 0 OpenSCManager
000000006AF4 0000004076F4 0 ProtectedStorage
000000006B08 000000407708 0 Protected Storage
000000006B1C 00000040771C 0 RemoteValidation
000000006B38 000000407738 0 ChangeServiceConfig
000000006B4C 00000040774C 0 SVWUQ
000000006C5C 00000040785C 0 DZX|@3
000000006C94 000000407894 0 <0u AG
000000006CDC 0000004078DC 0 SeShutdownPrivilege
000000006CFC 0000004078FC 0 InitiateSystemShutdown
000000006E0C 000000407A0C 0 t Unlock DISPENSER
000000006E2C 000000407A2C 0 t Lock DISPENSER
000000006F40 000000407B40 0 TimeOut EPP4_DISABLE_KEYBOARD_READ complete
000000006F6C 000000407B6C 0 DbdDevExecute(EPP4_DISABLE_KEYBOARD_READ)
0000000070F0 000000407CF0 0 %.2X%.2X
0000000070FC 000000407CFC 0 Request Code: %.6d
00000000710F 000000407D0F 0 Enter Responce
000000007120 000000407D20 0 Autorization
000000007130 000000407D30 0 1..4 - dispense cassete
000000007148 000000407D48 0 9 - Uninstall
File pos Mem pos ID Text
======== ======= == ====
000000007156 000000407D56 0 0 - Exit
000000007160 000000407D60 0 Enter Command
00000000736C 000000407F6C 0 Diebold:OGuiFrame
000000007380 000000407F80 0 Enter Password
000000007394 000000407F94 0 STATIC
0000000073A4 000000407FA4 0 Supply Manager
0000000073B4 000000407FB4 0 Pripnt
0000000073BC 000000407FBC 0 View All Counts
000000007714 000000408314 0 Ph8_@
0000000079E4 0000004085E4 0 DBDDEV_LOCK(CRW)
0000000079F8 0000004085F8 0 DbdDevExecute(MCRW_ACCEPT_INSERTION)
000000007A20 000000408620 0 MCRW_ACCEPT_INSERTION
000000007A38 000000408638 0 DbdDevExecute(MCRW_POWERON)
000000007AFD 0000004086FD 0 ;C&v=
0000000086CD 0000004092CD 0 t find KEY C
000000008974 000000409574 0 DbdDevExecute(MCRW_POWERON)
000000008B78 000000409778 0 SOFTWARE\Diebold\Agilis 91x Core
000000008B9C 00000040979C 0 SOFTWARE\Diebold\Agilis 91x
000000008BB8 0000004097B8 0 Product Version
000000008BCC 0000004097CC 0 version
000000008BE0 0000004097E0 0 RegQueryValue
000000008C00 000000409800 0 Agilis %s
000000008C11 000000409811 0 Agent %s
000000008C21 000000409821 0 Transactions %d
000000008C32 000000409832 0 Cards %d
000000008C46 000000409846 0 KEYs %d
000000008DC1 0000004099C1 0 <;=t GJu
000000008DF4 0000004099F4 0 |ZX~x3
000000009237 000000409E37 0 aE;l$
0000000092A3 000000409EA3 0 $E;l$
000000009638 00000040A238 0 PSTATPL
000000009640 00000040A240 0 IAMJZPL
000000009660 00000040A260 0 BALANCE:
000000009675 00000040A275 0 RURSV
000000009705 00000040A305 0 8TCS,t
000000009710 00000040A310 0 8HST,u0
000000009AB4 00000040A6B4 0 kernel32.dll
000000009AC4 00000040A6C4 0 GetModuleHandleA
000000009AD8 00000040A6D8 0 GetProcAddress
000000009AE8 00000040A6E8 0 LoadLibraryA
000000009AF8 00000040A6F8 0 Sleep
000000009B00 00000040A700 0 VirtualProtect
000000009B10 00000040A710 0 DbdDevAPI.dll
000000009B21 00000040A721 0 DbdDevRegisterCallback
000000009B39 00000040A739 0 DbdDevLock
000000009C50 00000040A850 0 \trl2
000000009C60 00000040A860 0 mu.exe
000000009C68 00000040A868 0 sharedq.dll
000000009C7C 00000040A87C 0 LoadLibrary(sharedq.dll)
000000009C98 00000040A898 0 SQReceiveFromServer
000000009CB4 00000040A8B4 0 GetProcAddress(SQReceiveFromServer)
000000009D40 00000040A940 0 ProtectedStorage
000000009DD5 00000040A9D5 0 33333
000000009DF7 00000040A9F7 0 UUUU3
000000009F49 00000040AB49 0 VWUSQ
000000009F91 00000040AB91 0 33333
000000009FB3 00000040ABB3 0 UUUU3
00000000A067 00000040AC67 0 UUUU3
00000000A0C5 00000040ACC5 0 VWUSQ
00000000A17C 00000040AD7C 0 UUUU3
File pos Mem pos ID Text
======== ======= == ====
00000000A2AC 00000040AEAC 0 StartServiceCtrlDispatcher
00000000A44C 00000040B04C 0 Error
00000000A454 00000040B054 0 Runtime error at 00000000
00000000A474 00000040B074 0 0123456789ABCDEF
00000000A4A0 00000040B0A0 0 1AY&SX
00000000A4E4 00000040B0E4 0 mu.exe
00000000A4F8 00000040B0F8 0 SpiService.exe
00000000A650 00000040B250 0 <4,$?7/'
00000000A696 00000040B296 0 !"#$%&'()*+,-./012345678
00000000A6E1 00000040B2E1 0 (3-!0
00000000A6E8 00000040B2E8 0 ,1'8"5
00000000AB30 00000040E330 0 kernel32.dll
00000000AB40 00000040E340 0 DeleteCriticalSection
00000000AB58 00000040E358 0 LeaveCriticalSection
00000000AB70 00000040E370 0 EnterCriticalSection
00000000AB88 00000040E388 0 InitializeCriticalSection
00000000ABA4 00000040E3A4 0 VirtualFree
00000000ABB2 00000040E3B2 0 VirtualAlloc
00000000ABC2 00000040E3C2 0 LocalFree
00000000ABCE 00000040E3CE 0 LocalAlloc
00000000ABDC 00000040E3DC 0 GetVersion
00000000ABEA 00000040E3EA 0 GetCurrentThreadId
00000000AC00 00000040E400 0 GetThreadLocale
00000000AC12 00000040E412 0 GetStartupInfoA
00000000AC24 00000040E424 0 GetLocaleInfoA
00000000AC36 00000040E436 0 GetCommandLineA
00000000AC48 00000040E448 0 FreeLibrary
00000000AC56 00000040E456 0 ExitProcess
00000000AC64 00000040E464 0 CreateThread
00000000AC74 00000040E474 0 WriteFile
00000000AC80 00000040E480 0 UnhandledExceptionFilter
00000000AC9C 00000040E49C 0 RtlUnwind
00000000ACA8 00000040E4A8 0 RaiseException
00000000ACBA 00000040E4BA 0 GetStdHandle
00000000ACC8 00000040E4C8 0 user32.dll
00000000ACD6 00000040E4D6 0 GetKeyboardType
00000000ACE8 00000040E4E8 0 MessageBoxA
00000000ACF4 00000040E4F4 0 advapi32.dll
00000000AD04 00000040E504 0 RegQueryValueExA
00000000AD18 00000040E518 0 RegOpenKeyExA
00000000AD28 00000040E528 0 RegCloseKey
00000000AD34 00000040E534 0 kernel32.dll
00000000AD44 00000040E544 0 TlsSetValue
00000000AD52 00000040E552 0 TlsGetValue
00000000AD60 00000040E560 0 LocalAlloc
00000000AD6E 00000040E56E 0 GetModuleHandleA
00000000AD80 00000040E580 0 advapi32.dll
00000000AD90 00000040E590 0 RegQueryValueExA
00000000ADA4 00000040E5A4 0 RegOpenKeyExA
00000000ADB4 00000040E5B4 0 RegCloseKey
00000000ADC2 00000040E5C2 0 OpenProcessToken
00000000ADD6 00000040E5D6 0 LookupPrivilegeValueA
00000000ADEE 00000040E5EE 0 InitiateSystemShutdownA
00000000AE08 00000040E608 0 AdjustTokenPrivileges
00000000AE1E 00000040E61E 0 kernel32.dll
00000000AE2E 00000040E62E 0 lstrlenA
00000000AE3A 00000040E63A 0 lstrcpynA
00000000AE46 00000040E646 0 lstrcpyA
00000000AE52 00000040E652 0 lstrcmpiA
00000000AE5E 00000040E65E 0 lstrcmpA
File pos Mem pos ID Text
======== ======= == ====
00000000AE6A 00000040E66A 0 lstrcatA
00000000AE76 00000040E676 0 WriteProcessMemory
00000000AE8C 00000040E68C 0 WriteFile
00000000AE98 00000040E698 0 WaitForSingleObjectEx
00000000AEB0 00000040E6B0 0 WaitForSingleObject
00000000AEC6 00000040E6C6 0 VirtualFreeEx
00000000AED6 00000040E6D6 0 VirtualAllocEx
00000000AEE8 00000040E6E8 0 TerminateThread
00000000AEFA 00000040E6FA 0 SleepEx
00000000AF04 00000040E704 0 Sleep
00000000AF0C 00000040E70C 0 SetFilePointer
00000000AF1E 00000040E71E 0 SetEvent
00000000AF2A 00000040E72A 0 ReadFile
00000000AF36 00000040E736 0 OpenProcess
00000000AF44 00000040E744 0 LocalUnlock
00000000AF52 00000040E752 0 LocalSize
00000000AF5E 00000040E75E 0 LocalReAlloc
00000000AF6E 00000040E76E 0 LocalLock
00000000AF7A 00000040E77A 0 LocalFree
00000000AF86 00000040E786 0 LocalAlloc
00000000AF94 00000040E794 0 LoadLibraryA
00000000AFA4 00000040E7A4 0 GetWindowsDirectoryA
00000000AFBC 00000040E7BC 0 GetTickCount
00000000AFCC 00000040E7CC 0 GetTempFileNameA
00000000AFE0 00000040E7E0 0 GetSystemTimeAsFileTime
00000000AFFA 00000040E7FA 0 GetSystemDirectoryA
00000000B010 00000040E810 0 GetProcAddress
00000000B022 00000040E822 0 GetModuleHandleA
00000000B036 00000040E836 0 GetModuleFileNameA
00000000B04C 00000040E84C 0 GetLocalTime
00000000B05C 00000040E85C 0 GetLastError
00000000B06C 00000040E86C 0 GetFileSize
00000000B07A 00000040E87A 0 GetExitCodeThread
00000000B08E 00000040E88E 0 GetCurrentProcess
00000000B0A2 00000040E8A2 0 FormatMessageA
00000000B0B4 00000040E8B4 0 FileTimeToSystemTime
00000000B0CC 00000040E8CC 0 FileTimeToLocalFileTime
00000000B0E6 00000040E8E6 0 ExitProcess
00000000B0F4 00000040E8F4 0 DuplicateHandle
00000000B106 00000040E906 0 DeleteFileA
00000000B114 00000040E914 0 CreateThread
00000000B124 00000040E924 0 CreateRemoteThread
00000000B13A 00000040E93A 0 CreateFileA
00000000B148 00000040E948 0 CreateEventA
00000000B158 00000040E958 0 CopyFileA
00000000B164 00000040E964 0 CloseHandle
00000000B170 00000040E970 0 gdi32.dll
00000000B17C 00000040E97C 0 TextOutA
00000000B188 00000040E988 0 GetTextMetricsA
00000000B19A 00000040E99A 0 Escape
00000000B1A4 00000040E9A4 0 EndDoc
00000000B1AE 00000040E9AE 0 DeleteDC
00000000B1BA 00000040E9BA 0 CreateDCA
00000000B1C4 00000040E9C4 0 user32.dll
00000000B1D2 00000040E9D2 0 CreateWindowExA
00000000B1E4 00000040E9E4 0 UnregisterClassA
00000000B1F8 00000040E9F8 0 TranslateMessage
00000000B20C 00000040EA0C 0 SetTimer
00000000B218 00000040EA18 0 SetForegroundWindow
00000000B22E 00000040EA2E 0 SetFocus
File pos Mem pos ID Text
======== ======= == ====
00000000B23A 00000040EA3A 0 SendMessageA
00000000B24A 00000040EA4A 0 RegisterClassA
00000000B25C 00000040EA5C 0 RedrawWindow
00000000B26C 00000040EA6C 0 PostMessageA
00000000B27C 00000040EA7C 0 PeekMessageA
00000000B28C 00000040EA8C 0 LoadIconA
00000000B298 00000040EA98 0 LoadCursorA
00000000B2A6 00000040EAA6 0 GetWindowTextA
00000000B2B8 00000040EAB8 0 GetWindowDC
00000000B2C6 00000040EAC6 0 GetSystemMetrics
00000000B2DA 00000040EADA 0 GetMessageA
00000000B2E8 00000040EAE8 0 GetForegroundWindow
00000000B2FE 00000040EAFE 0 GetDesktopWindow
00000000B312 00000040EB12 0 GetClientRect
00000000B322 00000040EB22 0 FindWindowExA
00000000B332 00000040EB32 0 FindWindowA
00000000B340 00000040EB40 0 DrawTextA
00000000B34C 00000040EB4C 0 DispatchMessageA
00000000B360 00000040EB60 0 DestroyWindow
00000000B370 00000040EB70 0 DefWindowProcA
00000000B382 00000040EB82 0 CharUpperA
00000000B38E 00000040EB8E 0 advapi32.dll
00000000B39E 00000040EB9E 0 StartServiceCtrlDispatcherA
00000000B3BC 00000040EBBC 0 SetServiceStatus
00000000B3D0 00000040EBD0 0 RegisterServiceCtrlHandlerA
00000000B3EE 00000040EBEE 0 OpenServiceA
00000000B3FE 00000040EBFE 0 OpenSCManagerA
00000000B410 00000040EC10 0 CloseServiceHandle
00000000B426 00000040EC26 0 ChangeServiceConfigA
00000000B43C 00000040EC3C 0 winspool.drv
00000000B44C 00000040EC4C 0 EnumPrintersA
00000000B45A 00000040EC5A 0 user32.dll
00000000B468 00000040EC68 0 wsprintfA
00000000B474 00000040EC74 0 GetMonitorInfoA
00000000B486 00000040EC86 0 EnumDisplayMonitors
00000000B80F 00000041100F 0 0"0*020:0B0J0R0Z0b0j0r0z0
00000000B855 000000411055 0 4%515L5
00000000B85D 00000041105D 0 5.7j7
00000000B87D 00000041107D 0 8$8,8>8J8Y8e8m8x8~8
00000000B8A9 0000004110A9 0 9'929S9k9
00000000B8BB 0000004110BB 0 :O:o:
00000000B8CD 0000004110CD 0 <(<3<<<C<R<Y<{<
00000000B8EF 0000004110EF 0 >Z>c>y>
00000000B8FF 0000004110FF 0 ?*?T?]?m?u?{?
00000000B92B 00000041112B 0 0 080D0L0c0r0
00000000B945 000000411145 0 0$1H1f1v1|1
00000000B95D 00000041115D 0 2m2t2
00000000B97F 00000041117F 0 4#4G4g4
00000000B99D 00000041119D 0 8)8?8]8s8
00000000B9B1 0000004111B1 0 9 989F9z9
00000000B9C5 0000004111C5 0 :0:9:k:t:
00000000B9E1 0000004111E1 0 <,=4=?=k=
00000000B9F1 0000004111F1 0 =&>*>0>4>9>@>F>N>Y>h>p>
00000000BA19 000000411219 0 ?#?>?S?]?b?
00000000BA38 000000411238 0 &0/0U0b0x0
00000000BA4B 00000041124B 0 5F5M5_5}5
00000000BA5D 00000041125D 0 6?6K6R6\6f6}6
00000000BA85 000000411285 0 7*7?7P7Z7b7j7r7z7
00000000BAA3 0000004112A3 0 8*868;8@8G8N8X8o8{8
00000000BAD3 0000004112D3 0 9"9*929:9B9J9R9Z9b9j9r9z9
File pos Mem pos ID Text
======== ======= == ====
00000000BB13 000000411313 0 :":*:2:::B:J:R:Z:b:j:r:z:
00000000BB53 000000411353 0 ;";*;2;:;B;J;R;Z;b;j;r;z;
00000000BB97 000000411397 0 =(===J=O=\=a=n=s=
00000000BBCB 0000004113CB 0 >">'>4>9>F>K>X>c>
00000000BBEF 0000004113EF 0 0&030?0L0
00000000BBF9 0000004113F9 0 0f0s0
00000000BC03 000000411403 0 0&1.161>1F1N1s1
00000000BC2F 00000041142F 0 5=5I5
00000000BC3D 00000041143D 0 5(606A6F6r6
00000000BC49 000000411449 0 7*777L7R7
00000000BC61 000000411461 0 8#9Z9
00000000BC67 000000411467 0 9Z:p:
00000000BC6F 00000041146F 0 :9;F;
00000000BC79 000000411479 0 <0<@<M<
00000000BC8F 00000041148F 0 =2=g=
00000000BC97 000000411497 0 =\?o?
00000000BCAF 0000004114AF 0 0i0|0
00000000BCD9 0000004114D9 0 2.3:3D3J3V3[3f3k3p3{3
00000000BD15 000000411515 0 4u5>6x6
00000000BD27 000000411527 0 7+7A7X7n7
00000000BD59 000000411559 0 =%=4=K=c=
00000000BD67 000000411567 0 >#>1>?>M>[>p>
00000000BD75 000000411575 0 >>?D?L?
00000000BD7D 00000041157D 0 ?f?w?
00000000BD9B 00000041159B 0 0+0;0
00000000BDA1 0000004115A1 0 1L1\1
00000000BDC3 0000004115C3 0 2!2)282I3
00000000BDD1 0000004115D1 0 8,9b9
00000000BDE5 0000004115E5 0 ?9?G?p?
00000000BE09 000000411609 0 011?1O1U1
00000000BE31 000000411631 0 4*454
00000000BE45 000000411645 0 525g5
00000000BE4B 00000041164B 0 5)6>6a6r6
00000000BE59 000000411659 0 6W7_7d7s7
00000000BE6B 00000041166B 0 8#8d8
00000000BE77 000000411677 0 9"9,9]9b9
00000000BE9F 00000041169F 0 ;3<M<
00000000BEAD 0000004116AD 0 >#><>t>
00000000BEC4 0000004116C4 0 W0_0p0
00000000BEDD 0000004116DD 0 1&1-151B1O1V1
00000000BEEB 0000004116EB 0 1g1n1
00000000BF07 000000411707 0 3.3>3E3L3
00000000BF19 000000411719 0 4N4m4z4
00000000BF44 000000411744 0 60=0E0K0R0h0m0
00000000BF57 000000411757 0 2E4Q4_4
00000000BF77 000000411777 0 6:6]6o6
00000000BF85 000000411785 0 7W7q8u8y8}8
00000000BFA3 0000004117A3 0 9(9-9A9d9
00000000C05D 00000041185D 0 6#666I6_6w6}6Q7[7
00000000C06F 00000041186F 0 7o7y7~7
00000000C08D 00000041188D 0 8&8/8<8
00000000C099 000000411899 0 9#9)9
00000000C0A1 0000004118A1 0 :;:L:T:l:{:
00000000C0BF 0000004118BF 0 ;(;Y;
00000000C0CD 0000004118CD 0 < < <(<0<8<@<K<
00000000C0E5 0000004118E5 0 =%=+=@=F=L=R=X=c=
00000000C101 000000411901 0 > >$>(>,>0>4>8><>@>D>H>L>P>T>\>g>r>v>{>
00000000C134 000000411934 0 $0(0,0
00000000C5F0 0000004123F0 0 PADDINGXXPADDING
00000000C25E 00000041205E 0 VS_VERSION_INFO
File pos Mem pos ID Text
======== ======= == ====
00000000C2BA 0000004120BA 0 StringFileInfo
00000000C2DE 0000004120DE 0 040904B0
00000000C2F6 0000004120F6 0 CompanyName
00000000C310 000000412110 0 Microsoft Corporation
00000000C342 000000412142 0 FileDescription
00000000C364 000000412164 0 LSA Shell (Export Version)
00000000C3A2 0000004121A2 0 FileVersion
00000000C3BC 0000004121BC 0 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
00000000C416 000000412216 0 InternalName
00000000C430 000000412230 0 lsass.exe
00000000C44A 00000041224A 0 LegalCopyright
00000000C46A 00000041226A 0 Microsoft Corporation. All rights reserved.
00000000C4CA 0000004122CA 0 OriginalFilename
00000000C4EC 0000004122EC 0 lsass.exe
00000000C506 000000412306 0 ProductName
00000000C546 000000412346 0 Operating System
00000000C572 000000412372 0 ProductVersion
00000000C590 000000412390 0 5.1.2600.2180
00000000C5B2 0000004123B2 0 VarFileInfo
00000000C5D2 0000004123D2 0 Translation
000000000050 000000400050 0 This program must be run under Win32
000000000270 000000400270 0 .idata
0000000002C0 0000004002C0 0 .rdata
0000000002E7 0000004002E7 0 P.reloc
00000000030F 00000040030F 0 P.rsrc
000000000594 000000401194 0 SVWUQ
0000000007B5 0000004013B5 0 w;;t$
0000000008C0 0000004014C0 0 SVWUQ
0000000017A5 0000004023A5 0 Uh-$@
000000001B4F 00000040274F 0 ~KxI[)
000000001CA8 0000004028A8 0 SOFTWARE\Borland\Delphi\RTL
000000001CC4 0000004028C4 0 FPUMaskValue
000000001D11 000000402911 0 PPRTj
000000001E8B 000000402A8B 0 YZXtp
000000002002 000000402C02 0 t=HtN
000000002724 000000403324 0 SVWRP
000000002904 000000403504 0 Uh#5@
0000000029D2 0000004035D2 0 Uh*6@
000000003274 000000403E74 0 kernel32.dll
000000003284 000000403E84 0 CreateToolhelp32Snapshot
0000000032A0 000000403EA0 0 Heap32ListFirst
0000000032B0 000000403EB0 0 Heap32ListNext
0000000032C0 000000403EC0 0 Heap32First
0000000032CC 000000403ECC 0 Heap32Next
0000000032D8 000000403ED8 0 Toolhelp32ReadProcessMemory
0000000032F4 000000403EF4 0 Process32First
000000003304 000000403F04 0 Process32Next
000000003314 000000403F14 0 Process32FirstW
000000003324 000000403F24 0 Process32NextW
000000003334 000000403F34 0 Thread32First
000000003344 000000403F44 0 Thread32Next
000000003354 000000403F54 0 Module32First
000000003364 000000403F64 0 Module32Next
000000003374 000000403F74 0 Module32FirstW
000000003384 000000403F84 0 Module32NextW
000000003431 000000404031 0 UhQ@@
0000000034A4 0000004040A4 0 ProtectedStorage
0000000034C0 0000004040C0 0 TES TEDafwhicomm
0000000034D4 0000004040D4 0 C:\Program Files\Diebold\AMI\AMITRACE\AMITrace.txt
000000003508 000000404108 0 C:\windows\EpsStmApi.log\
File pos Mem pos ID Text
======== ======= == ====
000000003588 000000404188 0 %.2d:%.2d:%.2d
0000000035CA 0000004041CA 0 Uh8C@
000000003873 000000404473 0 PhlG@
00000000389C 00000040449C 0 D$xPj
000000003946 000000404546 0 D$HXC@
0000000039E0 0000004045E0 0 D$LPSj
000000003A93 000000404693 0 D$lPj
000000003AA7 0000004046A7 0 jdj{S
000000003B50 000000404750 0 PhxG@
000000003B78 000000404778 0 ATMDialog
000000003B84 000000404784 0 hello
000000003B8C 00000040478C 0 STATIC
000000003BB7 0000004047B7 0 Uh)H@
000000003C38 000000404838 0 Error
000000003DC4 0000004049C4 0 CreateFile
000000003FB4 000000404BB4 0 %s Error code= %d
0000000040A0 000000404CA0 0 (h<N@
0000000040D4 000000404CD4 0 Ph\N@
0000000040EE 000000404CEE 0 ~;h|N@
0000000041CC 000000404DCC 0 Complete
0000000041D8 000000404DD8 0 Lock
0000000041E0 000000404DE0 0 RECEIPT_PRINTER_START_GDI
0000000041FC 000000404DFC 0 RECEIPT_PRINTER_EJECT
000000004214 000000404E14 0 CMD=%d
00000000421C 000000404E1C 0 UNSOLICITED
00000000422C 000000404E2C 0 LOCK_requested
00000000423C 000000404E3C 0 RECEIPT_PRINTER_GDI_FINISHED
00000000425C 000000404E5C 0 ID: %d CmdRes: %d State: %d
00000000427C 000000404E7C 0 DATA:
000000004284 000000404E84 0 %.2X
00000000428C 000000404E8C 0 Entities:
000000004298 000000404E98 0 %d %d 0x%x
0000000042A8 000000404EA8 0 c:\mylog.txt
0000000042D6 000000404ED6 0 Lt Jt
000000004315 000000404F15 0 t -"%
0000000044EC 0000004050EC 0 DbdDevExecute(EPP4_ENCODE_DECODE)
000000004510 000000405110 0 DbdDevExecute(EPP4_ENABLE_KEYBOARD_READ)
00000000453C 00000040513C 0 EPP Complete LOCK
000000004550 000000405150 0 EPP Complete ENCODE_DECODE
000000004630 000000405230 0 DBDDevOpen
00000000463C 00000040523C 0 DbdDevRegisterCallback
000000004654 000000405254 0 DbdDevLock
000000004660 000000405260 0 DbdDevUnregisterCallback
00000000467C 00000040527C 0 DBDDevClose
0000000046F8 0000004052F8 0 DbdDevUnlock
000000004708 000000405308 0 bdDevUnregisterCallback
000000004720 000000405320 0 DBDDevClose
000000004808 000000405408 0 DbdDevAPI.dll
000000004818 000000405418 0 DbdDevOpen
000000004824 000000405424 0 DbdDevClose
000000004830 000000405430 0 DbdDevGetInfo
000000004840 000000405440 0 DbdDevRegisterCallback
000000004858 000000405458 0 DbdDevUnregisterCallback
000000004874 000000405474 0 DbdDevLock
000000004880 000000405480 0 DbdDevUnlock
000000004890 000000405490 0 DbdDevExecute
000000004994 000000405594 0 AMI function don
0000000049A5 0000004055A5 0 t return in 1 sec
000000004BC0 0000004057C0 0 RECEIPT
000000004BC8 0000004057C8 0 WINSPOOL
File pos Mem pos ID Text
======== ======= == ====
000000004BDC 0000004057DC 0 CreateDC
000000004BE8 0000004057E8 0 hello
000000004BF8 0000004057F8 0 escape
000000004C08 000000405808 0 TextOut
000000004C18 000000405818 0 enddoc
000000004D1C 00000040591C 0 OpenProcessToken
000000004D38 000000405938 0 LookupPrivilegeValue
000000004D58 000000405958 0 AdjustTokenPrivileges
000000004EB8 000000405AB8 0 SeDebugPrivilege
000000004ED4 000000405AD4 0 OpenProcess
000000004EE8 000000405AE8 0 GetExitCodeThread
000000004F04 000000405B04 0 VirtualFreeEx
000000005194 000000405D94 0 kernel32.dll
0000000051A4 000000405DA4 0 GetModuleHandleA
0000000051B8 000000405DB8 0 GetProcAddress
0000000051C8 000000405DC8 0 OASYS.dll
0000000051D4 000000405DD4 0 OasPostMessage
0000000051E4 000000405DE4 0 mu.exe
0000000052B0 000000405EB0 0 kernel32.dll
0000000052C0 000000405EC0 0 GetModuleHandleA
0000000052D4 000000405ED4 0 GetProcAddress
0000000052E4 000000405EE4 0 DbdDevAPI.dll
0000000052F4 000000405EF4 0 DbdDevOpen
000000005300 000000405F00 0 DbdDevClose
00000000530C 000000405F0C 0 DbdDevUnlock
00000000531C 000000405F1C 0 DbdDevUnregisterCallback
000000005470 000000406070 0 kernel32.dll
000000005480 000000406080 0 GetModuleHandleA
000000005494 000000406094 0 GetProcAddress
0000000054A4 0000004060A4 0 DbdDevAPI.dll
0000000054B4 0000004060B4 0 DbdDevRegisterCallback
0000000054CC 0000004060CC 0 DbdDevLock
0000000054D8 0000004060D8 0 SVWUQ
00000000564C 00000040624C 0 LocalAlloc
000000005660 000000406260 0 LocalLock
000000005B3D 00000040673D 0 t Find Key A
000000005B59 000000406759 0 t Find Key B
000000005CB4 0000004068B4 0 Uh>i@
000000005F33 000000406B33 0 u7IBF
000000005FC2 000000406BC2 0 I(NBu
0000000063B8 000000406FB8 0 %.2d/%.2d/%.2d %.2d:%.2d
000000006519 000000407119 0 tdHuaj
000000006590 000000407190 0 DbdDevExecute(RECEIPT_PRINTER_START_GDI)
0000000065BC 0000004071BC 0 RECEIPT_PRINTER_START_GDI
0000000065D8 0000004071D8 0 DbdDevExecute(RECEIPT_PRINTER_EJECT)
00000000673C 00000040733C 0 DbdDevExecute(AFD_DISPENCE)
000000006758 000000407358 0 DbdDevExecute(AFD_PRESENT)
000000006774 000000407374 0 DbdDevExecute(AFD_RESTORE)
00000000684C 00000040744C 0 t Unlock PRT
000000006868 000000407468 0 t Lock PRT
000000006949 000000407549 0 T$ RSPP
00000000699C 00000040759C 0 kernel32.dll
0000000069AC 0000004075AC 0 WaitForSingleObject
0000000069C0 0000004075C0 0 CloseHandle
0000000069CC 0000004075CC 0 ExitProcess
0000000069D8 0000004075D8 0 DeleteFileA
0000000069E4 0000004075E4 0 mu.exe
0000000069F4 0000004075F4 0 getProcessEntry
000000006A0C 00000040760C 0 OpenProcess
000000006AD0 0000004076D0 0 \lsass.exe
File pos Mem pos ID Text
======== ======= == ====
000000006AE4 0000004076E4 0 OpenSCManager
000000006AF4 0000004076F4 0 ProtectedStorage
000000006B08 000000407708 0 Protected Storage
000000006B1C 00000040771C 0 RemoteValidation
000000006B38 000000407738 0 ChangeServiceConfig
000000006B4C 00000040774C 0 SVWUQ
000000006C5C 00000040785C 0 DZX|@3
000000006C94 000000407894 0 <0u AG
000000006CDC 0000004078DC 0 SeShutdownPrivilege
000000006CFC 0000004078FC 0 InitiateSystemShutdown
000000006E0C 000000407A0C 0 t Unlock DISPENSER
000000006E2C 000000407A2C 0 t Lock DISPENSER
000000006F40 000000407B40 0 TimeOut EPP4_DISABLE_KEYBOARD_READ complete
000000006F6C 000000407B6C 0 DbdDevExecute(EPP4_DISABLE_KEYBOARD_READ)
0000000070F0 000000407CF0 0 %.2X%.2X
0000000070FC 000000407CFC 0 Request Code: %.6d
00000000710F 000000407D0F 0 Enter Responce
000000007120 000000407D20 0 Autorization
000000007130 000000407D30 0 1..4 - dispense cassete
000000007148 000000407D48 0 9 - Uninstall
000000007156 000000407D56 0 0 - Exit
000000007160 000000407D60 0 Enter Command
00000000736C 000000407F6C 0 Diebold:OGuiFrame
000000007380 000000407F80 0 Enter Password
000000007394 000000407F94 0 STATIC
0000000073A4 000000407FA4 0 Supply Manager
0000000073B4 000000407FB4 0 Pripnt
0000000073BC 000000407FBC 0 View All Counts
000000007714 000000408314 0 Ph8_@
0000000079E4 0000004085E4 0 DBDDEV_LOCK(CRW)
0000000079F8 0000004085F8 0 DbdDevExecute(MCRW_ACCEPT_INSERTION)
000000007A20 000000408620 0 MCRW_ACCEPT_INSERTION
000000007A38 000000408638 0 DbdDevExecute(MCRW_POWERON)
000000007AFD 0000004086FD 0 ;C&v=
0000000086CD 0000004092CD 0 t find KEY C
000000008974 000000409574 0 DbdDevExecute(MCRW_POWERON)
000000008B78 000000409778 0 SOFTWARE\Diebold\Agilis 91x Core
000000008B9C 00000040979C 0 SOFTWARE\Diebold\Agilis 91x
000000008BB8 0000004097B8 0 Product Version
000000008BCC 0000004097CC 0 version
000000008BE0 0000004097E0 0 RegQueryValue
000000008C00 000000409800 0 Agilis %s
000000008C11 000000409811 0 Agent %s
000000008C21 000000409821 0 Transactions %d
000000008C32 000000409832 0 Cards %d
000000008C46 000000409846 0 KEYs %d
000000008DC1 0000004099C1 0 <;=t GJu
000000008DF4 0000004099F4 0 |ZX~x3
000000009237 000000409E37 0 aE;l$
0000000092A3 000000409EA3 0 $E;l$
000000009638 00000040A238 0 PSTATPL
000000009640 00000040A240 0 IAMJZPL
000000009660 00000040A260 0 BALANCE:
000000009675 00000040A275 0 RURSV
000000009705 00000040A305 0 8TCS,t
000000009710 00000040A310 0 8HST,u0
000000009AB4 00000040A6B4 0 kernel32.dll
000000009AC4 00000040A6C4 0 GetModuleHandleA
000000009AD8 00000040A6D8 0 GetProcAddress
000000009AE8 00000040A6E8 0 LoadLibraryA
File pos Mem pos ID Text
======== ======= == ====
000000009AF8 00000040A6F8 0 Sleep
000000009B00 00000040A700 0 VirtualProtect
000000009B10 00000040A710 0 DbdDevAPI.dll
000000009B21 00000040A721 0 DbdDevRegisterCallback
000000009B39 00000040A739 0 DbdDevLock
000000009C50 00000040A850 0 \trl2
000000009C60 00000040A860 0 mu.exe
000000009C68 00000040A868 0 sharedq.dll
000000009C7C 00000040A87C 0 LoadLibrary(sharedq.dll)
000000009C98 00000040A898 0 SQReceiveFromServer
000000009CB4 00000040A8B4 0 GetProcAddress(SQReceiveFromServer)
000000009D40 00000040A940 0 ProtectedStorage
000000009DD5 00000040A9D5 0 33333
000000009DF7 00000040A9F7 0 UUUU3
000000009F49 00000040AB49 0 VWUSQ
000000009F91 00000040AB91 0 33333
000000009FB3 00000040ABB3 0 UUUU3
00000000A067 00000040AC67 0 UUUU3
00000000A0C5 00000040ACC5 0 VWUSQ
00000000A17C 00000040AD7C 0 UUUU3
00000000A2AC 00000040AEAC 0 StartServiceCtrlDispatcher
00000000A44C 00000040B04C 0 Error
00000000A454 00000040B054 0 Runtime error at 00000000
00000000A474 00000040B074 0 0123456789ABCDEF
00000000A4A0 00000040B0A0 0 1AY&SX
00000000A4E4 00000040B0E4 0 mu.exe
00000000A4F8 00000040B0F8 0 SpiService.exe
00000000A650 00000040B250 0 <4,$?7/'
00000000A696 00000040B296 0 !"#$%&'()*+,-./012345678
00000000A6E1 00000040B2E1 0 (3-!0
00000000A6E8 00000040B2E8 0 ,1'8"5
00000000AB30 00000040E330 0 kernel32.dll
00000000AB40 00000040E340 0 DeleteCriticalSection
00000000AB58 00000040E358 0 LeaveCriticalSection
00000000AB70 00000040E370 0 EnterCriticalSection
00000000AB88 00000040E388 0 InitializeCriticalSection
00000000ABA4 00000040E3A4 0 VirtualFree
00000000ABB2 00000040E3B2 0 VirtualAlloc
00000000ABC2 00000040E3C2 0 LocalFree
00000000ABCE 00000040E3CE 0 LocalAlloc
00000000ABDC 00000040E3DC 0 GetVersion
00000000ABEA 00000040E3EA 0 GetCurrentThreadId
00000000AC00 00000040E400 0 GetThreadLocale
00000000AC12 00000040E412 0 GetStartupInfoA
00000000AC24 00000040E424 0 GetLocaleInfoA
00000000AC36 00000040E436 0 GetCommandLineA
00000000AC48 00000040E448 0 FreeLibrary
00000000AC56 00000040E456 0 ExitProcess
00000000AC64 00000040E464 0 CreateThread
00000000AC74 00000040E474 0 WriteFile
00000000AC80 00000040E480 0 UnhandledExceptionFilter
00000000AC9C 00000040E49C 0 RtlUnwind
00000000ACA8 00000040E4A8 0 RaiseException
00000000ACBA 00000040E4BA 0 GetStdHandle
00000000ACC8 00000040E4C8 0 user32.dll
00000000ACD6 00000040E4D6 0 GetKeyboardType
00000000ACE8 00000040E4E8 0 MessageBoxA
00000000ACF4 00000040E4F4 0 advapi32.dll
00000000AD04 00000040E504 0 RegQueryValueExA
00000000AD18 00000040E518 0 RegOpenKeyExA
File pos Mem pos ID Text
======== ======= == ====
00000000AD28 00000040E528 0 RegCloseKey
00000000AD34 00000040E534 0 kernel32.dll
00000000AD44 00000040E544 0 TlsSetValue
00000000AD52 00000040E552 0 TlsGetValue
00000000AD60 00000040E560 0 LocalAlloc
00000000AD6E 00000040E56E 0 GetModuleHandleA
00000000AD80 00000040E580 0 advapi32.dll
00000000AD90 00000040E590 0 RegQueryValueExA
00000000ADA4 00000040E5A4 0 RegOpenKeyExA
00000000ADB4 00000040E5B4 0 RegCloseKey
00000000ADC2 00000040E5C2 0 OpenProcessToken
00000000ADD6 00000040E5D6 0 LookupPrivilegeValueA
00000000ADEE 00000040E5EE 0 InitiateSystemShutdownA
00000000AE08 00000040E608 0 AdjustTokenPrivileges
00000000AE1E 00000040E61E 0 kernel32.dll
00000000AE2E 00000040E62E 0 lstrlenA
00000000AE3A 00000040E63A 0 lstrcpynA
00000000AE46 00000040E646 0 lstrcpyA
00000000AE52 00000040E652 0 lstrcmpiA
00000000AE5E 00000040E65E 0 lstrcmpA
00000000AE6A 00000040E66A 0 lstrcatA
00000000AE76 00000040E676 0 WriteProcessMemory
00000000AE8C 00000040E68C 0 WriteFile
00000000AE98 00000040E698 0 WaitForSingleObjectEx
00000000AEB0 00000040E6B0 0 WaitForSingleObject
00000000AEC6 00000040E6C6 0 VirtualFreeEx
00000000AED6 00000040E6D6 0 VirtualAllocEx
00000000AEE8 00000040E6E8 0 TerminateThread
00000000AEFA 00000040E6FA 0 SleepEx
00000000AF04 00000040E704 0 Sleep
00000000AF0C 00000040E70C 0 SetFilePointer
00000000AF1E 00000040E71E 0 SetEvent
00000000AF2A 00000040E72A 0 ReadFile
00000000AF36 00000040E736 0 OpenProcess
00000000AF44 00000040E744 0 LocalUnlock
00000000AF52 00000040E752 0 LocalSize
00000000AF5E 00000040E75E 0 LocalReAlloc
00000000AF6E 00000040E76E 0 LocalLock
00000000AF7A 00000040E77A 0 LocalFree
00000000AF86 00000040E786 0 LocalAlloc
00000000AF94 00000040E794 0 LoadLibraryA
00000000AFA4 00000040E7A4 0 GetWindowsDirectoryA
00000000AFBC 00000040E7BC 0 GetTickCount
00000000AFCC 00000040E7CC 0 GetTempFileNameA
00000000AFE0 00000040E7E0 0 GetSystemTimeAsFileTime
00000000AFFA 00000040E7FA 0 GetSystemDirectoryA
00000000B010 00000040E810 0 GetProcAddress
00000000B022 00000040E822 0 GetModuleHandleA
00000000B036 00000040E836 0 GetModuleFileNameA
00000000B04C 00000040E84C 0 GetLocalTime
00000000B05C 00000040E85C 0 GetLastError
00000000B06C 00000040E86C 0 GetFileSize
00000000B07A 00000040E87A 0 GetExitCodeThread
00000000B08E 00000040E88E 0 GetCurrentProcess
00000000B0A2 00000040E8A2 0 FormatMessageA
00000000B0B4 00000040E8B4 0 FileTimeToSystemTime
00000000B0CC 00000040E8CC 0 FileTimeToLocalFileTime
00000000B0E6 00000040E8E6 0 ExitProcess
00000000B0F4 00000040E8F4 0 DuplicateHandle
00000000B106 00000040E906 0 DeleteFileA
File pos Mem pos ID Text
======== ======= == ====
00000000B114 00000040E914 0 CreateThread
00000000B124 00000040E924 0 CreateRemoteThread
00000000B13A 00000040E93A 0 CreateFileA
00000000B148 00000040E948 0 CreateEventA
00000000B158 00000040E958 0 CopyFileA
00000000B164 00000040E964 0 CloseHandle
00000000B170 00000040E970 0 gdi32.dll
00000000B17C 00000040E97C 0 TextOutA
00000000B188 00000040E988 0 GetTextMetricsA
00000000B19A 00000040E99A 0 Escape
00000000B1A4 00000040E9A4 0 EndDoc
00000000B1AE 00000040E9AE 0 DeleteDC
00000000B1BA 00000040E9BA 0 CreateDCA
00000000B1C4 00000040E9C4 0 user32.dll
00000000B1D2 00000040E9D2 0 CreateWindowExA
00000000B1E4 00000040E9E4 0 UnregisterClassA
00000000B1F8 00000040E9F8 0 TranslateMessage
00000000B20C 00000040EA0C 0 SetTimer
00000000B218 00000040EA18 0 SetForegroundWindow
00000000B22E 00000040EA2E 0 SetFocus
00000000B23A 00000040EA3A 0 SendMessageA
00000000B24A 00000040EA4A 0 RegisterClassA
00000000B25C 00000040EA5C 0 RedrawWindow
00000000B26C 00000040EA6C 0 PostMessageA
00000000B27C 00000040EA7C 0 PeekMessageA
00000000B28C 00000040EA8C 0 LoadIconA
00000000B298 00000040EA98 0 LoadCursorA
00000000B2A6 00000040EAA6 0 GetWindowTextA
00000000B2B8 00000040EAB8 0 GetWindowDC
00000000B2C6 00000040EAC6 0 GetSystemMetrics
00000000B2DA 00000040EADA 0 GetMessageA
00000000B2E8 00000040EAE8 0 GetForegroundWindow
00000000B2FE 00000040EAFE 0 GetDesktopWindow
00000000B312 00000040EB12 0 GetClientRect
00000000B322 00000040EB22 0 FindWindowExA
00000000B332 00000040EB32 0 FindWindowA
00000000B340 00000040EB40 0 DrawTextA
00000000B34C 00000040EB4C 0 DispatchMessageA
00000000B360 00000040EB60 0 DestroyWindow
00000000B370 00000040EB70 0 DefWindowProcA
00000000B382 00000040EB82 0 CharUpperA
00000000B38E 00000040EB8E 0 advapi32.dll
00000000B39E 00000040EB9E 0 StartServiceCtrlDispatcherA
00000000B3BC 00000040EBBC 0 SetServiceStatus
00000000B3D0 00000040EBD0 0 RegisterServiceCtrlHandlerA
00000000B3EE 00000040EBEE 0 OpenServiceA
00000000B3FE 00000040EBFE 0 OpenSCManagerA
00000000B410 00000040EC10 0 CloseServiceHandle
00000000B426 00000040EC26 0 ChangeServiceConfigA
00000000B43C 00000040EC3C 0 winspool.drv
00000000B44C 00000040EC4C 0 EnumPrintersA
00000000B45A 00000040EC5A 0 user32.dll
00000000B468 00000040EC68 0 wsprintfA
00000000B474 00000040EC74 0 GetMonitorInfoA
00000000B486 00000040EC86 0 EnumDisplayMonitors
00000000B80F 00000041100F 0 0"0*020:0B0J0R0Z0b0j0r0z0
00000000B855 000000411055 0 4%515L5
00000000B85D 00000041105D 0 5.7j7
00000000B87D 00000041107D 0 8$8,8>8J8Y8e8m8x8~8
00000000B8A9 0000004110A9 0 9'929S9k9
File pos Mem pos ID Text
======== ======= == ====
00000000B8BB 0000004110BB 0 :O:o:
00000000B8CD 0000004110CD 0 <(<3<<<C<R<Y<{<
00000000B8EF 0000004110EF 0 >Z>c>y>
00000000B8FF 0000004110FF 0 ?*?T?]?m?u?{?
00000000B92B 00000041112B 0 0 080D0L0c0r0
00000000B945 000000411145 0 0$1H1f1v1|1
00000000B95D 00000041115D 0 2m2t2
00000000B97F 00000041117F 0 4#4G4g4
00000000B99D 00000041119D 0 8)8?8]8s8
00000000B9B1 0000004111B1 0 9 989F9z9
00000000B9C5 0000004111C5 0 :0:9:k:t:
00000000B9E1 0000004111E1 0 <,=4=?=k=
00000000B9F1 0000004111F1 0 =&>*>0>4>9>@>F>N>Y>h>p>
00000000BA19 000000411219 0 ?#?>?S?]?b?
00000000BA38 000000411238 0 &0/0U0b0x0
00000000BA4B 00000041124B 0 5F5M5_5}5
00000000BA5D 00000041125D 0 6?6K6R6\6f6}6
00000000BA85 000000411285 0 7*7?7P7Z7b7j7r7z7
00000000BAA3 0000004112A3 0 8*868;8@8G8N8X8o8{8
00000000BAD3 0000004112D3 0 9"9*929:9B9J9R9Z9b9j9r9z9
00000000BB13 000000411313 0 :":*:2:::B:J:R:Z:b:j:r:z:
00000000BB53 000000411353 0 ;";*;2;:;B;J;R;Z;b;j;r;z;
00000000BB97 000000411397 0 =(===J=O=\=a=n=s=
00000000BBCB 0000004113CB 0 >">'>4>9>F>K>X>c>
00000000BBEF 0000004113EF 0 0&030?0L0
00000000BBF9 0000004113F9 0 0f0s0
00000000BC03 000000411403 0 0&1.161>1F1N1s1
00000000BC2F 00000041142F 0 5=5I5
00000000BC3D 00000041143D 0 5(606A6F6r6
00000000BC49 000000411449 0 7*777L7R7
00000000BC61 000000411461 0 8#9Z9
00000000BC67 000000411467 0 9Z:p:
00000000BC6F 00000041146F 0 :9;F;
00000000BC79 000000411479 0 <0<@<M<
00000000BC8F 00000041148F 0 =2=g=
00000000BC97 000000411497 0 =\?o?
00000000BCAF 0000004114AF 0 0i0|0
00000000BCD9 0000004114D9 0 2.3:3D3J3V3[3f3k3p3{3
00000000BD15 000000411515 0 4u5>6x6
00000000BD27 000000411527 0 7+7A7X7n7
00000000BD59 000000411559 0 =%=4=K=c=
00000000BD67 000000411567 0 >#>1>?>M>[>p>
00000000BD75 000000411575 0 >>?D?L?
00000000BD7D 00000041157D 0 ?f?w?
00000000BD9B 00000041159B 0 0+0;0
00000000BDA1 0000004115A1 0 1L1\1
00000000BDC3 0000004115C3 0 2!2)282I3
00000000BDD1 0000004115D1 0 8,9b9
00000000BDE5 0000004115E5 0 ?9?G?p?
00000000BE09 000000411609 0 011?1O1U1
00000000BE31 000000411631 0 4*454
00000000BE45 000000411645 0 525g5
00000000BE4B 00000041164B 0 5)6>6a6r6
00000000BE59 000000411659 0 6W7_7d7s7
00000000BE6B 00000041166B 0 8#8d8
00000000BE77 000000411677 0 9"9,9]9b9
00000000BE9F 00000041169F 0 ;3<M<
00000000BEAD 0000004116AD 0 >#><>t>
00000000BEC4 0000004116C4 0 W0_0p0
00000000BEDD 0000004116DD 0 1&1-151B1O1V1
File pos Mem pos ID Text
======== ======= == ====
00000000BEEB 0000004116EB 0 1g1n1
00000000BF07 000000411707 0 3.3>3E3L3
00000000BF19 000000411719 0 4N4m4z4
00000000BF44 000000411744 0 60=0E0K0R0h0m0
00000000BF57 000000411757 0 2E4Q4_4
00000000BF77 000000411777 0 6:6]6o6
00000000BF85 000000411785 0 7W7q8u8y8}8
00000000BFA3 0000004117A3 0 9(9-9A9d9
00000000C05D 00000041185D 0 6#666I6_6w6}6Q7[7
00000000C06F 00000041186F 0 7o7y7~7
00000000C08D 00000041188D 0 8&8/8<8
00000000C099 000000411899 0 9#9)9
00000000C0A1 0000004118A1 0 :;:L:T:l:{:
00000000C0BF 0000004118BF 0 ;(;Y;
00000000C0CD 0000004118CD 0 < < <(<0<8<@<K<
00000000C0E5 0000004118E5 0 =%=+=@=F=L=R=X=c=
00000000C101 000000411901 0 > >$>(>,>0>4>8><>@>D>H>L>P>T>\>g>r>v>{>
00000000C134 000000411934 0 $0(0,0
00000000C5F0 0000004123F0 0 PADDINGXXPADDING
00000000C25E 00000041205E 0 VS_VERSION_INFO
00000000C2BA 0000004120BA 0 StringFileInfo
00000000C2DE 0000004120DE 0 040904B0
00000000C2F6 0000004120F6 0 CompanyName
00000000C310 000000412110 0 Microsoft Corporation
00000000C342 000000412142 0 FileDescription
00000000C364 000000412164 0 LSA Shell (Export Version)
00000000C3A2 0000004121A2 0 FileVersion
00000000C3BC 0000004121BC 0 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
00000000C416 000000412216 0 InternalName
00000000C430 000000412230 0 lsass.exe
00000000C44A 00000041224A 0 LegalCopyright
00000000C46A 00000041226A 0 Microsoft Corporation. All rights reserved.
00000000C4CA 0000004122CA 0 OriginalFilename
00000000C4EC 0000004122EC 0 lsass.exe
00000000C506 000000412306 0 ProductName
00000000C546 000000412346 0 Operating System
00000000C572 000000412372 0 ProductVersion
00000000C590 000000412390 0 5.1.2600.2180
00000000C5B2 0000004123B2 0 VarFileInfo
00000000C5D2 0000004123D2 0 Translation