.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------.
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
Date...........: 2019-04-02
Family.........: Atmosphere
File name......: app3.exe
File size......: 96.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Additional note: Drop e372631f96face11e803e812d9a77a25d0a81fa41e4ac362dc8aee5c8a021000
Binary Histogram:
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 144 0x90
blocks_in_file: 3 3
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 0 0
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 0 0
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 240 0xf0
=== DOS STUB ===
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
=== RICH Header ===
12 c 7291 1c7b 2 2
0 0 0 0 4 4
14 e 7299 1c83 1 1
10 a 8168 1fe8 11 b
4 4 8168 1fe8 6 6
19 13 8034 1f62 4 4
1 1 0 0 163 a3
93 5d 4035 fc3 5 5
11 b 8168 1fe8 30 1e
6 6 1720 6b8 1 1
=== PE Header ===
signature: "PE\x00\x00"
Machine: 332 0x14c x86
NumberOfSections: 4 4
TimeDateStamp: "2017-10-08 05:06:47"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 271 0x10f RELOCS_STRIPPED, EXECUTABLE_IMAGE
Magic: 267 0x10b 32-bit executable
LinkerVersion: 6.0
SizeOfCode: 16384 0x4000
SizeOfInitializedData: 77824 0x13000
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 16062 0x3ebe
BaseOfCode: 4096 0x1000
BaseOfData: 20480 0x5000
ImageBase: 4194304 0x400000
SectionAlignment: 4096 0x1000
FileAlignment: 4096 0x1000
OperatingSystemVersion: 4.0
ImageVersion: 0.0
SubsystemVersion: 4.0
Reserved1: 0 0
SizeOfImage: 98304 0x18000
SizeOfHeaders: 4096 0x1000
CheckSum: 0 0
Subsystem: 3 3 WINDOWS_CUI
DllCharacteristics: 0 0
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 4096 0x1000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x 5648 size:0x 8c
RESOURCE rva:0x 8000 size:0x f448
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x 0 size:0x 0
DEBUG rva:0x 0 size:0x 0
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 0 size:0x 0
LOAD_CONFIG rva:0x 0 size:0x 0
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 5000 size:0x 1c4
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
.text 1000 3253 4000 1000 0 0 0 0 60000020 R-X CODE
.rdata 5000 13c6 2000 5000 0 0 0 0 40000040 R-- IDATA
.data 7000 554 1000 7000 0 0 0 0 c0000040 RW- IDATA
.rsrc 8000 f448 10000 8000 0 0 0 0 40000040 R-- IDATA
0x8408 0 0x409 61440 BIN #128
0x17408 0 0x409 62 STRING #1
0x80f0 0 0x409 792 VERSION #1
=== IMPORTS ===
KERNEL32.dll 36e VirtualFreeEx
KERNEL32.dll 329 SetThreadContext
KERNEL32.dll 394 WriteProcessMemory
KERNEL32.dll 241 LoadLibraryA
KERNEL32.dll 36b VirtualAllocEx
KERNEL32.dll 2bf ResumeThread
KERNEL32.dll 1ca GetThreadContext
KERNEL32.dll 340 SuspendThread
KERNEL32.dll 278 OpenThread
KERNEL32.dll 34a Thread32Next
KERNEL32.dll 349 Thread32First
KERNEL32.dll 33e Sleep
KERNEL32.dll 274 OpenProcess
KERNEL32.dll 286 Process32Next
KERNEL32.dll 284 Process32First
KERNEL32.dll 1d1 GetTickCount
KERNEL32.dll 168 GetLastError
KERNEL32.dll 306 SetFilePointer
KERNEL32.dll 38b WriteFile
KERNEL32.dll 4f CreateFileA
KERNEL32.dll 15b GetFileSize
KERNEL32.dll 2a3 ReadFile
KERNEL32.dll 31 CloseHandle
KERNEL32.dll 109 GetCommandLineA
KERNEL32.dll 175 GetModuleHandleA
KERNEL32.dll 156 GetFileAttributesA
KERNEL32.dll 47 CreateDirectoryA
KERNEL32.dll 247 LocalAlloc
KERNEL32.dll 24b LocalFree
KERNEL32.dll df FindResourceA
KERNEL32.dll 246 LoadResource
KERNEL32.dll 254 LockResource
KERNEL32.dll 33d SizeofResource
KERNEL32.dll 6f CreateToolhelp32Snapshot
ADVAPI32.dll 142 OpenProcessToken
ADVAPI32.dll 17 AdjustTokenPrivileges
ADVAPI32.dll 9d FreeSid
ADVAPI32.dll 18 AllocateAndInitializeSid
ADVAPI32.dll 197 SetEntriesInAclA
ADVAPI32.dll df InitializeSecurityDescriptor
ADVAPI32.dll 1a5 SetSecurityDescriptorDacl
ADVAPI32.dll 19b SetFileSecurityA
MFC42.DLL 627
MFC42.DLL 231
MFC42.DLL 32f
MFC42.DLL 339
MFC42.DLL 337
MSVCRT.dll b7 _controlfp
MSVCRT.dll ca _except_handler3
MSVCRT.dll 81 __set_app_type
MSVCRT.dll 6f __p__fmode
MSVCRT.dll 6a __p__commode
MSVCRT.dll 9d _adjust_fdiv
MSVCRT.dll 83 __setusermatherr
MSVCRT.dll 10f _initterm
MSVCRT.dll 58 __getmainargs
MSVCRT.dll 64 __p___initenv
MSVCRT.dll 249 exit
MSVCRT.dll 48 _XcptFilter
MSVCRT.dll d3 _exit
MSVCRT.dll e ??1type_info@@UAE@XZ
MSVCRT.dll 186 _onexit
MSVCRT.dll 55 __dllonexit
MSVCRT.dll 2b4 srand
MSVCRT.dll 2a6 rand
MSVCRT.dll 9 ??0exception@@QAE@XZ
MSVCRT.dll 2a7 realloc
MSVCRT.dll 25e free
MSVCRT.dll d ??1exception@@UAE@XZ
MSVCRT.dll 30 ?what@exception@@UBEPBDXZ
MSVCRT.dll 298 memmove
MSVCRT.dll 41 _CxxThrowException
MSVCRT.dll 257 fopen
MSVCRT.dll 2d9 vfprintf
MSVCRT.dll 24c fclose
MSVCRT.dll 8 ??0exception@@QAE@ABV0@@Z
MSVCRT.dll 1e1 _vsnprintf
MSVCRT.dll 29e printf
MSVCRT.dll 49 __CxxFrameHandler
MSVCRT.dll 1c1 _stricmp
MSVCP60.dll a2 ??0_Lockit@std@@QAE@XZ
MSVCP60.dll 10b ??1_Lockit@std@@QAE@XZ
MSVCP60.dll 10d ??1_Winit@std@@QAE@XZ
MSVCP60.dll a5 ??0_Winit@std@@QAE@XZ
MSVCP60.dll 109 ??1Init@ios_base@std@@QAE@XZ
MSVCP60.dll 9e ??0Init@ios_base@std@@QAE@XZ
MSVCP60.dll 406 ?_Xran@std@@YAXXZ
MSVCP60.dll 43b ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
MSVCP60.dll 1d0 ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
MSVCP60.dll 50f ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
MSVCP60.dll 49 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
MSVCP60.dll 411 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
MSVCP60.dll 3f2 ?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
MSVCP60.dll 34a ?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
MSVCP60.dll 405 ?_Xlen@std@@YAXXZ
MSVCP60.dll 420 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
MSVCP60.dll 41c ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
MSVCP60.dll ad ??0bad_exception@std@@QAE@PBD@Z
MSVCP60.dll 111 ??1bad_exception@std@@UAE@XZ
MSVCP60.dll ac ??0bad_exception@std@@QAE@ABV01@@Z
MSVCP60.dll 3f8 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
MSVCP60.dll 32d ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
MSVCP60.dll e9 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
MSVCP60.dll 661 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
MSVCP60.dll 529 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
MSVCP60.dll 392 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
SHLWAPI.dll b PathAppendA
FileVersion :
ProductVersion :
StrucVersion : 0x10000
FileFlagsMask : 0x3f
FileFlags : 0
FileOS : 0x40004
FileType : 1
FileSubtype : 0
# StringTable 040904b0:
Comments : ""
CompanyName : " "
FileDescription : "tester"
FileVersion : "1, 0, 0, 1"
InternalName : "tester"
LegalCopyright : "Copyright \u00A9 2017"
LegalTrademarks : ""
OriginalFilename : "tester.exe"
PrivateBuild : ""
ProductName : " tester"
ProductVersion : "1, 0, 0, 1"
SpecialBuild : ""
VarFileInfo : [ 0x409, 0x4b0 ]
=== Packer / Compiler ===
MS Visual C++ v6.0
=== Strings ===
File pos Mem pos ID Text
======== ======= == ====
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001E8 0000004001E8 0 .text
000000000210 000000400210 0 .rdata
000000000237 000000400237 0 @.data
000000000260 000000400260 0 .rsrc
000000001083 000000401083 0 Vhlp@
000000001109 000000401109 0 L$(SUV
000000001110 000000401110 0 D$8W3
000000001145 000000401145 0 D$HPQVU
000000001269 000000401269 0 D$(UVWj
000000001304 000000401304 0 L$8QP
000000001465 000000401465 0 ShHq@
000000001479 000000401479 0 QSSSSSSSSj
000000001577 000000401577 0 IQhHq@
0000000015B9 0000004015B9 0 IQh@q@
0000000016A9 0000004016A9 0 T$Lh,q@
000000001730 000000401730 0 d$ Ph
0000000024C5 0000004024C5 0 t$(Ph|q@
000000002742 000000402742 0 T$$RW
00000000284B 00000040284B 0 D$ RP
000000002896 000000402896 0 T$$RW
000000002BFC 000000402BFC 0 SI-P+@
000000002C6F 000000402C6F 0 T$4RW
000000002C7B 000000402C7B 0 t-9\$@t
000000002C84 000000402C84 0 D$4PW
000000002C95 000000402C95 0 L$<Qh|s@
000000002CD3 000000402CD3 0 Ph(s@
000000002D0F 000000402D0F 0 D$PPW
000000002D6E 000000402D6E 0 PhHr@
000000002DBD 000000402DBD 0 QhP+@
000000002E1C 000000402E1C 0 T$PRW
000000002E9F 000000402E9F 0 D$$W3
000000002F42 000000402F42 0 L$pPQ
000000003069 000000403069 0 D$$SU3
000000003A62 000000403A62 0 9h uc
000000003B4A 000000403B4A 0 9h ua
00000000589A 00000040589A 0 SizeofResource
0000000058AC 0000004058AC 0 LockResource
0000000058BC 0000004058BC 0 LoadResource
0000000058CC 0000004058CC 0 FindResourceA
0000000058DC 0000004058DC 0 LocalFree
0000000058E8 0000004058E8 0 LocalAlloc
0000000058F6 0000004058F6 0 CreateDirectoryA
00000000590A 00000040590A 0 GetFileAttributesA
000000005920 000000405920 0 GetModuleHandleA
000000005934 000000405934 0 GetCommandLineA
000000005946 000000405946 0 CloseHandle
000000005954 000000405954 0 ReadFile
000000005960 000000405960 0 GetFileSize
00000000596E 00000040596E 0 CreateFileA
00000000597C 00000040597C 0 WriteFile
000000005988 000000405988 0 SetFilePointer
00000000599A 00000040599A 0 GetLastError
0000000059AA 0000004059AA 0 Sleep
0000000059B2 0000004059B2 0 VirtualFreeEx
0000000059C2 0000004059C2 0 SetThreadContext
0000000059D6 0000004059D6 0 WriteProcessMemory
0000000059EC 0000004059EC 0 LoadLibraryA
0000000059FC 0000004059FC 0 VirtualAllocEx
000000005A0E 000000405A0E 0 ResumeThread
File pos Mem pos ID Text
======== ======= == ====
000000005A1E 000000405A1E 0 GetThreadContext
000000005A32 000000405A32 0 SuspendThread
000000005A42 000000405A42 0 OpenThread
000000005A50 000000405A50 0 Thread32Next
000000005A60 000000405A60 0 Thread32First
000000005A70 000000405A70 0 CreateToolhelp32Snapshot
000000005A8C 000000405A8C 0 OpenProcess
000000005A9A 000000405A9A 0 Process32Next
000000005AAA 000000405AAA 0 Process32First
000000005ABC 000000405ABC 0 GetTickCount
000000005ACA 000000405ACA 0 KERNEL32.dll
000000005AD8 000000405AD8 0 USER32.dll
000000005AE6 000000405AE6 0 FreeSid
000000005AF0 000000405AF0 0 SetFileSecurityA
000000005B04 000000405B04 0 SetSecurityDescriptorDacl
000000005B20 000000405B20 0 InitializeSecurityDescriptor
000000005B40 000000405B40 0 SetEntriesInAclA
000000005B54 000000405B54 0 AllocateAndInitializeSid
000000005B70 000000405B70 0 AdjustTokenPrivileges
000000005B88 000000405B88 0 OpenProcessToken
000000005B9A 000000405B9A 0 ADVAPI32.dll
000000005BA8 000000405BA8 0 CRYPT32.dll
000000005BB4 000000405BB4 0 MFC42.DLL
000000005BC0 000000405BC0 0 printf
000000005BCA 000000405BCA 0 __CxxFrameHandler
000000005BDE 000000405BDE 0 _vsnprintf
000000005BEC 000000405BEC 0 ??0exception@@QAE@ABV0@@Z
000000005C08 000000405C08 0 fclose
000000005C12 000000405C12 0 vfprintf
000000005C1E 000000405C1E 0 fopen
000000005C26 000000405C26 0 _CxxThrowException
000000005C3C 000000405C3C 0 memmove
000000005C46 000000405C46 0 ?what@exception@@UBEPBDXZ
000000005C62 000000405C62 0 ??1exception@@UAE@XZ
000000005C82 000000405C82 0 realloc
000000005C8C 000000405C8C 0 ??0exception@@QAE@XZ
000000005CAC 000000405CAC 0 srand
000000005CB2 000000405CB2 0 MSVCRT.dll
000000005CC0 000000405CC0 0 __dllonexit
000000005CCE 000000405CCE 0 _onexit
000000005CD8 000000405CD8 0 ??1type_info@@UAE@XZ
000000005CF0 000000405CF0 0 _exit
000000005CF8 000000405CF8 0 _XcptFilter
000000005D0E 000000405D0E 0 __p___initenv
000000005D1E 000000405D1E 0 __getmainargs
000000005D2E 000000405D2E 0 _initterm
000000005D3A 000000405D3A 0 __setusermatherr
000000005D4E 000000405D4E 0 _adjust_fdiv
000000005D5E 000000405D5E 0 __p__commode
000000005D6E 000000405D6E 0 __p__fmode
000000005D7C 000000405D7C 0 __set_app_type
000000005D8E 000000405D8E 0 _except_handler3
000000005DA2 000000405DA2 0 _controlfp
000000005DB0 000000405DB0 0 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
000000005E02 000000405E02 0 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
000000005E56 000000405E56 0 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
000000005EA0 000000405EA0 0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
000000005EEA 000000405EEA 0 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
000000005F46 000000405F46 0 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
000000005F96 000000405F96 0 ??0bad_exception@std@@QAE@ABV01@@Z
File pos Mem pos ID Text
======== ======= == ====
000000005FBC 000000405FBC 0 ??1bad_exception@std@@UAE@XZ
000000005FDC 000000405FDC 0 ??0bad_exception@std@@QAE@PBD@Z
000000005FFE 000000405FFE 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
00000000605A 00000040605A 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
0000000060B2 0000004060B2 0 ?_Xlen@std@@YAXXZ
0000000060C6 0000004060C6 0 ?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
000000006114 000000406114 0 ?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
000000006162 000000406162 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
0000000061BA 0000004061BA 0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
000000006216 000000406216 0 ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
00000000625C 00000040625C 0 ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
0000000062A2 0000004062A2 0 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0000000062DE 0000004062DE 0 ?_Xran@std@@YAXXZ
0000000062F2 0000004062F2 0 ??0Init@ios_base@std@@QAE@XZ
000000006312 000000406312 0 ??1Init@ios_base@std@@QAE@XZ
000000006332 000000406332 0 ??0_Winit@std@@QAE@XZ
00000000634A 00000040634A 0 ??1_Winit@std@@QAE@XZ
000000006362 000000406362 0 ??1_Lockit@std@@QAE@XZ
00000000637C 00000040637C 0 ??0_Lockit@std@@QAE@XZ
000000006394 000000406394 0 MSVCP60.dll
0000000063A2 0000004063A2 0 PathAppendA
0000000063AE 0000004063AE 0 SHLWAPI.dll
0000000063BC 0000004063BC 0 _stricmp
000000007028 000000407028 0 .?AVexception@@
000000007040 000000407040 0 .?AVbad_exception@std@@
000000007058 000000407058 0 bad exception
000000007078 000000407078 0 .?AVException@System@CUniFramework@@
0000000070A8 0000004070A8 0 .?AVArgumentOutOfRangeException@System@CUniFramework@@
0000000070E0 0000004070E0 0 List<T>.ElementAt()
0000000070F4 0000004070F4 0 no processes found. Exiting.
000000007114 000000407114 0 Founded %d precesses.
00000000712C 00000040712C 0 fwmain32.exe
000000007148 000000407148 0 c:\intel
000000007154 000000407154 0 Fatal Error: MFC initialization failed
00000000717C 00000040717C 0 lib_%s
000000007188 000000407188 0 AES-256-CBC
00000000719D 00000040719D 0 Error: Unable to set the context of the target thread (%d)
0000000071DD 0000004071DD 0 Setting thread context.
0000000071F9 0000004071F9 0 Writing the shellcode, LoadLibraryA address and DLL path into target process.
000000007249 000000407249 0 Error: Unable to allocate memory in target process (%d)
000000007285 000000407285 0 Allocating memory in target process.
0000000072AD 0000004072AD 0 Error: Unable to get the thread context of target thread (%d)
0000000072ED 0000004072ED 0 Getting thread context.
000000007309 000000407309 0 Suspending the target thread.
000000007329 000000407329 0 Error: Unable to open target thread handle (%d)
00000000735D 00000040735D 0 Opening target thread handle.
00000000737D 00000040737D 0 Target thread found. TID: %d
00000000739D 00000040739D 0 Finding a thread to hijack.
0000000073BD 0000004073BD 0 Error: Unable to open target process handle (%d)
0000000073F8 0000004073F8 0 .?AVtype_info@@
000000008455 000000408455 0 !This program cannot be run in DOS mode.
0000000085F0 0000004085F0 0 .text
000000008618 000000408618 0 .rdata
00000000863F 00000040863F 0 @.data
000000008668 000000408668 0 .reloc
00000000A371 00000040A371 0 Q"SVW
00000000A9EC 00000040A9EC 0 C&j4+
00000000B4A5 00000040B4A5 0 At(Ht!HHt
00000000B9BB 00000040B9BB 0 9y uF
00000000B9C3 00000040B9C3 0 9y u>
File pos Mem pos ID Text
======== ======= == ====
00000000B9EE 00000040B9EE 0 9y uS
00000000B9F5 00000040B9F5 0 9y uL
00000000BF89 00000040BF89 0 j(XPhD
00000000C606 00000040C606 0 SVW3
00000000CACD 00000040CACD 0 SVWjN3
00000000CFE0 00000040CFE0 0 NGVWP
00000000DFEE 00000040DFEE 0 DSVW3
00000000E6C1 00000040E6C1 0 YtVSWV
00000000EA4E 00000040EA4E 0 9>YtD3
00000000F63B 00000040F63B 0 t"It
00000000F676 00000040F676 0 t|IItt
00000000FA38 00000040FA38 0 t WVS
00000000FA65 00000040FA65 0 u7WPS
00000000FA76 00000040FA76 0 u&WVS
00000001306A 00000041306A 0 GetModuleFileNameA
000000013080 000000413080 0 GetModuleHandleA
000000013094 000000413094 0 VirtualFree
0000000130A2 0000004130A2 0 VirtualAlloc
0000000130B2 0000004130B2 0 Sleep
0000000130BA 0000004130BA 0 FindNextFileA
0000000130CA 0000004130CA 0 FindFirstFileA
0000000130DC 0000004130DC 0 WaitForSingleObject
0000000130F2 0000004130F2 0 CloseHandle
000000013100 000000413100 0 ReadFile
00000001310C 00000041310C 0 GetFileSize
00000001311A 00000041311A 0 CreateFileA
000000013128 000000413128 0 WriteFile
000000013134 000000413134 0 SetFilePointer
000000013146 000000413146 0 GetLocalTime
000000013156 000000413156 0 DeleteFileA
000000013164 000000413164 0 CreateThread
000000013174 000000413174 0 TerminateThread
000000013186 000000413186 0 SuspendThread
000000013196 000000413196 0 ResumeThread
0000000131A4 0000004131A4 0 KERNEL32.dll
0000000131B4 0000004131B4 0 MessageBoxA
0000000131C0 0000004131C0 0 USER32.dll
0000000131CE 0000004131CE 0 CryptReleaseContext
0000000131E4 0000004131E4 0 CryptDestroyHash
0000000131F8 0000004131F8 0 CryptDestroyKey
00000001320A 00000041320A 0 CryptAcquireContextA
000000013222 000000413222 0 CryptGenRandom
000000013232 000000413232 0 ADVAPI32.dll
000000013242 000000413242 0 __CxxFrameHandler
000000013256 000000413256 0 _EH_prolog
000000013264 000000413264 0 ??0exception@@QAE@ABV0@@Z
000000013280 000000413280 0 _CxxThrowException
000000013296 000000413296 0 ?what@exception@@UBEPBDXZ
0000000132B2 0000004132B2 0 ??3@YAXPAX@Z
0000000132C2 0000004132C2 0 ??1exception@@UAE@XZ
0000000132DA 0000004132DA 0 strlen
0000000132E4 0000004132E4 0 ??2@YAPAXI@Z
0000000132F4 0000004132F4 0 _vsnprintf
000000013302 000000413302 0 memset
00000001330C 00000041330C 0 fclose
000000013316 000000413316 0 vfprintf
000000013322 000000413322 0 fopen
000000013332 000000413332 0 memcpy
000000013344 000000413344 0 realloc
000000013356 000000413356 0 ??0exception@@QAE@XZ
File pos Mem pos ID Text
======== ======= == ====
00000001336E 00000041336E 0 fputs
000000013376 000000413376 0 fread
00000001337E 00000041337E 0 _ftol
000000013386 000000413386 0 __dllonexit
000000013394 000000413394 0 _onexit
00000001339C 00000041339C 0 MSVCRT.dll
0000000133AA 0000004133AA 0 ??1type_info@@UAE@XZ
0000000133C2 0000004133C2 0 _initterm
0000000133CE 0000004133CE 0 malloc
0000000133D8 0000004133D8 0 _adjust_fdiv
0000000133E8 0000004133E8 0 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
000000013438 000000413438 0 ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
00000001348A 00000041348A 0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
0000000134D4 0000004134D4 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
000000013530 000000413530 0 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
000000013584 000000413584 0 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
0000000135CE 0000004135CE 0 ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
000000013624 000000413624 0 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
000000013680 000000413680 0 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
0000000136D2 0000004136D2 0 ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
000000013722 000000413722 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
00000001377A 00000041377A 0 ??0bad_exception@std@@QAE@ABV01@@Z
0000000137A0 0000004137A0 0 ??1bad_exception@std@@UAE@XZ
0000000137C0 0000004137C0 0 ??0bad_exception@std@@QAE@PBD@Z
0000000137E2 0000004137E2 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
00000001383A 00000041383A 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
000000013896 000000413896 0 ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
0000000138F4 0000004138F4 0 ?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
000000013952 000000413952 0 ??1_Lockit@std@@QAE@XZ
00000001396C 00000041396C 0 ??0_Lockit@std@@QAE@XZ
000000013986 000000413986 0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
0000000139E2 0000004139E2 0 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
000000013A34 000000413A34 0 ??0Init@ios_base@std@@QAE@XZ
000000013A54 000000413A54 0 ??1Init@ios_base@std@@QAE@XZ
000000013A74 000000413A74 0 ??0_Winit@std@@QAE@XZ
000000013A8C 000000413A8C 0 ??1_Winit@std@@QAE@XZ
000000013AA2 000000413AA2 0 MSVCP60.dll
000000013AB0 000000413AB0 0 PathAppendA
000000013ABE 000000413ABE 0 PathFileExistsA
000000013ACE 000000413ACE 0 SHLWAPI.dll
000000013ADA 000000413ADA 0 CRYPT32.dll
000000013AE8 000000413AE8 0 WFSGetInfo
000000013AF6 000000413AF6 0 WFSExecute
000000013B04 000000413B04 0 WFSFreeResult
000000013B14 000000413B14 0 WFMAllocateBuffer
000000013B28 000000413B28 0 WFMFreeBuffer
000000013B36 000000413B36 0 MSXFS.dll
000000013B42 000000413B42 0 HeapCreate
000000013B50 000000413B50 0 InterlockedCompareExchange
000000013B6E 000000413B6E 0 InterlockedExchange
000000013B84 000000413B84 0 HeapFree
000000013B90 000000413B90 0 OpenThread
000000013B9E 000000413B9E 0 SetThreadContext
000000013BB2 000000413BB2 0 GetThreadContext
000000013BC6 000000413BC6 0 Thread32Next
000000013BD6 000000413BD6 0 HeapReAlloc
000000013BE4 000000413BE4 0 HeapAlloc
000000013BF0 000000413BF0 0 GetCurrentThreadId
000000013C06 000000413C06 0 GetCurrentProcessId
000000013C1C 000000413C1C 0 Thread32First
File pos Mem pos ID Text
======== ======= == ====
000000013C2C 000000413C2C 0 CreateToolhelp32Snapshot
000000013C48 000000413C48 0 FlushInstructionCache
000000013C60 000000413C60 0 GetCurrentProcess
000000013C74 000000413C74 0 VirtualProtect
000000013C86 000000413C86 0 VirtualQuery
000000013C96 000000413C96 0 _itoa
000000013CDA 000000413CDA 0 sservice.dll
000000013CE7 000000413CE7 0 UnloadFunc
000000014440 000000414440 0 .?AVexception@@
000000014458 000000414458 0 .?AVException@System@CUniFramework@@
000000014488 000000414488 0 .?AVArgumentOutOfRangeException@System@CUniFramework@@
0000000144C0 0000004144C0 0 String::Substring: argument out of range.
0000000144EC 0000004144EC 0 Can't start thread.
000000014500 000000414500 0 Can't init XFS
000000014510 000000414510 0 Can't retrieve device handles.
000000014530 000000414530 0 ZFS::DllRoutine -> Can't receive command in while block!
00000001456C 00000041456C 0 Waiting for command from command provider.
000000014598 000000414598 0 Critical system error!
0000000145B0 0000004145B0 0 Try init XFS into victim process address space.
0000000145E0 0000004145E0 0 Resources init error
000000014600 000000414600 0 .?AVbad_exception@std@@
000000014618 000000414618 0 bad exception
000000014638 000000414638 0 .?AVHookLibException@System@CUniFramework@@
000000014670 000000414670 0 .?AVXfsException@@
000000014684 000000414684 0 Can't init resources, exiting.
0000000146A4 0000004146A4 0 HookLibException: code %d
0000000146C0 0000004146C0 0 InitResources -> XfsException: code %d
0000000146E8 0000004146E8 0 msxfs.dll
0000000146F4 0000004146F4 0 Logger is now on new TraceLevel: %s
000000014718 000000414718 0 ___log.txt
000000014724 000000414724 0 c:\intel
000000014730 000000414730 0 UNKNOWN
00000001473C 00000041473C 0 TRACE
000000014744 000000414744 0 NOTICE
00000001474C 00000041474C 0 WARNING
000000014754 000000414754 0 ERROR
00000001475C 00000041475C 0 FATAL
000000014768 000000414768 0 Xfs::DetermineDeviceByCommand -> exception happened
00000001479C 00000041479C 0 Exception caught DetermineDispenserHandle()
0000000147C8 0000004147C8 0 Can't determine CDM HSERVICE
0000000147E8 0000004147E8 0 DISPENSER is determined # %d
000000014808 000000414808 0 Exception caught DeterminePinPadService()
000000014834 000000414834 0 Can't determine PinPad HSERVICE
000000014854 000000414854 0 PinPad HSERVICE is determined # %d
000000014880 000000414880 0 .?AVHookLibCreateHookApiException@System@CUniFramework@@
0000000148C8 0000004148C8 0 .?AVHookLibInitializationException@System@CUniFramework@@
000000014904 000000414904 0 Can't load xfs module.
000000014928 000000414928 0 .?AVXfsGetInfoException@@
000000014944 000000414944 0 XFS-> found info about <%d> cash units
000000014978 000000414978 0 .?AVXfsDispenseException@@
000000014994 000000414994 0 XFS-> dispense end SUCCESSFUL DISPENSE
0000000149BC 0000004149BC 0 Dispense, dispense device is %d
0000000149DC 0000004149DC 0 Currency ID: %s
0000000149EC 0000004149EC 0 ulAmount = %d
0000000149FC 0000004149FC 0 usCount = %d
000000014A0C 000000414A0C 0 Denomination setted. %d
000000014A28 000000414A28 0 Dispense collection setted.
000000014A44 000000414A44 0 Dispense count set to # %d banknotes
000000014A6C 000000414A6C 0 XFS-> dispense start
000000014A90 000000414A90 0 .?AVHookLibEnableHookException@System@CUniFramework@@
File pos Mem pos ID Text
======== ======= == ====
000000014AC8 000000414AC8 0 List<T>.ElementAt()
000000014AE4 000000414AE4 0 |INDEX:%d|CU state:%d|Type:%d|Values:%d|Currency_ID:%s|Money count:%d|
000000014B30 000000414B30 0 CommandProcessor created
000000014B4C 000000414B4C 0 ICommandProcessor::ProcessCommand ->
000000014B71 000000414B71 0 SetMaximumDispenseSize:%d
000000014B8C 000000414B8C 0 DisplayBalance -> exception, code:%d
000000014BB4 000000414BB4 0 DisplayBalance 1try -> exception, code:%d
000000014BE0 000000414BE0 0 Manual Dispensing
000000014BF4 000000414BF4 0 Dispense failed. Unknown reason.
000000014C18 000000414C18 0 Dispense failed. CODE:%d
000000014C34 000000414C34 0 Multi Dispensing start
000000014C4C 000000414C4C 0 System error!
000000014C5C 000000414C5C 0 Processing command #%d
000000014C74 000000414C74 0 Received
000000014C81 000000414C81 0 commands
000000014C8C 000000414C8C 0 ICommandProcessor::PrintCashInfo -> Exception
000000014CBC 000000414CBC 0 ICommandProcessor::PrintCashInfo ->
000000014CE4 000000414CE4 0 can't create response, unknown error
000000014D0C 000000414D0C 0 last command response code %d
000000014D3C 000000414D3C 0 trying to dispense
000000014D50 000000414D50 0 -------------======================-------------
000000014D84 000000414D84 0 cash units info received
000000014DA0 000000414DA0 0 R2CommandProcessor::ProcessSetBalanceHook -> exception:%d
000000014DDC 000000414DDC 0 -command file name is %s
000000014DF8 000000414DF8 0 Command provider created
000000014E14 000000414E14 0 Founded < %d > commands
000000014E2C 000000414E2C 0 *.cmd
000000014E34 000000414E34 0 %s\%s
000000014E3C 000000414E3C 0 Command file deleted successfully
000000014E60 000000414E60 0 Reading command from a %s
000000014E80 000000414E80 0 ICommandProvider::GetCommandRealization -> Unknown exception
000000014EC8 000000414EC8 0 AES-256-CBC
000000014EE0 000000414EE0 0 .?AVCCryptoApiException@@
000000014EFC 000000414EFC 0 CryptoAPI::GetRandomOfSize(CDataBuffer& bufferRandomData, const size_t size) - > Can't generate random vector.
000000014F6C 000000414F6C 0 CryptoAPI::GetRandomOfSize(CDataBuffer& bufferRandomData, const size_t size) - > Can't get hProvider.
000000014FE8 000000414FE8 0 .?AVIOException@System@CUniFramework@@
000000015018 000000415018 0 .?AVFileNotFoundException@System@CUniFramework@@
000000015058 000000415058 0 .?AVThreadException@System@CUniFramework@@
000000015084 000000415084 0 Can't resume thread
000000015098 000000415098 0 [%04d/%02d/%02d %02d:%02d:%02d.%03d] %s
00000001510E 00000041510E 0 YYYYY
00000001511A 00000041511A 0 YYYYYYYYYYYY
000000015128 000000415128 0 }YPPPPYYYYa
00000001513E 00000041513E 0 YYYYYYYYYYY
0000000152D0 0000004152D0 0 .?AVtype_info@@
000000015411 000000415411 0 0"0,080E0g0u0
00000001542B 00000041542B 0 1$131I1n1
000000015445 000000415445 0 2"2?2D2X2g2
000000015459 000000415459 0 3%3@3L3U3z3
000000015473 000000415473 0 354I4U4
00000001547B 00000041547B 0 4p4}4
000000015491 000000415491 0 5%585>5U5e5~5
0000000154BB 0000004154BB 0 676p6
0000000154D5 0000004154D5 0 737L7b7
0000000154E3 0000004154E3 0 7#8H8a8r8
0000000154F7 0000004154F7 0 9Q9n9~9
00000001550F 00000041550F 0 :(:.:;:G:M:Z:
00000001551D 00000041551D 0 :f:q:
00000001552F 00000041552F 0 ;.;9;D;O;Z;e;l;r;
File pos Mem pos ID Text
======== ======= == ====
000000015549 000000415549 0 <#<2<N<[<r<
00000001555D 00000041555D 0 =-=3=p=
00000001556F 00000041556F 0 >%>.>4>@>M>d>
000000015581 000000415581 0 ?$?\?
000000015595 000000415595 0 0.0@0T0b0
0000000155AF 0000004155AF 0 1j1z1
0000000155C3 0000004155C3 0 2 262H2
0000000155D1 0000004155D1 0 2*323N3
0000000155DF 0000004155DF 0 3 4l4u4
0000000155EB 0000004155EB 0 5a5}5
0000000155F7 0000004155F7 0 6(6R6d6p6
00000001560F 00000041560F 0 7p8b9r9C<
00000001561F 00000041561F 0 =$=1=:=@=P=
000000015631 000000415631 0 >L>Y>g>
000000015649 000000415649 0 ?&?+?:?_?m?
00000001566F 00000041566F 0 02070F0k0y0
00000001567D 00000041567D 0 1;1W1g1x1}1
000000015693 000000415693 0 1S2h2w2
0000000156A5 0000004156A5 0 3:3@3i3
0000000156B5 0000004156B5 0 4>4F4Y4
0000000156C1 0000004156C1 0 5-5H5
0000000156D1 0000004156D1 0 7.7B7J7e7l7v7|7
0000000156E9 0000004156E9 0 8'8>8S8f8
0000000156FF 0000004156FF 0 9;9L9p9
00000001570B 00000041570B 0 :4:D:M:[:n:
00000001571F 00000041571F 0 ;$;d;t;
00000001572D 00000041572D 0 <%<N<g<
00000001573D 00000041573D 0 =0=>=
00000001574B 00000041574B 0 >(>->6>
00000001575F 00000041575F 0 ?&?-???x?
00000001577D 00000041577D 0 090D0J0z0
0000000157BB 0000004157BB 0 3b3z3
0000000157C9 0000004157C9 0 4#4;4H4j4s4x4~4
0000000157DF 0000004157DF 0 555R5
0000000157E9 0000004157E9 0 5>6d6
0000000157F7 0000004157F7 0 7%757:7G7U7a7o7
000000015819 000000415819 0 8=9C9u9
000000015825 000000415825 0 :):B:O:T:d:o:
000000015839 000000415839 0 :K;c;
00000001585B 00000041585B 0 >I>Y>d>
000000015873 000000415873 0 081D1I1X1
00000001588B 00000041588B 0 2)2V2
0000000158C7 0000004158C7 0 465h5}5
0000000158DF 0000004158DF 0 7+787a7
0000000158FB 0000004158FB 0 <"<,<T<h<
00000001590D 00000041590D 0 <%=4=M=S=
000000015927 000000415927 0 >$>6>E>K>Y>c>i>{>
00000001594F 00000041594F 0 ?!?-?3?=?g?
000000015977 000000415977 0 0!0-0
000000015987 000000415987 0 1=1i1r1
00000001599D 00000041599D 0 2%22292?2[2v2
0000000159C3 0000004159C3 0 494J4
0000000159D3 0000004159D3 0 5!5B5K5[5
0000000159FB 0000004159FB 0 8.848Q8W8
000000015A1D 000000415A1D 0 ;';7;=;G;Q;Z;
000000015A2B 000000415A2B 0 ;o;u;
000000015A49 000000415A49 0 < = =
000000015A59 000000415A59 0 011;1
000000015A7F 000000415A7F 0 5*50565<5B5H5N5T5b5j5p5{5
000000015ACF 000000415ACF 0 6$757:7l7}7
File pos Mem pos ID Text
======== ======= == ====
000000015AF7 000000415AF7 0 8 959A9]9i9
000000015B0D 000000415B0D 0 :8:t:
000000015B1D 000000415B1D 0 :(;\;m;r;
000000015B3B 000000415B3B 0 <1<]<
000000015B4F 000000415B4F 0 =1=E=d=y=
000000015B5D 000000415B5D 0 >W>x>
000000015B6B 000000415B6B 0 ?7?K?t?
000000015B81 000000415B81 0 010E0
000000015BBB 000000415BBB 0 2 2$2(2,2024282<2@2D2H2L2P2T2X2\2
000000015BDD 000000415BDD 0 2d2h2l2p2t2x2|2
000000015C35 000000415C35 0 3 383L3\3
000000015C55 000000415C55 0 4 4,40444<4D4P4X4l4t4
000000015C7B 000000415C7B 0 5 5(5D5
000000015C91 000000415C91 0 6$6,646D6P6l6t6
000000015CB3 000000415CB3 0 7$70787L7T7\7d7l7t7
000000015CDD 000000415CDD 0 8 8<8H8d8p8x8
000000015CF9 000000415CF9 0 9$9@9L9T9
000000015D1D 000000415D1D 0 :(:0:p:
000000015D3D 000000415D3D 0 ;$;(;,;0;<;D;L;T;\;p;|;
000000015D75 000000415D75 0 <(<D<P<l<t<
000000015D99 000000415D99 0 =4=@=\=d=p=
000000015DBD 000000415DBD 0 >$>0>L>T>\>d>p>
000000015DDD 000000415DDD 0 ? ?<?H?d?p?x?
000000015DFF 000000415DFF 0 0,040<0D0L0T0\0l0t0|0
000000015E25 000000415E25 0 1$101L1X1
000000015E45 000000415E45 0 2$202L2X2
000000015E65 000000415E65 0 343<3X3d3l3x3
000000015E83 000000415E83 0 4(404T4h4t4|4
000000015EA3 000000415EA3 0 5 5<5D5P5l5t5|5
000000015ED1 000000415ED1 0 646<6D6L6X6t6|6
000000015EF5 000000415EF5 0 7,787T7
000000015F15 000000415F15 0 8 8$8,848@8\8d8x8
000000015F41 000000415F41 0 9,949@9\9d9p9
000000015F79 000000415F79 0 0 000H0x0
0000000080F6 0000004080F6 0 VS_VERSION_INFO
000000008152 000000408152 0 StringFileInfo
000000008176 000000408176 0 040904b0
00000000818E 00000040818E 0 Comments
0000000081A6 0000004081A6 0 CompanyName
0000000081CA 0000004081CA 0 FileDescription
0000000081EC 0000004081EC 0 tester
000000008202 000000408202 0 FileVersion
00000000821C 00000040821C 0 1, 0, 0, 1
00000000823A 00000040823A 0 InternalName
000000008254 000000408254 0 tester
00000000826A 00000040826A 0 LegalCopyright
00000000829E 00000040829E 0 2017
0000000082B2 0000004082B2 0 LegalTrademarks
0000000082DA 0000004082DA 0 OriginalFilename
0000000082FC 0000004082FC 0 tester.exe
00000000831A 00000040831A 0 PrivateBuild
00000000833A 00000040833A 0 ProductName
000000008354 000000408354 0 tester
00000000836E 00000040836E 0 ProductVersion
00000000838C 00000040838C 0 1, 0, 0, 1
0000000083AA 0000004083AA 0 SpecialBuild
0000000083CA 0000004083CA 0 VarFileInfo
0000000083EA 0000004083EA 0 Translation
00000001740C 00000041740C 0 Hello from MFC!
00000001740A 00000041740A 1 Hello from MFC!
File pos Mem pos ID Text
======== ======= == ====
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001E8 0000004001E8 0 .text
000000000210 000000400210 0 .rdata
000000000237 000000400237 0 @.data
000000000260 000000400260 0 .rsrc
000000001083 000000401083 0 Vhlp@
000000001109 000000401109 0 L$(SUV
000000001110 000000401110 0 D$8W3
000000001145 000000401145 0 D$HPQVU
000000001269 000000401269 0 D$(UVWj
000000001304 000000401304 0 L$8QP
000000001465 000000401465 0 ShHq@
000000001479 000000401479 0 QSSSSSSSSj
000000001577 000000401577 0 IQhHq@
0000000015B9 0000004015B9 0 IQh@q@
0000000016A9 0000004016A9 0 T$Lh,q@
000000001730 000000401730 0 d$ Ph
0000000024C5 0000004024C5 0 t$(Ph|q@
000000002742 000000402742 0 T$$RW
00000000284B 00000040284B 0 D$ RP
000000002896 000000402896 0 T$$RW
000000002BFC 000000402BFC 0 SI-P+@
000000002C6F 000000402C6F 0 T$4RW
000000002C7B 000000402C7B 0 t-9\$@t
000000002C84 000000402C84 0 D$4PW
000000002C95 000000402C95 0 L$<Qh|s@
000000002CD3 000000402CD3 0 Ph(s@
000000002D0F 000000402D0F 0 D$PPW
000000002D6E 000000402D6E 0 PhHr@
000000002DBD 000000402DBD 0 QhP+@
000000002E1C 000000402E1C 0 T$PRW
000000002E9F 000000402E9F 0 D$$W3
000000002F42 000000402F42 0 L$pPQ
000000003069 000000403069 0 D$$SU3
000000003A62 000000403A62 0 9h uc
000000003B4A 000000403B4A 0 9h ua
00000000589A 00000040589A 0 SizeofResource
0000000058AC 0000004058AC 0 LockResource
0000000058BC 0000004058BC 0 LoadResource
0000000058CC 0000004058CC 0 FindResourceA
0000000058DC 0000004058DC 0 LocalFree
0000000058E8 0000004058E8 0 LocalAlloc
0000000058F6 0000004058F6 0 CreateDirectoryA
00000000590A 00000040590A 0 GetFileAttributesA
000000005920 000000405920 0 GetModuleHandleA
000000005934 000000405934 0 GetCommandLineA
000000005946 000000405946 0 CloseHandle
000000005954 000000405954 0 ReadFile
000000005960 000000405960 0 GetFileSize
00000000596E 00000040596E 0 CreateFileA
00000000597C 00000040597C 0 WriteFile
000000005988 000000405988 0 SetFilePointer
00000000599A 00000040599A 0 GetLastError
0000000059AA 0000004059AA 0 Sleep
0000000059B2 0000004059B2 0 VirtualFreeEx
0000000059C2 0000004059C2 0 SetThreadContext
0000000059D6 0000004059D6 0 WriteProcessMemory
0000000059EC 0000004059EC 0 LoadLibraryA
0000000059FC 0000004059FC 0 VirtualAllocEx
000000005A0E 000000405A0E 0 ResumeThread
File pos Mem pos ID Text
======== ======= == ====
000000005A1E 000000405A1E 0 GetThreadContext
000000005A32 000000405A32 0 SuspendThread
000000005A42 000000405A42 0 OpenThread
000000005A50 000000405A50 0 Thread32Next
000000005A60 000000405A60 0 Thread32First
000000005A70 000000405A70 0 CreateToolhelp32Snapshot
000000005A8C 000000405A8C 0 OpenProcess
000000005A9A 000000405A9A 0 Process32Next
000000005AAA 000000405AAA 0 Process32First
000000005ABC 000000405ABC 0 GetTickCount
000000005ACA 000000405ACA 0 KERNEL32.dll
000000005AD8 000000405AD8 0 USER32.dll
000000005AE6 000000405AE6 0 FreeSid
000000005AF0 000000405AF0 0 SetFileSecurityA
000000005B04 000000405B04 0 SetSecurityDescriptorDacl
000000005B20 000000405B20 0 InitializeSecurityDescriptor
000000005B40 000000405B40 0 SetEntriesInAclA
000000005B54 000000405B54 0 AllocateAndInitializeSid
000000005B70 000000405B70 0 AdjustTokenPrivileges
000000005B88 000000405B88 0 OpenProcessToken
000000005B9A 000000405B9A 0 ADVAPI32.dll
000000005BA8 000000405BA8 0 CRYPT32.dll
000000005BB4 000000405BB4 0 MFC42.DLL
000000005BC0 000000405BC0 0 printf
000000005BCA 000000405BCA 0 __CxxFrameHandler
000000005BDE 000000405BDE 0 _vsnprintf
000000005BEC 000000405BEC 0 ??0exception@@QAE@ABV0@@Z
000000005C08 000000405C08 0 fclose
000000005C12 000000405C12 0 vfprintf
000000005C1E 000000405C1E 0 fopen
000000005C26 000000405C26 0 _CxxThrowException
000000005C3C 000000405C3C 0 memmove
000000005C46 000000405C46 0 ?what@exception@@UBEPBDXZ
000000005C62 000000405C62 0 ??1exception@@UAE@XZ
000000005C82 000000405C82 0 realloc
000000005C8C 000000405C8C 0 ??0exception@@QAE@XZ
000000005CAC 000000405CAC 0 srand
000000005CB2 000000405CB2 0 MSVCRT.dll
000000005CC0 000000405CC0 0 __dllonexit
000000005CCE 000000405CCE 0 _onexit
000000005CD8 000000405CD8 0 ??1type_info@@UAE@XZ
000000005CF0 000000405CF0 0 _exit
000000005CF8 000000405CF8 0 _XcptFilter
000000005D0E 000000405D0E 0 __p___initenv
000000005D1E 000000405D1E 0 __getmainargs
000000005D2E 000000405D2E 0 _initterm
000000005D3A 000000405D3A 0 __setusermatherr
000000005D4E 000000405D4E 0 _adjust_fdiv
000000005D5E 000000405D5E 0 __p__commode
000000005D6E 000000405D6E 0 __p__fmode
000000005D7C 000000405D7C 0 __set_app_type
000000005D8E 000000405D8E 0 _except_handler3
000000005DA2 000000405DA2 0 _controlfp
000000005DB0 000000405DB0 0 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
000000005E02 000000405E02 0 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
000000005E56 000000405E56 0 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
000000005EA0 000000405EA0 0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
000000005EEA 000000405EEA 0 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
000000005F46 000000405F46 0 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
000000005F96 000000405F96 0 ??0bad_exception@std@@QAE@ABV01@@Z
File pos Mem pos ID Text
======== ======= == ====
000000005FBC 000000405FBC 0 ??1bad_exception@std@@UAE@XZ
000000005FDC 000000405FDC 0 ??0bad_exception@std@@QAE@PBD@Z
000000005FFE 000000405FFE 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
00000000605A 00000040605A 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
0000000060B2 0000004060B2 0 ?_Xlen@std@@YAXXZ
0000000060C6 0000004060C6 0 ?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
000000006114 000000406114 0 ?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
000000006162 000000406162 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
0000000061BA 0000004061BA 0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
000000006216 000000406216 0 ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
00000000625C 00000040625C 0 ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
0000000062A2 0000004062A2 0 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0000000062DE 0000004062DE 0 ?_Xran@std@@YAXXZ
0000000062F2 0000004062F2 0 ??0Init@ios_base@std@@QAE@XZ
000000006312 000000406312 0 ??1Init@ios_base@std@@QAE@XZ
000000006332 000000406332 0 ??0_Winit@std@@QAE@XZ
00000000634A 00000040634A 0 ??1_Winit@std@@QAE@XZ
000000006362 000000406362 0 ??1_Lockit@std@@QAE@XZ
00000000637C 00000040637C 0 ??0_Lockit@std@@QAE@XZ
000000006394 000000406394 0 MSVCP60.dll
0000000063A2 0000004063A2 0 PathAppendA
0000000063AE 0000004063AE 0 SHLWAPI.dll
0000000063BC 0000004063BC 0 _stricmp
000000007028 000000407028 0 .?AVexception@@
000000007040 000000407040 0 .?AVbad_exception@std@@
000000007058 000000407058 0 bad exception
000000007078 000000407078 0 .?AVException@System@CUniFramework@@
0000000070A8 0000004070A8 0 .?AVArgumentOutOfRangeException@System@CUniFramework@@
0000000070E0 0000004070E0 0 List<T>.ElementAt()
0000000070F4 0000004070F4 0 no processes found. Exiting.
000000007114 000000407114 0 Founded %d precesses.
00000000712C 00000040712C 0 fwmain32.exe
000000007148 000000407148 0 c:\intel
000000007154 000000407154 0 Fatal Error: MFC initialization failed
00000000717C 00000040717C 0 lib_%s
000000007188 000000407188 0 AES-256-CBC
00000000719D 00000040719D 0 Error: Unable to set the context of the target thread (%d)
0000000071DD 0000004071DD 0 Setting thread context.
0000000071F9 0000004071F9 0 Writing the shellcode, LoadLibraryA address and DLL path into target process.
000000007249 000000407249 0 Error: Unable to allocate memory in target process (%d)
000000007285 000000407285 0 Allocating memory in target process.
0000000072AD 0000004072AD 0 Error: Unable to get the thread context of target thread (%d)
0000000072ED 0000004072ED 0 Getting thread context.
000000007309 000000407309 0 Suspending the target thread.
000000007329 000000407329 0 Error: Unable to open target thread handle (%d)
00000000735D 00000040735D 0 Opening target thread handle.
00000000737D 00000040737D 0 Target thread found. TID: %d
00000000739D 00000040739D 0 Finding a thread to hijack.
0000000073BD 0000004073BD 0 Error: Unable to open target process handle (%d)
0000000073F8 0000004073F8 0 .?AVtype_info@@
000000008455 000000408455 0 !This program cannot be run in DOS mode.
0000000085F0 0000004085F0 0 .text
000000008618 000000408618 0 .rdata
00000000863F 00000040863F 0 @.data
000000008668 000000408668 0 .reloc
00000000A371 00000040A371 0 Q"SVW
00000000A9EC 00000040A9EC 0 C&j4+
00000000B4A5 00000040B4A5 0 At(Ht!HHt
00000000B9BB 00000040B9BB 0 9y uF
00000000B9C3 00000040B9C3 0 9y u>
File pos Mem pos ID Text
======== ======= == ====
00000000B9EE 00000040B9EE 0 9y uS
00000000B9F5 00000040B9F5 0 9y uL
00000000BF89 00000040BF89 0 j(XPhD
00000000C606 00000040C606 0 SVW3
00000000CACD 00000040CACD 0 SVWjN3
00000000CFE0 00000040CFE0 0 NGVWP
00000000DFEE 00000040DFEE 0 DSVW3
00000000E6C1 00000040E6C1 0 YtVSWV
00000000EA4E 00000040EA4E 0 9>YtD3
00000000F63B 00000040F63B 0 t"It
00000000F676 00000040F676 0 t|IItt
00000000FA38 00000040FA38 0 t WVS
00000000FA65 00000040FA65 0 u7WPS
00000000FA76 00000040FA76 0 u&WVS
00000001306A 00000041306A 0 GetModuleFileNameA
000000013080 000000413080 0 GetModuleHandleA
000000013094 000000413094 0 VirtualFree
0000000130A2 0000004130A2 0 VirtualAlloc
0000000130B2 0000004130B2 0 Sleep
0000000130BA 0000004130BA 0 FindNextFileA
0000000130CA 0000004130CA 0 FindFirstFileA
0000000130DC 0000004130DC 0 WaitForSingleObject
0000000130F2 0000004130F2 0 CloseHandle
000000013100 000000413100 0 ReadFile
00000001310C 00000041310C 0 GetFileSize
00000001311A 00000041311A 0 CreateFileA
000000013128 000000413128 0 WriteFile
000000013134 000000413134 0 SetFilePointer
000000013146 000000413146 0 GetLocalTime
000000013156 000000413156 0 DeleteFileA
000000013164 000000413164 0 CreateThread
000000013174 000000413174 0 TerminateThread
000000013186 000000413186 0 SuspendThread
000000013196 000000413196 0 ResumeThread
0000000131A4 0000004131A4 0 KERNEL32.dll
0000000131B4 0000004131B4 0 MessageBoxA
0000000131C0 0000004131C0 0 USER32.dll
0000000131CE 0000004131CE 0 CryptReleaseContext
0000000131E4 0000004131E4 0 CryptDestroyHash
0000000131F8 0000004131F8 0 CryptDestroyKey
00000001320A 00000041320A 0 CryptAcquireContextA
000000013222 000000413222 0 CryptGenRandom
000000013232 000000413232 0 ADVAPI32.dll
000000013242 000000413242 0 __CxxFrameHandler
000000013256 000000413256 0 _EH_prolog
000000013264 000000413264 0 ??0exception@@QAE@ABV0@@Z
000000013280 000000413280 0 _CxxThrowException
000000013296 000000413296 0 ?what@exception@@UBEPBDXZ
0000000132B2 0000004132B2 0 ??3@YAXPAX@Z
0000000132C2 0000004132C2 0 ??1exception@@UAE@XZ
0000000132DA 0000004132DA 0 strlen
0000000132E4 0000004132E4 0 ??2@YAPAXI@Z
0000000132F4 0000004132F4 0 _vsnprintf
000000013302 000000413302 0 memset
00000001330C 00000041330C 0 fclose
000000013316 000000413316 0 vfprintf
000000013322 000000413322 0 fopen
000000013332 000000413332 0 memcpy
000000013344 000000413344 0 realloc
000000013356 000000413356 0 ??0exception@@QAE@XZ
File pos Mem pos ID Text
======== ======= == ====
00000001336E 00000041336E 0 fputs
000000013376 000000413376 0 fread
00000001337E 00000041337E 0 _ftol
000000013386 000000413386 0 __dllonexit
000000013394 000000413394 0 _onexit
00000001339C 00000041339C 0 MSVCRT.dll
0000000133AA 0000004133AA 0 ??1type_info@@UAE@XZ
0000000133C2 0000004133C2 0 _initterm
0000000133CE 0000004133CE 0 malloc
0000000133D8 0000004133D8 0 _adjust_fdiv
0000000133E8 0000004133E8 0 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
000000013438 000000413438 0 ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
00000001348A 00000041348A 0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
0000000134D4 0000004134D4 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
000000013530 000000413530 0 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
000000013584 000000413584 0 ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
0000000135CE 0000004135CE 0 ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
000000013624 000000413624 0 ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
000000013680 000000413680 0 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
0000000136D2 0000004136D2 0 ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
000000013722 000000413722 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
00000001377A 00000041377A 0 ??0bad_exception@std@@QAE@ABV01@@Z
0000000137A0 0000004137A0 0 ??1bad_exception@std@@UAE@XZ
0000000137C0 0000004137C0 0 ??0bad_exception@std@@QAE@PBD@Z
0000000137E2 0000004137E2 0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
00000001383A 00000041383A 0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
000000013896 000000413896 0 ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
0000000138F4 0000004138F4 0 ?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
000000013952 000000413952 0 ??1_Lockit@std@@QAE@XZ
00000001396C 00000041396C 0 ??0_Lockit@std@@QAE@XZ
000000013986 000000413986 0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
0000000139E2 0000004139E2 0 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
000000013A34 000000413A34 0 ??0Init@ios_base@std@@QAE@XZ
000000013A54 000000413A54 0 ??1Init@ios_base@std@@QAE@XZ
000000013A74 000000413A74 0 ??0_Winit@std@@QAE@XZ
000000013A8C 000000413A8C 0 ??1_Winit@std@@QAE@XZ
000000013AA2 000000413AA2 0 MSVCP60.dll
000000013AB0 000000413AB0 0 PathAppendA
000000013ABE 000000413ABE 0 PathFileExistsA
000000013ACE 000000413ACE 0 SHLWAPI.dll
000000013ADA 000000413ADA 0 CRYPT32.dll
000000013AE8 000000413AE8 0 WFSGetInfo
000000013AF6 000000413AF6 0 WFSExecute
000000013B04 000000413B04 0 WFSFreeResult
000000013B14 000000413B14 0 WFMAllocateBuffer
000000013B28 000000413B28 0 WFMFreeBuffer
000000013B36 000000413B36 0 MSXFS.dll
000000013B42 000000413B42 0 HeapCreate
000000013B50 000000413B50 0 InterlockedCompareExchange
000000013B6E 000000413B6E 0 InterlockedExchange
000000013B84 000000413B84 0 HeapFree
000000013B90 000000413B90 0 OpenThread
000000013B9E 000000413B9E 0 SetThreadContext
000000013BB2 000000413BB2 0 GetThreadContext
000000013BC6 000000413BC6 0 Thread32Next
000000013BD6 000000413BD6 0 HeapReAlloc
000000013BE4 000000413BE4 0 HeapAlloc
000000013BF0 000000413BF0 0 GetCurrentThreadId
000000013C06 000000413C06 0 GetCurrentProcessId
000000013C1C 000000413C1C 0 Thread32First
File pos Mem pos ID Text
======== ======= == ====
000000013C2C 000000413C2C 0 CreateToolhelp32Snapshot
000000013C48 000000413C48 0 FlushInstructionCache
000000013C60 000000413C60 0 GetCurrentProcess
000000013C74 000000413C74 0 VirtualProtect
000000013C86 000000413C86 0 VirtualQuery
000000013C96 000000413C96 0 _itoa
000000013CDA 000000413CDA 0 sservice.dll
000000013CE7 000000413CE7 0 UnloadFunc
000000014440 000000414440 0 .?AVexception@@
000000014458 000000414458 0 .?AVException@System@CUniFramework@@
000000014488 000000414488 0 .?AVArgumentOutOfRangeException@System@CUniFramework@@
0000000144C0 0000004144C0 0 String::Substring: argument out of range.
0000000144EC 0000004144EC 0 Can't start thread.
000000014500 000000414500 0 Can't init XFS
000000014510 000000414510 0 Can't retrieve device handles.
000000014530 000000414530 0 ZFS::DllRoutine -> Can't receive command in while block!
00000001456C 00000041456C 0 Waiting for command from command provider.
000000014598 000000414598 0 Critical system error!
0000000145B0 0000004145B0 0 Try init XFS into victim process address space.
0000000145E0 0000004145E0 0 Resources init error
000000014600 000000414600 0 .?AVbad_exception@std@@
000000014618 000000414618 0 bad exception
000000014638 000000414638 0 .?AVHookLibException@System@CUniFramework@@
000000014670 000000414670 0 .?AVXfsException@@
000000014684 000000414684 0 Can't init resources, exiting.
0000000146A4 0000004146A4 0 HookLibException: code %d
0000000146C0 0000004146C0 0 InitResources -> XfsException: code %d
0000000146E8 0000004146E8 0 msxfs.dll
0000000146F4 0000004146F4 0 Logger is now on new TraceLevel: %s
000000014718 000000414718 0 ___log.txt
000000014724 000000414724 0 c:\intel
000000014730 000000414730 0 UNKNOWN
00000001473C 00000041473C 0 TRACE
000000014744 000000414744 0 NOTICE
00000001474C 00000041474C 0 WARNING
000000014754 000000414754 0 ERROR
00000001475C 00000041475C 0 FATAL
000000014768 000000414768 0 Xfs::DetermineDeviceByCommand -> exception happened
00000001479C 00000041479C 0 Exception caught DetermineDispenserHandle()
0000000147C8 0000004147C8 0 Can't determine CDM HSERVICE
0000000147E8 0000004147E8 0 DISPENSER is determined # %d
000000014808 000000414808 0 Exception caught DeterminePinPadService()
000000014834 000000414834 0 Can't determine PinPad HSERVICE
000000014854 000000414854 0 PinPad HSERVICE is determined # %d
000000014880 000000414880 0 .?AVHookLibCreateHookApiException@System@CUniFramework@@
0000000148C8 0000004148C8 0 .?AVHookLibInitializationException@System@CUniFramework@@
000000014904 000000414904 0 Can't load xfs module.
000000014928 000000414928 0 .?AVXfsGetInfoException@@
000000014944 000000414944 0 XFS-> found info about <%d> cash units
000000014978 000000414978 0 .?AVXfsDispenseException@@
000000014994 000000414994 0 XFS-> dispense end SUCCESSFUL DISPENSE
0000000149BC 0000004149BC 0 Dispense, dispense device is %d
0000000149DC 0000004149DC 0 Currency ID: %s
0000000149EC 0000004149EC 0 ulAmount = %d
0000000149FC 0000004149FC 0 usCount = %d
000000014A0C 000000414A0C 0 Denomination setted. %d
000000014A28 000000414A28 0 Dispense collection setted.
000000014A44 000000414A44 0 Dispense count set to # %d banknotes
000000014A6C 000000414A6C 0 XFS-> dispense start
000000014A90 000000414A90 0 .?AVHookLibEnableHookException@System@CUniFramework@@
File pos Mem pos ID Text
======== ======= == ====
000000014AC8 000000414AC8 0 List<T>.ElementAt()
000000014AE4 000000414AE4 0 |INDEX:%d|CU state:%d|Type:%d|Values:%d|Currency_ID:%s|Money count:%d|
000000014B30 000000414B30 0 CommandProcessor created
000000014B4C 000000414B4C 0 ICommandProcessor::ProcessCommand ->
000000014B71 000000414B71 0 SetMaximumDispenseSize:%d
000000014B8C 000000414B8C 0 DisplayBalance -> exception, code:%d
000000014BB4 000000414BB4 0 DisplayBalance 1try -> exception, code:%d
000000014BE0 000000414BE0 0 Manual Dispensing
000000014BF4 000000414BF4 0 Dispense failed. Unknown reason.
000000014C18 000000414C18 0 Dispense failed. CODE:%d
000000014C34 000000414C34 0 Multi Dispensing start
000000014C4C 000000414C4C 0 System error!
000000014C5C 000000414C5C 0 Processing command #%d
000000014C74 000000414C74 0 Received
000000014C81 000000414C81 0 commands
000000014C8C 000000414C8C 0 ICommandProcessor::PrintCashInfo -> Exception
000000014CBC 000000414CBC 0 ICommandProcessor::PrintCashInfo ->
000000014CE4 000000414CE4 0 can't create response, unknown error
000000014D0C 000000414D0C 0 last command response code %d
000000014D3C 000000414D3C 0 trying to dispense
000000014D50 000000414D50 0 -------------======================-------------
000000014D84 000000414D84 0 cash units info received
000000014DA0 000000414DA0 0 R2CommandProcessor::ProcessSetBalanceHook -> exception:%d
000000014DDC 000000414DDC 0 -command file name is %s
000000014DF8 000000414DF8 0 Command provider created
000000014E14 000000414E14 0 Founded < %d > commands
000000014E2C 000000414E2C 0 *.cmd
000000014E34 000000414E34 0 %s\%s
000000014E3C 000000414E3C 0 Command file deleted successfully
000000014E60 000000414E60 0 Reading command from a %s
000000014E80 000000414E80 0 ICommandProvider::GetCommandRealization -> Unknown exception
000000014EC8 000000414EC8 0 AES-256-CBC
000000014EE0 000000414EE0 0 .?AVCCryptoApiException@@
000000014EFC 000000414EFC 0 CryptoAPI::GetRandomOfSize(CDataBuffer& bufferRandomData, const size_t size) - > Can't generate random vector.
000000014F6C 000000414F6C 0 CryptoAPI::GetRandomOfSize(CDataBuffer& bufferRandomData, const size_t size) - > Can't get hProvider.
000000014FE8 000000414FE8 0 .?AVIOException@System@CUniFramework@@
000000015018 000000415018 0 .?AVFileNotFoundException@System@CUniFramework@@
000000015058 000000415058 0 .?AVThreadException@System@CUniFramework@@
000000015084 000000415084 0 Can't resume thread
000000015098 000000415098 0 [%04d/%02d/%02d %02d:%02d:%02d.%03d] %s
00000001510E 00000041510E 0 YYYYY
00000001511A 00000041511A 0 YYYYYYYYYYYY
000000015128 000000415128 0 }YPPPPYYYYa
00000001513E 00000041513E 0 YYYYYYYYYYY
0000000152D0 0000004152D0 0 .?AVtype_info@@
000000015411 000000415411 0 0"0,080E0g0u0
00000001542B 00000041542B 0 1$131I1n1
000000015445 000000415445 0 2"2?2D2X2g2
000000015459 000000415459 0 3%3@3L3U3z3
000000015473 000000415473 0 354I4U4
00000001547B 00000041547B 0 4p4}4
000000015491 000000415491 0 5%585>5U5e5~5
0000000154BB 0000004154BB 0 676p6
0000000154D5 0000004154D5 0 737L7b7
0000000154E3 0000004154E3 0 7#8H8a8r8
0000000154F7 0000004154F7 0 9Q9n9~9
00000001550F 00000041550F 0 :(:.:;:G:M:Z:
00000001551D 00000041551D 0 :f:q:
00000001552F 00000041552F 0 ;.;9;D;O;Z;e;l;r;
File pos Mem pos ID Text
======== ======= == ====
000000015549 000000415549 0 <#<2<N<[<r<
00000001555D 00000041555D 0 =-=3=p=
00000001556F 00000041556F 0 >%>.>4>@>M>d>
000000015581 000000415581 0 ?$?\?
000000015595 000000415595 0 0.0@0T0b0
0000000155AF 0000004155AF 0 1j1z1
0000000155C3 0000004155C3 0 2 262H2
0000000155D1 0000004155D1 0 2*323N3
0000000155DF 0000004155DF 0 3 4l4u4
0000000155EB 0000004155EB 0 5a5}5
0000000155F7 0000004155F7 0 6(6R6d6p6
00000001560F 00000041560F 0 7p8b9r9C<
00000001561F 00000041561F 0 =$=1=:=@=P=
000000015631 000000415631 0 >L>Y>g>
000000015649 000000415649 0 ?&?+?:?_?m?
00000001566F 00000041566F 0 02070F0k0y0
00000001567D 00000041567D 0 1;1W1g1x1}1
000000015693 000000415693 0 1S2h2w2
0000000156A5 0000004156A5 0 3:3@3i3
0000000156B5 0000004156B5 0 4>4F4Y4
0000000156C1 0000004156C1 0 5-5H5
0000000156D1 0000004156D1 0 7.7B7J7e7l7v7|7
0000000156E9 0000004156E9 0 8'8>8S8f8
0000000156FF 0000004156FF 0 9;9L9p9
00000001570B 00000041570B 0 :4:D:M:[:n:
00000001571F 00000041571F 0 ;$;d;t;
00000001572D 00000041572D 0 <%<N<g<
00000001573D 00000041573D 0 =0=>=
00000001574B 00000041574B 0 >(>->6>
00000001575F 00000041575F 0 ?&?-???x?
00000001577D 00000041577D 0 090D0J0z0
0000000157BB 0000004157BB 0 3b3z3
0000000157C9 0000004157C9 0 4#4;4H4j4s4x4~4
0000000157DF 0000004157DF 0 555R5
0000000157E9 0000004157E9 0 5>6d6
0000000157F7 0000004157F7 0 7%757:7G7U7a7o7
000000015819 000000415819 0 8=9C9u9
000000015825 000000415825 0 :):B:O:T:d:o:
000000015839 000000415839 0 :K;c;
00000001585B 00000041585B 0 >I>Y>d>
000000015873 000000415873 0 081D1I1X1
00000001588B 00000041588B 0 2)2V2
0000000158C7 0000004158C7 0 465h5}5
0000000158DF 0000004158DF 0 7+787a7
0000000158FB 0000004158FB 0 <"<,<T<h<
00000001590D 00000041590D 0 <%=4=M=S=
000000015927 000000415927 0 >$>6>E>K>Y>c>i>{>
00000001594F 00000041594F 0 ?!?-?3?=?g?
000000015977 000000415977 0 0!0-0
000000015987 000000415987 0 1=1i1r1
00000001599D 00000041599D 0 2%22292?2[2v2
0000000159C3 0000004159C3 0 494J4
0000000159D3 0000004159D3 0 5!5B5K5[5
0000000159FB 0000004159FB 0 8.848Q8W8
000000015A1D 000000415A1D 0 ;';7;=;G;Q;Z;
000000015A2B 000000415A2B 0 ;o;u;
000000015A49 000000415A49 0 < = =
000000015A59 000000415A59 0 011;1
000000015A7F 000000415A7F 0 5*50565<5B5H5N5T5b5j5p5{5
000000015ACF 000000415ACF 0 6$757:7l7}7
File pos Mem pos ID Text
======== ======= == ====
000000015AF7 000000415AF7 0 8 959A9]9i9
000000015B0D 000000415B0D 0 :8:t:
000000015B1D 000000415B1D 0 :(;\;m;r;
000000015B3B 000000415B3B 0 <1<]<
000000015B4F 000000415B4F 0 =1=E=d=y=
000000015B5D 000000415B5D 0 >W>x>
000000015B6B 000000415B6B 0 ?7?K?t?
000000015B81 000000415B81 0 010E0
000000015BBB 000000415BBB 0 2 2$2(2,2024282<2@2D2H2L2P2T2X2\2
000000015BDD 000000415BDD 0 2d2h2l2p2t2x2|2
000000015C35 000000415C35 0 3 383L3\3
000000015C55 000000415C55 0 4 4,40444<4D4P4X4l4t4
000000015C7B 000000415C7B 0 5 5(5D5
000000015C91 000000415C91 0 6$6,646D6P6l6t6
000000015CB3 000000415CB3 0 7$70787L7T7\7d7l7t7
000000015CDD 000000415CDD 0 8 8<8H8d8p8x8
000000015CF9 000000415CF9 0 9$9@9L9T9
000000015D1D 000000415D1D 0 :(:0:p:
000000015D3D 000000415D3D 0 ;$;(;,;0;<;D;L;T;\;p;|;
000000015D75 000000415D75 0 <(<D<P<l<t<
000000015D99 000000415D99 0 =4=@=\=d=p=
000000015DBD 000000415DBD 0 >$>0>L>T>\>d>p>
000000015DDD 000000415DDD 0 ? ?<?H?d?p?x?
000000015DFF 000000415DFF 0 0,040<0D0L0T0\0l0t0|0
000000015E25 000000415E25 0 1$101L1X1
000000015E45 000000415E45 0 2$202L2X2
000000015E65 000000415E65 0 343<3X3d3l3x3
000000015E83 000000415E83 0 4(404T4h4t4|4
000000015EA3 000000415EA3 0 5 5<5D5P5l5t5|5
000000015ED1 000000415ED1 0 646<6D6L6X6t6|6
000000015EF5 000000415EF5 0 7,787T7
000000015F15 000000415F15 0 8 8$8,848@8\8d8x8
000000015F41 000000415F41 0 9,949@9\9d9p9
000000015F79 000000415F79 0 0 000H0x0
0000000080F6 0000004080F6 0 VS_VERSION_INFO
000000008152 000000408152 0 StringFileInfo
000000008176 000000408176 0 040904b0
00000000818E 00000040818E 0 Comments
0000000081A6 0000004081A6 0 CompanyName
0000000081CA 0000004081CA 0 FileDescription
0000000081EC 0000004081EC 0 tester
000000008202 000000408202 0 FileVersion
00000000821C 00000040821C 0 1, 0, 0, 1
00000000823A 00000040823A 0 InternalName
000000008254 000000408254 0 tester
00000000826A 00000040826A 0 LegalCopyright
00000000829E 00000040829E 0 2017
0000000082B2 0000004082B2 0 LegalTrademarks
0000000082DA 0000004082DA 0 OriginalFilename
0000000082FC 0000004082FC 0 tester.exe
00000000831A 00000040831A 0 PrivateBuild
00000000833A 00000040833A 0 ProductName
000000008354 000000408354 0 tester
00000000836E 00000040836E 0 ProductVersion
00000000838C 00000040838C 0 1, 0, 0, 1
0000000083AA 0000004083AA 0 SpecialBuild
0000000083CA 0000004083CA 0 VarFileInfo
0000000083EA 0000004083EA 0 Translation
00000001740C 00000041740C 0 Hello from MFC!
00000001740A 00000041740A 1 Hello from MFC!
=== DOWNLOAD ===
Mirror provided by vx-underground.org, thx!