.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV                                                      !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    867991ade335186baa19a227e3a044c8321a6cef96c23c98eef21fe6b87edf6a
 
Date...........: 2019-02-25
Family.........: HelloWorld
File name......: dispenserXFS.exe
File size......: 25.50 KB
Type file......: EXE/Windows
Virscan........: VT - HA
PDB Path found.: C:\_bkittest\dispenser\Release_noToken\dispenserXFS.pdb
Documentation..: https://www.group-ib.com/resources/threat-research/silence_2.0.going_global.pdf
Additional note: Save logs into C:\xfsasdf.txt

Entropy:


Binary Histogram:



=== SCREENSHOT === 



=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 144 0x90 blocks_in_file: 3 3 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 0 0 max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 0 0 reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 240 0xf0 === DOS STUB === 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| === RICH Header === LIB_ID VERSION TIMES_USED 93 5d 4035 fc3 8 8 149 95 30729 7809 7 7 132 84 30729 7809 14 e 1 1 0 0 165 a5 147 93 30729 7809 3 3 131 83 30729 7809 68 44 126 7e 50727 c627 1 1 229 e5 30501 7725 11 b 219 db 21005 520d 1 1 222 de 30501 7725 1 1 === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 5 5 TimeDateStamp: "2019-02-10 18:13:13" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 12.0 SizeOfCode: 12288 0x3000 SizeOfInitializedData: 26624 0x6800 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 5608 0x15e8 BaseOfCode: 4096 0x1000 BaseOfData: 16384 0x4000 ImageBase: 4194304 0x400000 SectionAlignment: 4096 0x1000 FileAlignment: 512 0x200 OperatingSystemVersion: 5.1 ImageVersion: 0.0 SubsystemVersion: 5.1 Reserved1: 0 0 SizeOfImage: 53248 0xd000 SizeOfHeaders: 1024 0x400 CheckSum: 0 0 Subsystem: 2 2 WINDOWS_GUI DllCharacteristics: 33088 0x8140 DYNAMIC_BASE, NX_COMPAT TERMINAL_SERVER_AWARE SizeOfStackReserve: 1048576 0x100000 SizeOfStackCommit: 4096 0x1000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x 4b34 size:0x 78 RESOURCE rva:0x b000 size:0x 1e0 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x c000 size:0x 3d4 DEBUG rva:0x 41a0 size:0x 38 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 0 size:0x 0 LOAD_CONFIG rva:0x 4a20 size:0x 40 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 4000 size:0x 178 Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS .text 1000 2fbe 3000 400 0 0 0 0 60000020 R-X CODE .rdata 4000 1372 1400 3400 0 0 0 0 40000040 R-- IDATA .data 6000 4d48 1800 4800 0 0 0 0 c0000040 RW- IDATA .rsrc b000 1e0 200 6000 0 0 0 0 40000040 R-- IDATA .reloc c000 3d4 400 6200 0 0 0 0 42000040 R-- IDATA DISCARDABLE === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0x6060 0 0x409 381 MANIFEST #1 === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME msvcrt.dll 101 _amsg_exit msvcrt.dll 127 _controlfp msvcrt.dll 37 ?terminate@@YAXXZ msvcrt.dll d2 __set_app_type msvcrt.dll be __p__fmode msvcrt.dll b9 __p__commode msvcrt.dll d4 __setusermatherr msvcrt.dll 1d5 _initterm msvcrt.dll e7 _acmdln msvcrt.dll 48f exit msvcrt.dll 6a _XcptFilter msvcrt.dll 162 _exit msvcrt.dll 114 _cexit msvcrt.dll 91 __getmainargs msvcrt.dll 4ee memset msvcrt.dll 1f4 _ismbblead msvcrt.dll 52d swprintf msvcrt.dll 534 time msvcrt.dll 4b1 fwrite msvcrt.dll 50e srand msvcrt.dll 49d fopen msvcrt.dll 495 fflush msvcrt.dll 526 strstr msvcrt.dll 3c8 _vsnprintf msvcrt.dll 32f _snprintf msvcrt.dll 339 _snwprintf ntdll.dll 352 RtlUnwind ADVAPI32.dll 56 ConvertStringSecurityDescriptorToSecurityDescriptorW ADVAPI32.dll 231 SetSecurityDescriptorDacl ADVAPI32.dll 132 InitializeSecurityDescriptor ADVAPI32.dll 235 SetSecurityDescriptorSacl ADVAPI32.dll 108 GetSecurityDescriptorDacl ADVAPI32.dll 10d GetSecurityDescriptorSacl KERNEL32.dll b6 ExitProcess KERNEL32.dll 13b GetCurrentProcess KERNEL32.dll 1c0 GetSystemTimeAsFileTime KERNEL32.dll 13e GetCurrentThreadId KERNEL32.dll 294 QueryPerformanceCounter KERNEL32.dll 176 GetModuleHandleA KERNEL32.dll 336 SetUnhandledExceptionFilter KERNEL32.dll 35b UnhandledExceptionFilter KERNEL32.dll 34a TerminateProcess KERNEL32.dll 1ae GetStartupInfoA KERNEL32.dll 21b InterlockedCompareExchange KERNEL32.dll 21d InterlockedExchange KERNEL32.dll 1d4 GetTickCount KERNEL32.dll 244 LoadLibraryA KERNEL32.dll 198 GetProcAddress KERNEL32.dll 398 WriteProcessMemory KERNEL32.dll 13c GetCurrentProcessId KERNEL32.dll 91 DuplicateHandle KERNEL32.dll 6f CreateToolhelp32Snapshot KERNEL32.dll 28a Process32NextW KERNEL32.dll 288 Process32FirstW KERNEL32.dll 36f VirtualAllocEx KERNEL32.dll 372 VirtualFreeEx KERNEL32.dll 277 OpenProcess KERNEL32.dll 67 CreateRemoteThread KERNEL32.dll 5d CreateMutexW KERNEL32.dll 96 EnterCriticalSection KERNEL32.dll 243 LeaveCriticalSection KERNEL32.dll 218 InitializeCriticalSection KERNEL32.dll 342 Sleep KERNEL32.dll 276 OpenMutexW KERNEL32.dll 6c CreateThread KERNEL32.dll 24e LocalFree KERNEL32.dll 31 CloseHandle USER32.dll 61 CreateWindowExW USER32.dll a2 DispatchMessageW USER32.dll 8f DefWindowProcW USER32.dll 2bb UpdateWindow USER32.dll 292 ShowWindow USER32.dll 283 SetWindowPos USER32.dll 215 RedrawWindow USER32.dll 60 CreateWindowExA USER32.dll 26c SetRect USER32.dll 1bc LoadIconW USER32.dll 218 RegisterClassExW USER32.dll 2aa TranslateMessage USER32.dll d BeginPaint USER32.dll 256 SetFocus USER32.dll 1ba LoadCursorW USER32.dll bf DrawTextW USER32.dll e2 FillRect USER32.dll 201 PostQuitMessage USER32.dll 13e GetMessageW USER32.dll 99 DestroyWindow USER32.dll c8 EndPaint USER32.dll 240 SendMessageW === Packer / Compiler === MS Visual C++ v8.0
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000000E0 0000004000E0 0 RichS 0000000001E8 0000004001E8 0 .text 000000000210 000000400210 0 .rdata 000000000237 000000400237 0 @.data 000000000260 000000400260 0 .rsrc 000000000287 000000400287 0 @.reloc 00000000041F 00000040101F 0 URPQQh 000000000B4B 00000040174B 0 v N+D$ 000000000B95 000000401795 0 UQPXY]Y[ 00000000102C 000000401C2C 0 ShPB@ 00000000108A 000000401C8A 0 f 000000001159 000000401D59 0 WhPB@ 000000001484 000000402084 0 YYh0u 0000000014D8 0000004020D8 0 TSVWH 000000001762 000000402362 0 VVVVj 0000000017D5 0000004023D5 0 VVVhK)@ 0000000018C5 0000004024C5 0 WWWh]#@ 000000001929 000000402529 0 SVWj@h 000000001B79 000000402779 0 uehDE@ 000000001BA8 0000004027A8 0 u3hlE@ 000000001DF4 0000004029F4 0 uVhDE@ 000000001E1F 000000402A1F 0 u+hlE@ 00000000227C 000000402E7C 0 Ph8F@ 0000000022D5 000000402ED5 0 @f;C. 000000002310 000000402F10 0 PhxF@ 00000000276F 00000040336F 0 @f;C. 0000000027AA 0000004033AA 0 PhxF@ 000000002804 000000403404 0 Wf 0000000028C6 0000004034C6 0 Xh G@ 000000003014 000000403C14 0 f;B.s 000000003032 000000403C32 0 Cf;Z.r 0000000030AA 000000403CAA 0 PhHH@ 0000000030C2 000000403CC2 0 PhlH@ 0000000031DC 000000403DDC 0 QQSVW 000000003212 000000403E12 0 YWSVh 000000003246 000000403E46 0 YWSVh 00000000327A 000000403E7A 0 YWSVh 0000000032AE 000000403EAE 0 YWSVh 0000000032E2 000000403EE2 0 YWSVh 000000003330 000000403F30 0 YWSVh 000000003605 000000404205 0 ('8PW 00000000360E 00000040420E 0 700PP 000000003629 000000404229 0 xppwpp 00000000363C 00000040423C 0 Getting billcount. 000000003650 000000404250 0 maxbill = %d 000000003660 000000404260 0 GettingCDMStatus. 000000003674 000000404274 0 Getting CashUnitStatus. 00000000368C 00000040428C 0 User left, cleaning up. 0000000036A4 0000004042A4 0 Error locking XFS 0000000036B8 0000004042B8 0 Resetting CDM. 0000000036C8 0000004042C8 0 %d:[%d] 0000000036D8 0000004042D8 0 Error dispensing 0x%08X 0000000036F0 0000004042F0 0 No denominations found 000000003708 000000404308 0 %d... 000000003710 000000404310 0 No msxfs installed... 000000003728 000000404328 0 Waiting for freeze msxfs processes... 000000003750 000000404350 0 Starting WFSManager... 000000003768 000000404368 0 Connecting... 000000003778 000000404378 0 nxcdm File pos Mem pos ID Text ======== ======= == ==== 000000003780 000000404380 0 Connected. Version: wfs:%d.%d, srvc:%d.%d, spi:%d.%d 0000000037B8 0000004043B8 0 Unknown version %d 0000000037CC 0000004043CC 0 Disconnecting... 0000000037E0 0000004043E0 0 Error connecting: %p 0000000037F8 0000004043F8 0 Error starting WFS: %p 00000000382C 00000040442C 0 C:\xfsasdf.txt 00000000383C 00000040443C 0 --exchange 000000003848 000000404448 0 Injected mxsfs killer into %d. 000000003888 000000404488 0 msxfs.dll 000000003944 000000404544 0 kernel32.dll 000000003954 000000404554 0 EnumProcessModulesEx 00000000396C 00000040456C 0 psapi.dll 000000003978 000000404578 0 GetModuleFileNameExA 000000003990 000000404590 0 Error getting maxbill: %p 0000000039AC 0000004045AC 0 state=%d, safedoor=%d, dispenser=%d, stacker=%d 0000000039E0 0000004045E0 0 pos=%d, OutputPosition=%d, shutter=%d, transport=%d 000000003A18 000000404618 0 Error getting cdm status: 0x%p. 000000003A38 000000404638 0 Id:%s(nr=%d)(l=%d,h=%d), %d|%d|%d of %d [%s][%d][%d],[%d][%d] 000000003A78 000000404678 0 Error getting bill status: 0x%p. 000000003A9C 00000040469C 0 chosen %d | %d 000000003AAC 0000004046AC 0 pos=%d, status=%d, shutter=%d, transport=%d, status=%d 000000003AE4 0000004046E4 0 Id:%s(nr=%d)(l=%d,h=%d), %d|%d|%d of %d [%s][%d][%d],[%d] 000000003B20 000000404720 0 Exchanging cashunits 000000003B64 000000404764 0 USD A 000000003B6C 00000040476C 0 USD B 000000003B74 000000404774 0 USD C 000000003B7C 00000040477C 0 USD D 000000003B84 000000404784 0 Exchanged units 000000003B94 000000404794 0 Error ending exchange 0x%08X 000000003BB4 0000004047B4 0 Exchanged units to null 000000003BCC 0000004047CC 0 Error starting exchange 0x%08X 000000003BEC 0000004047EC 0 Getting cashunit infos 000000003C04 000000404804 0 Changing cashunit infos 000000003C1C 00000040481C 0 Setting cashunit infos 000000003C34 000000404834 0 Set cashunit infos 000000003C48 000000404848 0 Error setting cashunit info: 0x%p. 000000003C6C 00000040486C 0 Error getting cashunit info: 0x%p. 000000003C90 000000404890 0 WFSExecute 000000003C9C 00000040489C 0 WFSGetInfo 000000003CA8 0000004048A8 0 WFSOpen 000000003CB0 0000004048B0 0 WFSClose 000000003CBC 0000004048BC 0 WFSFreeResult 000000003CCC 0000004048CC 0 WFSStartUp 000000003CD8 0000004048D8 0 WFSCleanUp 000000003CE4 0000004048E4 0 WFSLock 000000003CEC 0000004048EC 0 WFSUnlock 000000003CF8 0000004048F8 0 Trying Nautilus. 000000003D0C 00000040490C 0 CashDispenser 000000003D1C 00000040491C 0 Connected Nautilus. 000000003D30 000000404930 0 Trying Nautilus2. 000000003D44 000000404944 0 NXCdm 000000003D4C 00000040494C 0 Connected Nautilus2. 000000003D64 000000404964 0 Trying Diabold. 000000003D74 000000404974 0 DBD_AdvFuncDisp 000000003D84 000000404984 0 Connected Diabold. 000000003D98 000000404998 0 Trying NCR. 000000003DA4 0000004049A4 0 CurrencyDispenser1 000000003DB8 0000004049B8 0 Connected NCR. 000000003DC8 0000004049C8 0 Trying WINCOR. 000000003DD8 0000004049D8 0 CDM30 File pos Mem pos ID Text ======== ======= == ==== 000000003DE0 0000004049E0 0 Connected WINCOR. 000000003DF4 0000004049F4 0 Trying GENERIC. 000000003E08 000000404A08 0 Connected GENERIC. 000000003E6D 000000404A6D 0 N~+G 000000003E80 000000404A80 0 C:\_bkittest\dispenser\Release_noToken\dispenserXFS.pdb 000000004126 000000404D26 0 _snwprintf 000000004134 000000404D34 0 _snprintf 000000004140 000000404D40 0 _vsnprintf 00000000414E 000000404D4E 0 strstr 000000004158 000000404D58 0 fflush 000000004162 000000404D62 0 fopen 00000000416A 000000404D6A 0 srand 000000004172 000000404D72 0 fwrite 000000004184 000000404D84 0 swprintf 00000000418E 000000404D8E 0 msvcrt.dll 00000000419C 000000404D9C 0 _ismbblead 0000000041AA 000000404DAA 0 memset 0000000041B4 000000404DB4 0 __getmainargs 0000000041C4 000000404DC4 0 _cexit 0000000041CE 000000404DCE 0 _exit 0000000041D6 000000404DD6 0 _XcptFilter 0000000041EC 000000404DEC 0 _acmdln 0000000041F6 000000404DF6 0 _initterm 000000004202 000000404E02 0 _amsg_exit 000000004210 000000404E10 0 __setusermatherr 000000004224 000000404E24 0 __p__commode 000000004234 000000404E34 0 __p__fmode 000000004242 000000404E42 0 __set_app_type 000000004254 000000404E54 0 ?terminate@@YAXXZ 000000004268 000000404E68 0 _controlfp 000000004276 000000404E76 0 RtlUnwind 000000004280 000000404E80 0 ntdll.dll 00000000428C 000000404E8C 0 InitializeSecurityDescriptor 0000000042AC 000000404EAC 0 SetSecurityDescriptorDacl 0000000042C8 000000404EC8 0 ConvertStringSecurityDescriptorToSecurityDescriptorW 000000004300 000000404F00 0 GetSecurityDescriptorSacl 00000000431C 000000404F1C 0 SetSecurityDescriptorSacl 000000004338 000000404F38 0 GetSecurityDescriptorDacl 000000004352 000000404F52 0 ADVAPI32.dll 000000004362 000000404F62 0 GetCurrentProcess 000000004376 000000404F76 0 CloseHandle 000000004384 000000404F84 0 LocalFree 000000004390 000000404F90 0 CreateThread 0000000043A0 000000404FA0 0 ExitProcess 0000000043AE 000000404FAE 0 Sleep 0000000043B6 000000404FB6 0 InitializeCriticalSection 0000000043D2 000000404FD2 0 LeaveCriticalSection 0000000043EA 000000404FEA 0 EnterCriticalSection 000000004402 000000405002 0 CreateMutexW 000000004412 000000405012 0 CreateRemoteThread 000000004428 000000405028 0 OpenProcess 000000004436 000000405036 0 VirtualFreeEx 000000004446 000000405046 0 OpenMutexW 000000004454 000000405054 0 VirtualAllocEx 000000004466 000000405066 0 Process32FirstW 000000004478 000000405078 0 Process32NextW 00000000448A 00000040508A 0 CreateToolhelp32Snapshot 0000000044A6 0000004050A6 0 DuplicateHandle 0000000044B8 0000004050B8 0 GetCurrentProcessId 0000000044CE 0000004050CE 0 WriteProcessMemory File pos Mem pos ID Text ======== ======= == ==== 0000000044E4 0000004050E4 0 GetProcAddress 0000000044F6 0000004050F6 0 LoadLibraryA 000000004506 000000405106 0 GetTickCount 000000004516 000000405116 0 InterlockedExchange 00000000452C 00000040512C 0 InterlockedCompareExchange 00000000454A 00000040514A 0 GetStartupInfoA 00000000455C 00000040515C 0 TerminateProcess 000000004570 000000405170 0 UnhandledExceptionFilter 00000000458C 00000040518C 0 SetUnhandledExceptionFilter 0000000045AA 0000004051AA 0 GetModuleHandleA 0000000045BE 0000004051BE 0 QueryPerformanceCounter 0000000045D8 0000004051D8 0 GetCurrentThreadId 0000000045EE 0000004051EE 0 GetSystemTimeAsFileTime 000000004606 000000405206 0 KERNEL32.dll 000000004616 000000405216 0 DispatchMessageW 00000000462A 00000040522A 0 DefWindowProcW 00000000463C 00000040523C 0 UpdateWindow 00000000464C 00000040524C 0 SendMessageW 00000000465C 00000040525C 0 CreateWindowExW 00000000466E 00000040526E 0 ShowWindow 00000000467C 00000040527C 0 SetWindowPos 00000000468C 00000040528C 0 RedrawWindow 00000000469C 00000040529C 0 CreateWindowExA 0000000046AE 0000004052AE 0 SetRect 0000000046B8 0000004052B8 0 LoadIconW 0000000046C4 0000004052C4 0 RegisterClassExW 0000000046D8 0000004052D8 0 TranslateMessage 0000000046EC 0000004052EC 0 BeginPaint 0000000046FA 0000004052FA 0 SetFocus 000000004706 000000405306 0 LoadCursorW 000000004714 000000405314 0 DrawTextW 000000004720 000000405320 0 FillRect 00000000472C 00000040532C 0 PostQuitMessage 00000000473E 00000040533E 0 GetMessageW 00000000474C 00000040534C 0 DestroyWindow 00000000475C 00000040535C 0 EndPaint 000000004766 000000405366 0 USER32.dll 000000004A4E 00000040624E 0 z?aUY 000000004A90 000000406290 0 zc%C1 000000004AE3 0000004062E3 0 -64OS 000000006060 00000040B060 0 <?xml version='1.0' encoding='UTF-8' standalone='yes'?> 000000006099 00000040B099 0 <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> 0000000060E4 00000040B0E4 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> 00000000611C 00000040B11C 0 <security> 00000000612C 00000040B12C 0 <requestedPrivileges> 000000006149 00000040B149 0 <requestedExecutionLevel level='asInvoker' uiAccess='false' /> 000000006191 00000040B191 0 </requestedPrivileges> 0000000061AF 00000040B1AF 0 </security> 0000000061C0 00000040B1C0 0 </trustInfo> 0000000061D0 00000040B1D0 0 </assembly> 000000006209 00000040C009 0 0%010=1X2 000000006219 00000040C019 0 3"3'3,31363<3D3L3c3 000000006247 00000040C047 0 4 4(4>4C4 000000006263 00000040C063 0 4 505;5A5 00000000628D 00000040C08D 0 6#6*61686?6F6M6U6]6e6q6z6 0000000062BD 00000040C0BD 0 778E8 0000000062CB 00000040C0CB 0 9_9d9~9 0000000062D5 00000040C0D5 0 9,:O:\:h:p:x: 0000000062F9 00000040C0F9 0 <.<8<L< 000000006307 00000040C107 0 <'=4=F=[=h=|= File pos Mem pos ID Text ======== ======= == ==== 000000006317 00000040C117 0 ==>k> 00000000632D 00000040C12D 0 ?%?/?H?X? 000000006343 00000040C143 0 0 0A0M0]0e0r0{0 000000006363 00000040C163 0 101K1Y1 00000000637F 00000040C17F 0 2,2P2 00000000639B 00000040C19B 0 30363A3R3X3j3p3{3 0000000063CB 00000040C1CB 0 4)4F4U4k4 0000000063F3 00000040C1F3 0 5C5S5[5|5 00000000640D 00000040C20D 0 6W6b6i6z6 000000006421 00000040C221 0 7P7|7 00000000643D 00000040C23D 0 7A8\8p8 000000006455 00000040C255 0 9)9X9d9j9~9 000000006477 00000040C277 0 :":(:1:8:=:D:~: 000000006497 00000040C297 0 =d=l= 0000000064BF 00000040C2BF 0 2 2W2 0000000064CD 00000040C2CD 0 3I4a4 0000000064E1 00000040C2E1 0 6%7.9 0000000064E7 00000040C2E7 0 9,:L:l: 0000000064F3 00000040C2F3 0 ;&;.;>;Z;c;t;|; 00000000652B 00000040C32B 0 ="=(=-=4=:=?=F=L=Q=X= 000000006541 00000040C341 0 =c=j=p=u=|= 000000006565 00000040C365 0 >#>*>0>=>W> 000000006571 00000040C371 0 >d>q> 00000000658F 00000040C38F 0 ?'?A?H?N?]?v? 0000000065CF 00000040C3CF 0 ;,;0; 000000003868 000000404468 0 Global\%08X%08X 000000003898 000000404498 0 S:(ML;;NW;;;LW)D:(A;;0x1FFFFF;;;WD)(A;;0x1FFFFF;;;S-1-15-2-1) 000000003914 000000404514 0 D:(A;;0x1FFFFF;;;WD) 000000004B20 000000406320 0 NO_TOKEN 000000004B34 000000406334 0 win32app 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000000E0 0000004000E0 0 RichS 0000000001E8 0000004001E8 0 .text 000000000210 000000400210 0 .rdata 000000000237 000000400237 0 @.data 000000000260 000000400260 0 .rsrc 000000000287 000000400287 0 @.reloc 00000000041F 00000040101F 0 URPQQh 000000000B4B 00000040174B 0 v N+D$ 000000000B95 000000401795 0 UQPXY]Y[ 00000000102C 000000401C2C 0 ShPB@ 00000000108A 000000401C8A 0 f 000000001159 000000401D59 0 WhPB@ 000000001484 000000402084 0 YYh0u 0000000014D8 0000004020D8 0 TSVWH 000000001762 000000402362 0 VVVVj 0000000017D5 0000004023D5 0 VVVhK)@ 0000000018C5 0000004024C5 0 WWWh]#@ 000000001929 000000402529 0 SVWj@h 000000001B79 000000402779 0 uehDE@ 000000001BA8 0000004027A8 0 u3hlE@ 000000001DF4 0000004029F4 0 uVhDE@ 000000001E1F 000000402A1F 0 u+hlE@ 00000000227C 000000402E7C 0 Ph8F@ 0000000022D5 000000402ED5 0 @f;C. 000000002310 000000402F10 0 PhxF@ 00000000276F 00000040336F 0 @f;C. 0000000027AA 0000004033AA 0 PhxF@ 000000002804 000000403404 0 Wf 0000000028C6 0000004034C6 0 Xh G@ File pos Mem pos ID Text ======== ======= == ==== 000000003014 000000403C14 0 f;B.s 000000003032 000000403C32 0 Cf;Z.r 0000000030AA 000000403CAA 0 PhHH@ 0000000030C2 000000403CC2 0 PhlH@ 0000000031DC 000000403DDC 0 QQSVW 000000003212 000000403E12 0 YWSVh 000000003246 000000403E46 0 YWSVh 00000000327A 000000403E7A 0 YWSVh 0000000032AE 000000403EAE 0 YWSVh 0000000032E2 000000403EE2 0 YWSVh 000000003330 000000403F30 0 YWSVh 000000003605 000000404205 0 ('8PW 00000000360E 00000040420E 0 700PP 000000003629 000000404229 0 xppwpp 00000000363C 00000040423C 0 Getting billcount. 000000003650 000000404250 0 maxbill = %d 000000003660 000000404260 0 GettingCDMStatus. 000000003674 000000404274 0 Getting CashUnitStatus. 00000000368C 00000040428C 0 User left, cleaning up. 0000000036A4 0000004042A4 0 Error locking XFS 0000000036B8 0000004042B8 0 Resetting CDM. 0000000036C8 0000004042C8 0 %d:[%d] 0000000036D8 0000004042D8 0 Error dispensing 0x%08X 0000000036F0 0000004042F0 0 No denominations found 000000003708 000000404308 0 %d... 000000003710 000000404310 0 No msxfs installed... 000000003728 000000404328 0 Waiting for freeze msxfs processes... 000000003750 000000404350 0 Starting WFSManager... 000000003768 000000404368 0 Connecting... 000000003778 000000404378 0 nxcdm 000000003780 000000404380 0 Connected. Version: wfs:%d.%d, srvc:%d.%d, spi:%d.%d 0000000037B8 0000004043B8 0 Unknown version %d 0000000037CC 0000004043CC 0 Disconnecting... 0000000037E0 0000004043E0 0 Error connecting: %p 0000000037F8 0000004043F8 0 Error starting WFS: %p 00000000382C 00000040442C 0 C:\xfsasdf.txt 00000000383C 00000040443C 0 --exchange 000000003848 000000404448 0 Injected mxsfs killer into %d. 000000003888 000000404488 0 msxfs.dll 000000003944 000000404544 0 kernel32.dll 000000003954 000000404554 0 EnumProcessModulesEx 00000000396C 00000040456C 0 psapi.dll 000000003978 000000404578 0 GetModuleFileNameExA 000000003990 000000404590 0 Error getting maxbill: %p 0000000039AC 0000004045AC 0 state=%d, safedoor=%d, dispenser=%d, stacker=%d 0000000039E0 0000004045E0 0 pos=%d, OutputPosition=%d, shutter=%d, transport=%d 000000003A18 000000404618 0 Error getting cdm status: 0x%p. 000000003A38 000000404638 0 Id:%s(nr=%d)(l=%d,h=%d), %d|%d|%d of %d [%s][%d][%d],[%d][%d] 000000003A78 000000404678 0 Error getting bill status: 0x%p. 000000003A9C 00000040469C 0 chosen %d | %d 000000003AAC 0000004046AC 0 pos=%d, status=%d, shutter=%d, transport=%d, status=%d 000000003AE4 0000004046E4 0 Id:%s(nr=%d)(l=%d,h=%d), %d|%d|%d of %d [%s][%d][%d],[%d] 000000003B20 000000404720 0 Exchanging cashunits 000000003B64 000000404764 0 USD A 000000003B6C 00000040476C 0 USD B 000000003B74 000000404774 0 USD C 000000003B7C 00000040477C 0 USD D 000000003B84 000000404784 0 Exchanged units 000000003B94 000000404794 0 Error ending exchange 0x%08X 000000003BB4 0000004047B4 0 Exchanged units to null File pos Mem pos ID Text ======== ======= == ==== 000000003BCC 0000004047CC 0 Error starting exchange 0x%08X 000000003BEC 0000004047EC 0 Getting cashunit infos 000000003C04 000000404804 0 Changing cashunit infos 000000003C1C 00000040481C 0 Setting cashunit infos 000000003C34 000000404834 0 Set cashunit infos 000000003C48 000000404848 0 Error setting cashunit info: 0x%p. 000000003C6C 00000040486C 0 Error getting cashunit info: 0x%p. 000000003C90 000000404890 0 WFSExecute 000000003C9C 00000040489C 0 WFSGetInfo 000000003CA8 0000004048A8 0 WFSOpen 000000003CB0 0000004048B0 0 WFSClose 000000003CBC 0000004048BC 0 WFSFreeResult 000000003CCC 0000004048CC 0 WFSStartUp 000000003CD8 0000004048D8 0 WFSCleanUp 000000003CE4 0000004048E4 0 WFSLock 000000003CEC 0000004048EC 0 WFSUnlock 000000003CF8 0000004048F8 0 Trying Nautilus. 000000003D0C 00000040490C 0 CashDispenser 000000003D1C 00000040491C 0 Connected Nautilus. 000000003D30 000000404930 0 Trying Nautilus2. 000000003D44 000000404944 0 NXCdm 000000003D4C 00000040494C 0 Connected Nautilus2. 000000003D64 000000404964 0 Trying Diabold. 000000003D74 000000404974 0 DBD_AdvFuncDisp 000000003D84 000000404984 0 Connected Diabold. 000000003D98 000000404998 0 Trying NCR. 000000003DA4 0000004049A4 0 CurrencyDispenser1 000000003DB8 0000004049B8 0 Connected NCR. 000000003DC8 0000004049C8 0 Trying WINCOR. 000000003DD8 0000004049D8 0 CDM30 000000003DE0 0000004049E0 0 Connected WINCOR. 000000003DF4 0000004049F4 0 Trying GENERIC. 000000003E08 000000404A08 0 Connected GENERIC. 000000003E6D 000000404A6D 0 N~+G 000000003E80 000000404A80 0 C:\_bkittest\dispenser\Release_noToken\dispenserXFS.pdb 000000004126 000000404D26 0 _snwprintf 000000004134 000000404D34 0 _snprintf 000000004140 000000404D40 0 _vsnprintf 00000000414E 000000404D4E 0 strstr 000000004158 000000404D58 0 fflush 000000004162 000000404D62 0 fopen 00000000416A 000000404D6A 0 srand 000000004172 000000404D72 0 fwrite 000000004184 000000404D84 0 swprintf 00000000418E 000000404D8E 0 msvcrt.dll 00000000419C 000000404D9C 0 _ismbblead 0000000041AA 000000404DAA 0 memset 0000000041B4 000000404DB4 0 __getmainargs 0000000041C4 000000404DC4 0 _cexit 0000000041CE 000000404DCE 0 _exit 0000000041D6 000000404DD6 0 _XcptFilter 0000000041EC 000000404DEC 0 _acmdln 0000000041F6 000000404DF6 0 _initterm 000000004202 000000404E02 0 _amsg_exit 000000004210 000000404E10 0 __setusermatherr 000000004224 000000404E24 0 __p__commode 000000004234 000000404E34 0 __p__fmode 000000004242 000000404E42 0 __set_app_type 000000004254 000000404E54 0 ?terminate@@YAXXZ 000000004268 000000404E68 0 _controlfp File pos Mem pos ID Text ======== ======= == ==== 000000004276 000000404E76 0 RtlUnwind 000000004280 000000404E80 0 ntdll.dll 00000000428C 000000404E8C 0 InitializeSecurityDescriptor 0000000042AC 000000404EAC 0 SetSecurityDescriptorDacl 0000000042C8 000000404EC8 0 ConvertStringSecurityDescriptorToSecurityDescriptorW 000000004300 000000404F00 0 GetSecurityDescriptorSacl 00000000431C 000000404F1C 0 SetSecurityDescriptorSacl 000000004338 000000404F38 0 GetSecurityDescriptorDacl 000000004352 000000404F52 0 ADVAPI32.dll 000000004362 000000404F62 0 GetCurrentProcess 000000004376 000000404F76 0 CloseHandle 000000004384 000000404F84 0 LocalFree 000000004390 000000404F90 0 CreateThread 0000000043A0 000000404FA0 0 ExitProcess 0000000043AE 000000404FAE 0 Sleep 0000000043B6 000000404FB6 0 InitializeCriticalSection 0000000043D2 000000404FD2 0 LeaveCriticalSection 0000000043EA 000000404FEA 0 EnterCriticalSection 000000004402 000000405002 0 CreateMutexW 000000004412 000000405012 0 CreateRemoteThread 000000004428 000000405028 0 OpenProcess 000000004436 000000405036 0 VirtualFreeEx 000000004446 000000405046 0 OpenMutexW 000000004454 000000405054 0 VirtualAllocEx 000000004466 000000405066 0 Process32FirstW 000000004478 000000405078 0 Process32NextW 00000000448A 00000040508A 0 CreateToolhelp32Snapshot 0000000044A6 0000004050A6 0 DuplicateHandle 0000000044B8 0000004050B8 0 GetCurrentProcessId 0000000044CE 0000004050CE 0 WriteProcessMemory 0000000044E4 0000004050E4 0 GetProcAddress 0000000044F6 0000004050F6 0 LoadLibraryA 000000004506 000000405106 0 GetTickCount 000000004516 000000405116 0 InterlockedExchange 00000000452C 00000040512C 0 InterlockedCompareExchange 00000000454A 00000040514A 0 GetStartupInfoA 00000000455C 00000040515C 0 TerminateProcess 000000004570 000000405170 0 UnhandledExceptionFilter 00000000458C 00000040518C 0 SetUnhandledExceptionFilter 0000000045AA 0000004051AA 0 GetModuleHandleA 0000000045BE 0000004051BE 0 QueryPerformanceCounter 0000000045D8 0000004051D8 0 GetCurrentThreadId 0000000045EE 0000004051EE 0 GetSystemTimeAsFileTime 000000004606 000000405206 0 KERNEL32.dll 000000004616 000000405216 0 DispatchMessageW 00000000462A 00000040522A 0 DefWindowProcW 00000000463C 00000040523C 0 UpdateWindow 00000000464C 00000040524C 0 SendMessageW 00000000465C 00000040525C 0 CreateWindowExW 00000000466E 00000040526E 0 ShowWindow 00000000467C 00000040527C 0 SetWindowPos 00000000468C 00000040528C 0 RedrawWindow 00000000469C 00000040529C 0 CreateWindowExA 0000000046AE 0000004052AE 0 SetRect 0000000046B8 0000004052B8 0 LoadIconW 0000000046C4 0000004052C4 0 RegisterClassExW 0000000046D8 0000004052D8 0 TranslateMessage 0000000046EC 0000004052EC 0 BeginPaint 0000000046FA 0000004052FA 0 SetFocus 000000004706 000000405306 0 LoadCursorW File pos Mem pos ID Text ======== ======= == ==== 000000004714 000000405314 0 DrawTextW 000000004720 000000405320 0 FillRect 00000000472C 00000040532C 0 PostQuitMessage 00000000473E 00000040533E 0 GetMessageW 00000000474C 00000040534C 0 DestroyWindow 00000000475C 00000040535C 0 EndPaint 000000004766 000000405366 0 USER32.dll 000000004A4E 00000040624E 0 z?aUY 000000004A90 000000406290 0 zc%C1 000000004AE3 0000004062E3 0 -64OS 000000006060 00000040B060 0 <?xml version='1.0' encoding='UTF-8' standalone='yes'?> 000000006099 00000040B099 0 <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> 0000000060E4 00000040B0E4 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> 00000000611C 00000040B11C 0 <security> 00000000612C 00000040B12C 0 <requestedPrivileges> 000000006149 00000040B149 0 <requestedExecutionLevel level='asInvoker' uiAccess='false' /> 000000006191 00000040B191 0 </requestedPrivileges> 0000000061AF 00000040B1AF 0 </security> 0000000061C0 00000040B1C0 0 </trustInfo> 0000000061D0 00000040B1D0 0 </assembly> 000000006209 00000040C009 0 0%010=1X2 000000006219 00000040C019 0 3"3'3,31363<3D3L3c3 000000006247 00000040C047 0 4 4(4>4C4 000000006263 00000040C063 0 4 505;5A5 00000000628D 00000040C08D 0 6#6*61686?6F6M6U6]6e6q6z6 0000000062BD 00000040C0BD 0 778E8 0000000062CB 00000040C0CB 0 9_9d9~9 0000000062D5 00000040C0D5 0 9,:O:\:h:p:x: 0000000062F9 00000040C0F9 0 <.<8<L< 000000006307 00000040C107 0 <'=4=F=[=h=|= 000000006317 00000040C117 0 ==>k> 00000000632D 00000040C12D 0 ?%?/?H?X? 000000006343 00000040C143 0 0 0A0M0]0e0r0{0 000000006363 00000040C163 0 101K1Y1 00000000637F 00000040C17F 0 2,2P2 00000000639B 00000040C19B 0 30363A3R3X3j3p3{3 0000000063CB 00000040C1CB 0 4)4F4U4k4 0000000063F3 00000040C1F3 0 5C5S5[5|5 00000000640D 00000040C20D 0 6W6b6i6z6 000000006421 00000040C221 0 7P7|7 00000000643D 00000040C23D 0 7A8\8p8 000000006455 00000040C255 0 9)9X9d9j9~9 000000006477 00000040C277 0 :":(:1:8:=:D:~: 000000006497 00000040C297 0 =d=l= 0000000064BF 00000040C2BF 0 2 2W2 0000000064CD 00000040C2CD 0 3I4a4 0000000064E1 00000040C2E1 0 6%7.9 0000000064E7 00000040C2E7 0 9,:L:l: 0000000064F3 00000040C2F3 0 ;&;.;>;Z;c;t;|; 00000000652B 00000040C32B 0 ="=(=-=4=:=?=F=L=Q=X= 000000006541 00000040C341 0 =c=j=p=u=|= 000000006565 00000040C365 0 >#>*>0>=>W> 000000006571 00000040C371 0 >d>q> 00000000658F 00000040C38F 0 ?'?A?H?N?]?v? 0000000065CF 00000040C3CF 0 ;,;0; 000000003868 000000404468 0 Global\%08X%08X 000000003898 000000404498 0 S:(ML;;NW;;;LW)D:(A;;0x1FFFFF;;;WD)(A;;0x1FFFFF;;;S-1-15-2-1) 000000003914 000000404514 0 D:(A;;0x1FFFFF;;;WD) 000000004B20 000000406320 0 NO_TOKEN 000000004B34 000000406334 0 win32app
=== DOWNLOAD === Mirror provided by vx-underground.org, thx!