.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------.
! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV !
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
e372631f96face11e803e812d9a77a25d0a81fa41e4ac362dc8aee5c8a021000
Date...........: 2019-04-02
Family.........: Atmosphere
File name......: lib_HkUEl.dll
File size......: 60.00 KB
Type file......: DLL/Windows
Virscan........: VT - HA
Additional note: Dropped by bf9c35d8f33e2651d619fe22a2d55372dedd0855451d32f952ecfc73fa824092
Entropy:
Binary Histogram:
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 144 0x90
blocks_in_file: 3 3
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 0 0
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 0 0
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 240 0xf0
=== DOS STUB ===
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
=== RICH Header ===
LIB_ID VERSION TIMES_USED
4 4 8447 20ff 2 2
0 0 0 0 4 4
12 c 7291 1c7b 1 1
14 e 7299 1c83 1 1
10 a 8168 1fe8 8 8
19 13 8034 1f62 4 4
93 5d 4035 fc3 5 5
1 1 0 0 140 8c
11 b 8168 1fe8 25 19
4 4 8168 1fe8 5 5
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 4 4
TimeDateStamp: "2017-10-08 05:06:41"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 8462 0x210e EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 6.0
SizeOfCode: 32768 0x8000
SizeOfInitializedData: 24576 0x6000
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 30211 0x7603
BaseOfCode: 4096 0x1000
BaseOfData: 36864 0x9000
ImageBase: 268435456 0x10000000
SectionAlignment: 4096 0x1000
FileAlignment: 4096 0x1000
OperatingSystemVersion: 4.0
ImageVersion: 0.0
SubsystemVersion: 4.0
Reserved1: 0 0
SizeOfImage: 61440 0xf000
SizeOfHeaders: 4096 0x1000
CheckSum: 0 0
Subsystem: 2 2 WINDOWS_GUI
DllCharacteristics: 0 0
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 4096 0x1000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x b8a0 size:0x 4a
IMPORT rva:0x a9f8 size:0x a0
RESOURCE rva:0x 0 size:0x 0
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x d000 size:0x b98
DEBUG rva:0x 0 size:0x 0
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 0 size:0x 0
LOAD_CONFIG rva:0x 0 size:0x 0
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 9000 size:0x 1c8
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
.text 1000 704e 8000 1000 0 0 0 0 60000020 R-X CODE
.rdata 9000 28ea 3000 9000 0 0 0 0 40000040 R-- IDATA
.data c000 fac 1000 c000 0 0 0 0 c0000040 RW- IDATA
.reloc d000 1652 2000 d000 0 0 0 0 42000040 R-- IDATA DISCARDABLE
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
KERNEL32.dll 38b WriteFile
KERNEL32.dll 306 SetFilePointer
KERNEL32.dll 16a GetLocalTime
KERNEL32.dll 81 DeleteFileA
KERNEL32.dll 6c CreateThread
KERNEL32.dll 347 TerminateThread
KERNEL32.dll 340 SuspendThread
KERNEL32.dll 2bf ResumeThread
KERNEL32.dll 4f CreateFileA
KERNEL32.dll 15b GetFileSize
KERNEL32.dll 2a3 ReadFile
KERNEL32.dll 31 CloseHandle
KERNEL32.dll 37a WaitForSingleObject
KERNEL32.dll d0 FindFirstFileA
KERNEL32.dll d9 FindNextFileA
KERNEL32.dll 33e Sleep
KERNEL32.dll 36a VirtualAlloc
KERNEL32.dll 329 SetThreadContext
KERNEL32.dll 278 OpenThread
KERNEL32.dll 208 HeapFree
KERNEL32.dll 21a InterlockedExchange
KERNEL32.dll 218 InterlockedCompareExchange
KERNEL32.dll 204 HeapCreate
KERNEL32.dll 34a Thread32Next
KERNEL32.dll 20c HeapReAlloc
KERNEL32.dll 202 HeapAlloc
KERNEL32.dll 13e GetCurrentThreadId
KERNEL32.dll 13c GetCurrentProcessId
KERNEL32.dll 349 Thread32First
KERNEL32.dll 6f CreateToolhelp32Snapshot
KERNEL32.dll 36d VirtualFree
KERNEL32.dll 175 GetModuleHandleA
KERNEL32.dll 372 VirtualQuery
KERNEL32.dll 173 GetModuleFileNameA
KERNEL32.dll e7 FlushInstructionCache
KERNEL32.dll 13b GetCurrentProcess
KERNEL32.dll 370 VirtualProtect
KERNEL32.dll 1ca GetThreadContext
USER32.dll 1be MessageBoxA
ADVAPI32.dll 54 CryptDestroyHash
ADVAPI32.dll 55 CryptDestroyKey
ADVAPI32.dll 5f CryptGenRandom
ADVAPI32.dll 69 CryptReleaseContext
ADVAPI32.dll 4e CryptAcquireContextA
MSVCRT.dll 25e free
MSVCRT.dll 9d _adjust_fdiv
MSVCRT.dll 291 malloc
MSVCRT.dll 10f _initterm
MSVCRT.dll e ??1type_info@@UAE@XZ
MSVCRT.dll 186 _onexit
MSVCRT.dll 55 __dllonexit
MSVCRT.dll f1 _ftol
MSVCRT.dll 25d fread
MSVCRT.dll 25a fputs
MSVCRT.dll 9 ??0exception@@QAE@XZ
MSVCRT.dll 2a7 realloc
MSVCRT.dll 23d atoi
MSVCRT.dll 297 memcpy
MSVCRT.dll 2a6 rand
MSVCRT.dll 257 fopen
MSVCRT.dll 2d9 vfprintf
MSVCRT.dll 24c fclose
MSVCRT.dll 299 memset
MSVCRT.dll 1e1 _vsnprintf
MSVCRT.dll f ??2@YAPAXI@Z
MSVCRT.dll 2be strlen
MSVCRT.dll d ??1exception@@UAE@XZ
MSVCRT.dll 10 ??3@YAXPAX@Z
MSVCRT.dll 30 ?what@exception@@UBEPBDXZ
MSVCRT.dll 41 _CxxThrowException
MSVCRT.dll 8 ??0exception@@QAE@ABV0@@Z
MSVCRT.dll 42 _EH_prolog
MSVCRT.dll 49 __CxxFrameHandler
MSVCRT.dll 134 _itoa
MSVCP60.dll 49 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
MSVCP60.dll 10d ??1_Winit@std@@QAE@XZ
MSVCP60.dll a5 ??0_Winit@std@@QAE@XZ
MSVCP60.dll 109 ??1Init@ios_base@std@@QAE@XZ
MSVCP60.dll 9e ??0Init@ios_base@std@@QAE@XZ
MSVCP60.dll 542 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
MSVCP60.dll a2 ??0_Lockit@std@@QAE@XZ
MSVCP60.dll 3f8 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
MSVCP60.dll 725 ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
MSVCP60.dll e9 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
MSVCP60.dll 41c ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
MSVCP60.dll 529 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
MSVCP60.dll 661 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
MSVCP60.dll 7a7 ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
MSVCP60.dll 32d ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
MSVCP60.dll 392 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
MSVCP60.dll 71e ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
MSVCP60.dll 411 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
MSVCP60.dll ac ??0bad_exception@std@@QAE@ABV01@@Z
MSVCP60.dll 111 ??1bad_exception@std@@UAE@XZ
MSVCP60.dll ad ??0bad_exception@std@@QAE@PBD@Z
MSVCP60.dll 420 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
MSVCP60.dll 40d ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
MSVCP60.dll 54c ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
MSVCP60.dll 55c ?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
MSVCP60.dll 10b ??1_Lockit@std@@QAE@XZ
SHLWAPI.dll b PathAppendA
SHLWAPI.dll 1b PathFileExistsA
MSXFS.dll 2 WFMFreeBuffer
MSXFS.dll 0 WFMAllocateBuffer
MSXFS.dll 1a WFSFreeResult
MSXFS.dll 19 WFSExecute
MSXFS.dll 1b WFSGetInfo
=== EXPORTS ===
# module "sservice.dll"
# flags=0x0 ts="2017-10-08 05:06:41" version=0.0 ord_base=1
# nFuncs=1 nNames=1
ORD ENTRY_VA NAME
1 1dfb UnloadFunc
=== Packer / Compiler ===
MS Visual C++ 6.0 DLL
File pos Mem pos ID Text
======== ======= == ====
00000000004D 00001000004D 0 !This program cannot be run in DOS mode.
0000000001E8 0000100001E8 0 .text
000000000210 000010000210 0 .rdata
000000000237 000010000237 0 @.data
000000000260 000010000260 0 .reloc
000000001F69 000010001F69 0 Q"SVW
0000000025E4 0000100025E4 0 C&j4+
00000000309D 00001000309D 0 At(Ht!HHt
0000000035B3 0000100035B3 0 9y uF
0000000035BB 0000100035BB 0 9y u>
0000000035E6 0000100035E6 0 9y uS
0000000035ED 0000100035ED 0 9y uL
000000003B81 000010003B81 0 j(XPhD
0000000041FE 0000100041FE 0 SVW3
0000000046C5 0000100046C5 0 SVWjN3
000000004BD8 000010004BD8 0 NGVWP
000000005BE6 000010005BE6 0 DSVW3
0000000062B9 0000100062B9 0 YtVSWV
000000006646 000010006646 0 9>YtD3
000000007233 000010007233 0 t"It
00000000726E 00001000726E 0 t|IItt
000000007630 000010007630 0 t WVS
00000000765D 00001000765D 0 u7WPS
00000000766E 00001000766E 0 u&WVS
00000000AC62 00001000AC62 0 GetModuleFileNameA
00000000AC78 00001000AC78 0 GetModuleHandleA
00000000AC8C 00001000AC8C 0 VirtualFree
00000000AC9A 00001000AC9A 0 VirtualAlloc
00000000ACAA 00001000ACAA 0 Sleep
00000000ACB2 00001000ACB2 0 FindNextFileA
00000000ACC2 00001000ACC2 0 FindFirstFileA
00000000ACD4 00001000ACD4 0 WaitForSingleObject
00000000ACEA 00001000ACEA 0 CloseHandle
00000000ACF8 00001000ACF8 0 ReadFile
00000000AD04 00001000AD04 0 GetFileSize
00000000AD12 00001000AD12 0 CreateFileA
00000000AD20 00001000AD20 0 WriteFile
00000000AD2C 00001000AD2C 0 SetFilePointer
00000000AD3E 00001000AD3E 0 GetLocalTime
00000000AD4E 00001000AD4E 0 DeleteFileA
00000000AD5C 00001000AD5C 0 CreateThread
00000000AD6C 00001000AD6C 0 TerminateThread
00000000AD7E 00001000AD7E 0 SuspendThread
00000000AD8E 00001000AD8E 0 ResumeThread
00000000AD9C 00001000AD9C 0 KERNEL32.dll
00000000ADAC 00001000ADAC 0 MessageBoxA
00000000ADB8 00001000ADB8 0 USER32.dll
00000000ADC6 00001000ADC6 0 CryptReleaseContext
00000000ADDC 00001000ADDC 0 CryptDestroyHash
00000000ADF0 00001000ADF0 0 CryptDestroyKey
00000000AE02 00001000AE02 0 CryptAcquireContextA
00000000AE1A 00001000AE1A 0 CryptGenRandom
00000000AE2A 00001000AE2A 0 ADVAPI32.dll
00000000AE3A 00001000AE3A 0 __CxxFrameHandler
00000000AE4E 00001000AE4E 0 _EH_prolog
00000000AE5C 00001000AE5C 0 ??0exception@@QAE@ABV0@@Z
00000000AE78 00001000AE78 0 _CxxThrowException
00000000AE8E 00001000AE8E 0 ?what@exception@@UBEPBDXZ
00000000AEAA 00001000AEAA 0 ??3@YAXPAX@Z
00000000AEBA 00001000AEBA 0 ??1exception@@UAE@XZ
File pos Mem pos ID Text
======== ======= == ====
00000000AED2 00001000AED2 0 strlen
00000000AEDC 00001000AEDC 0 ??2@YAPAXI@Z
00000000AEEC 00001000AEEC 0 _vsnprintf
00000000AEFA 00001000AEFA 0 memset
00000000AF04 00001000AF04 0 fclose
00000000AF0E 00001000AF0E 0 vfprintf
00000000AF1A 00001000AF1A 0 fopen
00000000AF2A 00001000AF2A 0 memcpy
00000000AF3C 00001000AF3C 0 realloc
00000000AF4E 00001000AF4E 0 ??0exception@@QAE@XZ
00000000AF66 00001000AF66 0 fputs
00000000AF6E 00001000AF6E 0 fread
00000000AF76 00001000AF76 0 _ftol
00000000AF7E 00001000AF7E 0 __dllonexit
00000000AF8C 00001000AF8C 0 _onexit
00000000AF94 00001000AF94 0 MSVCRT.dll
00000000AFA2 00001000AFA2 0 ??1type_info@@UAE@XZ
00000000AFBA 00001000AFBA 0 _initterm
00000000AFC6 00001000AFC6 0 malloc
00000000AFD0 00001000AFD0 0 _adjust_fdiv
00000000AFE0 00001000AFE0 0 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
00000000B030 00001000B030 0 ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
00000000B082 00001000B082 0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
00000000B0CC 00001000B0CC 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
00000000B128 00001000B128 0 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
00000000B17C 00001000B17C 0 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
00000000B1C6 00001000B1C6 0 ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
00000000B21C 00001000B21C 0 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
00000000B278 00001000B278 0 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
00000000B2CA 00001000B2CA 0 ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
00000000B31A 00001000B31A 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
00000000B372 00001000B372 0 ??0bad_exception@std@@QAE@ABV01@@Z
00000000B398 00001000B398 0 ??1bad_exception@std@@UAE@XZ
00000000B3B8 00001000B3B8 0 ??0bad_exception@std@@QAE@PBD@Z
00000000B3DA 00001000B3DA 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
00000000B432 00001000B432 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
00000000B48E 00001000B48E 0 ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
00000000B4EC 00001000B4EC 0 ?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
00000000B54A 00001000B54A 0 ??1_Lockit@std@@QAE@XZ
00000000B564 00001000B564 0 ??0_Lockit@std@@QAE@XZ
00000000B57E 00001000B57E 0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
00000000B5DA 00001000B5DA 0 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
00000000B62C 00001000B62C 0 ??0Init@ios_base@std@@QAE@XZ
00000000B64C 00001000B64C 0 ??1Init@ios_base@std@@QAE@XZ
00000000B66C 00001000B66C 0 ??0_Winit@std@@QAE@XZ
00000000B684 00001000B684 0 ??1_Winit@std@@QAE@XZ
00000000B69A 00001000B69A 0 MSVCP60.dll
00000000B6A8 00001000B6A8 0 PathAppendA
00000000B6B6 00001000B6B6 0 PathFileExistsA
00000000B6C6 00001000B6C6 0 SHLWAPI.dll
00000000B6D2 00001000B6D2 0 CRYPT32.dll
00000000B6E0 00001000B6E0 0 WFSGetInfo
00000000B6EE 00001000B6EE 0 WFSExecute
00000000B6FC 00001000B6FC 0 WFSFreeResult
00000000B70C 00001000B70C 0 WFMAllocateBuffer
00000000B720 00001000B720 0 WFMFreeBuffer
00000000B72E 00001000B72E 0 MSXFS.dll
00000000B73A 00001000B73A 0 HeapCreate
00000000B748 00001000B748 0 InterlockedCompareExchange
00000000B766 00001000B766 0 InterlockedExchange
File pos Mem pos ID Text
======== ======= == ====
00000000B77C 00001000B77C 0 HeapFree
00000000B788 00001000B788 0 OpenThread
00000000B796 00001000B796 0 SetThreadContext
00000000B7AA 00001000B7AA 0 GetThreadContext
00000000B7BE 00001000B7BE 0 Thread32Next
00000000B7CE 00001000B7CE 0 HeapReAlloc
00000000B7DC 00001000B7DC 0 HeapAlloc
00000000B7E8 00001000B7E8 0 GetCurrentThreadId
00000000B7FE 00001000B7FE 0 GetCurrentProcessId
00000000B814 00001000B814 0 Thread32First
00000000B824 00001000B824 0 CreateToolhelp32Snapshot
00000000B840 00001000B840 0 FlushInstructionCache
00000000B858 00001000B858 0 GetCurrentProcess
00000000B86C 00001000B86C 0 VirtualProtect
00000000B87E 00001000B87E 0 VirtualQuery
00000000B88E 00001000B88E 0 _itoa
00000000B8D2 00001000B8D2 0 sservice.dll
00000000B8DF 00001000B8DF 0 UnloadFunc
00000000C038 00001000C038 0 .?AVexception@@
00000000C050 00001000C050 0 .?AVException@System@CUniFramework@@
00000000C080 00001000C080 0 .?AVArgumentOutOfRangeException@System@CUniFramework@@
00000000C0B8 00001000C0B8 0 String::Substring: argument out of range.
00000000C0E4 00001000C0E4 0 Can't start thread.
00000000C0F8 00001000C0F8 0 Can't init XFS
00000000C108 00001000C108 0 Can't retrieve device handles.
00000000C128 00001000C128 0 ZFS::DllRoutine -> Can't receive command in while block!
00000000C164 00001000C164 0 Waiting for command from command provider.
00000000C190 00001000C190 0 Critical system error!
00000000C1A8 00001000C1A8 0 Try init XFS into victim process address space.
00000000C1D8 00001000C1D8 0 Resources init error
00000000C1F8 00001000C1F8 0 .?AVbad_exception@std@@
00000000C210 00001000C210 0 bad exception
00000000C230 00001000C230 0 .?AVHookLibException@System@CUniFramework@@
00000000C268 00001000C268 0 .?AVXfsException@@
00000000C27C 00001000C27C 0 Can't init resources, exiting.
00000000C29C 00001000C29C 0 HookLibException: code %d
00000000C2B8 00001000C2B8 0 InitResources -> XfsException: code %d
00000000C2E0 00001000C2E0 0 msxfs.dll
00000000C2EC 00001000C2EC 0 Logger is now on new TraceLevel: %s
00000000C310 00001000C310 0 ___log.txt
00000000C31C 00001000C31C 0 c:\intel
00000000C328 00001000C328 0 UNKNOWN
00000000C334 00001000C334 0 TRACE
00000000C33C 00001000C33C 0 NOTICE
00000000C344 00001000C344 0 WARNING
00000000C34C 00001000C34C 0 ERROR
00000000C354 00001000C354 0 FATAL
00000000C360 00001000C360 0 Xfs::DetermineDeviceByCommand -> exception happened
00000000C394 00001000C394 0 Exception caught DetermineDispenserHandle()
00000000C3C0 00001000C3C0 0 Can't determine CDM HSERVICE
00000000C3E0 00001000C3E0 0 DISPENSER is determined # %d
00000000C400 00001000C400 0 Exception caught DeterminePinPadService()
00000000C42C 00001000C42C 0 Can't determine PinPad HSERVICE
00000000C44C 00001000C44C 0 PinPad HSERVICE is determined # %d
00000000C478 00001000C478 0 .?AVHookLibCreateHookApiException@System@CUniFramework@@
00000000C4C0 00001000C4C0 0 .?AVHookLibInitializationException@System@CUniFramework@@
00000000C4FC 00001000C4FC 0 Can't load xfs module.
00000000C520 00001000C520 0 .?AVXfsGetInfoException@@
00000000C53C 00001000C53C 0 XFS-> found info about <%d> cash units
00000000C570 00001000C570 0 .?AVXfsDispenseException@@
File pos Mem pos ID Text
======== ======= == ====
00000000C58C 00001000C58C 0 XFS-> dispense end SUCCESSFUL DISPENSE
00000000C5B4 00001000C5B4 0 Dispense, dispense device is %d
00000000C5D4 00001000C5D4 0 Currency ID: %s
00000000C5E4 00001000C5E4 0 ulAmount = %d
00000000C5F4 00001000C5F4 0 usCount = %d
00000000C604 00001000C604 0 Denomination setted. %d
00000000C620 00001000C620 0 Dispense collection setted.
00000000C63C 00001000C63C 0 Dispense count set to # %d banknotes
00000000C664 00001000C664 0 XFS-> dispense start
00000000C688 00001000C688 0 .?AVHookLibEnableHookException@System@CUniFramework@@
00000000C6C0 00001000C6C0 0 List<T>.ElementAt()
00000000C6DC 00001000C6DC 0 |INDEX:%d|CU state:%d|Type:%d|Values:%d|Currency_ID:%s|Money count:%d|
00000000C728 00001000C728 0 CommandProcessor created
00000000C744 00001000C744 0 ICommandProcessor::ProcessCommand ->
00000000C769 00001000C769 0 SetMaximumDispenseSize:%d
00000000C784 00001000C784 0 DisplayBalance -> exception, code:%d
00000000C7AC 00001000C7AC 0 DisplayBalance 1try -> exception, code:%d
00000000C7D8 00001000C7D8 0 Manual Dispensing
00000000C7EC 00001000C7EC 0 Dispense failed. Unknown reason.
00000000C810 00001000C810 0 Dispense failed. CODE:%d
00000000C82C 00001000C82C 0 Multi Dispensing start
00000000C844 00001000C844 0 System error!
00000000C854 00001000C854 0 Processing command #%d
00000000C86C 00001000C86C 0 Received
00000000C879 00001000C879 0 commands
00000000C884 00001000C884 0 ICommandProcessor::PrintCashInfo -> Exception
00000000C8B4 00001000C8B4 0 ICommandProcessor::PrintCashInfo ->
00000000C8DC 00001000C8DC 0 can't create response, unknown error
00000000C904 00001000C904 0 last command response code %d
00000000C934 00001000C934 0 trying to dispense
00000000C948 00001000C948 0 -------------======================-------------
00000000C97C 00001000C97C 0 cash units info received
00000000C998 00001000C998 0 R2CommandProcessor::ProcessSetBalanceHook -> exception:%d
00000000C9D4 00001000C9D4 0 -command file name is %s
00000000C9F0 00001000C9F0 0 Command provider created
00000000CA0C 00001000CA0C 0 Founded < %d > commands
00000000CA24 00001000CA24 0 *.cmd
00000000CA2C 00001000CA2C 0 %s\%s
00000000CA34 00001000CA34 0 Command file deleted successfully
00000000CA58 00001000CA58 0 Reading command from a %s
00000000CA78 00001000CA78 0 ICommandProvider::GetCommandRealization -> Unknown exception
00000000CAC0 00001000CAC0 0 AES-256-CBC
00000000CAD8 00001000CAD8 0 .?AVCCryptoApiException@@
00000000CAF4 00001000CAF4 0 CryptoAPI::GetRandomOfSize(CDataBuffer& bufferRandomData, const size_t size) - > Can't generate random vector.
00000000CB64 00001000CB64 0 CryptoAPI::GetRandomOfSize(CDataBuffer& bufferRandomData, const size_t size) - > Can't get hProvider.
00000000CBE0 00001000CBE0 0 .?AVIOException@System@CUniFramework@@
00000000CC10 00001000CC10 0 .?AVFileNotFoundException@System@CUniFramework@@
00000000CC50 00001000CC50 0 .?AVThreadException@System@CUniFramework@@
00000000CC7C 00001000CC7C 0 Can't resume thread
00000000CC90 00001000CC90 0 [%04d/%02d/%02d %02d:%02d:%02d.%03d] %s
00000000CD06 00001000CD06 0 YYYYY
00000000CD12 00001000CD12 0 YYYYYYYYYYYY
00000000CD20 00001000CD20 0 }YPPPPYYYYa
00000000CD36 00001000CD36 0 YYYYYYYYYYY
00000000CDE8 00001000CDE8 0 JJJJKRJJJJOLJJJJJJJJUE@JJJEYMFJ]JJJJJJJJJJJJJJacgNJJkmJJEmJJDEJJ
00000000CEC8 00001000CEC8 0 .?AVtype_info@@
00000000D009 00001000D009 0 0"0,080E0g0u0
00000000D023 00001000D023 0 1$131I1n1
00000000D03D 00001000D03D 0 2"2?2D2X2g2
00000000D051 00001000D051 0 3%3@3L3U3z3
File pos Mem pos ID Text
======== ======= == ====
00000000D06B 00001000D06B 0 354I4U4
00000000D073 00001000D073 0 4p4}4
00000000D089 00001000D089 0 5%585>5U5e5~5
00000000D0B3 00001000D0B3 0 676p6
00000000D0CD 00001000D0CD 0 737L7b7
00000000D0DB 00001000D0DB 0 7#8H8a8r8
00000000D0EF 00001000D0EF 0 9Q9n9~9
00000000D107 00001000D107 0 :(:.:;:G:M:Z:
00000000D115 00001000D115 0 :f:q:
00000000D127 00001000D127 0 ;.;9;D;O;Z;e;l;r;
00000000D141 00001000D141 0 <#<2<N<[<r<
00000000D155 00001000D155 0 =-=3=p=
00000000D167 00001000D167 0 >%>.>4>@>M>d>
00000000D179 00001000D179 0 ?$?\?
00000000D18D 00001000D18D 0 0.0@0T0b0
00000000D1A7 00001000D1A7 0 1j1z1
00000000D1BB 00001000D1BB 0 2 262H2
00000000D1C9 00001000D1C9 0 2*323N3
00000000D1D7 00001000D1D7 0 3 4l4u4
00000000D1E3 00001000D1E3 0 5a5}5
00000000D1EF 00001000D1EF 0 6(6R6d6p6
00000000D207 00001000D207 0 7p8b9r9C<
00000000D217 00001000D217 0 =$=1=:=@=P=
00000000D229 00001000D229 0 >L>Y>g>
00000000D241 00001000D241 0 ?&?+?:?_?m?
00000000D267 00001000D267 0 02070F0k0y0
00000000D275 00001000D275 0 1;1W1g1x1}1
00000000D28B 00001000D28B 0 1S2h2w2
00000000D29D 00001000D29D 0 3:3@3i3
00000000D2AD 00001000D2AD 0 4>4F4Y4
00000000D2B9 00001000D2B9 0 5-5H5
00000000D2C9 00001000D2C9 0 7.7B7J7e7l7v7|7
00000000D2E1 00001000D2E1 0 8'8>8S8f8
00000000D2F7 00001000D2F7 0 9;9L9p9
00000000D303 00001000D303 0 :4:D:M:[:n:
00000000D317 00001000D317 0 ;$;d;t;
00000000D325 00001000D325 0 <%<N<g<
00000000D335 00001000D335 0 =0=>=
00000000D343 00001000D343 0 >(>->6>
00000000D357 00001000D357 0 ?&?-???x?
00000000D375 00001000D375 0 090D0J0z0
00000000D3B3 00001000D3B3 0 3b3z3
00000000D3C1 00001000D3C1 0 4#4;4H4j4s4x4~4
00000000D3D7 00001000D3D7 0 555R5
00000000D3E1 00001000D3E1 0 5>6d6
00000000D3EF 00001000D3EF 0 7%757:7G7U7a7o7
00000000D411 00001000D411 0 8=9C9u9
00000000D41D 00001000D41D 0 :):B:O:T:d:o:
00000000D431 00001000D431 0 :K;c;
00000000D453 00001000D453 0 >I>Y>d>
00000000D46B 00001000D46B 0 081D1I1X1
00000000D483 00001000D483 0 2)2V2
00000000D4BF 00001000D4BF 0 465h5}5
00000000D4D7 00001000D4D7 0 7+787a7
00000000D4F3 00001000D4F3 0 <"<,<T<h<
00000000D505 00001000D505 0 <%=4=M=S=
00000000D51F 00001000D51F 0 >$>6>E>K>Y>c>i>{>
00000000D547 00001000D547 0 ?!?-?3?=?g?
00000000D56F 00001000D56F 0 0!0-0
00000000D57F 00001000D57F 0 1=1i1r1
File pos Mem pos ID Text
======== ======= == ====
00000000D595 00001000D595 0 2%22292?2[2v2
00000000D5BB 00001000D5BB 0 494J4
00000000D5CB 00001000D5CB 0 5!5B5K5[5
00000000D5F3 00001000D5F3 0 8.848Q8W8
00000000D615 00001000D615 0 ;';7;=;G;Q;Z;
00000000D623 00001000D623 0 ;o;u;
00000000D641 00001000D641 0 < = =
00000000D651 00001000D651 0 011;1
00000000D677 00001000D677 0 5*50565<5B5H5N5T5b5j5p5{5
00000000D6C7 00001000D6C7 0 6$757:7l7}7
00000000D6EF 00001000D6EF 0 8 959A9]9i9
00000000D705 00001000D705 0 :8:t:
00000000D715 00001000D715 0 :(;\;m;r;
00000000D733 00001000D733 0 <1<]<
00000000D747 00001000D747 0 =1=E=d=y=
00000000D755 00001000D755 0 >W>x>
00000000D763 00001000D763 0 ?7?K?t?
00000000D779 00001000D779 0 010E0
00000000D7B3 00001000D7B3 0 2 2$2(2,2024282<2@2D2H2L2P2T2X2\2
00000000D7D5 00001000D7D5 0 2d2h2l2p2t2x2|2
00000000D82D 00001000D82D 0 3 383L3\3
00000000D84D 00001000D84D 0 4 4,40444<4D4P4X4l4t4
00000000D873 00001000D873 0 5 5(5D5
00000000D889 00001000D889 0 6$6,646D6P6l6t6
00000000D8AB 00001000D8AB 0 7$70787L7T7\7d7l7t7
00000000D8D5 00001000D8D5 0 8 8<8H8d8p8x8
00000000D8F1 00001000D8F1 0 9$9@9L9T9
00000000D915 00001000D915 0 :(:0:p:
00000000D935 00001000D935 0 ;$;(;,;0;<;D;L;T;\;p;|;
00000000D96D 00001000D96D 0 <(<D<P<l<t<
00000000D991 00001000D991 0 =4=@=\=d=p=
00000000D9B5 00001000D9B5 0 >$>0>L>T>\>d>p>
00000000D9D5 00001000D9D5 0 ? ?<?H?d?p?x?
00000000D9F7 00001000D9F7 0 0,040<0D0L0T0\0l0t0|0
00000000DA1D 00001000DA1D 0 1$101L1X1
00000000DA3D 00001000DA3D 0 2$202L2X2
00000000DA5D 00001000DA5D 0 343<3X3d3l3x3
00000000DA7B 00001000DA7B 0 4(404T4h4t4|4
00000000DA9B 00001000DA9B 0 5 5<5D5P5l5t5|5
00000000DAC9 00001000DAC9 0 646<6D6L6X6t6|6
00000000DAED 00001000DAED 0 7,787T7
00000000DB0D 00001000DB0D 0 8 8$8,848@8\8d8x8
00000000DB39 00001000DB39 0 9,949@9\9d9p9
00000000DB71 00001000DB71 0 0 000H0x0
00000000004D 00001000004D 0 !This program cannot be run in DOS mode.
0000000001E8 0000100001E8 0 .text
000000000210 000010000210 0 .rdata
000000000237 000010000237 0 @.data
000000000260 000010000260 0 .reloc
000000001F69 000010001F69 0 Q"SVW
0000000025E4 0000100025E4 0 C&j4+
00000000309D 00001000309D 0 At(Ht!HHt
0000000035B3 0000100035B3 0 9y uF
0000000035BB 0000100035BB 0 9y u>
0000000035E6 0000100035E6 0 9y uS
0000000035ED 0000100035ED 0 9y uL
000000003B81 000010003B81 0 j(XPhD
0000000041FE 0000100041FE 0 SVW3
0000000046C5 0000100046C5 0 SVWjN3
000000004BD8 000010004BD8 0 NGVWP
File pos Mem pos ID Text
======== ======= == ====
000000005BE6 000010005BE6 0 DSVW3
0000000062B9 0000100062B9 0 YtVSWV
000000006646 000010006646 0 9>YtD3
000000007233 000010007233 0 t"It
00000000726E 00001000726E 0 t|IItt
000000007630 000010007630 0 t WVS
00000000765D 00001000765D 0 u7WPS
00000000766E 00001000766E 0 u&WVS
00000000AC62 00001000AC62 0 GetModuleFileNameA
00000000AC78 00001000AC78 0 GetModuleHandleA
00000000AC8C 00001000AC8C 0 VirtualFree
00000000AC9A 00001000AC9A 0 VirtualAlloc
00000000ACAA 00001000ACAA 0 Sleep
00000000ACB2 00001000ACB2 0 FindNextFileA
00000000ACC2 00001000ACC2 0 FindFirstFileA
00000000ACD4 00001000ACD4 0 WaitForSingleObject
00000000ACEA 00001000ACEA 0 CloseHandle
00000000ACF8 00001000ACF8 0 ReadFile
00000000AD04 00001000AD04 0 GetFileSize
00000000AD12 00001000AD12 0 CreateFileA
00000000AD20 00001000AD20 0 WriteFile
00000000AD2C 00001000AD2C 0 SetFilePointer
00000000AD3E 00001000AD3E 0 GetLocalTime
00000000AD4E 00001000AD4E 0 DeleteFileA
00000000AD5C 00001000AD5C 0 CreateThread
00000000AD6C 00001000AD6C 0 TerminateThread
00000000AD7E 00001000AD7E 0 SuspendThread
00000000AD8E 00001000AD8E 0 ResumeThread
00000000AD9C 00001000AD9C 0 KERNEL32.dll
00000000ADAC 00001000ADAC 0 MessageBoxA
00000000ADB8 00001000ADB8 0 USER32.dll
00000000ADC6 00001000ADC6 0 CryptReleaseContext
00000000ADDC 00001000ADDC 0 CryptDestroyHash
00000000ADF0 00001000ADF0 0 CryptDestroyKey
00000000AE02 00001000AE02 0 CryptAcquireContextA
00000000AE1A 00001000AE1A 0 CryptGenRandom
00000000AE2A 00001000AE2A 0 ADVAPI32.dll
00000000AE3A 00001000AE3A 0 __CxxFrameHandler
00000000AE4E 00001000AE4E 0 _EH_prolog
00000000AE5C 00001000AE5C 0 ??0exception@@QAE@ABV0@@Z
00000000AE78 00001000AE78 0 _CxxThrowException
00000000AE8E 00001000AE8E 0 ?what@exception@@UBEPBDXZ
00000000AEAA 00001000AEAA 0 ??3@YAXPAX@Z
00000000AEBA 00001000AEBA 0 ??1exception@@UAE@XZ
00000000AED2 00001000AED2 0 strlen
00000000AEDC 00001000AEDC 0 ??2@YAPAXI@Z
00000000AEEC 00001000AEEC 0 _vsnprintf
00000000AEFA 00001000AEFA 0 memset
00000000AF04 00001000AF04 0 fclose
00000000AF0E 00001000AF0E 0 vfprintf
00000000AF1A 00001000AF1A 0 fopen
00000000AF2A 00001000AF2A 0 memcpy
00000000AF3C 00001000AF3C 0 realloc
00000000AF4E 00001000AF4E 0 ??0exception@@QAE@XZ
00000000AF66 00001000AF66 0 fputs
00000000AF6E 00001000AF6E 0 fread
00000000AF76 00001000AF76 0 _ftol
00000000AF7E 00001000AF7E 0 __dllonexit
00000000AF8C 00001000AF8C 0 _onexit
00000000AF94 00001000AF94 0 MSVCRT.dll
File pos Mem pos ID Text
======== ======= == ====
00000000AFA2 00001000AFA2 0 ??1type_info@@UAE@XZ
00000000AFBA 00001000AFBA 0 _initterm
00000000AFC6 00001000AFC6 0 malloc
00000000AFD0 00001000AFD0 0 _adjust_fdiv
00000000AFE0 00001000AFE0 0 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
00000000B030 00001000B030 0 ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
00000000B082 00001000B082 0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
00000000B0CC 00001000B0CC 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
00000000B128 00001000B128 0 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
00000000B17C 00001000B17C 0 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
00000000B1C6 00001000B1C6 0 ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
00000000B21C 00001000B21C 0 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
00000000B278 00001000B278 0 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
00000000B2CA 00001000B2CA 0 ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
00000000B31A 00001000B31A 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
00000000B372 00001000B372 0 ??0bad_exception@std@@QAE@ABV01@@Z
00000000B398 00001000B398 0 ??1bad_exception@std@@UAE@XZ
00000000B3B8 00001000B3B8 0 ??0bad_exception@std@@QAE@PBD@Z
00000000B3DA 00001000B3DA 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
00000000B432 00001000B432 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
00000000B48E 00001000B48E 0 ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
00000000B4EC 00001000B4EC 0 ?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
00000000B54A 00001000B54A 0 ??1_Lockit@std@@QAE@XZ
00000000B564 00001000B564 0 ??0_Lockit@std@@QAE@XZ
00000000B57E 00001000B57E 0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
00000000B5DA 00001000B5DA 0 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
00000000B62C 00001000B62C 0 ??0Init@ios_base@std@@QAE@XZ
00000000B64C 00001000B64C 0 ??1Init@ios_base@std@@QAE@XZ
00000000B66C 00001000B66C 0 ??0_Winit@std@@QAE@XZ
00000000B684 00001000B684 0 ??1_Winit@std@@QAE@XZ
00000000B69A 00001000B69A 0 MSVCP60.dll
00000000B6A8 00001000B6A8 0 PathAppendA
00000000B6B6 00001000B6B6 0 PathFileExistsA
00000000B6C6 00001000B6C6 0 SHLWAPI.dll
00000000B6D2 00001000B6D2 0 CRYPT32.dll
00000000B6E0 00001000B6E0 0 WFSGetInfo
00000000B6EE 00001000B6EE 0 WFSExecute
00000000B6FC 00001000B6FC 0 WFSFreeResult
00000000B70C 00001000B70C 0 WFMAllocateBuffer
00000000B720 00001000B720 0 WFMFreeBuffer
00000000B72E 00001000B72E 0 MSXFS.dll
00000000B73A 00001000B73A 0 HeapCreate
00000000B748 00001000B748 0 InterlockedCompareExchange
00000000B766 00001000B766 0 InterlockedExchange
00000000B77C 00001000B77C 0 HeapFree
00000000B788 00001000B788 0 OpenThread
00000000B796 00001000B796 0 SetThreadContext
00000000B7AA 00001000B7AA 0 GetThreadContext
00000000B7BE 00001000B7BE 0 Thread32Next
00000000B7CE 00001000B7CE 0 HeapReAlloc
00000000B7DC 00001000B7DC 0 HeapAlloc
00000000B7E8 00001000B7E8 0 GetCurrentThreadId
00000000B7FE 00001000B7FE 0 GetCurrentProcessId
00000000B814 00001000B814 0 Thread32First
00000000B824 00001000B824 0 CreateToolhelp32Snapshot
00000000B840 00001000B840 0 FlushInstructionCache
00000000B858 00001000B858 0 GetCurrentProcess
00000000B86C 00001000B86C 0 VirtualProtect
00000000B87E 00001000B87E 0 VirtualQuery
00000000B88E 00001000B88E 0 _itoa
File pos Mem pos ID Text
======== ======= == ====
00000000B8D2 00001000B8D2 0 sservice.dll
00000000B8DF 00001000B8DF 0 UnloadFunc
00000000C038 00001000C038 0 .?AVexception@@
00000000C050 00001000C050 0 .?AVException@System@CUniFramework@@
00000000C080 00001000C080 0 .?AVArgumentOutOfRangeException@System@CUniFramework@@
00000000C0B8 00001000C0B8 0 String::Substring: argument out of range.
00000000C0E4 00001000C0E4 0 Can't start thread.
00000000C0F8 00001000C0F8 0 Can't init XFS
00000000C108 00001000C108 0 Can't retrieve device handles.
00000000C128 00001000C128 0 ZFS::DllRoutine -> Can't receive command in while block!
00000000C164 00001000C164 0 Waiting for command from command provider.
00000000C190 00001000C190 0 Critical system error!
00000000C1A8 00001000C1A8 0 Try init XFS into victim process address space.
00000000C1D8 00001000C1D8 0 Resources init error
00000000C1F8 00001000C1F8 0 .?AVbad_exception@std@@
00000000C210 00001000C210 0 bad exception
00000000C230 00001000C230 0 .?AVHookLibException@System@CUniFramework@@
00000000C268 00001000C268 0 .?AVXfsException@@
00000000C27C 00001000C27C 0 Can't init resources, exiting.
00000000C29C 00001000C29C 0 HookLibException: code %d
00000000C2B8 00001000C2B8 0 InitResources -> XfsException: code %d
00000000C2E0 00001000C2E0 0 msxfs.dll
00000000C2EC 00001000C2EC 0 Logger is now on new TraceLevel: %s
00000000C310 00001000C310 0 ___log.txt
00000000C31C 00001000C31C 0 c:\intel
00000000C328 00001000C328 0 UNKNOWN
00000000C334 00001000C334 0 TRACE
00000000C33C 00001000C33C 0 NOTICE
00000000C344 00001000C344 0 WARNING
00000000C34C 00001000C34C 0 ERROR
00000000C354 00001000C354 0 FATAL
00000000C360 00001000C360 0 Xfs::DetermineDeviceByCommand -> exception happened
00000000C394 00001000C394 0 Exception caught DetermineDispenserHandle()
00000000C3C0 00001000C3C0 0 Can't determine CDM HSERVICE
00000000C3E0 00001000C3E0 0 DISPENSER is determined # %d
00000000C400 00001000C400 0 Exception caught DeterminePinPadService()
00000000C42C 00001000C42C 0 Can't determine PinPad HSERVICE
00000000C44C 00001000C44C 0 PinPad HSERVICE is determined # %d
00000000C478 00001000C478 0 .?AVHookLibCreateHookApiException@System@CUniFramework@@
00000000C4C0 00001000C4C0 0 .?AVHookLibInitializationException@System@CUniFramework@@
00000000C4FC 00001000C4FC 0 Can't load xfs module.
00000000C520 00001000C520 0 .?AVXfsGetInfoException@@
00000000C53C 00001000C53C 0 XFS-> found info about <%d> cash units
00000000C570 00001000C570 0 .?AVXfsDispenseException@@
00000000C58C 00001000C58C 0 XFS-> dispense end SUCCESSFUL DISPENSE
00000000C5B4 00001000C5B4 0 Dispense, dispense device is %d
00000000C5D4 00001000C5D4 0 Currency ID: %s
00000000C5E4 00001000C5E4 0 ulAmount = %d
00000000C5F4 00001000C5F4 0 usCount = %d
00000000C604 00001000C604 0 Denomination setted. %d
00000000C620 00001000C620 0 Dispense collection setted.
00000000C63C 00001000C63C 0 Dispense count set to # %d banknotes
00000000C664 00001000C664 0 XFS-> dispense start
00000000C688 00001000C688 0 .?AVHookLibEnableHookException@System@CUniFramework@@
00000000C6C0 00001000C6C0 0 List<T>.ElementAt()
00000000C6DC 00001000C6DC 0 |INDEX:%d|CU state:%d|Type:%d|Values:%d|Currency_ID:%s|Money count:%d|
00000000C728 00001000C728 0 CommandProcessor created
00000000C744 00001000C744 0 ICommandProcessor::ProcessCommand ->
00000000C769 00001000C769 0 SetMaximumDispenseSize:%d
00000000C784 00001000C784 0 DisplayBalance -> exception, code:%d
File pos Mem pos ID Text
======== ======= == ====
00000000C7AC 00001000C7AC 0 DisplayBalance 1try -> exception, code:%d
00000000C7D8 00001000C7D8 0 Manual Dispensing
00000000C7EC 00001000C7EC 0 Dispense failed. Unknown reason.
00000000C810 00001000C810 0 Dispense failed. CODE:%d
00000000C82C 00001000C82C 0 Multi Dispensing start
00000000C844 00001000C844 0 System error!
00000000C854 00001000C854 0 Processing command #%d
00000000C86C 00001000C86C 0 Received
00000000C879 00001000C879 0 commands
00000000C884 00001000C884 0 ICommandProcessor::PrintCashInfo -> Exception
00000000C8B4 00001000C8B4 0 ICommandProcessor::PrintCashInfo ->
00000000C8DC 00001000C8DC 0 can't create response, unknown error
00000000C904 00001000C904 0 last command response code %d
00000000C934 00001000C934 0 trying to dispense
00000000C948 00001000C948 0 -------------======================-------------
00000000C97C 00001000C97C 0 cash units info received
00000000C998 00001000C998 0 R2CommandProcessor::ProcessSetBalanceHook -> exception:%d
00000000C9D4 00001000C9D4 0 -command file name is %s
00000000C9F0 00001000C9F0 0 Command provider created
00000000CA0C 00001000CA0C 0 Founded < %d > commands
00000000CA24 00001000CA24 0 *.cmd
00000000CA2C 00001000CA2C 0 %s\%s
00000000CA34 00001000CA34 0 Command file deleted successfully
00000000CA58 00001000CA58 0 Reading command from a %s
00000000CA78 00001000CA78 0 ICommandProvider::GetCommandRealization -> Unknown exception
00000000CAC0 00001000CAC0 0 AES-256-CBC
00000000CAD8 00001000CAD8 0 .?AVCCryptoApiException@@
00000000CAF4 00001000CAF4 0 CryptoAPI::GetRandomOfSize(CDataBuffer& bufferRandomData, const size_t size) - > Can't generate random vector.
00000000CB64 00001000CB64 0 CryptoAPI::GetRandomOfSize(CDataBuffer& bufferRandomData, const size_t size) - > Can't get hProvider.
00000000CBE0 00001000CBE0 0 .?AVIOException@System@CUniFramework@@
00000000CC10 00001000CC10 0 .?AVFileNotFoundException@System@CUniFramework@@
00000000CC50 00001000CC50 0 .?AVThreadException@System@CUniFramework@@
00000000CC7C 00001000CC7C 0 Can't resume thread
00000000CC90 00001000CC90 0 [%04d/%02d/%02d %02d:%02d:%02d.%03d] %s
00000000CD06 00001000CD06 0 YYYYY
00000000CD12 00001000CD12 0 YYYYYYYYYYYY
00000000CD20 00001000CD20 0 }YPPPPYYYYa
00000000CD36 00001000CD36 0 YYYYYYYYYYY
00000000CDE8 00001000CDE8 0 JJJJKRJJJJOLJJJJJJJJUE@JJJEYMFJ]JJJJJJJJJJJJJJacgNJJkmJJEmJJDEJJ
00000000CEC8 00001000CEC8 0 .?AVtype_info@@
00000000D009 00001000D009 0 0"0,080E0g0u0
00000000D023 00001000D023 0 1$131I1n1
00000000D03D 00001000D03D 0 2"2?2D2X2g2
00000000D051 00001000D051 0 3%3@3L3U3z3
00000000D06B 00001000D06B 0 354I4U4
00000000D073 00001000D073 0 4p4}4
00000000D089 00001000D089 0 5%585>5U5e5~5
00000000D0B3 00001000D0B3 0 676p6
00000000D0CD 00001000D0CD 0 737L7b7
00000000D0DB 00001000D0DB 0 7#8H8a8r8
00000000D0EF 00001000D0EF 0 9Q9n9~9
00000000D107 00001000D107 0 :(:.:;:G:M:Z:
00000000D115 00001000D115 0 :f:q:
00000000D127 00001000D127 0 ;.;9;D;O;Z;e;l;r;
00000000D141 00001000D141 0 <#<2<N<[<r<
00000000D155 00001000D155 0 =-=3=p=
00000000D167 00001000D167 0 >%>.>4>@>M>d>
00000000D179 00001000D179 0 ?$?\?
00000000D18D 00001000D18D 0 0.0@0T0b0
00000000D1A7 00001000D1A7 0 1j1z1
File pos Mem pos ID Text
======== ======= == ====
00000000D1BB 00001000D1BB 0 2 262H2
00000000D1C9 00001000D1C9 0 2*323N3
00000000D1D7 00001000D1D7 0 3 4l4u4
00000000D1E3 00001000D1E3 0 5a5}5
00000000D1EF 00001000D1EF 0 6(6R6d6p6
00000000D207 00001000D207 0 7p8b9r9C<
00000000D217 00001000D217 0 =$=1=:=@=P=
00000000D229 00001000D229 0 >L>Y>g>
00000000D241 00001000D241 0 ?&?+?:?_?m?
00000000D267 00001000D267 0 02070F0k0y0
00000000D275 00001000D275 0 1;1W1g1x1}1
00000000D28B 00001000D28B 0 1S2h2w2
00000000D29D 00001000D29D 0 3:3@3i3
00000000D2AD 00001000D2AD 0 4>4F4Y4
00000000D2B9 00001000D2B9 0 5-5H5
00000000D2C9 00001000D2C9 0 7.7B7J7e7l7v7|7
00000000D2E1 00001000D2E1 0 8'8>8S8f8
00000000D2F7 00001000D2F7 0 9;9L9p9
00000000D303 00001000D303 0 :4:D:M:[:n:
00000000D317 00001000D317 0 ;$;d;t;
00000000D325 00001000D325 0 <%<N<g<
00000000D335 00001000D335 0 =0=>=
00000000D343 00001000D343 0 >(>->6>
00000000D357 00001000D357 0 ?&?-???x?
00000000D375 00001000D375 0 090D0J0z0
00000000D3B3 00001000D3B3 0 3b3z3
00000000D3C1 00001000D3C1 0 4#4;4H4j4s4x4~4
00000000D3D7 00001000D3D7 0 555R5
00000000D3E1 00001000D3E1 0 5>6d6
00000000D3EF 00001000D3EF 0 7%757:7G7U7a7o7
00000000D411 00001000D411 0 8=9C9u9
00000000D41D 00001000D41D 0 :):B:O:T:d:o:
00000000D431 00001000D431 0 :K;c;
00000000D453 00001000D453 0 >I>Y>d>
00000000D46B 00001000D46B 0 081D1I1X1
00000000D483 00001000D483 0 2)2V2
00000000D4BF 00001000D4BF 0 465h5}5
00000000D4D7 00001000D4D7 0 7+787a7
00000000D4F3 00001000D4F3 0 <"<,<T<h<
00000000D505 00001000D505 0 <%=4=M=S=
00000000D51F 00001000D51F 0 >$>6>E>K>Y>c>i>{>
00000000D547 00001000D547 0 ?!?-?3?=?g?
00000000D56F 00001000D56F 0 0!0-0
00000000D57F 00001000D57F 0 1=1i1r1
00000000D595 00001000D595 0 2%22292?2[2v2
00000000D5BB 00001000D5BB 0 494J4
00000000D5CB 00001000D5CB 0 5!5B5K5[5
00000000D5F3 00001000D5F3 0 8.848Q8W8
00000000D615 00001000D615 0 ;';7;=;G;Q;Z;
00000000D623 00001000D623 0 ;o;u;
00000000D641 00001000D641 0 < = =
00000000D651 00001000D651 0 011;1
00000000D677 00001000D677 0 5*50565<5B5H5N5T5b5j5p5{5
00000000D6C7 00001000D6C7 0 6$757:7l7}7
00000000D6EF 00001000D6EF 0 8 959A9]9i9
00000000D705 00001000D705 0 :8:t:
00000000D715 00001000D715 0 :(;\;m;r;
00000000D733 00001000D733 0 <1<]<
00000000D747 00001000D747 0 =1=E=d=y=
00000000D755 00001000D755 0 >W>x>
File pos Mem pos ID Text
======== ======= == ====
00000000D763 00001000D763 0 ?7?K?t?
00000000D779 00001000D779 0 010E0
00000000D7B3 00001000D7B3 0 2 2$2(2,2024282<2@2D2H2L2P2T2X2\2
00000000D7D5 00001000D7D5 0 2d2h2l2p2t2x2|2
00000000D82D 00001000D82D 0 3 383L3\3
00000000D84D 00001000D84D 0 4 4,40444<4D4P4X4l4t4
00000000D873 00001000D873 0 5 5(5D5
00000000D889 00001000D889 0 6$6,646D6P6l6t6
00000000D8AB 00001000D8AB 0 7$70787L7T7\7d7l7t7
00000000D8D5 00001000D8D5 0 8 8<8H8d8p8x8
00000000D8F1 00001000D8F1 0 9$9@9L9T9
00000000D915 00001000D915 0 :(:0:p:
00000000D935 00001000D935 0 ;$;(;,;0;<;D;L;T;\;p;|;
00000000D96D 00001000D96D 0 <(<D<P<l<t<
00000000D991 00001000D991 0 =4=@=\=d=p=
00000000D9B5 00001000D9B5 0 >$>0>L>T>\>d>p>
00000000D9D5 00001000D9D5 0 ? ?<?H?d?p?x?
00000000D9F7 00001000D9F7 0 0,040<0D0L0T0\0l0t0|0
00000000DA1D 00001000DA1D 0 1$101L1X1
00000000DA3D 00001000DA3D 0 2$202L2X2
00000000DA5D 00001000DA5D 0 343<3X3d3l3x3
00000000DA7B 00001000DA7B 0 4(404T4h4t4|4
00000000DA9B 00001000DA9B 0 5 5<5D5P5l5t5|5
00000000DAC9 00001000DAC9 0 646<6D6L6X6t6|6
00000000DAED 00001000DAED 0 7,787T7
00000000DB0D 00001000DB0D 0 8 8$8,848@8\8d8x8
00000000DB39 00001000DB39 0 9,949@9\9d9p9
00000000DB71 00001000DB71 0 0 000H0x0