.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS                                                            !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    bf9c35d8f33e2651d619fe22a2d55372dedd0855451d32f952ecfc73fa824092
 
Date...........: 2019-04-02
Family.........: Atmosphere
File name......: app3.exe
File size......: 96.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Additional note: Drop e372631f96face11e803e812d9a77a25d0a81fa41e4ac362dc8aee5c8a021000

Entropy:


Binary Histogram:


=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 144 0x90 blocks_in_file: 3 3 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 0 0 max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 0 0 reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 240 0xf0 === DOS STUB === 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| === RICH Header === LIB_ID VERSION TIMES_USED 12 c 7291 1c7b 2 2 0 0 0 0 4 4 14 e 7299 1c83 1 1 10 a 8168 1fe8 11 b 4 4 8168 1fe8 6 6 19 13 8034 1f62 4 4 1 1 0 0 163 a3 93 5d 4035 fc3 5 5 11 b 8168 1fe8 30 1e 6 6 1720 6b8 1 1 === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 4 4 TimeDateStamp: "2017-10-08 05:06:47" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 271 0x10f RELOCS_STRIPPED, EXECUTABLE_IMAGE LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED 32BIT_MACHINE # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 6.0 SizeOfCode: 16384 0x4000 SizeOfInitializedData: 77824 0x13000 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 16062 0x3ebe BaseOfCode: 4096 0x1000 BaseOfData: 20480 0x5000 ImageBase: 4194304 0x400000 SectionAlignment: 4096 0x1000 FileAlignment: 4096 0x1000 OperatingSystemVersion: 4.0 ImageVersion: 0.0 SubsystemVersion: 4.0 Reserved1: 0 0 SizeOfImage: 98304 0x18000 SizeOfHeaders: 4096 0x1000 CheckSum: 0 0 Subsystem: 3 3 WINDOWS_CUI DllCharacteristics: 0 0 SizeOfStackReserve: 1048576 0x100000 SizeOfStackCommit: 4096 0x1000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x 5648 size:0x 8c RESOURCE rva:0x 8000 size:0x f448 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x 0 size:0x 0 DEBUG rva:0x 0 size:0x 0 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 0 size:0x 0 LOAD_CONFIG rva:0x 0 size:0x 0 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 5000 size:0x 1c4 Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS .text 1000 3253 4000 1000 0 0 0 0 60000020 R-X CODE .rdata 5000 13c6 2000 5000 0 0 0 0 40000040 R-- IDATA .data 7000 554 1000 7000 0 0 0 0 c0000040 RW- IDATA .rsrc 8000 f448 10000 8000 0 0 0 0 40000040 R-- IDATA === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0x8408 0 0x409 61440 BIN #128 0x17408 0 0x409 62 STRING #1 0x80f0 0 0x409 792 VERSION #1 === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME KERNEL32.dll 36e VirtualFreeEx KERNEL32.dll 329 SetThreadContext KERNEL32.dll 394 WriteProcessMemory KERNEL32.dll 241 LoadLibraryA KERNEL32.dll 36b VirtualAllocEx KERNEL32.dll 2bf ResumeThread KERNEL32.dll 1ca GetThreadContext KERNEL32.dll 340 SuspendThread KERNEL32.dll 278 OpenThread KERNEL32.dll 34a Thread32Next KERNEL32.dll 349 Thread32First KERNEL32.dll 33e Sleep KERNEL32.dll 274 OpenProcess KERNEL32.dll 286 Process32Next KERNEL32.dll 284 Process32First KERNEL32.dll 1d1 GetTickCount KERNEL32.dll 168 GetLastError KERNEL32.dll 306 SetFilePointer KERNEL32.dll 38b WriteFile KERNEL32.dll 4f CreateFileA KERNEL32.dll 15b GetFileSize KERNEL32.dll 2a3 ReadFile KERNEL32.dll 31 CloseHandle KERNEL32.dll 109 GetCommandLineA KERNEL32.dll 175 GetModuleHandleA KERNEL32.dll 156 GetFileAttributesA KERNEL32.dll 47 CreateDirectoryA KERNEL32.dll 247 LocalAlloc KERNEL32.dll 24b LocalFree KERNEL32.dll df FindResourceA KERNEL32.dll 246 LoadResource KERNEL32.dll 254 LockResource KERNEL32.dll 33d SizeofResource KERNEL32.dll 6f CreateToolhelp32Snapshot ADVAPI32.dll 142 OpenProcessToken ADVAPI32.dll 17 AdjustTokenPrivileges ADVAPI32.dll 9d FreeSid ADVAPI32.dll 18 AllocateAndInitializeSid ADVAPI32.dll 197 SetEntriesInAclA ADVAPI32.dll df InitializeSecurityDescriptor ADVAPI32.dll 1a5 SetSecurityDescriptorDacl ADVAPI32.dll 19b SetFileSecurityA MFC42.DLL 627 MFC42.DLL 231 MFC42.DLL 32f MFC42.DLL 339 MFC42.DLL 337 MSVCRT.dll b7 _controlfp MSVCRT.dll ca _except_handler3 MSVCRT.dll 81 __set_app_type MSVCRT.dll 6f __p__fmode MSVCRT.dll 6a __p__commode MSVCRT.dll 9d _adjust_fdiv MSVCRT.dll 83 __setusermatherr MSVCRT.dll 10f _initterm MSVCRT.dll 58 __getmainargs MSVCRT.dll 64 __p___initenv MSVCRT.dll 249 exit MSVCRT.dll 48 _XcptFilter MSVCRT.dll d3 _exit MSVCRT.dll e ??1type_info@@UAE@XZ MSVCRT.dll 186 _onexit MSVCRT.dll 55 __dllonexit MSVCRT.dll 2b4 srand MSVCRT.dll 2a6 rand MSVCRT.dll 9 ??0exception@@QAE@XZ MSVCRT.dll 2a7 realloc MSVCRT.dll 25e free MSVCRT.dll d ??1exception@@UAE@XZ MSVCRT.dll 30 ?what@exception@@UBEPBDXZ MSVCRT.dll 298 memmove MSVCRT.dll 41 _CxxThrowException MSVCRT.dll 257 fopen MSVCRT.dll 2d9 vfprintf MSVCRT.dll 24c fclose MSVCRT.dll 8 ??0exception@@QAE@ABV0@@Z MSVCRT.dll 1e1 _vsnprintf MSVCRT.dll 29e printf MSVCRT.dll 49 __CxxFrameHandler MSVCRT.dll 1c1 _stricmp MSVCP60.dll a2 ??0_Lockit@std@@QAE@XZ MSVCP60.dll 10b ??1_Lockit@std@@QAE@XZ MSVCP60.dll 10d ??1_Winit@std@@QAE@XZ MSVCP60.dll a5 ??0_Winit@std@@QAE@XZ MSVCP60.dll 109 ??1Init@ios_base@std@@QAE@XZ MSVCP60.dll 9e ??0Init@ios_base@std@@QAE@XZ MSVCP60.dll 406 ?_Xran@std@@YAXXZ MSVCP60.dll 43b ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A MSVCP60.dll 1d0 ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z MSVCP60.dll 50f ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z MSVCP60.dll 49 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z MSVCP60.dll 411 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z MSVCP60.dll 3f2 ?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ MSVCP60.dll 34a ?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z MSVCP60.dll 405 ?_Xlen@std@@YAXXZ MSVCP60.dll 420 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z MSVCP60.dll 41c ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z MSVCP60.dll ad ??0bad_exception@std@@QAE@PBD@Z MSVCP60.dll 111 ??1bad_exception@std@@UAE@XZ MSVCP60.dll ac ??0bad_exception@std@@QAE@ABV01@@Z MSVCP60.dll 3f8 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z MSVCP60.dll 32d ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB MSVCP60.dll e9 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ MSVCP60.dll 661 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB MSVCP60.dll 529 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z MSVCP60.dll 392 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z SHLWAPI.dll b PathAppendA === VERSION INFO === # VS_FIXEDFILEINFO: FileVersion : 1.0.0.1 ProductVersion : 1.0.0.1 StrucVersion : 0x10000 FileFlagsMask : 0x3f FileFlags : 0 FileOS : 0x40004 FileType : 1 FileSubtype : 0 # StringTable 040904b0: Comments : "" CompanyName : " " FileDescription : "tester" FileVersion : "1, 0, 0, 1" InternalName : "tester" LegalCopyright : "Copyright \u00A9 2017" LegalTrademarks : "" OriginalFilename : "tester.exe" PrivateBuild : "" ProductName : " tester" ProductVersion : "1, 0, 0, 1" SpecialBuild : "" VarFileInfo : [ 0x409, 0x4b0 ] === Packer / Compiler === MS Visual C++ v6.0
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000001E8 0000004001E8 0 .text 000000000210 000000400210 0 .rdata 000000000237 000000400237 0 @.data 000000000260 000000400260 0 .rsrc 000000001083 000000401083 0 Vhlp@ 000000001109 000000401109 0 L$(SUV 000000001110 000000401110 0 D$8W3 000000001145 000000401145 0 D$HPQVU 000000001269 000000401269 0 D$(UVWj 000000001304 000000401304 0 L$8QP 000000001465 000000401465 0 ShHq@ 000000001479 000000401479 0 QSSSSSSSSj 000000001577 000000401577 0 IQhHq@ 0000000015B9 0000004015B9 0 IQh@q@ 0000000016A9 0000004016A9 0 T$Lh,q@ 000000001730 000000401730 0 d$ Ph 0000000024C5 0000004024C5 0 t$(Ph|q@ 000000002742 000000402742 0 T$$RW 00000000284B 00000040284B 0 D$ RP 000000002896 000000402896 0 T$$RW 000000002BFC 000000402BFC 0 SI-P+@ 000000002C6F 000000402C6F 0 T$4RW 000000002C7B 000000402C7B 0 t-9\$@t 000000002C84 000000402C84 0 D$4PW 000000002C95 000000402C95 0 L$<Qh|s@ 000000002CD3 000000402CD3 0 Ph(s@ 000000002D0F 000000402D0F 0 D$PPW 000000002D6E 000000402D6E 0 PhHr@ 000000002DBD 000000402DBD 0 QhP+@ 000000002E1C 000000402E1C 0 T$PRW 000000002E9F 000000402E9F 0 D$$W3 000000002F42 000000402F42 0 L$pPQ 000000003069 000000403069 0 D$$SU3 000000003A62 000000403A62 0 9h uc 000000003B4A 000000403B4A 0 9h ua 00000000589A 00000040589A 0 SizeofResource 0000000058AC 0000004058AC 0 LockResource 0000000058BC 0000004058BC 0 LoadResource 0000000058CC 0000004058CC 0 FindResourceA 0000000058DC 0000004058DC 0 LocalFree 0000000058E8 0000004058E8 0 LocalAlloc 0000000058F6 0000004058F6 0 CreateDirectoryA 00000000590A 00000040590A 0 GetFileAttributesA 000000005920 000000405920 0 GetModuleHandleA 000000005934 000000405934 0 GetCommandLineA 000000005946 000000405946 0 CloseHandle 000000005954 000000405954 0 ReadFile 000000005960 000000405960 0 GetFileSize 00000000596E 00000040596E 0 CreateFileA 00000000597C 00000040597C 0 WriteFile 000000005988 000000405988 0 SetFilePointer 00000000599A 00000040599A 0 GetLastError 0000000059AA 0000004059AA 0 Sleep 0000000059B2 0000004059B2 0 VirtualFreeEx 0000000059C2 0000004059C2 0 SetThreadContext 0000000059D6 0000004059D6 0 WriteProcessMemory 0000000059EC 0000004059EC 0 LoadLibraryA 0000000059FC 0000004059FC 0 VirtualAllocEx 000000005A0E 000000405A0E 0 ResumeThread File pos Mem pos ID Text ======== ======= == ==== 000000005A1E 000000405A1E 0 GetThreadContext 000000005A32 000000405A32 0 SuspendThread 000000005A42 000000405A42 0 OpenThread 000000005A50 000000405A50 0 Thread32Next 000000005A60 000000405A60 0 Thread32First 000000005A70 000000405A70 0 CreateToolhelp32Snapshot 000000005A8C 000000405A8C 0 OpenProcess 000000005A9A 000000405A9A 0 Process32Next 000000005AAA 000000405AAA 0 Process32First 000000005ABC 000000405ABC 0 GetTickCount 000000005ACA 000000405ACA 0 KERNEL32.dll 000000005AD8 000000405AD8 0 USER32.dll 000000005AE6 000000405AE6 0 FreeSid 000000005AF0 000000405AF0 0 SetFileSecurityA 000000005B04 000000405B04 0 SetSecurityDescriptorDacl 000000005B20 000000405B20 0 InitializeSecurityDescriptor 000000005B40 000000405B40 0 SetEntriesInAclA 000000005B54 000000405B54 0 AllocateAndInitializeSid 000000005B70 000000405B70 0 AdjustTokenPrivileges 000000005B88 000000405B88 0 OpenProcessToken 000000005B9A 000000405B9A 0 ADVAPI32.dll 000000005BA8 000000405BA8 0 CRYPT32.dll 000000005BB4 000000405BB4 0 MFC42.DLL 000000005BC0 000000405BC0 0 printf 000000005BCA 000000405BCA 0 __CxxFrameHandler 000000005BDE 000000405BDE 0 _vsnprintf 000000005BEC 000000405BEC 0 ??0exception@@QAE@ABV0@@Z 000000005C08 000000405C08 0 fclose 000000005C12 000000405C12 0 vfprintf 000000005C1E 000000405C1E 0 fopen 000000005C26 000000405C26 0 _CxxThrowException 000000005C3C 000000405C3C 0 memmove 000000005C46 000000405C46 0 ?what@exception@@UBEPBDXZ 000000005C62 000000405C62 0 ??1exception@@UAE@XZ 000000005C82 000000405C82 0 realloc 000000005C8C 000000405C8C 0 ??0exception@@QAE@XZ 000000005CAC 000000405CAC 0 srand 000000005CB2 000000405CB2 0 MSVCRT.dll 000000005CC0 000000405CC0 0 __dllonexit 000000005CCE 000000405CCE 0 _onexit 000000005CD8 000000405CD8 0 ??1type_info@@UAE@XZ 000000005CF0 000000405CF0 0 _exit 000000005CF8 000000405CF8 0 _XcptFilter 000000005D0E 000000405D0E 0 __p___initenv 000000005D1E 000000405D1E 0 __getmainargs 000000005D2E 000000405D2E 0 _initterm 000000005D3A 000000405D3A 0 __setusermatherr 000000005D4E 000000405D4E 0 _adjust_fdiv 000000005D5E 000000405D5E 0 __p__commode 000000005D6E 000000405D6E 0 __p__fmode 000000005D7C 000000405D7C 0 __set_app_type 000000005D8E 000000405D8E 0 _except_handler3 000000005DA2 000000405DA2 0 _controlfp 000000005DB0 000000405DB0 0 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z 000000005E02 000000405E02 0 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z 000000005E56 000000405E56 0 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB 000000005EA0 000000405EA0 0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 000000005EEA 000000405EEA 0 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB 000000005F46 000000405F46 0 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z 000000005F96 000000405F96 0 ??0bad_exception@std@@QAE@ABV01@@Z File pos Mem pos ID Text ======== ======= == ==== 000000005FBC 000000405FBC 0 ??1bad_exception@std@@UAE@XZ 000000005FDC 000000405FDC 0 ??0bad_exception@std@@QAE@PBD@Z 000000005FFE 000000405FFE 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z 00000000605A 00000040605A 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z 0000000060B2 0000004060B2 0 ?_Xlen@std@@YAXXZ 0000000060C6 0000004060C6 0 ?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z 000000006114 000000406114 0 ?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ 000000006162 000000406162 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z 0000000061BA 0000004061BA 0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z 000000006216 000000406216 0 ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z 00000000625C 00000040625C 0 ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z 0000000062A2 0000004062A2 0 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A 0000000062DE 0000004062DE 0 ?_Xran@std@@YAXXZ 0000000062F2 0000004062F2 0 ??0Init@ios_base@std@@QAE@XZ 000000006312 000000406312 0 ??1Init@ios_base@std@@QAE@XZ 000000006332 000000406332 0 ??0_Winit@std@@QAE@XZ 00000000634A 00000040634A 0 ??1_Winit@std@@QAE@XZ 000000006362 000000406362 0 ??1_Lockit@std@@QAE@XZ 00000000637C 00000040637C 0 ??0_Lockit@std@@QAE@XZ 000000006394 000000406394 0 MSVCP60.dll 0000000063A2 0000004063A2 0 PathAppendA 0000000063AE 0000004063AE 0 SHLWAPI.dll 0000000063BC 0000004063BC 0 _stricmp 000000007028 000000407028 0 .?AVexception@@ 000000007040 000000407040 0 .?AVbad_exception@std@@ 000000007058 000000407058 0 bad exception 000000007078 000000407078 0 .?AVException@System@CUniFramework@@ 0000000070A8 0000004070A8 0 .?AVArgumentOutOfRangeException@System@CUniFramework@@ 0000000070E0 0000004070E0 0 List<T>.ElementAt() 0000000070F4 0000004070F4 0 no processes found. Exiting. 000000007114 000000407114 0 Founded %d precesses. 00000000712C 00000040712C 0 fwmain32.exe 000000007148 000000407148 0 c:\intel 000000007154 000000407154 0 Fatal Error: MFC initialization failed 00000000717C 00000040717C 0 lib_%s 000000007188 000000407188 0 AES-256-CBC 00000000719D 00000040719D 0 Error: Unable to set the context of the target thread (%d) 0000000071DD 0000004071DD 0 Setting thread context. 0000000071F9 0000004071F9 0 Writing the shellcode, LoadLibraryA address and DLL path into target process. 000000007249 000000407249 0 Error: Unable to allocate memory in target process (%d) 000000007285 000000407285 0 Allocating memory in target process. 0000000072AD 0000004072AD 0 Error: Unable to get the thread context of target thread (%d) 0000000072ED 0000004072ED 0 Getting thread context. 000000007309 000000407309 0 Suspending the target thread. 000000007329 000000407329 0 Error: Unable to open target thread handle (%d) 00000000735D 00000040735D 0 Opening target thread handle. 00000000737D 00000040737D 0 Target thread found. TID: %d 00000000739D 00000040739D 0 Finding a thread to hijack. 0000000073BD 0000004073BD 0 Error: Unable to open target process handle (%d) 0000000073F8 0000004073F8 0 .?AVtype_info@@ 000000008455 000000408455 0 !This program cannot be run in DOS mode. 0000000085F0 0000004085F0 0 .text 000000008618 000000408618 0 .rdata 00000000863F 00000040863F 0 @.data 000000008668 000000408668 0 .reloc 00000000A371 00000040A371 0 Q"SVW 00000000A9EC 00000040A9EC 0 C&j4+ 00000000B4A5 00000040B4A5 0 At(Ht!HHt 00000000B9BB 00000040B9BB 0 9y uF 00000000B9C3 00000040B9C3 0 9y u> File pos Mem pos ID Text ======== ======= == ==== 00000000B9EE 00000040B9EE 0 9y uS 00000000B9F5 00000040B9F5 0 9y uL 00000000BF89 00000040BF89 0 j(XPhD 00000000C606 00000040C606 0 SVW3 00000000CACD 00000040CACD 0 SVWjN3 00000000CFE0 00000040CFE0 0 NGVWP 00000000DFEE 00000040DFEE 0 DSVW3 00000000E6C1 00000040E6C1 0 YtVSWV 00000000EA4E 00000040EA4E 0 9>YtD3 00000000F63B 00000040F63B 0 t"It 00000000F676 00000040F676 0 t|IItt 00000000FA38 00000040FA38 0 t WVS 00000000FA65 00000040FA65 0 u7WPS 00000000FA76 00000040FA76 0 u&WVS 00000001306A 00000041306A 0 GetModuleFileNameA 000000013080 000000413080 0 GetModuleHandleA 000000013094 000000413094 0 VirtualFree 0000000130A2 0000004130A2 0 VirtualAlloc 0000000130B2 0000004130B2 0 Sleep 0000000130BA 0000004130BA 0 FindNextFileA 0000000130CA 0000004130CA 0 FindFirstFileA 0000000130DC 0000004130DC 0 WaitForSingleObject 0000000130F2 0000004130F2 0 CloseHandle 000000013100 000000413100 0 ReadFile 00000001310C 00000041310C 0 GetFileSize 00000001311A 00000041311A 0 CreateFileA 000000013128 000000413128 0 WriteFile 000000013134 000000413134 0 SetFilePointer 000000013146 000000413146 0 GetLocalTime 000000013156 000000413156 0 DeleteFileA 000000013164 000000413164 0 CreateThread 000000013174 000000413174 0 TerminateThread 000000013186 000000413186 0 SuspendThread 000000013196 000000413196 0 ResumeThread 0000000131A4 0000004131A4 0 KERNEL32.dll 0000000131B4 0000004131B4 0 MessageBoxA 0000000131C0 0000004131C0 0 USER32.dll 0000000131CE 0000004131CE 0 CryptReleaseContext 0000000131E4 0000004131E4 0 CryptDestroyHash 0000000131F8 0000004131F8 0 CryptDestroyKey 00000001320A 00000041320A 0 CryptAcquireContextA 000000013222 000000413222 0 CryptGenRandom 000000013232 000000413232 0 ADVAPI32.dll 000000013242 000000413242 0 __CxxFrameHandler 000000013256 000000413256 0 _EH_prolog 000000013264 000000413264 0 ??0exception@@QAE@ABV0@@Z 000000013280 000000413280 0 _CxxThrowException 000000013296 000000413296 0 ?what@exception@@UBEPBDXZ 0000000132B2 0000004132B2 0 ??3@YAXPAX@Z 0000000132C2 0000004132C2 0 ??1exception@@UAE@XZ 0000000132DA 0000004132DA 0 strlen 0000000132E4 0000004132E4 0 ??2@YAPAXI@Z 0000000132F4 0000004132F4 0 _vsnprintf 000000013302 000000413302 0 memset 00000001330C 00000041330C 0 fclose 000000013316 000000413316 0 vfprintf 000000013322 000000413322 0 fopen 000000013332 000000413332 0 memcpy 000000013344 000000413344 0 realloc 000000013356 000000413356 0 ??0exception@@QAE@XZ File pos Mem pos ID Text ======== ======= == ==== 00000001336E 00000041336E 0 fputs 000000013376 000000413376 0 fread 00000001337E 00000041337E 0 _ftol 000000013386 000000413386 0 __dllonexit 000000013394 000000413394 0 _onexit 00000001339C 00000041339C 0 MSVCRT.dll 0000000133AA 0000004133AA 0 ??1type_info@@UAE@XZ 0000000133C2 0000004133C2 0 _initterm 0000000133CE 0000004133CE 0 malloc 0000000133D8 0000004133D8 0 _adjust_fdiv 0000000133E8 0000004133E8 0 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z 000000013438 000000413438 0 ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z 00000001348A 00000041348A 0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 0000000134D4 0000004134D4 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z 000000013530 000000413530 0 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z 000000013584 000000413584 0 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB 0000000135CE 0000004135CE 0 ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z 000000013624 000000413624 0 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB 000000013680 000000413680 0 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z 0000000136D2 0000004136D2 0 ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z 000000013722 000000413722 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z 00000001377A 00000041377A 0 ??0bad_exception@std@@QAE@ABV01@@Z 0000000137A0 0000004137A0 0 ??1bad_exception@std@@UAE@XZ 0000000137C0 0000004137C0 0 ??0bad_exception@std@@QAE@PBD@Z 0000000137E2 0000004137E2 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z 00000001383A 00000041383A 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z 000000013896 000000413896 0 ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z 0000000138F4 0000004138F4 0 ?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z 000000013952 000000413952 0 ??1_Lockit@std@@QAE@XZ 00000001396C 00000041396C 0 ??0_Lockit@std@@QAE@XZ 000000013986 000000413986 0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z 0000000139E2 0000004139E2 0 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z 000000013A34 000000413A34 0 ??0Init@ios_base@std@@QAE@XZ 000000013A54 000000413A54 0 ??1Init@ios_base@std@@QAE@XZ 000000013A74 000000413A74 0 ??0_Winit@std@@QAE@XZ 000000013A8C 000000413A8C 0 ??1_Winit@std@@QAE@XZ 000000013AA2 000000413AA2 0 MSVCP60.dll 000000013AB0 000000413AB0 0 PathAppendA 000000013ABE 000000413ABE 0 PathFileExistsA 000000013ACE 000000413ACE 0 SHLWAPI.dll 000000013ADA 000000413ADA 0 CRYPT32.dll 000000013AE8 000000413AE8 0 WFSGetInfo 000000013AF6 000000413AF6 0 WFSExecute 000000013B04 000000413B04 0 WFSFreeResult 000000013B14 000000413B14 0 WFMAllocateBuffer 000000013B28 000000413B28 0 WFMFreeBuffer 000000013B36 000000413B36 0 MSXFS.dll 000000013B42 000000413B42 0 HeapCreate 000000013B50 000000413B50 0 InterlockedCompareExchange 000000013B6E 000000413B6E 0 InterlockedExchange 000000013B84 000000413B84 0 HeapFree 000000013B90 000000413B90 0 OpenThread 000000013B9E 000000413B9E 0 SetThreadContext 000000013BB2 000000413BB2 0 GetThreadContext 000000013BC6 000000413BC6 0 Thread32Next 000000013BD6 000000413BD6 0 HeapReAlloc 000000013BE4 000000413BE4 0 HeapAlloc 000000013BF0 000000413BF0 0 GetCurrentThreadId 000000013C06 000000413C06 0 GetCurrentProcessId 000000013C1C 000000413C1C 0 Thread32First File pos Mem pos ID Text ======== ======= == ==== 000000013C2C 000000413C2C 0 CreateToolhelp32Snapshot 000000013C48 000000413C48 0 FlushInstructionCache 000000013C60 000000413C60 0 GetCurrentProcess 000000013C74 000000413C74 0 VirtualProtect 000000013C86 000000413C86 0 VirtualQuery 000000013C96 000000413C96 0 _itoa 000000013CDA 000000413CDA 0 sservice.dll 000000013CE7 000000413CE7 0 UnloadFunc 000000014440 000000414440 0 .?AVexception@@ 000000014458 000000414458 0 .?AVException@System@CUniFramework@@ 000000014488 000000414488 0 .?AVArgumentOutOfRangeException@System@CUniFramework@@ 0000000144C0 0000004144C0 0 String::Substring: argument out of range. 0000000144EC 0000004144EC 0 Can't start thread. 000000014500 000000414500 0 Can't init XFS 000000014510 000000414510 0 Can't retrieve device handles. 000000014530 000000414530 0 ZFS::DllRoutine -> Can't receive command in while block! 00000001456C 00000041456C 0 Waiting for command from command provider. 000000014598 000000414598 0 Critical system error! 0000000145B0 0000004145B0 0 Try init XFS into victim process address space. 0000000145E0 0000004145E0 0 Resources init error 000000014600 000000414600 0 .?AVbad_exception@std@@ 000000014618 000000414618 0 bad exception 000000014638 000000414638 0 .?AVHookLibException@System@CUniFramework@@ 000000014670 000000414670 0 .?AVXfsException@@ 000000014684 000000414684 0 Can't init resources, exiting. 0000000146A4 0000004146A4 0 HookLibException: code %d 0000000146C0 0000004146C0 0 InitResources -> XfsException: code %d 0000000146E8 0000004146E8 0 msxfs.dll 0000000146F4 0000004146F4 0 Logger is now on new TraceLevel: %s 000000014718 000000414718 0 ___log.txt 000000014724 000000414724 0 c:\intel 000000014730 000000414730 0 UNKNOWN 00000001473C 00000041473C 0 TRACE 000000014744 000000414744 0 NOTICE 00000001474C 00000041474C 0 WARNING 000000014754 000000414754 0 ERROR 00000001475C 00000041475C 0 FATAL 000000014768 000000414768 0 Xfs::DetermineDeviceByCommand -> exception happened 00000001479C 00000041479C 0 Exception caught DetermineDispenserHandle() 0000000147C8 0000004147C8 0 Can't determine CDM HSERVICE 0000000147E8 0000004147E8 0 DISPENSER is determined # %d 000000014808 000000414808 0 Exception caught DeterminePinPadService() 000000014834 000000414834 0 Can't determine PinPad HSERVICE 000000014854 000000414854 0 PinPad HSERVICE is determined # %d 000000014880 000000414880 0 .?AVHookLibCreateHookApiException@System@CUniFramework@@ 0000000148C8 0000004148C8 0 .?AVHookLibInitializationException@System@CUniFramework@@ 000000014904 000000414904 0 Can't load xfs module. 000000014928 000000414928 0 .?AVXfsGetInfoException@@ 000000014944 000000414944 0 XFS-> found info about <%d> cash units 000000014978 000000414978 0 .?AVXfsDispenseException@@ 000000014994 000000414994 0 XFS-> dispense end SUCCESSFUL DISPENSE 0000000149BC 0000004149BC 0 Dispense, dispense device is %d 0000000149DC 0000004149DC 0 Currency ID: %s 0000000149EC 0000004149EC 0 ulAmount = %d 0000000149FC 0000004149FC 0 usCount = %d 000000014A0C 000000414A0C 0 Denomination setted. %d 000000014A28 000000414A28 0 Dispense collection setted. 000000014A44 000000414A44 0 Dispense count set to # %d banknotes 000000014A6C 000000414A6C 0 XFS-> dispense start 000000014A90 000000414A90 0 .?AVHookLibEnableHookException@System@CUniFramework@@ File pos Mem pos ID Text ======== ======= == ==== 000000014AC8 000000414AC8 0 List<T>.ElementAt() 000000014AE4 000000414AE4 0 |INDEX:%d|CU state:%d|Type:%d|Values:%d|Currency_ID:%s|Money count:%d| 000000014B30 000000414B30 0 CommandProcessor created 000000014B4C 000000414B4C 0 ICommandProcessor::ProcessCommand -> 000000014B71 000000414B71 0 SetMaximumDispenseSize:%d 000000014B8C 000000414B8C 0 DisplayBalance -> exception, code:%d 000000014BB4 000000414BB4 0 DisplayBalance 1try -> exception, code:%d 000000014BE0 000000414BE0 0 Manual Dispensing 000000014BF4 000000414BF4 0 Dispense failed. Unknown reason. 000000014C18 000000414C18 0 Dispense failed. CODE:%d 000000014C34 000000414C34 0 Multi Dispensing start 000000014C4C 000000414C4C 0 System error! 000000014C5C 000000414C5C 0 Processing command #%d 000000014C74 000000414C74 0 Received 000000014C81 000000414C81 0 commands 000000014C8C 000000414C8C 0 ICommandProcessor::PrintCashInfo -> Exception 000000014CBC 000000414CBC 0 ICommandProcessor::PrintCashInfo -> 000000014CE4 000000414CE4 0 can't create response, unknown error 000000014D0C 000000414D0C 0 last command response code %d 000000014D3C 000000414D3C 0 trying to dispense 000000014D50 000000414D50 0 -------------======================------------- 000000014D84 000000414D84 0 cash units info received 000000014DA0 000000414DA0 0 R2CommandProcessor::ProcessSetBalanceHook -> exception:%d 000000014DDC 000000414DDC 0 -command file name is %s 000000014DF8 000000414DF8 0 Command provider created 000000014E14 000000414E14 0 Founded < %d > commands 000000014E2C 000000414E2C 0 *.cmd 000000014E34 000000414E34 0 %s\%s 000000014E3C 000000414E3C 0 Command file deleted successfully 000000014E60 000000414E60 0 Reading command from a %s 000000014E80 000000414E80 0 ICommandProvider::GetCommandRealization -> Unknown exception 000000014EC8 000000414EC8 0 AES-256-CBC 000000014EE0 000000414EE0 0 .?AVCCryptoApiException@@ 000000014EFC 000000414EFC 0 CryptoAPI::GetRandomOfSize(CDataBuffer& bufferRandomData, const size_t size) - > Can't generate random vector. 000000014F6C 000000414F6C 0 CryptoAPI::GetRandomOfSize(CDataBuffer& bufferRandomData, const size_t size) - > Can't get hProvider. 000000014FE8 000000414FE8 0 .?AVIOException@System@CUniFramework@@ 000000015018 000000415018 0 .?AVFileNotFoundException@System@CUniFramework@@ 000000015058 000000415058 0 .?AVThreadException@System@CUniFramework@@ 000000015084 000000415084 0 Can't resume thread 000000015098 000000415098 0 [%04d/%02d/%02d %02d:%02d:%02d.%03d] %s 00000001510E 00000041510E 0 YYYYY 00000001511A 00000041511A 0 YYYYYYYYYYYY 000000015128 000000415128 0 }YPPPPYYYYa 00000001513E 00000041513E 0 YYYYYYYYYYY 0000000151F0 0000004151F0 0 JJJJKRJJJJOLJJJJJJJJUE@JJJEYMFJ]JJJJJJJJJJJJJJacgNJJkmJJEmJJDEJJ 0000000152D0 0000004152D0 0 .?AVtype_info@@ 000000015411 000000415411 0 0"0,080E0g0u0 00000001542B 00000041542B 0 1$131I1n1 000000015445 000000415445 0 2"2?2D2X2g2 000000015459 000000415459 0 3%3@3L3U3z3 000000015473 000000415473 0 354I4U4 00000001547B 00000041547B 0 4p4}4 000000015491 000000415491 0 5%585>5U5e5~5 0000000154BB 0000004154BB 0 676p6 0000000154D5 0000004154D5 0 737L7b7 0000000154E3 0000004154E3 0 7#8H8a8r8 0000000154F7 0000004154F7 0 9Q9n9~9 00000001550F 00000041550F 0 :(:.:;:G:M:Z: 00000001551D 00000041551D 0 :f:q: 00000001552F 00000041552F 0 ;.;9;D;O;Z;e;l;r; File pos Mem pos ID Text ======== ======= == ==== 000000015549 000000415549 0 <#<2<N<[<r< 00000001555D 00000041555D 0 =-=3=p= 00000001556F 00000041556F 0 >%>.>4>@>M>d> 000000015581 000000415581 0 ?$?\? 000000015595 000000415595 0 0.0@0T0b0 0000000155AF 0000004155AF 0 1j1z1 0000000155C3 0000004155C3 0 2 262H2 0000000155D1 0000004155D1 0 2*323N3 0000000155DF 0000004155DF 0 3 4l4u4 0000000155EB 0000004155EB 0 5a5}5 0000000155F7 0000004155F7 0 6(6R6d6p6 00000001560F 00000041560F 0 7p8b9r9C< 00000001561F 00000041561F 0 =$=1=:=@=P= 000000015631 000000415631 0 >L>Y>g> 000000015649 000000415649 0 ?&?+?:?_?m? 00000001566F 00000041566F 0 02070F0k0y0 00000001567D 00000041567D 0 1;1W1g1x1}1 000000015693 000000415693 0 1S2h2w2 0000000156A5 0000004156A5 0 3:3@3i3 0000000156B5 0000004156B5 0 4>4F4Y4 0000000156C1 0000004156C1 0 5-5H5 0000000156D1 0000004156D1 0 7.7B7J7e7l7v7|7 0000000156E9 0000004156E9 0 8'8>8S8f8 0000000156FF 0000004156FF 0 9;9L9p9 00000001570B 00000041570B 0 :4:D:M:[:n: 00000001571F 00000041571F 0 ;$;d;t; 00000001572D 00000041572D 0 <%<N<g< 00000001573D 00000041573D 0 =0=>= 00000001574B 00000041574B 0 >(>->6> 00000001575F 00000041575F 0 ?&?-???x? 00000001577D 00000041577D 0 090D0J0z0 0000000157BB 0000004157BB 0 3b3z3 0000000157C9 0000004157C9 0 4#4;4H4j4s4x4~4 0000000157DF 0000004157DF 0 555R5 0000000157E9 0000004157E9 0 5>6d6 0000000157F7 0000004157F7 0 7%757:7G7U7a7o7 000000015819 000000415819 0 8=9C9u9 000000015825 000000415825 0 :):B:O:T:d:o: 000000015839 000000415839 0 :K;c; 00000001585B 00000041585B 0 >I>Y>d> 000000015873 000000415873 0 081D1I1X1 00000001588B 00000041588B 0 2)2V2 0000000158C7 0000004158C7 0 465h5}5 0000000158DF 0000004158DF 0 7+787a7 0000000158FB 0000004158FB 0 <"<,<T<h< 00000001590D 00000041590D 0 <%=4=M=S= 000000015927 000000415927 0 >$>6>E>K>Y>c>i>{> 00000001594F 00000041594F 0 ?!?-?3?=?g? 000000015977 000000415977 0 0!0-0 000000015987 000000415987 0 1=1i1r1 00000001599D 00000041599D 0 2%22292?2[2v2 0000000159C3 0000004159C3 0 494J4 0000000159D3 0000004159D3 0 5!5B5K5[5 0000000159FB 0000004159FB 0 8.848Q8W8 000000015A1D 000000415A1D 0 ;';7;=;G;Q;Z; 000000015A2B 000000415A2B 0 ;o;u; 000000015A49 000000415A49 0 < = = 000000015A59 000000415A59 0 011;1 000000015A7F 000000415A7F 0 5*50565<5B5H5N5T5b5j5p5{5 000000015ACF 000000415ACF 0 6$757:7l7}7 File pos Mem pos ID Text ======== ======= == ==== 000000015AF7 000000415AF7 0 8 959A9]9i9 000000015B0D 000000415B0D 0 :8:t: 000000015B1D 000000415B1D 0 :(;\;m;r; 000000015B3B 000000415B3B 0 <1<]< 000000015B4F 000000415B4F 0 =1=E=d=y= 000000015B5D 000000415B5D 0 >W>x> 000000015B6B 000000415B6B 0 ?7?K?t? 000000015B81 000000415B81 0 010E0 000000015BBB 000000415BBB 0 2 2$2(2,2024282<2@2D2H2L2P2T2X2\2 000000015BDD 000000415BDD 0 2d2h2l2p2t2x2|2 000000015C35 000000415C35 0 3 383L3\3 000000015C55 000000415C55 0 4 4,40444<4D4P4X4l4t4 000000015C7B 000000415C7B 0 5 5(5D5 000000015C91 000000415C91 0 6$6,646D6P6l6t6 000000015CB3 000000415CB3 0 7$70787L7T7\7d7l7t7 000000015CDD 000000415CDD 0 8 8<8H8d8p8x8 000000015CF9 000000415CF9 0 9$9@9L9T9 000000015D1D 000000415D1D 0 :(:0:p: 000000015D3D 000000415D3D 0 ;$;(;,;0;<;D;L;T;\;p;|; 000000015D75 000000415D75 0 <(<D<P<l<t< 000000015D99 000000415D99 0 =4=@=\=d=p= 000000015DBD 000000415DBD 0 >$>0>L>T>\>d>p> 000000015DDD 000000415DDD 0 ? ?<?H?d?p?x? 000000015DFF 000000415DFF 0 0,040<0D0L0T0\0l0t0|0 000000015E25 000000415E25 0 1$101L1X1 000000015E45 000000415E45 0 2$202L2X2 000000015E65 000000415E65 0 343<3X3d3l3x3 000000015E83 000000415E83 0 4(404T4h4t4|4 000000015EA3 000000415EA3 0 5 5<5D5P5l5t5|5 000000015ED1 000000415ED1 0 646<6D6L6X6t6|6 000000015EF5 000000415EF5 0 7,787T7 000000015F15 000000415F15 0 8 8$8,848@8\8d8x8 000000015F41 000000415F41 0 9,949@9\9d9p9 000000015F79 000000415F79 0 0 000H0x0 0000000080F6 0000004080F6 0 VS_VERSION_INFO 000000008152 000000408152 0 StringFileInfo 000000008176 000000408176 0 040904b0 00000000818E 00000040818E 0 Comments 0000000081A6 0000004081A6 0 CompanyName 0000000081CA 0000004081CA 0 FileDescription 0000000081EC 0000004081EC 0 tester 000000008202 000000408202 0 FileVersion 00000000821C 00000040821C 0 1, 0, 0, 1 00000000823A 00000040823A 0 InternalName 000000008254 000000408254 0 tester 00000000826A 00000040826A 0 LegalCopyright 00000000829E 00000040829E 0 2017 0000000082B2 0000004082B2 0 LegalTrademarks 0000000082DA 0000004082DA 0 OriginalFilename 0000000082FC 0000004082FC 0 tester.exe 00000000831A 00000040831A 0 PrivateBuild 00000000833A 00000040833A 0 ProductName 000000008354 000000408354 0 tester 00000000836E 00000040836E 0 ProductVersion 00000000838C 00000040838C 0 1, 0, 0, 1 0000000083AA 0000004083AA 0 SpecialBuild 0000000083CA 0000004083CA 0 VarFileInfo 0000000083EA 0000004083EA 0 Translation 00000001740C 00000041740C 0 Hello from MFC! 00000001740A 00000041740A 1 Hello from MFC! File pos Mem pos ID Text ======== ======= == ==== 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000001E8 0000004001E8 0 .text 000000000210 000000400210 0 .rdata 000000000237 000000400237 0 @.data 000000000260 000000400260 0 .rsrc 000000001083 000000401083 0 Vhlp@ 000000001109 000000401109 0 L$(SUV 000000001110 000000401110 0 D$8W3 000000001145 000000401145 0 D$HPQVU 000000001269 000000401269 0 D$(UVWj 000000001304 000000401304 0 L$8QP 000000001465 000000401465 0 ShHq@ 000000001479 000000401479 0 QSSSSSSSSj 000000001577 000000401577 0 IQhHq@ 0000000015B9 0000004015B9 0 IQh@q@ 0000000016A9 0000004016A9 0 T$Lh,q@ 000000001730 000000401730 0 d$ Ph 0000000024C5 0000004024C5 0 t$(Ph|q@ 000000002742 000000402742 0 T$$RW 00000000284B 00000040284B 0 D$ RP 000000002896 000000402896 0 T$$RW 000000002BFC 000000402BFC 0 SI-P+@ 000000002C6F 000000402C6F 0 T$4RW 000000002C7B 000000402C7B 0 t-9\$@t 000000002C84 000000402C84 0 D$4PW 000000002C95 000000402C95 0 L$<Qh|s@ 000000002CD3 000000402CD3 0 Ph(s@ 000000002D0F 000000402D0F 0 D$PPW 000000002D6E 000000402D6E 0 PhHr@ 000000002DBD 000000402DBD 0 QhP+@ 000000002E1C 000000402E1C 0 T$PRW 000000002E9F 000000402E9F 0 D$$W3 000000002F42 000000402F42 0 L$pPQ 000000003069 000000403069 0 D$$SU3 000000003A62 000000403A62 0 9h uc 000000003B4A 000000403B4A 0 9h ua 00000000589A 00000040589A 0 SizeofResource 0000000058AC 0000004058AC 0 LockResource 0000000058BC 0000004058BC 0 LoadResource 0000000058CC 0000004058CC 0 FindResourceA 0000000058DC 0000004058DC 0 LocalFree 0000000058E8 0000004058E8 0 LocalAlloc 0000000058F6 0000004058F6 0 CreateDirectoryA 00000000590A 00000040590A 0 GetFileAttributesA 000000005920 000000405920 0 GetModuleHandleA 000000005934 000000405934 0 GetCommandLineA 000000005946 000000405946 0 CloseHandle 000000005954 000000405954 0 ReadFile 000000005960 000000405960 0 GetFileSize 00000000596E 00000040596E 0 CreateFileA 00000000597C 00000040597C 0 WriteFile 000000005988 000000405988 0 SetFilePointer 00000000599A 00000040599A 0 GetLastError 0000000059AA 0000004059AA 0 Sleep 0000000059B2 0000004059B2 0 VirtualFreeEx 0000000059C2 0000004059C2 0 SetThreadContext 0000000059D6 0000004059D6 0 WriteProcessMemory 0000000059EC 0000004059EC 0 LoadLibraryA 0000000059FC 0000004059FC 0 VirtualAllocEx 000000005A0E 000000405A0E 0 ResumeThread File pos Mem pos ID Text ======== ======= == ==== 000000005A1E 000000405A1E 0 GetThreadContext 000000005A32 000000405A32 0 SuspendThread 000000005A42 000000405A42 0 OpenThread 000000005A50 000000405A50 0 Thread32Next 000000005A60 000000405A60 0 Thread32First 000000005A70 000000405A70 0 CreateToolhelp32Snapshot 000000005A8C 000000405A8C 0 OpenProcess 000000005A9A 000000405A9A 0 Process32Next 000000005AAA 000000405AAA 0 Process32First 000000005ABC 000000405ABC 0 GetTickCount 000000005ACA 000000405ACA 0 KERNEL32.dll 000000005AD8 000000405AD8 0 USER32.dll 000000005AE6 000000405AE6 0 FreeSid 000000005AF0 000000405AF0 0 SetFileSecurityA 000000005B04 000000405B04 0 SetSecurityDescriptorDacl 000000005B20 000000405B20 0 InitializeSecurityDescriptor 000000005B40 000000405B40 0 SetEntriesInAclA 000000005B54 000000405B54 0 AllocateAndInitializeSid 000000005B70 000000405B70 0 AdjustTokenPrivileges 000000005B88 000000405B88 0 OpenProcessToken 000000005B9A 000000405B9A 0 ADVAPI32.dll 000000005BA8 000000405BA8 0 CRYPT32.dll 000000005BB4 000000405BB4 0 MFC42.DLL 000000005BC0 000000405BC0 0 printf 000000005BCA 000000405BCA 0 __CxxFrameHandler 000000005BDE 000000405BDE 0 _vsnprintf 000000005BEC 000000405BEC 0 ??0exception@@QAE@ABV0@@Z 000000005C08 000000405C08 0 fclose 000000005C12 000000405C12 0 vfprintf 000000005C1E 000000405C1E 0 fopen 000000005C26 000000405C26 0 _CxxThrowException 000000005C3C 000000405C3C 0 memmove 000000005C46 000000405C46 0 ?what@exception@@UBEPBDXZ 000000005C62 000000405C62 0 ??1exception@@UAE@XZ 000000005C82 000000405C82 0 realloc 000000005C8C 000000405C8C 0 ??0exception@@QAE@XZ 000000005CAC 000000405CAC 0 srand 000000005CB2 000000405CB2 0 MSVCRT.dll 000000005CC0 000000405CC0 0 __dllonexit 000000005CCE 000000405CCE 0 _onexit 000000005CD8 000000405CD8 0 ??1type_info@@UAE@XZ 000000005CF0 000000405CF0 0 _exit 000000005CF8 000000405CF8 0 _XcptFilter 000000005D0E 000000405D0E 0 __p___initenv 000000005D1E 000000405D1E 0 __getmainargs 000000005D2E 000000405D2E 0 _initterm 000000005D3A 000000405D3A 0 __setusermatherr 000000005D4E 000000405D4E 0 _adjust_fdiv 000000005D5E 000000405D5E 0 __p__commode 000000005D6E 000000405D6E 0 __p__fmode 000000005D7C 000000405D7C 0 __set_app_type 000000005D8E 000000405D8E 0 _except_handler3 000000005DA2 000000405DA2 0 _controlfp 000000005DB0 000000405DB0 0 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z 000000005E02 000000405E02 0 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z 000000005E56 000000405E56 0 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB 000000005EA0 000000405EA0 0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 000000005EEA 000000405EEA 0 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB 000000005F46 000000405F46 0 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z 000000005F96 000000405F96 0 ??0bad_exception@std@@QAE@ABV01@@Z File pos Mem pos ID Text ======== ======= == ==== 000000005FBC 000000405FBC 0 ??1bad_exception@std@@UAE@XZ 000000005FDC 000000405FDC 0 ??0bad_exception@std@@QAE@PBD@Z 000000005FFE 000000405FFE 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z 00000000605A 00000040605A 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z 0000000060B2 0000004060B2 0 ?_Xlen@std@@YAXXZ 0000000060C6 0000004060C6 0 ?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z 000000006114 000000406114 0 ?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ 000000006162 000000406162 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z 0000000061BA 0000004061BA 0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z 000000006216 000000406216 0 ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z 00000000625C 00000040625C 0 ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z 0000000062A2 0000004062A2 0 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A 0000000062DE 0000004062DE 0 ?_Xran@std@@YAXXZ 0000000062F2 0000004062F2 0 ??0Init@ios_base@std@@QAE@XZ 000000006312 000000406312 0 ??1Init@ios_base@std@@QAE@XZ 000000006332 000000406332 0 ??0_Winit@std@@QAE@XZ 00000000634A 00000040634A 0 ??1_Winit@std@@QAE@XZ 000000006362 000000406362 0 ??1_Lockit@std@@QAE@XZ 00000000637C 00000040637C 0 ??0_Lockit@std@@QAE@XZ 000000006394 000000406394 0 MSVCP60.dll 0000000063A2 0000004063A2 0 PathAppendA 0000000063AE 0000004063AE 0 SHLWAPI.dll 0000000063BC 0000004063BC 0 _stricmp 000000007028 000000407028 0 .?AVexception@@ 000000007040 000000407040 0 .?AVbad_exception@std@@ 000000007058 000000407058 0 bad exception 000000007078 000000407078 0 .?AVException@System@CUniFramework@@ 0000000070A8 0000004070A8 0 .?AVArgumentOutOfRangeException@System@CUniFramework@@ 0000000070E0 0000004070E0 0 List<T>.ElementAt() 0000000070F4 0000004070F4 0 no processes found. Exiting. 000000007114 000000407114 0 Founded %d precesses. 00000000712C 00000040712C 0 fwmain32.exe 000000007148 000000407148 0 c:\intel 000000007154 000000407154 0 Fatal Error: MFC initialization failed 00000000717C 00000040717C 0 lib_%s 000000007188 000000407188 0 AES-256-CBC 00000000719D 00000040719D 0 Error: Unable to set the context of the target thread (%d) 0000000071DD 0000004071DD 0 Setting thread context. 0000000071F9 0000004071F9 0 Writing the shellcode, LoadLibraryA address and DLL path into target process. 000000007249 000000407249 0 Error: Unable to allocate memory in target process (%d) 000000007285 000000407285 0 Allocating memory in target process. 0000000072AD 0000004072AD 0 Error: Unable to get the thread context of target thread (%d) 0000000072ED 0000004072ED 0 Getting thread context. 000000007309 000000407309 0 Suspending the target thread. 000000007329 000000407329 0 Error: Unable to open target thread handle (%d) 00000000735D 00000040735D 0 Opening target thread handle. 00000000737D 00000040737D 0 Target thread found. TID: %d 00000000739D 00000040739D 0 Finding a thread to hijack. 0000000073BD 0000004073BD 0 Error: Unable to open target process handle (%d) 0000000073F8 0000004073F8 0 .?AVtype_info@@ 000000008455 000000408455 0 !This program cannot be run in DOS mode. 0000000085F0 0000004085F0 0 .text 000000008618 000000408618 0 .rdata 00000000863F 00000040863F 0 @.data 000000008668 000000408668 0 .reloc 00000000A371 00000040A371 0 Q"SVW 00000000A9EC 00000040A9EC 0 C&j4+ 00000000B4A5 00000040B4A5 0 At(Ht!HHt 00000000B9BB 00000040B9BB 0 9y uF 00000000B9C3 00000040B9C3 0 9y u> File pos Mem pos ID Text ======== ======= == ==== 00000000B9EE 00000040B9EE 0 9y uS 00000000B9F5 00000040B9F5 0 9y uL 00000000BF89 00000040BF89 0 j(XPhD 00000000C606 00000040C606 0 SVW3 00000000CACD 00000040CACD 0 SVWjN3 00000000CFE0 00000040CFE0 0 NGVWP 00000000DFEE 00000040DFEE 0 DSVW3 00000000E6C1 00000040E6C1 0 YtVSWV 00000000EA4E 00000040EA4E 0 9>YtD3 00000000F63B 00000040F63B 0 t"It 00000000F676 00000040F676 0 t|IItt 00000000FA38 00000040FA38 0 t WVS 00000000FA65 00000040FA65 0 u7WPS 00000000FA76 00000040FA76 0 u&WVS 00000001306A 00000041306A 0 GetModuleFileNameA 000000013080 000000413080 0 GetModuleHandleA 000000013094 000000413094 0 VirtualFree 0000000130A2 0000004130A2 0 VirtualAlloc 0000000130B2 0000004130B2 0 Sleep 0000000130BA 0000004130BA 0 FindNextFileA 0000000130CA 0000004130CA 0 FindFirstFileA 0000000130DC 0000004130DC 0 WaitForSingleObject 0000000130F2 0000004130F2 0 CloseHandle 000000013100 000000413100 0 ReadFile 00000001310C 00000041310C 0 GetFileSize 00000001311A 00000041311A 0 CreateFileA 000000013128 000000413128 0 WriteFile 000000013134 000000413134 0 SetFilePointer 000000013146 000000413146 0 GetLocalTime 000000013156 000000413156 0 DeleteFileA 000000013164 000000413164 0 CreateThread 000000013174 000000413174 0 TerminateThread 000000013186 000000413186 0 SuspendThread 000000013196 000000413196 0 ResumeThread 0000000131A4 0000004131A4 0 KERNEL32.dll 0000000131B4 0000004131B4 0 MessageBoxA 0000000131C0 0000004131C0 0 USER32.dll 0000000131CE 0000004131CE 0 CryptReleaseContext 0000000131E4 0000004131E4 0 CryptDestroyHash 0000000131F8 0000004131F8 0 CryptDestroyKey 00000001320A 00000041320A 0 CryptAcquireContextA 000000013222 000000413222 0 CryptGenRandom 000000013232 000000413232 0 ADVAPI32.dll 000000013242 000000413242 0 __CxxFrameHandler 000000013256 000000413256 0 _EH_prolog 000000013264 000000413264 0 ??0exception@@QAE@ABV0@@Z 000000013280 000000413280 0 _CxxThrowException 000000013296 000000413296 0 ?what@exception@@UBEPBDXZ 0000000132B2 0000004132B2 0 ??3@YAXPAX@Z 0000000132C2 0000004132C2 0 ??1exception@@UAE@XZ 0000000132DA 0000004132DA 0 strlen 0000000132E4 0000004132E4 0 ??2@YAPAXI@Z 0000000132F4 0000004132F4 0 _vsnprintf 000000013302 000000413302 0 memset 00000001330C 00000041330C 0 fclose 000000013316 000000413316 0 vfprintf 000000013322 000000413322 0 fopen 000000013332 000000413332 0 memcpy 000000013344 000000413344 0 realloc 000000013356 000000413356 0 ??0exception@@QAE@XZ File pos Mem pos ID Text ======== ======= == ==== 00000001336E 00000041336E 0 fputs 000000013376 000000413376 0 fread 00000001337E 00000041337E 0 _ftol 000000013386 000000413386 0 __dllonexit 000000013394 000000413394 0 _onexit 00000001339C 00000041339C 0 MSVCRT.dll 0000000133AA 0000004133AA 0 ??1type_info@@UAE@XZ 0000000133C2 0000004133C2 0 _initterm 0000000133CE 0000004133CE 0 malloc 0000000133D8 0000004133D8 0 _adjust_fdiv 0000000133E8 0000004133E8 0 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z 000000013438 000000413438 0 ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z 00000001348A 00000041348A 0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 0000000134D4 0000004134D4 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z 000000013530 000000413530 0 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z 000000013584 000000413584 0 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB 0000000135CE 0000004135CE 0 ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z 000000013624 000000413624 0 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB 000000013680 000000413680 0 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z 0000000136D2 0000004136D2 0 ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z 000000013722 000000413722 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z 00000001377A 00000041377A 0 ??0bad_exception@std@@QAE@ABV01@@Z 0000000137A0 0000004137A0 0 ??1bad_exception@std@@UAE@XZ 0000000137C0 0000004137C0 0 ??0bad_exception@std@@QAE@PBD@Z 0000000137E2 0000004137E2 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z 00000001383A 00000041383A 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z 000000013896 000000413896 0 ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z 0000000138F4 0000004138F4 0 ?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z 000000013952 000000413952 0 ??1_Lockit@std@@QAE@XZ 00000001396C 00000041396C 0 ??0_Lockit@std@@QAE@XZ 000000013986 000000413986 0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z 0000000139E2 0000004139E2 0 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z 000000013A34 000000413A34 0 ??0Init@ios_base@std@@QAE@XZ 000000013A54 000000413A54 0 ??1Init@ios_base@std@@QAE@XZ 000000013A74 000000413A74 0 ??0_Winit@std@@QAE@XZ 000000013A8C 000000413A8C 0 ??1_Winit@std@@QAE@XZ 000000013AA2 000000413AA2 0 MSVCP60.dll 000000013AB0 000000413AB0 0 PathAppendA 000000013ABE 000000413ABE 0 PathFileExistsA 000000013ACE 000000413ACE 0 SHLWAPI.dll 000000013ADA 000000413ADA 0 CRYPT32.dll 000000013AE8 000000413AE8 0 WFSGetInfo 000000013AF6 000000413AF6 0 WFSExecute 000000013B04 000000413B04 0 WFSFreeResult 000000013B14 000000413B14 0 WFMAllocateBuffer 000000013B28 000000413B28 0 WFMFreeBuffer 000000013B36 000000413B36 0 MSXFS.dll 000000013B42 000000413B42 0 HeapCreate 000000013B50 000000413B50 0 InterlockedCompareExchange 000000013B6E 000000413B6E 0 InterlockedExchange 000000013B84 000000413B84 0 HeapFree 000000013B90 000000413B90 0 OpenThread 000000013B9E 000000413B9E 0 SetThreadContext 000000013BB2 000000413BB2 0 GetThreadContext 000000013BC6 000000413BC6 0 Thread32Next 000000013BD6 000000413BD6 0 HeapReAlloc 000000013BE4 000000413BE4 0 HeapAlloc 000000013BF0 000000413BF0 0 GetCurrentThreadId 000000013C06 000000413C06 0 GetCurrentProcessId 000000013C1C 000000413C1C 0 Thread32First File pos Mem pos ID Text ======== ======= == ==== 000000013C2C 000000413C2C 0 CreateToolhelp32Snapshot 000000013C48 000000413C48 0 FlushInstructionCache 000000013C60 000000413C60 0 GetCurrentProcess 000000013C74 000000413C74 0 VirtualProtect 000000013C86 000000413C86 0 VirtualQuery 000000013C96 000000413C96 0 _itoa 000000013CDA 000000413CDA 0 sservice.dll 000000013CE7 000000413CE7 0 UnloadFunc 000000014440 000000414440 0 .?AVexception@@ 000000014458 000000414458 0 .?AVException@System@CUniFramework@@ 000000014488 000000414488 0 .?AVArgumentOutOfRangeException@System@CUniFramework@@ 0000000144C0 0000004144C0 0 String::Substring: argument out of range. 0000000144EC 0000004144EC 0 Can't start thread. 000000014500 000000414500 0 Can't init XFS 000000014510 000000414510 0 Can't retrieve device handles. 000000014530 000000414530 0 ZFS::DllRoutine -> Can't receive command in while block! 00000001456C 00000041456C 0 Waiting for command from command provider. 000000014598 000000414598 0 Critical system error! 0000000145B0 0000004145B0 0 Try init XFS into victim process address space. 0000000145E0 0000004145E0 0 Resources init error 000000014600 000000414600 0 .?AVbad_exception@std@@ 000000014618 000000414618 0 bad exception 000000014638 000000414638 0 .?AVHookLibException@System@CUniFramework@@ 000000014670 000000414670 0 .?AVXfsException@@ 000000014684 000000414684 0 Can't init resources, exiting. 0000000146A4 0000004146A4 0 HookLibException: code %d 0000000146C0 0000004146C0 0 InitResources -> XfsException: code %d 0000000146E8 0000004146E8 0 msxfs.dll 0000000146F4 0000004146F4 0 Logger is now on new TraceLevel: %s 000000014718 000000414718 0 ___log.txt 000000014724 000000414724 0 c:\intel 000000014730 000000414730 0 UNKNOWN 00000001473C 00000041473C 0 TRACE 000000014744 000000414744 0 NOTICE 00000001474C 00000041474C 0 WARNING 000000014754 000000414754 0 ERROR 00000001475C 00000041475C 0 FATAL 000000014768 000000414768 0 Xfs::DetermineDeviceByCommand -> exception happened 00000001479C 00000041479C 0 Exception caught DetermineDispenserHandle() 0000000147C8 0000004147C8 0 Can't determine CDM HSERVICE 0000000147E8 0000004147E8 0 DISPENSER is determined # %d 000000014808 000000414808 0 Exception caught DeterminePinPadService() 000000014834 000000414834 0 Can't determine PinPad HSERVICE 000000014854 000000414854 0 PinPad HSERVICE is determined # %d 000000014880 000000414880 0 .?AVHookLibCreateHookApiException@System@CUniFramework@@ 0000000148C8 0000004148C8 0 .?AVHookLibInitializationException@System@CUniFramework@@ 000000014904 000000414904 0 Can't load xfs module. 000000014928 000000414928 0 .?AVXfsGetInfoException@@ 000000014944 000000414944 0 XFS-> found info about <%d> cash units 000000014978 000000414978 0 .?AVXfsDispenseException@@ 000000014994 000000414994 0 XFS-> dispense end SUCCESSFUL DISPENSE 0000000149BC 0000004149BC 0 Dispense, dispense device is %d 0000000149DC 0000004149DC 0 Currency ID: %s 0000000149EC 0000004149EC 0 ulAmount = %d 0000000149FC 0000004149FC 0 usCount = %d 000000014A0C 000000414A0C 0 Denomination setted. %d 000000014A28 000000414A28 0 Dispense collection setted. 000000014A44 000000414A44 0 Dispense count set to # %d banknotes 000000014A6C 000000414A6C 0 XFS-> dispense start 000000014A90 000000414A90 0 .?AVHookLibEnableHookException@System@CUniFramework@@ File pos Mem pos ID Text ======== ======= == ==== 000000014AC8 000000414AC8 0 List<T>.ElementAt() 000000014AE4 000000414AE4 0 |INDEX:%d|CU state:%d|Type:%d|Values:%d|Currency_ID:%s|Money count:%d| 000000014B30 000000414B30 0 CommandProcessor created 000000014B4C 000000414B4C 0 ICommandProcessor::ProcessCommand -> 000000014B71 000000414B71 0 SetMaximumDispenseSize:%d 000000014B8C 000000414B8C 0 DisplayBalance -> exception, code:%d 000000014BB4 000000414BB4 0 DisplayBalance 1try -> exception, code:%d 000000014BE0 000000414BE0 0 Manual Dispensing 000000014BF4 000000414BF4 0 Dispense failed. Unknown reason. 000000014C18 000000414C18 0 Dispense failed. CODE:%d 000000014C34 000000414C34 0 Multi Dispensing start 000000014C4C 000000414C4C 0 System error! 000000014C5C 000000414C5C 0 Processing command #%d 000000014C74 000000414C74 0 Received 000000014C81 000000414C81 0 commands 000000014C8C 000000414C8C 0 ICommandProcessor::PrintCashInfo -> Exception 000000014CBC 000000414CBC 0 ICommandProcessor::PrintCashInfo -> 000000014CE4 000000414CE4 0 can't create response, unknown error 000000014D0C 000000414D0C 0 last command response code %d 000000014D3C 000000414D3C 0 trying to dispense 000000014D50 000000414D50 0 -------------======================------------- 000000014D84 000000414D84 0 cash units info received 000000014DA0 000000414DA0 0 R2CommandProcessor::ProcessSetBalanceHook -> exception:%d 000000014DDC 000000414DDC 0 -command file name is %s 000000014DF8 000000414DF8 0 Command provider created 000000014E14 000000414E14 0 Founded < %d > commands 000000014E2C 000000414E2C 0 *.cmd 000000014E34 000000414E34 0 %s\%s 000000014E3C 000000414E3C 0 Command file deleted successfully 000000014E60 000000414E60 0 Reading command from a %s 000000014E80 000000414E80 0 ICommandProvider::GetCommandRealization -> Unknown exception 000000014EC8 000000414EC8 0 AES-256-CBC 000000014EE0 000000414EE0 0 .?AVCCryptoApiException@@ 000000014EFC 000000414EFC 0 CryptoAPI::GetRandomOfSize(CDataBuffer& bufferRandomData, const size_t size) - > Can't generate random vector. 000000014F6C 000000414F6C 0 CryptoAPI::GetRandomOfSize(CDataBuffer& bufferRandomData, const size_t size) - > Can't get hProvider. 000000014FE8 000000414FE8 0 .?AVIOException@System@CUniFramework@@ 000000015018 000000415018 0 .?AVFileNotFoundException@System@CUniFramework@@ 000000015058 000000415058 0 .?AVThreadException@System@CUniFramework@@ 000000015084 000000415084 0 Can't resume thread 000000015098 000000415098 0 [%04d/%02d/%02d %02d:%02d:%02d.%03d] %s 00000001510E 00000041510E 0 YYYYY 00000001511A 00000041511A 0 YYYYYYYYYYYY 000000015128 000000415128 0 }YPPPPYYYYa 00000001513E 00000041513E 0 YYYYYYYYYYY 0000000151F0 0000004151F0 0 JJJJKRJJJJOLJJJJJJJJUE@JJJEYMFJ]JJJJJJJJJJJJJJacgNJJkmJJEmJJDEJJ 0000000152D0 0000004152D0 0 .?AVtype_info@@ 000000015411 000000415411 0 0"0,080E0g0u0 00000001542B 00000041542B 0 1$131I1n1 000000015445 000000415445 0 2"2?2D2X2g2 000000015459 000000415459 0 3%3@3L3U3z3 000000015473 000000415473 0 354I4U4 00000001547B 00000041547B 0 4p4}4 000000015491 000000415491 0 5%585>5U5e5~5 0000000154BB 0000004154BB 0 676p6 0000000154D5 0000004154D5 0 737L7b7 0000000154E3 0000004154E3 0 7#8H8a8r8 0000000154F7 0000004154F7 0 9Q9n9~9 00000001550F 00000041550F 0 :(:.:;:G:M:Z: 00000001551D 00000041551D 0 :f:q: 00000001552F 00000041552F 0 ;.;9;D;O;Z;e;l;r; File pos Mem pos ID Text ======== ======= == ==== 000000015549 000000415549 0 <#<2<N<[<r< 00000001555D 00000041555D 0 =-=3=p= 00000001556F 00000041556F 0 >%>.>4>@>M>d> 000000015581 000000415581 0 ?$?\? 000000015595 000000415595 0 0.0@0T0b0 0000000155AF 0000004155AF 0 1j1z1 0000000155C3 0000004155C3 0 2 262H2 0000000155D1 0000004155D1 0 2*323N3 0000000155DF 0000004155DF 0 3 4l4u4 0000000155EB 0000004155EB 0 5a5}5 0000000155F7 0000004155F7 0 6(6R6d6p6 00000001560F 00000041560F 0 7p8b9r9C< 00000001561F 00000041561F 0 =$=1=:=@=P= 000000015631 000000415631 0 >L>Y>g> 000000015649 000000415649 0 ?&?+?:?_?m? 00000001566F 00000041566F 0 02070F0k0y0 00000001567D 00000041567D 0 1;1W1g1x1}1 000000015693 000000415693 0 1S2h2w2 0000000156A5 0000004156A5 0 3:3@3i3 0000000156B5 0000004156B5 0 4>4F4Y4 0000000156C1 0000004156C1 0 5-5H5 0000000156D1 0000004156D1 0 7.7B7J7e7l7v7|7 0000000156E9 0000004156E9 0 8'8>8S8f8 0000000156FF 0000004156FF 0 9;9L9p9 00000001570B 00000041570B 0 :4:D:M:[:n: 00000001571F 00000041571F 0 ;$;d;t; 00000001572D 00000041572D 0 <%<N<g< 00000001573D 00000041573D 0 =0=>= 00000001574B 00000041574B 0 >(>->6> 00000001575F 00000041575F 0 ?&?-???x? 00000001577D 00000041577D 0 090D0J0z0 0000000157BB 0000004157BB 0 3b3z3 0000000157C9 0000004157C9 0 4#4;4H4j4s4x4~4 0000000157DF 0000004157DF 0 555R5 0000000157E9 0000004157E9 0 5>6d6 0000000157F7 0000004157F7 0 7%757:7G7U7a7o7 000000015819 000000415819 0 8=9C9u9 000000015825 000000415825 0 :):B:O:T:d:o: 000000015839 000000415839 0 :K;c; 00000001585B 00000041585B 0 >I>Y>d> 000000015873 000000415873 0 081D1I1X1 00000001588B 00000041588B 0 2)2V2 0000000158C7 0000004158C7 0 465h5}5 0000000158DF 0000004158DF 0 7+787a7 0000000158FB 0000004158FB 0 <"<,<T<h< 00000001590D 00000041590D 0 <%=4=M=S= 000000015927 000000415927 0 >$>6>E>K>Y>c>i>{> 00000001594F 00000041594F 0 ?!?-?3?=?g? 000000015977 000000415977 0 0!0-0 000000015987 000000415987 0 1=1i1r1 00000001599D 00000041599D 0 2%22292?2[2v2 0000000159C3 0000004159C3 0 494J4 0000000159D3 0000004159D3 0 5!5B5K5[5 0000000159FB 0000004159FB 0 8.848Q8W8 000000015A1D 000000415A1D 0 ;';7;=;G;Q;Z; 000000015A2B 000000415A2B 0 ;o;u; 000000015A49 000000415A49 0 < = = 000000015A59 000000415A59 0 011;1 000000015A7F 000000415A7F 0 5*50565<5B5H5N5T5b5j5p5{5 000000015ACF 000000415ACF 0 6$757:7l7}7 File pos Mem pos ID Text ======== ======= == ==== 000000015AF7 000000415AF7 0 8 959A9]9i9 000000015B0D 000000415B0D 0 :8:t: 000000015B1D 000000415B1D 0 :(;\;m;r; 000000015B3B 000000415B3B 0 <1<]< 000000015B4F 000000415B4F 0 =1=E=d=y= 000000015B5D 000000415B5D 0 >W>x> 000000015B6B 000000415B6B 0 ?7?K?t? 000000015B81 000000415B81 0 010E0 000000015BBB 000000415BBB 0 2 2$2(2,2024282<2@2D2H2L2P2T2X2\2 000000015BDD 000000415BDD 0 2d2h2l2p2t2x2|2 000000015C35 000000415C35 0 3 383L3\3 000000015C55 000000415C55 0 4 4,40444<4D4P4X4l4t4 000000015C7B 000000415C7B 0 5 5(5D5 000000015C91 000000415C91 0 6$6,646D6P6l6t6 000000015CB3 000000415CB3 0 7$70787L7T7\7d7l7t7 000000015CDD 000000415CDD 0 8 8<8H8d8p8x8 000000015CF9 000000415CF9 0 9$9@9L9T9 000000015D1D 000000415D1D 0 :(:0:p: 000000015D3D 000000415D3D 0 ;$;(;,;0;<;D;L;T;\;p;|; 000000015D75 000000415D75 0 <(<D<P<l<t< 000000015D99 000000415D99 0 =4=@=\=d=p= 000000015DBD 000000415DBD 0 >$>0>L>T>\>d>p> 000000015DDD 000000415DDD 0 ? ?<?H?d?p?x? 000000015DFF 000000415DFF 0 0,040<0D0L0T0\0l0t0|0 000000015E25 000000415E25 0 1$101L1X1 000000015E45 000000415E45 0 2$202L2X2 000000015E65 000000415E65 0 343<3X3d3l3x3 000000015E83 000000415E83 0 4(404T4h4t4|4 000000015EA3 000000415EA3 0 5 5<5D5P5l5t5|5 000000015ED1 000000415ED1 0 646<6D6L6X6t6|6 000000015EF5 000000415EF5 0 7,787T7 000000015F15 000000415F15 0 8 8$8,848@8\8d8x8 000000015F41 000000415F41 0 9,949@9\9d9p9 000000015F79 000000415F79 0 0 000H0x0 0000000080F6 0000004080F6 0 VS_VERSION_INFO 000000008152 000000408152 0 StringFileInfo 000000008176 000000408176 0 040904b0 00000000818E 00000040818E 0 Comments 0000000081A6 0000004081A6 0 CompanyName 0000000081CA 0000004081CA 0 FileDescription 0000000081EC 0000004081EC 0 tester 000000008202 000000408202 0 FileVersion 00000000821C 00000040821C 0 1, 0, 0, 1 00000000823A 00000040823A 0 InternalName 000000008254 000000408254 0 tester 00000000826A 00000040826A 0 LegalCopyright 00000000829E 00000040829E 0 2017 0000000082B2 0000004082B2 0 LegalTrademarks 0000000082DA 0000004082DA 0 OriginalFilename 0000000082FC 0000004082FC 0 tester.exe 00000000831A 00000040831A 0 PrivateBuild 00000000833A 00000040833A 0 ProductName 000000008354 000000408354 0 tester 00000000836E 00000040836E 0 ProductVersion 00000000838C 00000040838C 0 1, 0, 0, 1 0000000083AA 0000004083AA 0 SpecialBuild 0000000083CA 0000004083CA 0 VarFileInfo 0000000083EA 0000004083EA 0 Translation 00000001740C 00000041740C 0 Hello from MFC! 00000001740A 00000041740A 1 Hello from MFC!
=== DOWNLOAD ===