.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS                                                            !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    fead0633975c6c08f5509a7bd5c34d29bfdcacd3da47562efbf33121726f77b0
 
Date...........: 2019-11-18
Family.........: HelloWorld
File name......: rtksys2.exe
File size......: 82.50 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Additional note: Dropped from adf43c6957fd11e45ffa4f2a71eb0ef565da9c4a9bc9cd101d2ac485b5358c46,
execute also rtkdrv2.exe Entropy: Binary Histogram: === PEDUMP REPORT ===
=== MZ Header === signature: "MZ" bytes_in_last_block: 144 0x90 blocks_in_file: 3 3 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 0 0 max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 0 0 reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 240 0xf0 === DOS STUB === 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| === RICH Header === LIB_ID VERSION TIMES_USED 225 e1 21005 520d 31 1f 223 df 21005 520d 18 12 224 e0 21005 520d 114 72 203 cb 65501 ffdd 7 7 1 1 0 0 101 65 228 e4 30501 7725 1 1 219 db 21005 520d 1 1 222 de 30501 7725 1 1 === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 5 5 TimeDateStamp: "2019-09-16 21:53:25" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 12.0 SizeOfCode: 53248 0xd000 SizeOfInitializedData: 38400 0x9600 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 7777 0x1e61 BaseOfCode: 4096 0x1000 BaseOfData: 57344 0xe000 ImageBase: 4194304 0x400000 SectionAlignment: 4096 0x1000 FileAlignment: 512 0x200 OperatingSystemVersion: 5.1 ImageVersion: 0.0 SubsystemVersion: 5.1 Reserved1: 0 0 SizeOfImage: 102400 0x19000 SizeOfHeaders: 1024 0x400 CheckSum: 0 0 Subsystem: 2 2 WINDOWS_GUI DllCharacteristics: 33088 0x8140 DYNAMIC_BASE, NX_COMPAT TERMINAL_SERVER_AWARE SizeOfStackReserve: 1048576 0x100000 SizeOfStackCommit: 4096 0x1000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x 124d4 size:0x 50 RESOURCE rva:0x 17000 size:0x 440 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x 18000 size:0x e14 DEBUG rva:0x 0 size:0x 0 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 0 size:0x 0 LOAD_CONFIG rva:0x 12178 size:0x 40 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x e000 size:0x 164 Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS .text 1000 cf34 d000 400 0 0 0 0 60000020 R-X CODE .rdata e000 4d42 4e00 d400 0 0 0 0 40000040 R-- IDATA .data 13000 31e0 1200 12200 0 0 0 0 c0000040 RW- IDATA .rsrc 17000 440 600 13400 0 0 0 0 40000040 R-- IDATA .reloc 18000 e14 1000 13a00 0 0 0 0 42000040 R-- IDATA DISCARDABLE === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0x13460 0 0x409 991 MANIFEST #1 === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME KERNEL32.dll 550 Sleep KERNEL32.dll 55f TerminateProcess KERNEL32.dll 263 GetModuleFileNameW KERNEL32.dll c2 CreateFileW KERNEL32.dll 2e3 GetTempPathW KERNEL32.dll 3ea OpenMutexW KERNEL32.dll 3cd MoveFileW KERNEL32.dll 3ee OpenProcess KERNEL32.dll 40f Process32NextW KERNEL32.dll f1 CreateToolhelp32Snapshot KERNEL32.dll 11f DuplicateHandle KERNEL32.dll 7f CloseHandle KERNEL32.dll 10a DeleteFileW KERNEL32.dll 3b2 LocalFree KERNEL32.dll 1c8 GetCommandLineA KERNEL32.dll 5df WriteFile KERNEL32.dll 5a9 WaitForSingleObject KERNEL32.dll 209 GetCurrentProcess KERNEL32.dll db CreateProcessW KERNEL32.dll 4ee SetErrorMode KERNEL32.dll d1 CreateMutexW KERNEL32.dll 229 GetEnvironmentVariableW KERNEL32.dll 40d Process32FirstW KERNEL32.dll 151 ExitProcess KERNEL32.dll 2d6 GetSystemTimeAsFileTime KERNEL32.dll 367 IsDebuggerPresent KERNEL32.dll 36d IsProcessorFeaturePresent KERNEL32.dll 121 EncodePointer KERNEL32.dll fe DecodePointer KERNEL32.dll 250 GetLastError KERNEL32.dll 50a SetLastError KERNEL32.dll 20e GetCurrentThreadId KERNEL32.dll 266 GetModuleHandleExW KERNEL32.dll 29d GetProcAddress KERNEL32.dll 3d1 MultiByteToWideChar KERNEL32.dll 5cb WideCharToMultiByte KERNEL32.dll 2a2 GetProcessHeap KERNEL32.dll 2c0 GetStdHandle KERNEL32.dll 23e GetFileType KERNEL32.dll 105 DeleteCriticalSection KERNEL32.dll 2be GetStartupInfoW KERNEL32.dll 262 GetModuleFileNameA KERNEL32.dll 42d QueryPerformanceCounter KERNEL32.dll 20a GetCurrentProcessId KERNEL32.dll 227 GetEnvironmentStringsW KERNEL32.dll 19d FreeEnvironmentStringsW KERNEL32.dll 580 UnhandledExceptionFilter KERNEL32.dll 541 SetUnhandledExceptionFilter KERNEL32.dll 348 InitializeCriticalSectionAndSpinCount KERNEL32.dll 571 TlsAlloc KERNEL32.dll 573 TlsGetValue KERNEL32.dll 574 TlsSetValue KERNEL32.dll 572 TlsFree KERNEL32.dll 267 GetModuleHandleW KERNEL32.dll 125 EnterCriticalSection KERNEL32.dll 3a2 LeaveCriticalSection KERNEL32.dll 1dc GetConsoleCP KERNEL32.dll 1ee GetConsoleMode KERNEL32.dll 4fc SetFilePointerEx KERNEL32.dll 372 IsValidCodePage KERNEL32.dll 1a4 GetACP KERNEL32.dll 286 GetOEMCP KERNEL32.dll 1b3 GetCPInfo KERNEL32.dll 333 HeapFree KERNEL32.dll 3a7 LoadLibraryExW KERNEL32.dll 4ac RtlUnwind KERNEL32.dll 3fa OutputDebugStringW KERNEL32.dll 520 SetStdHandle KERNEL32.dll 5de WriteConsoleW KERNEL32.dll 2c5 GetStringTypeW KERNEL32.dll 32f HeapAlloc KERNEL32.dll 336 HeapReAlloc KERNEL32.dll 338 HeapSize KERNEL32.dll 396 LCMapStringW KERNEL32.dll 192 FlushFileBuffers ADVAPI32.dll 2e3 SetSecurityDescriptorSacl ADVAPI32.dll 161 GetSecurityDescriptorSacl ADVAPI32.dll 81 ConvertStringSecurityDescriptorToSecurityDescriptorW ADVAPI32.dll 2e9 SetServiceStatus ADVAPI32.dll 2df SetSecurityDescriptorDacl ADVAPI32.dll 18d InitializeSecurityDescriptor ADVAPI32.dll 2a9 RegisterServiceCtrlHandlerA ADVAPI32.dll 2f0 StartServiceCtrlDispatcherA ADVAPI32.dll 15c GetSecurityDescriptorDacl SHELL32.dll 133 ShellExecuteA SHELL32.dll 137 ShellExecuteW === Packer / Compiler === MS Visual C++ 6.0 - 8.0
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000000D0 0000004000D0 0 RichSS 0000000001E8 0000004001E8 0 .text 000000000210 000000400210 0 .rdata 000000000237 000000400237 0 @.data 000000000260 000000400260 0 .rsrc 000000000287 000000400287 0 @.reloc 000000000719 000000401319 0 Ph@_A 0000000007B1 0000004013B1 0 PWWWWWW 0000000008CA 0000004014CA 0 Wh8 A 0000000009BF 0000004015BF 0 <u@_A 000000000C2F 00000040182F 0 PSSSSSS 000000000DB1 0000004019B1 0 WWPh<!A 000000000DC5 0000004019C5 0 WWhD!A 000000001679 000000402279 0 PPPPP 000000001A41 000000402641 0 t/HHt 000000001A84 000000402684 0 j*Xf; 000000001AE2 0000004026E2 0 j*Xf; 000000001B39 000000402739 0 htHjlZ; 000000001C7C 00000040287C 0 HHtXHHt 000000001EB9 000000402AB9 0 nt'joZ; 000000001F59 000000402B59 0 jgXf; 000000002030 000000402C30 0 YYjgXf9 0000000021E6 000000402DE6 0 >0t<NAj0X 0000000022C7 000000402EC7 0 Wj0XP 0000000023D3 000000402FD3 0 Wj XP 00000000264D 00000040324D 0 5ntel 00000000265D 00000040325D 0 5Genu 000000002A79 000000403679 0 t/HHt 000000002CC5 0000004038C5 0 HHtVHHt 0000000031BC 000000403DBC 0 >0t-N 0000000036E5 0000004042E5 0 ~pjCXf 0000000036F9 0000004042F9 0 Fhh6A 000000003D38 000000404938 0 jdhp"A 000000003D51 000000404951 0 j@j _W 000000003E11 000000404A11 0 } j@W 0000000041BC 000000404DBC 0 < t8< t4 000000004296 000000404E96 0 t@VSP 0000000042F1 000000404EF1 0 PPPPP 0000000043FF 000000404FFF 0 VhrFA 000000004423 000000405023 0 <v5hrFA 00000000450B 00000040510B 0 SSSSS 00000000466A 00000040526A 0 SPPP+ 000000004673 000000405273 0 FVWPP 000000004699 000000405299 0 SVWPP 000000004AB1 0000004056B1 0 9=4_A 000000004FC6 000000405BC6 0 ;5$_A 00000000591F 00000040651F 0 ;=$_A 0000000067CC 0000004073CC 0 ~';_t|%3 0000000067E0 0000004073E0 0 wtVj 0000000067F5 0000004073F5 0 ;_tr. 000000006816 000000407416 0 GWVj 0000000069EB 0000004075EB 0 v N+D$ 000000006AFC 0000004076FC 0 QVWSj 00000000723F 000000407E3F 0 URPQQh 000000007720 000000408320 0 tO9=$NA 00000000837F 000000408F7F 0 PP9E u 0000000089CD 0000004095CD 0 jA[jZZ+ 000000009083 000000409C83 0 SVWUj 000000009124 000000409D24 0 ;t$,v- File pos Mem pos ID Text ======== ======= == ==== 0000000091A9 000000409DA9 0 UQPXY]Y[ 0000000092CB 000000409ECB 0 ;=$_A 000000009474 00000040A074 0 ;5$_A 0000000096C4 00000040A2C4 0 PWWWWV 00000000975F 00000040A35F 0 PSSSSV 00000000A5FD 00000040B1FD 0 +t"HHt 00000000A653 00000040B253 0 9] t" 00000000ABC8 00000040B7C8 0 ,SVWj0X 00000000ACFC 00000040B8FC 0 u'j0X 00000000AE26 00000040BA26 0 Wj0XPV 00000000AEC5 00000040BAC5 0 PjdSQ 00000000B02E 00000040BC2E 0 -jd[; 00000000B083 00000040BC83 0 WWWWW 00000000B5D6 00000040C1D6 0 VVVVV 00000000C332 00000040CF32 0 PPPPP 00000000C3E6 00000040CFE6 0 v N+D$ 00000000CE65 00000040DA65 0 SSSSS 00000000D5B0 00000040E1B0 0 (null) 00000000D5E9 00000040E1E9 0 ( 8PX 00000000D5F1 00000040E1F1 0 700WP 00000000D609 00000040E209 0 xpxxxx 00000000D6E0 00000040E2E0 0 CorExitProcess 00000000E170 00000040ED70 0 FlsAlloc 00000000E17C 00000040ED7C 0 FlsFree 00000000E184 00000040ED84 0 FlsGetValue 00000000E190 00000040ED90 0 FlsSetValue 00000000E19C 00000040ED9C 0 InitializeCriticalSectionEx 00000000E1B8 00000040EDB8 0 CreateEventExW 00000000E1C8 00000040EDC8 0 CreateSemaphoreExW 00000000E1DC 00000040EDDC 0 SetThreadStackGuarantee 00000000E1F4 00000040EDF4 0 CreateThreadpoolTimer 00000000E20C 00000040EE0C 0 SetThreadpoolTimer 00000000E220 00000040EE20 0 WaitForThreadpoolTimerCallbacks 00000000E240 00000040EE40 0 CloseThreadpoolTimer 00000000E258 00000040EE58 0 CreateThreadpoolWait 00000000E270 00000040EE70 0 SetThreadpoolWait 00000000E284 00000040EE84 0 CloseThreadpoolWait 00000000E298 00000040EE98 0 FlushProcessWriteBuffers 00000000E2B4 00000040EEB4 0 FreeLibraryWhenCallbackReturns 00000000E2D4 00000040EED4 0 GetCurrentProcessorNumber 00000000E2F0 00000040EEF0 0 GetLogicalProcessorInformation 00000000E310 00000040EF10 0 CreateSymbolicLinkW 00000000E324 00000040EF24 0 SetDefaultDllDirectories 00000000E340 00000040EF40 0 EnumSystemLocalesEx 00000000E354 00000040EF54 0 CompareStringEx 00000000E364 00000040EF64 0 GetDateFormatEx 00000000E374 00000040EF74 0 GetLocaleInfoEx 00000000E384 00000040EF84 0 GetTimeFormatEx 00000000E394 00000040EF94 0 GetUserDefaultLocaleName 00000000E3B0 00000040EFB0 0 IsValidLocaleName 00000000E3C4 00000040EFC4 0 LCMapStringEx 00000000E3D4 00000040EFD4 0 GetCurrentPackageId 00000000E3E8 00000040EFE8 0 GetTickCount64 00000000E3F8 00000040EFF8 0 GetFileInformationByHandleExW 00000000E418 00000040F018 0 SetFileInformationByHandleW 00000000E494 00000040F094 0 Sunday 00000000E49C 00000040F09C 0 Monday 00000000E4A4 00000040F0A4 0 Tuesday 00000000E4AC 00000040F0AC 0 Wednesday 00000000E4B8 00000040F0B8 0 Thursday File pos Mem pos ID Text ======== ======= == ==== 00000000E4C4 00000040F0C4 0 Friday 00000000E4CC 00000040F0CC 0 Saturday 00000000E508 00000040F108 0 January 00000000E510 00000040F110 0 February 00000000E51C 00000040F11C 0 March 00000000E524 00000040F124 0 April 00000000E53C 00000040F13C 0 August 00000000E544 00000040F144 0 September 00000000E550 00000040F150 0 October 00000000E558 00000040F158 0 November 00000000E564 00000040F164 0 December 00000000E578 00000040F178 0 MM/dd/yy 00000000E584 00000040F184 0 dddd, MMMM dd, yyyy 00000000E598 00000040F198 0 HH:mm:ss 00000000E7EC 00000040F3EC 0 MessageBoxW 00000000E7F8 00000040F3F8 0 GetActiveWindow 00000000E808 00000040F408 0 GetLastActivePopup 00000000E81C 00000040F41C 0 GetUserObjectInformationW 00000000E838 00000040F438 0 GetProcessWindowStation 00000000EDF8 00000040F9F8 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\] 00000000EE39 00000040FA39 0 abcdefghijklmnopqrstuvwxyz{|}~ 00000000EF78 00000040FB78 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 00000000EFB9 00000040FBB9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0000000110FF 000000411CFF 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 000000011140 000000411D40 0 abcdefghijklmnopqrstuvwxyz{|}~ 000000011185 000000411D85 0 ('8PW 00000001118E 000000411D8E 0 700PP 0000000111A9 000000411DA9 0 xppwpp 0000000111C8 000000411DC8 0 e+000 0000000111D0 000000411DD0 0 1#SNAN 0000000111D8 000000411DD8 0 1#IND 0000000111E0 000000411DE0 0 1#INF 0000000111E8 000000411DE8 0 1#QNAN 000000011394 000000411F94 0 @echo off 0000000113A3 000000411FA3 0 del /F "%S" 0000000113D8 000000411FD8 0 del "%S" 0000000113E2 000000411FE2 0 if exist "%S" goto d 000000011470 000000412070 0 Realtek Audio Driver2 000000011488 000000412088 0 --install 0000000114B8 0000004120B8 0 --systeminstall 000000011544 000000412144 0 /c "net start "Realtek Audio Driver2"" 00000001156C 00000041216C 0 cmd.exe 000000011A8A 00000041268A 0 ExitProcess 000000011A98 000000412698 0 GetEnvironmentVariableW 000000011AB2 0000004126B2 0 CreateMutexW 000000011AC2 0000004126C2 0 SetErrorMode 000000011AD2 0000004126D2 0 CreateProcessW 000000011AE4 0000004126E4 0 GetCurrentProcess 000000011AF8 0000004126F8 0 WaitForSingleObject 000000011B0E 00000041270E 0 WriteFile 000000011B1A 00000041271A 0 GetCommandLineA 000000011B2C 00000041272C 0 OpenProcess 000000011B3A 00000041273A 0 Sleep 000000011B42 000000412742 0 TerminateProcess 000000011B56 000000412756 0 GetModuleFileNameW 000000011B6C 00000041276C 0 CreateFileW 000000011B7A 00000041277A 0 GetTempPathW 000000011B8A 00000041278A 0 OpenMutexW 000000011B98 000000412798 0 MoveFileW 000000011BA4 0000004127A4 0 Process32FirstW File pos Mem pos ID Text ======== ======= == ==== 000000011BB6 0000004127B6 0 Process32NextW 000000011BC8 0000004127C8 0 CreateToolhelp32Snapshot 000000011BE4 0000004127E4 0 DuplicateHandle 000000011BF6 0000004127F6 0 CloseHandle 000000011C04 000000412804 0 DeleteFileW 000000011C12 000000412812 0 LocalFree 000000011C1C 00000041281C 0 KERNEL32.dll 000000011C2C 00000041282C 0 StartServiceCtrlDispatcherA 000000011C4A 00000041284A 0 RegisterServiceCtrlHandlerA 000000011C68 000000412868 0 InitializeSecurityDescriptor 000000011C88 000000412888 0 SetSecurityDescriptorDacl 000000011CA4 0000004128A4 0 SetServiceStatus 000000011CB8 0000004128B8 0 ConvertStringSecurityDescriptorToSecurityDescriptorW 000000011CF0 0000004128F0 0 GetSecurityDescriptorSacl 000000011D0C 00000041290C 0 SetSecurityDescriptorSacl 000000011D28 000000412928 0 GetSecurityDescriptorDacl 000000011D42 000000412942 0 ADVAPI32.dll 000000011D52 000000412952 0 ShellExecuteA 000000011D62 000000412962 0 ShellExecuteW 000000011D70 000000412970 0 SHELL32.dll 000000011D7E 00000041297E 0 GetSystemTimeAsFileTime 000000011D98 000000412998 0 IsDebuggerPresent 000000011DAC 0000004129AC 0 IsProcessorFeaturePresent 000000011DC8 0000004129C8 0 EncodePointer 000000011DD8 0000004129D8 0 DecodePointer 000000011DE8 0000004129E8 0 GetLastError 000000011DF8 0000004129F8 0 SetLastError 000000011E08 000000412A08 0 GetCurrentThreadId 000000011E1E 000000412A1E 0 GetModuleHandleExW 000000011E34 000000412A34 0 GetProcAddress 000000011E46 000000412A46 0 MultiByteToWideChar 000000011E5C 000000412A5C 0 WideCharToMultiByte 000000011E72 000000412A72 0 GetProcessHeap 000000011E84 000000412A84 0 GetStdHandle 000000011E94 000000412A94 0 GetFileType 000000011EA2 000000412AA2 0 DeleteCriticalSection 000000011EBA 000000412ABA 0 GetStartupInfoW 000000011ECC 000000412ACC 0 GetModuleFileNameA 000000011EE2 000000412AE2 0 QueryPerformanceCounter 000000011EFC 000000412AFC 0 GetCurrentProcessId 000000011F12 000000412B12 0 GetEnvironmentStringsW 000000011F2C 000000412B2C 0 FreeEnvironmentStringsW 000000011F46 000000412B46 0 UnhandledExceptionFilter 000000011F62 000000412B62 0 SetUnhandledExceptionFilter 000000011F80 000000412B80 0 InitializeCriticalSectionAndSpinCount 000000011FA8 000000412BA8 0 TlsAlloc 000000011FB4 000000412BB4 0 TlsGetValue 000000011FC2 000000412BC2 0 TlsSetValue 000000011FD0 000000412BD0 0 TlsFree 000000011FDA 000000412BDA 0 GetModuleHandleW 000000011FEE 000000412BEE 0 EnterCriticalSection 000000012006 000000412C06 0 LeaveCriticalSection 00000001201E 000000412C1E 0 GetConsoleCP 00000001202E 000000412C2E 0 GetConsoleMode 000000012040 000000412C40 0 SetFilePointerEx 000000012054 000000412C54 0 IsValidCodePage 000000012066 000000412C66 0 GetACP 000000012070 000000412C70 0 GetOEMCP 00000001207C 000000412C7C 0 GetCPInfo 000000012088 000000412C88 0 HeapFree File pos Mem pos ID Text ======== ======= == ==== 000000012094 000000412C94 0 LoadLibraryExW 0000000120A6 000000412CA6 0 RtlUnwind 0000000120B2 000000412CB2 0 OutputDebugStringW 0000000120C8 000000412CC8 0 SetStdHandle 0000000120D8 000000412CD8 0 WriteConsoleW 0000000120E8 000000412CE8 0 GetStringTypeW 0000000120FA 000000412CFA 0 HeapAlloc 000000012106 000000412D06 0 HeapReAlloc 000000012114 000000412D14 0 HeapSize 000000012120 000000412D20 0 LCMapStringW 000000012130 000000412D30 0 FlushFileBuffers 0000000126C2 0000004134C2 0 0000000127A9 0000004135A9 0 abcdefghijklmnopqrstuvwxyz 0000000127C9 0000004135C9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 0000000128E2 0000004136E2 0 0000000129C2 0000004137C2 0 abcdefghijklmnopqrstuvwxyz 0000000129E2 0000004137E2 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 0000000131C6 000000413FC6 0 z?aUY 000000013208 000000414008 0 zc%C1 00000001325B 00000041405B 0 -64OS 000000013463 000000417063 0 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> 00000001349C 00000041709C 0 <assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity type="win32" name="consoletest" version="1.0.0.0"></assemblyIdentity><description> my exe </description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS></application></compatibility></assembly> 000000013A08 000000418008 0 A0U0i0~0 000000013A1F 00000041801F 0 1:1Z1 000000013A31 000000418031 0 2+2I2~2 000000013A43 000000418043 0 383W3|3 000000013A51 000000418051 0 4!4-494K4y4 000000013A6B 00000041806B 0 5b5o5 000000013A81 000000418081 0 6+6G6~6 000000013A9B 00000041809B 0 7+7M7W7\7b7j7}7 000000013AC3 0000004180C3 0 7@8P8_8f8l8r8|8 000000013AE3 0000004180E3 0 9 9B9G9N9h9 000000013B2D 00000041812D 0 090?0E0K0Q0W0 000000013B3B 00000041813B 0 0e0l0s0z0 000000013B65 000000418165 0 2F2Q2W2 000000013B6F 00000041816F 0 3*414G4Q4 000000013B7F 00000041817F 0 5:9}: 000000013B87 000000418187 0 ;$<*<L<R< 000000013B9C 00000041819C 0 m0q0u0y0}0 000000013BB9 0000004181B9 0 2%2T2 000000013BC9 0000004181C9 0 3"3;3E3R3\3r3 000000013BD7 0000004181D7 0 4Q5X5~5 000000013BF1 0000004181F1 0 <1<7< 000000013C1B 00000041821B 0 1Y2_2 000000013C3B 00000041823B 0 4+636<6E6g6 000000013C59 000000418259 0 7"7C7 000000013C65 000000418265 0 8#8)8:8Y8o8y8 000000013C7F 00000041827F 0 8%9,9;9n9 000000013C91 000000418291 0 :,:a:|: 000000013C9D 00000041829D 0 :#;[;n; 000000013CB7 0000004182B7 0 >,>c>o> 000000013CC9 0000004182C9 0 ?@?S?c? 000000013CEB 0000004182EB 0 0'030:0A0\0f0 000000013CFF 0000004182FF 0 191A1F1r1 000000013D19 000000418319 0 2"2'2F2z2 000000013D37 000000418337 0 3"3,323D3V3q3w3 000000013D63 000000418363 0 4 4%4+43484>4F4K4Q4Y4 000000013D79 000000418379 0 4d4l4q4w4 000000013DB5 0000004183B5 0 5"5*5/555=5B5H5P5U5[5c5h5n5v5{5 000000013E05 000000418405 0 6!6&6,64696>6G6L6R6Z6 File pos Mem pos ID Text ======== ======= == ==== 000000013E1B 00000041841B 0 6n6|6 000000013E35 000000418435 0 8#8:8X8 000000013E3F 00000041843F 0 9$9G9 000000013E55 000000418455 0 :(:3:;:H:R:x: 000000013E6B 00000041846B 0 ;X;l; 000000013E83 000000418483 0 =V>#?R?[? 000000013EB5 0000004184B5 0 4!5>5]5 000000013EBD 0000004184BD 0 6!6<6V6 000000013ECD 0000004184CD 0 8)9?9x9 000000013ED9 0000004184D9 0 :.:5:<:C:[:j:t: 000000013EEF 0000004184EF 0 : ;;; 000000013EFD 0000004184FD 0 =&=Q= 000000013F07 000000418507 0 >#>.>E>_>z> 000000013F1D 00000041851D 0 >4?j?}? 000000013F2D 00000041852D 0 0A0h0 000000013F3B 00000041853B 0 1(2q2 000000013F43 000000418543 0 3 4s4y4 000000013F59 000000418559 0 6 6&6 000000013F5F 00000041855F 0 7(7}7 000000013F73 000000418573 0 7 808a8y8 000000013F87 000000418587 0 8'9-929 000000013FC3 0000004185C3 0 <$<-< 000000013FD9 0000004185D9 0 <O=Y=t=~= 000000013FE3 0000004185E3 0 =&>E>Q>\? 000000013FF9 0000004185F9 0 20262B2R2X2g2n2~2 00000001402D 00000041862D 0 3$3/3r3 000000014053 000000418653 0 617=7d7z7 000000014065 000000418665 0 8Z8c8n8}8 000000014075 000000418675 0 9%979I9[9m9 0000000140AB 0000004186AB 0 0T2[2 0000000140C1 0000004186C1 0 384>4J4 0000000140CF 0000004186CF 0 595b5p5v5 0000000140D9 0000004186D9 0 5S6{6 0000000140DF 0000004186DF 0 658S8l8s8{8 000000014105 000000418705 0 9b9h9l9p9t9 00000001411D 00000041871D 0 :5:_: 00000001417B 00000041877B 0 0,1i1s1 000000014185 000000418785 0 2=3,42464;4A4E4K4O4U4Y4 00000001419D 00000041879D 0 4d4h4n4r4x4|4 0000000141B1 0000004187B1 0 50686 0000000141B7 0000004187B7 0 7r8~8 0000000141BF 0000004187BF 0 9 9/9 0000000141DD 0000004187DD 0 >-?D?~? 0000000141ED 0000004187ED 0 0f3x3 000000014237 000000418837 0 818W8u8|8 000000014257 000000418857 0 8Z9e9 00000001426F 00000041886F 0 : :$:(:,:0:4:~: 000000014295 000000418895 0 0d1}1 00000001429F 00000041889F 0 1B2~< 0000000142AB 0000004188AB 0 ?*?0? 0000000142B8 0000004188B8 0 p1t1x1|1 0000000142D7 0000004188D7 0 3$3,343<3D3L3T3\3d3l3t3|3 000000014304 000000418904 0 80<0@0D0\<d<l<t<|< 00000001433D 00000041893D 0 =$=,=4=<=D=L=T=\=d=l=t=|= 00000001437D 00000041897D 0 >$>,>4><>D>L>T>\>d>l>t>|> 0000000143BD 0000004189BD 0 ?$?,?4?<?D?L?T?\?d?l?t?|? 000000014407 000000418A07 0 0$0,040<0D0L0T0\0d0l0t0|0 000000014447 000000418A47 0 1$1,141<1D1L1T1\1d1l1t1|1 000000014487 000000418A87 0 2$2,242<2D2L2T2\2d2l2t2|2 0000000144C7 000000418AC7 0 3$3,343<3D3L3T3\3d3l3t3x3 File pos Mem pos ID Text ======== ======= == ==== 000000014507 000000418B07 0 4 4(40484@4H4P4X4 000000014519 000000418B19 0 4h4p4x4 000000014547 000000418B47 0 5 5(50585@5H5P5X5 000000014559 000000418B59 0 5h5p5x5 000000014587 000000418B87 0 6 6(60686@6H6P6X6 000000014599 000000418B99 0 6h6p6x6 0000000145C7 000000418BC7 0 7 7(70787@7H7P7X7 0000000145D9 000000418BD9 0 7h7p7x7 000000014607 000000418C07 0 8 8(80888@8H8P8X8 000000014619 000000418C19 0 8h8p8x8 000000014647 000000418C47 0 9 9(90989@9H9P9X9 000000014659 000000418C59 0 9h9p9x9 000000014687 000000418C87 0 : :(:0:8:@:H:P:X: 000000014699 000000418C99 0 :h:p:x: 0000000146C5 000000418CC5 0 2$2@2L2h2 0000000146D7 000000418CD7 0 3(3H3d3h3 0000000146ED 000000418CED 0 404P4p4 000000014759 000000418D59 0 : :$:(:,:0:<:@:D:H:L:P:T:X:\: 000000014777 000000418D77 0 :d:h:l:p:t:x:|: 0000000147BF 000000418DBF 0 ;$;4;D;T;t; 0000000147F3 000000418DF3 0 = =$=(=,=8=<=@=D=H=L=P=T=\= 00000000D5B8 00000040E1B8 0 (null) 00000000D6C8 00000040E2C8 0 mscoree.dll 00000000E070 00000040EC70 0 runtime error 00000000E0B0 00000040ECB0 0 Program: 00000000E0C4 00000040ECC4 0 <program name unknown> 00000000E108 00000040ED08 0 Microsoft Visual C++ Runtime Library 00000000E154 00000040ED54 0 kernel32.dll 00000000E447 00000040F047 0 @ja-JP 00000000E454 00000040F054 0 zh-CN 00000000E460 00000040F060 0 ko-KR 00000000E46C 00000040F06C 0 zh-TW 00000000E5DC 00000040F1DC 0 Sunday 00000000E5EC 00000040F1EC 0 Monday 00000000E5FC 00000040F1FC 0 Tuesday 00000000E60C 00000040F20C 0 Wednesday 00000000E620 00000040F220 0 Thursday 00000000E634 00000040F234 0 Friday 00000000E644 00000040F244 0 Saturday 00000000E6B8 00000040F2B8 0 January 00000000E6C8 00000040F2C8 0 February 00000000E6DC 00000040F2DC 0 March 00000000E6E8 00000040F2E8 0 April 00000000E70C 00000040F30C 0 August 00000000E71C 00000040F31C 0 September 00000000E730 00000040F330 0 October 00000000E740 00000040F340 0 November 00000000E754 00000040F354 0 December 00000000E778 00000040F378 0 MM/dd/yy 00000000E78C 00000040F38C 0 dddd, MMMM dd, yyyy 00000000E7B4 00000040F3B4 0 HH:mm:ss 00000000E7C8 00000040F3C8 0 en-US 00000000E7D4 00000040F3D4 0 USER32.DLL 00000000FEB0 000000410AB0 0 zh-CHS 0000000100B4 000000410CB4 0 ar-SA 0000000100C0 000000410CC0 0 bg-BG 0000000100CC 000000410CCC 0 ca-ES 0000000100D8 000000410CD8 0 cs-CZ 0000000100E4 000000410CE4 0 da-DK 0000000100F0 000000410CF0 0 de-DE File pos Mem pos ID Text ======== ======= == ==== 0000000100FC 000000410CFC 0 el-GR 000000010108 000000410D08 0 fi-FI 000000010114 000000410D14 0 fr-FR 000000010120 000000410D20 0 he-IL 00000001012C 000000410D2C 0 hu-HU 000000010138 000000410D38 0 is-IS 000000010144 000000410D44 0 it-IT 000000010150 000000410D50 0 nl-NL 00000001015C 000000410D5C 0 nb-NO 000000010168 000000410D68 0 pl-PL 000000010174 000000410D74 0 pt-BR 000000010180 000000410D80 0 ro-RO 00000001018C 000000410D8C 0 ru-RU 000000010198 000000410D98 0 hr-HR 0000000101A4 000000410DA4 0 sk-SK 0000000101B0 000000410DB0 0 sq-AL 0000000101BC 000000410DBC 0 sv-SE 0000000101C8 000000410DC8 0 th-TH 0000000101D4 000000410DD4 0 tr-TR 0000000101E0 000000410DE0 0 ur-PK 0000000101EC 000000410DEC 0 id-ID 0000000101F8 000000410DF8 0 uk-UA 000000010204 000000410E04 0 be-BY 000000010210 000000410E10 0 sl-SI 00000001021C 000000410E1C 0 et-EE 000000010228 000000410E28 0 lv-LV 000000010234 000000410E34 0 lt-LT 000000010240 000000410E40 0 fa-IR 00000001024C 000000410E4C 0 vi-VN 000000010258 000000410E58 0 hy-AM 000000010264 000000410E64 0 az-AZ-Latn 00000001027C 000000410E7C 0 eu-ES 000000010288 000000410E88 0 mk-MK 000000010294 000000410E94 0 tn-ZA 0000000102A0 000000410EA0 0 xh-ZA 0000000102AC 000000410EAC 0 zu-ZA 0000000102B8 000000410EB8 0 af-ZA 0000000102C4 000000410EC4 0 ka-GE 0000000102D0 000000410ED0 0 fo-FO 0000000102DC 000000410EDC 0 hi-IN 0000000102E8 000000410EE8 0 mt-MT 0000000102F4 000000410EF4 0 se-NO 000000010300 000000410F00 0 ms-MY 00000001030C 000000410F0C 0 kk-KZ 000000010318 000000410F18 0 ky-KG 000000010324 000000410F24 0 sw-KE 000000010330 000000410F30 0 uz-UZ-Latn 000000010348 000000410F48 0 tt-RU 000000010354 000000410F54 0 bn-IN 000000010360 000000410F60 0 pa-IN 00000001036C 000000410F6C 0 gu-IN 000000010378 000000410F78 0 ta-IN 000000010384 000000410F84 0 te-IN 000000010390 000000410F90 0 kn-IN 00000001039C 000000410F9C 0 ml-IN 0000000103A8 000000410FA8 0 mr-IN 0000000103B4 000000410FB4 0 sa-IN 0000000103C0 000000410FC0 0 mn-MN 0000000103CC 000000410FCC 0 cy-GB 0000000103D8 000000410FD8 0 gl-ES File pos Mem pos ID Text ======== ======= == ==== 0000000103E4 000000410FE4 0 kok-IN 0000000103F4 000000410FF4 0 syr-SY 000000010404 000000411004 0 div-MV 000000010414 000000411014 0 quz-BO 000000010424 000000411024 0 ns-ZA 000000010430 000000411030 0 mi-NZ 00000001043C 00000041103C 0 ar-IQ 000000010448 000000411048 0 de-CH 000000010454 000000411054 0 en-GB 000000010460 000000411060 0 es-MX 00000001046C 00000041106C 0 fr-BE 000000010478 000000411078 0 it-CH 000000010484 000000411084 0 nl-BE 000000010490 000000411090 0 nn-NO 00000001049C 00000041109C 0 pt-PT 0000000104A8 0000004110A8 0 sr-SP-Latn 0000000104C0 0000004110C0 0 sv-FI 0000000104CC 0000004110CC 0 az-AZ-Cyrl 0000000104E4 0000004110E4 0 se-SE 0000000104F0 0000004110F0 0 ms-BN 0000000104FC 0000004110FC 0 uz-UZ-Cyrl 000000010514 000000411114 0 quz-EC 000000010524 000000411124 0 ar-EG 000000010530 000000411130 0 zh-HK 00000001053C 00000041113C 0 de-AT 000000010548 000000411148 0 en-AU 000000010554 000000411154 0 es-ES 000000010560 000000411160 0 fr-CA 00000001056C 00000041116C 0 sr-SP-Cyrl 000000010584 000000411184 0 se-FI 000000010590 000000411190 0 quz-PE 0000000105A0 0000004111A0 0 ar-LY 0000000105AC 0000004111AC 0 zh-SG 0000000105B8 0000004111B8 0 de-LU 0000000105C4 0000004111C4 0 en-CA 0000000105D0 0000004111D0 0 es-GT 0000000105DC 0000004111DC 0 fr-CH 0000000105E8 0000004111E8 0 hr-BA 0000000105F4 0000004111F4 0 smj-NO 000000010604 000000411204 0 ar-DZ 000000010610 000000411210 0 zh-MO 00000001061C 00000041121C 0 de-LI 000000010628 000000411228 0 en-NZ 000000010634 000000411234 0 es-CR 000000010640 000000411240 0 fr-LU 00000001064C 00000041124C 0 bs-BA-Latn 000000010664 000000411264 0 smj-SE 000000010674 000000411274 0 ar-MA 000000010680 000000411280 0 en-IE 00000001068C 00000041128C 0 es-PA 000000010698 000000411298 0 fr-MC 0000000106A4 0000004112A4 0 sr-BA-Latn 0000000106BC 0000004112BC 0 sma-NO 0000000106CC 0000004112CC 0 ar-TN 0000000106D8 0000004112D8 0 en-ZA 0000000106E4 0000004112E4 0 es-DO 0000000106F0 0000004112F0 0 sr-BA-Cyrl 000000010708 000000411308 0 sma-SE 000000010718 000000411318 0 ar-OM 000000010724 000000411324 0 en-JM File pos Mem pos ID Text ======== ======= == ==== 000000010730 000000411330 0 es-VE 00000001073C 00000041133C 0 sms-FI 00000001074C 00000041134C 0 ar-YE 000000010758 000000411358 0 en-CB 000000010764 000000411364 0 es-CO 000000010770 000000411370 0 smn-FI 000000010780 000000411380 0 ar-SY 00000001078C 00000041138C 0 en-BZ 000000010798 000000411398 0 es-PE 0000000107A4 0000004113A4 0 ar-JO 0000000107B0 0000004113B0 0 en-TT 0000000107BC 0000004113BC 0 es-AR 0000000107C8 0000004113C8 0 ar-LB 0000000107D4 0000004113D4 0 en-ZW 0000000107E0 0000004113E0 0 es-EC 0000000107EC 0000004113EC 0 ar-KW 0000000107F8 0000004113F8 0 en-PH 000000010804 000000411404 0 es-CL 000000010810 000000411410 0 ar-AE 00000001081C 00000041141C 0 es-UY 000000010828 000000411428 0 ar-BH 000000010834 000000411434 0 es-PY 000000010840 000000411440 0 ar-QA 00000001084C 00000041144C 0 es-BO 000000010858 000000411458 0 es-SV 000000010864 000000411464 0 es-HN 000000010870 000000411470 0 es-NI 00000001087C 00000041147C 0 es-PR 000000010888 000000411488 0 zh-CHT 0000000108A0 0000004114A0 0 af-za 0000000108AC 0000004114AC 0 ar-ae 0000000108B8 0000004114B8 0 ar-bh 0000000108C4 0000004114C4 0 ar-dz 0000000108D0 0000004114D0 0 ar-eg 0000000108DC 0000004114DC 0 ar-iq 0000000108E8 0000004114E8 0 ar-jo 0000000108F4 0000004114F4 0 ar-kw 000000010900 000000411500 0 ar-lb 00000001090C 00000041150C 0 ar-ly 000000010918 000000411518 0 ar-ma 000000010924 000000411524 0 ar-om 000000010930 000000411530 0 ar-qa 00000001093C 00000041153C 0 ar-sa 000000010948 000000411548 0 ar-sy 000000010954 000000411554 0 ar-tn 000000010960 000000411560 0 ar-ye 00000001096C 00000041156C 0 az-az-cyrl 000000010984 000000411584 0 az-az-latn 00000001099C 00000041159C 0 be-by 0000000109A8 0000004115A8 0 bg-bg 0000000109B4 0000004115B4 0 bn-in 0000000109C0 0000004115C0 0 bs-ba-latn 0000000109D8 0000004115D8 0 ca-es 0000000109E4 0000004115E4 0 cs-cz 0000000109F0 0000004115F0 0 cy-gb 0000000109FC 0000004115FC 0 da-dk 000000010A08 000000411608 0 de-at 000000010A14 000000411614 0 de-ch 000000010A20 000000411620 0 de-de 000000010A2C 00000041162C 0 de-li File pos Mem pos ID Text ======== ======= == ==== 000000010A38 000000411638 0 de-lu 000000010A44 000000411644 0 div-mv 000000010A54 000000411654 0 el-gr 000000010A60 000000411660 0 en-au 000000010A6C 00000041166C 0 en-bz 000000010A78 000000411678 0 en-ca 000000010A84 000000411684 0 en-cb 000000010A90 000000411690 0 en-gb 000000010A9C 00000041169C 0 en-ie 000000010AA8 0000004116A8 0 en-jm 000000010AB4 0000004116B4 0 en-nz 000000010AC0 0000004116C0 0 en-ph 000000010ACC 0000004116CC 0 en-tt 000000010AD8 0000004116D8 0 en-us 000000010AE4 0000004116E4 0 en-za 000000010AF0 0000004116F0 0 en-zw 000000010AFC 0000004116FC 0 es-ar 000000010B08 000000411708 0 es-bo 000000010B14 000000411714 0 es-cl 000000010B20 000000411720 0 es-co 000000010B2C 00000041172C 0 es-cr 000000010B38 000000411738 0 es-do 000000010B44 000000411744 0 es-ec 000000010B50 000000411750 0 es-es 000000010B5C 00000041175C 0 es-gt 000000010B68 000000411768 0 es-hn 000000010B74 000000411774 0 es-mx 000000010B80 000000411780 0 es-ni 000000010B8C 00000041178C 0 es-pa 000000010B98 000000411798 0 es-pe 000000010BA4 0000004117A4 0 es-pr 000000010BB0 0000004117B0 0 es-py 000000010BBC 0000004117BC 0 es-sv 000000010BC8 0000004117C8 0 es-uy 000000010BD4 0000004117D4 0 es-ve 000000010BE0 0000004117E0 0 et-ee 000000010BEC 0000004117EC 0 eu-es 000000010BF8 0000004117F8 0 fa-ir 000000010C04 000000411804 0 fi-fi 000000010C10 000000411810 0 fo-fo 000000010C1C 00000041181C 0 fr-be 000000010C28 000000411828 0 fr-ca 000000010C34 000000411834 0 fr-ch 000000010C40 000000411840 0 fr-fr 000000010C4C 00000041184C 0 fr-lu 000000010C58 000000411858 0 fr-mc 000000010C64 000000411864 0 gl-es 000000010C70 000000411870 0 gu-in 000000010C7C 00000041187C 0 he-il 000000010C88 000000411888 0 hi-in 000000010C94 000000411894 0 hr-ba 000000010CA0 0000004118A0 0 hr-hr 000000010CAC 0000004118AC 0 hu-hu 000000010CB8 0000004118B8 0 hy-am 000000010CC4 0000004118C4 0 id-id 000000010CD0 0000004118D0 0 is-is 000000010CDC 0000004118DC 0 it-ch 000000010CE8 0000004118E8 0 it-it 000000010CF4 0000004118F4 0 ja-jp 000000010D00 000000411900 0 ka-ge File pos Mem pos ID Text ======== ======= == ==== 000000010D0C 00000041190C 0 kk-kz 000000010D18 000000411918 0 kn-in 000000010D24 000000411924 0 kok-in 000000010D34 000000411934 0 ko-kr 000000010D40 000000411940 0 ky-kg 000000010D4C 00000041194C 0 lt-lt 000000010D58 000000411958 0 lv-lv 000000010D64 000000411964 0 mi-nz 000000010D70 000000411970 0 mk-mk 000000010D7C 00000041197C 0 ml-in 000000010D88 000000411988 0 mn-mn 000000010D94 000000411994 0 mr-in 000000010DA0 0000004119A0 0 ms-bn 000000010DAC 0000004119AC 0 ms-my 000000010DB8 0000004119B8 0 mt-mt 000000010DC4 0000004119C4 0 nb-no 000000010DD0 0000004119D0 0 nl-be 000000010DDC 0000004119DC 0 nl-nl 000000010DE8 0000004119E8 0 nn-no 000000010DF4 0000004119F4 0 ns-za 000000010E00 000000411A00 0 pa-in 000000010E0C 000000411A0C 0 pl-pl 000000010E18 000000411A18 0 pt-br 000000010E24 000000411A24 0 pt-pt 000000010E30 000000411A30 0 quz-bo 000000010E40 000000411A40 0 quz-ec 000000010E50 000000411A50 0 quz-pe 000000010E60 000000411A60 0 ro-ro 000000010E6C 000000411A6C 0 ru-ru 000000010E78 000000411A78 0 sa-in 000000010E84 000000411A84 0 se-fi 000000010E90 000000411A90 0 se-no 000000010E9C 000000411A9C 0 se-se 000000010EA8 000000411AA8 0 sk-sk 000000010EB4 000000411AB4 0 sl-si 000000010EC0 000000411AC0 0 sma-no 000000010ED0 000000411AD0 0 sma-se 000000010EE0 000000411AE0 0 smj-no 000000010EF0 000000411AF0 0 smj-se 000000010F00 000000411B00 0 smn-fi 000000010F10 000000411B10 0 sms-fi 000000010F20 000000411B20 0 sq-al 000000010F2C 000000411B2C 0 sr-ba-cyrl 000000010F44 000000411B44 0 sr-ba-latn 000000010F5C 000000411B5C 0 sr-sp-cyrl 000000010F74 000000411B74 0 sr-sp-latn 000000010F8C 000000411B8C 0 sv-fi 000000010F98 000000411B98 0 sv-se 000000010FA4 000000411BA4 0 sw-ke 000000010FB0 000000411BB0 0 syr-sy 000000010FC0 000000411BC0 0 ta-in 000000010FCC 000000411BCC 0 te-in 000000010FD8 000000411BD8 0 th-th 000000010FE4 000000411BE4 0 tn-za 000000010FF0 000000411BF0 0 tr-tr 000000010FFC 000000411BFC 0 tt-ru 000000011008 000000411C08 0 uk-ua 000000011014 000000411C14 0 ur-pk 000000011020 000000411C20 0 uz-uz-cyrl 000000011038 000000411C38 0 uz-uz-latn File pos Mem pos ID Text ======== ======= == ==== 000000011050 000000411C50 0 vi-vn 00000001105C 000000411C5C 0 xh-za 000000011068 000000411C68 0 zh-chs 000000011078 000000411C78 0 zh-cht 000000011088 000000411C88 0 zh-cn 000000011094 000000411C94 0 zh-hk 0000000110A0 000000411CA0 0 zh-mo 0000000110AC 000000411CAC 0 zh-sg 0000000110B8 000000411CB8 0 zh-tw 0000000110C4 000000411CC4 0 zu-za 0000000110D0 000000411CD0 0 CONOUT$ 0000000111F0 000000411DF0 0 ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "%s" /t REG_SZ /d "%s" 0000000112AC 000000411EAC 0 Global\%08X%08X 0000000112D0 000000411ED0 0 S:(ML;;NW;;;LW)D:(A;;0x1FFFFF;;;WD)(A;;0x1FFFFF;;;S-1-15-2-1) 00000001134C 000000411F4C 0 D:(A;;0x1FFFFF;;;WD) 000000011378 000000411F78 0 %s\%d%d%d.bat 0000000113B4 000000411FB4 0 /c "%s" 0000000113C4 000000411FC4 0 ComSpec 0000000113F8 000000411FF8 0 %s\rtkdrv2.exe 000000011418 000000412018 0 %s\updatea.bin 000000011438 000000412038 0 %s\updatea2.bin 000000011458 000000412058 0 rtksys2.exe 000000011494 000000412094 0 RtkDrv 0000000114C7 0000004120C7 0 lcreate "Realtek Audio Driver2" binPath= "%s" start= auto 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 0000000000D0 0000004000D0 0 RichSS 0000000001E8 0000004001E8 0 .text 000000000210 000000400210 0 .rdata 000000000237 000000400237 0 @.data 000000000260 000000400260 0 .rsrc 000000000287 000000400287 0 @.reloc 000000000719 000000401319 0 Ph@_A 0000000007B1 0000004013B1 0 PWWWWWW 0000000008CA 0000004014CA 0 Wh8 A 0000000009BF 0000004015BF 0 <u@_A 000000000C2F 00000040182F 0 PSSSSSS 000000000DB1 0000004019B1 0 WWPh<!A 000000000DC5 0000004019C5 0 WWhD!A 000000001679 000000402279 0 PPPPP 000000001A41 000000402641 0 t/HHt 000000001A84 000000402684 0 j*Xf; 000000001AE2 0000004026E2 0 j*Xf; 000000001B39 000000402739 0 htHjlZ; 000000001C7C 00000040287C 0 HHtXHHt 000000001EB9 000000402AB9 0 nt'joZ; 000000001F59 000000402B59 0 jgXf; 000000002030 000000402C30 0 YYjgXf9 0000000021E6 000000402DE6 0 >0t<NAj0X 0000000022C7 000000402EC7 0 Wj0XP 0000000023D3 000000402FD3 0 Wj XP 00000000264D 00000040324D 0 5ntel 00000000265D 00000040325D 0 5Genu 000000002A79 000000403679 0 t/HHt 000000002CC5 0000004038C5 0 HHtVHHt 0000000031BC 000000403DBC 0 >0t-N 0000000036E5 0000004042E5 0 ~pjCXf 0000000036F9 0000004042F9 0 Fhh6A 000000003D38 000000404938 0 jdhp"A 000000003D51 000000404951 0 j@j _W 000000003E11 000000404A11 0 } j@W File pos Mem pos ID Text ======== ======= == ==== 0000000041BC 000000404DBC 0 < t8< t4 000000004296 000000404E96 0 t@VSP 0000000042F1 000000404EF1 0 PPPPP 0000000043FF 000000404FFF 0 VhrFA 000000004423 000000405023 0 <v5hrFA 00000000450B 00000040510B 0 SSSSS 00000000466A 00000040526A 0 SPPP+ 000000004673 000000405273 0 FVWPP 000000004699 000000405299 0 SVWPP 000000004AB1 0000004056B1 0 9=4_A 000000004FC6 000000405BC6 0 ;5$_A 00000000591F 00000040651F 0 ;=$_A 0000000067CC 0000004073CC 0 ~';_t|%3 0000000067E0 0000004073E0 0 wtVj 0000000067F5 0000004073F5 0 ;_tr. 000000006816 000000407416 0 GWVj 0000000069EB 0000004075EB 0 v N+D$ 000000006AFC 0000004076FC 0 QVWSj 00000000723F 000000407E3F 0 URPQQh 000000007720 000000408320 0 tO9=$NA 00000000837F 000000408F7F 0 PP9E u 0000000089CD 0000004095CD 0 jA[jZZ+ 000000009083 000000409C83 0 SVWUj 000000009124 000000409D24 0 ;t$,v- 0000000091A9 000000409DA9 0 UQPXY]Y[ 0000000092CB 000000409ECB 0 ;=$_A 000000009474 00000040A074 0 ;5$_A 0000000096C4 00000040A2C4 0 PWWWWV 00000000975F 00000040A35F 0 PSSSSV 00000000A5FD 00000040B1FD 0 +t"HHt 00000000A653 00000040B253 0 9] t" 00000000ABC8 00000040B7C8 0 ,SVWj0X 00000000ACFC 00000040B8FC 0 u'j0X 00000000AE26 00000040BA26 0 Wj0XPV 00000000AEC5 00000040BAC5 0 PjdSQ 00000000B02E 00000040BC2E 0 -jd[; 00000000B083 00000040BC83 0 WWWWW 00000000B5D6 00000040C1D6 0 VVVVV 00000000C332 00000040CF32 0 PPPPP 00000000C3E6 00000040CFE6 0 v N+D$ 00000000CE65 00000040DA65 0 SSSSS 00000000D5B0 00000040E1B0 0 (null) 00000000D5E9 00000040E1E9 0 ( 8PX 00000000D5F1 00000040E1F1 0 700WP 00000000D609 00000040E209 0 xpxxxx 00000000D6E0 00000040E2E0 0 CorExitProcess 00000000E170 00000040ED70 0 FlsAlloc 00000000E17C 00000040ED7C 0 FlsFree 00000000E184 00000040ED84 0 FlsGetValue 00000000E190 00000040ED90 0 FlsSetValue 00000000E19C 00000040ED9C 0 InitializeCriticalSectionEx 00000000E1B8 00000040EDB8 0 CreateEventExW 00000000E1C8 00000040EDC8 0 CreateSemaphoreExW 00000000E1DC 00000040EDDC 0 SetThreadStackGuarantee 00000000E1F4 00000040EDF4 0 CreateThreadpoolTimer 00000000E20C 00000040EE0C 0 SetThreadpoolTimer 00000000E220 00000040EE20 0 WaitForThreadpoolTimerCallbacks 00000000E240 00000040EE40 0 CloseThreadpoolTimer 00000000E258 00000040EE58 0 CreateThreadpoolWait 00000000E270 00000040EE70 0 SetThreadpoolWait File pos Mem pos ID Text ======== ======= == ==== 00000000E284 00000040EE84 0 CloseThreadpoolWait 00000000E298 00000040EE98 0 FlushProcessWriteBuffers 00000000E2B4 00000040EEB4 0 FreeLibraryWhenCallbackReturns 00000000E2D4 00000040EED4 0 GetCurrentProcessorNumber 00000000E2F0 00000040EEF0 0 GetLogicalProcessorInformation 00000000E310 00000040EF10 0 CreateSymbolicLinkW 00000000E324 00000040EF24 0 SetDefaultDllDirectories 00000000E340 00000040EF40 0 EnumSystemLocalesEx 00000000E354 00000040EF54 0 CompareStringEx 00000000E364 00000040EF64 0 GetDateFormatEx 00000000E374 00000040EF74 0 GetLocaleInfoEx 00000000E384 00000040EF84 0 GetTimeFormatEx 00000000E394 00000040EF94 0 GetUserDefaultLocaleName 00000000E3B0 00000040EFB0 0 IsValidLocaleName 00000000E3C4 00000040EFC4 0 LCMapStringEx 00000000E3D4 00000040EFD4 0 GetCurrentPackageId 00000000E3E8 00000040EFE8 0 GetTickCount64 00000000E3F8 00000040EFF8 0 GetFileInformationByHandleExW 00000000E418 00000040F018 0 SetFileInformationByHandleW 00000000E494 00000040F094 0 Sunday 00000000E49C 00000040F09C 0 Monday 00000000E4A4 00000040F0A4 0 Tuesday 00000000E4AC 00000040F0AC 0 Wednesday 00000000E4B8 00000040F0B8 0 Thursday 00000000E4C4 00000040F0C4 0 Friday 00000000E4CC 00000040F0CC 0 Saturday 00000000E508 00000040F108 0 January 00000000E510 00000040F110 0 February 00000000E51C 00000040F11C 0 March 00000000E524 00000040F124 0 April 00000000E53C 00000040F13C 0 August 00000000E544 00000040F144 0 September 00000000E550 00000040F150 0 October 00000000E558 00000040F158 0 November 00000000E564 00000040F164 0 December 00000000E578 00000040F178 0 MM/dd/yy 00000000E584 00000040F184 0 dddd, MMMM dd, yyyy 00000000E598 00000040F198 0 HH:mm:ss 00000000E7EC 00000040F3EC 0 MessageBoxW 00000000E7F8 00000040F3F8 0 GetActiveWindow 00000000E808 00000040F408 0 GetLastActivePopup 00000000E81C 00000040F41C 0 GetUserObjectInformationW 00000000E838 00000040F438 0 GetProcessWindowStation 00000000EDF8 00000040F9F8 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\] 00000000EE39 00000040FA39 0 abcdefghijklmnopqrstuvwxyz{|}~ 00000000EF78 00000040FB78 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 00000000EFB9 00000040FBB9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0000000110FF 000000411CFF 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] 000000011140 000000411D40 0 abcdefghijklmnopqrstuvwxyz{|}~ 000000011185 000000411D85 0 ('8PW 00000001118E 000000411D8E 0 700PP 0000000111A9 000000411DA9 0 xppwpp 0000000111C8 000000411DC8 0 e+000 0000000111D0 000000411DD0 0 1#SNAN 0000000111D8 000000411DD8 0 1#IND 0000000111E0 000000411DE0 0 1#INF 0000000111E8 000000411DE8 0 1#QNAN 000000011394 000000411F94 0 @echo off 0000000113A3 000000411FA3 0 del /F "%S" 0000000113D8 000000411FD8 0 del "%S" File pos Mem pos ID Text ======== ======= == ==== 0000000113E2 000000411FE2 0 if exist "%S" goto d 000000011470 000000412070 0 Realtek Audio Driver2 000000011488 000000412088 0 --install 0000000114B8 0000004120B8 0 --systeminstall 000000011544 000000412144 0 /c "net start "Realtek Audio Driver2"" 00000001156C 00000041216C 0 cmd.exe 000000011A8A 00000041268A 0 ExitProcess 000000011A98 000000412698 0 GetEnvironmentVariableW 000000011AB2 0000004126B2 0 CreateMutexW 000000011AC2 0000004126C2 0 SetErrorMode 000000011AD2 0000004126D2 0 CreateProcessW 000000011AE4 0000004126E4 0 GetCurrentProcess 000000011AF8 0000004126F8 0 WaitForSingleObject 000000011B0E 00000041270E 0 WriteFile 000000011B1A 00000041271A 0 GetCommandLineA 000000011B2C 00000041272C 0 OpenProcess 000000011B3A 00000041273A 0 Sleep 000000011B42 000000412742 0 TerminateProcess 000000011B56 000000412756 0 GetModuleFileNameW 000000011B6C 00000041276C 0 CreateFileW 000000011B7A 00000041277A 0 GetTempPathW 000000011B8A 00000041278A 0 OpenMutexW 000000011B98 000000412798 0 MoveFileW 000000011BA4 0000004127A4 0 Process32FirstW 000000011BB6 0000004127B6 0 Process32NextW 000000011BC8 0000004127C8 0 CreateToolhelp32Snapshot 000000011BE4 0000004127E4 0 DuplicateHandle 000000011BF6 0000004127F6 0 CloseHandle 000000011C04 000000412804 0 DeleteFileW 000000011C12 000000412812 0 LocalFree 000000011C1C 00000041281C 0 KERNEL32.dll 000000011C2C 00000041282C 0 StartServiceCtrlDispatcherA 000000011C4A 00000041284A 0 RegisterServiceCtrlHandlerA 000000011C68 000000412868 0 InitializeSecurityDescriptor 000000011C88 000000412888 0 SetSecurityDescriptorDacl 000000011CA4 0000004128A4 0 SetServiceStatus 000000011CB8 0000004128B8 0 ConvertStringSecurityDescriptorToSecurityDescriptorW 000000011CF0 0000004128F0 0 GetSecurityDescriptorSacl 000000011D0C 00000041290C 0 SetSecurityDescriptorSacl 000000011D28 000000412928 0 GetSecurityDescriptorDacl 000000011D42 000000412942 0 ADVAPI32.dll 000000011D52 000000412952 0 ShellExecuteA 000000011D62 000000412962 0 ShellExecuteW 000000011D70 000000412970 0 SHELL32.dll 000000011D7E 00000041297E 0 GetSystemTimeAsFileTime 000000011D98 000000412998 0 IsDebuggerPresent 000000011DAC 0000004129AC 0 IsProcessorFeaturePresent 000000011DC8 0000004129C8 0 EncodePointer 000000011DD8 0000004129D8 0 DecodePointer 000000011DE8 0000004129E8 0 GetLastError 000000011DF8 0000004129F8 0 SetLastError 000000011E08 000000412A08 0 GetCurrentThreadId 000000011E1E 000000412A1E 0 GetModuleHandleExW 000000011E34 000000412A34 0 GetProcAddress 000000011E46 000000412A46 0 MultiByteToWideChar 000000011E5C 000000412A5C 0 WideCharToMultiByte 000000011E72 000000412A72 0 GetProcessHeap 000000011E84 000000412A84 0 GetStdHandle 000000011E94 000000412A94 0 GetFileType 000000011EA2 000000412AA2 0 DeleteCriticalSection File pos Mem pos ID Text ======== ======= == ==== 000000011EBA 000000412ABA 0 GetStartupInfoW 000000011ECC 000000412ACC 0 GetModuleFileNameA 000000011EE2 000000412AE2 0 QueryPerformanceCounter 000000011EFC 000000412AFC 0 GetCurrentProcessId 000000011F12 000000412B12 0 GetEnvironmentStringsW 000000011F2C 000000412B2C 0 FreeEnvironmentStringsW 000000011F46 000000412B46 0 UnhandledExceptionFilter 000000011F62 000000412B62 0 SetUnhandledExceptionFilter 000000011F80 000000412B80 0 InitializeCriticalSectionAndSpinCount 000000011FA8 000000412BA8 0 TlsAlloc 000000011FB4 000000412BB4 0 TlsGetValue 000000011FC2 000000412BC2 0 TlsSetValue 000000011FD0 000000412BD0 0 TlsFree 000000011FDA 000000412BDA 0 GetModuleHandleW 000000011FEE 000000412BEE 0 EnterCriticalSection 000000012006 000000412C06 0 LeaveCriticalSection 00000001201E 000000412C1E 0 GetConsoleCP 00000001202E 000000412C2E 0 GetConsoleMode 000000012040 000000412C40 0 SetFilePointerEx 000000012054 000000412C54 0 IsValidCodePage 000000012066 000000412C66 0 GetACP 000000012070 000000412C70 0 GetOEMCP 00000001207C 000000412C7C 0 GetCPInfo 000000012088 000000412C88 0 HeapFree 000000012094 000000412C94 0 LoadLibraryExW 0000000120A6 000000412CA6 0 RtlUnwind 0000000120B2 000000412CB2 0 OutputDebugStringW 0000000120C8 000000412CC8 0 SetStdHandle 0000000120D8 000000412CD8 0 WriteConsoleW 0000000120E8 000000412CE8 0 GetStringTypeW 0000000120FA 000000412CFA 0 HeapAlloc 000000012106 000000412D06 0 HeapReAlloc 000000012114 000000412D14 0 HeapSize 000000012120 000000412D20 0 LCMapStringW 000000012130 000000412D30 0 FlushFileBuffers 0000000126C2 0000004134C2 0 0000000127A9 0000004135A9 0 abcdefghijklmnopqrstuvwxyz 0000000127C9 0000004135C9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 0000000128E2 0000004136E2 0 0000000129C2 0000004137C2 0 abcdefghijklmnopqrstuvwxyz 0000000129E2 0000004137E2 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ 0000000131C6 000000413FC6 0 z?aUY 000000013208 000000414008 0 zc%C1 00000001325B 00000041405B 0 -64OS 000000013463 000000417063 0 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> 00000001349C 00000041709C 0 <assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity type="win32" name="consoletest" version="1.0.0.0"></assemblyIdentity><description> my exe </description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS></application></compatibility></assembly> 000000013A08 000000418008 0 A0U0i0~0 000000013A1F 00000041801F 0 1:1Z1 000000013A31 000000418031 0 2+2I2~2 000000013A43 000000418043 0 383W3|3 000000013A51 000000418051 0 4!4-494K4y4 000000013A6B 00000041806B 0 5b5o5 000000013A81 000000418081 0 6+6G6~6 000000013A9B 00000041809B 0 7+7M7W7\7b7j7}7 000000013AC3 0000004180C3 0 7@8P8_8f8l8r8|8 000000013AE3 0000004180E3 0 9 9B9G9N9h9 000000013B2D 00000041812D 0 090?0E0K0Q0W0 000000013B3B 00000041813B 0 0e0l0s0z0 000000013B65 000000418165 0 2F2Q2W2 000000013B6F 00000041816F 0 3*414G4Q4 File pos Mem pos ID Text ======== ======= == ==== 000000013B7F 00000041817F 0 5:9}: 000000013B87 000000418187 0 ;$<*<L<R< 000000013B9C 00000041819C 0 m0q0u0y0}0 000000013BB9 0000004181B9 0 2%2T2 000000013BC9 0000004181C9 0 3"3;3E3R3\3r3 000000013BD7 0000004181D7 0 4Q5X5~5 000000013BF1 0000004181F1 0 <1<7< 000000013C1B 00000041821B 0 1Y2_2 000000013C3B 00000041823B 0 4+636<6E6g6 000000013C59 000000418259 0 7"7C7 000000013C65 000000418265 0 8#8)8:8Y8o8y8 000000013C7F 00000041827F 0 8%9,9;9n9 000000013C91 000000418291 0 :,:a:|: 000000013C9D 00000041829D 0 :#;[;n; 000000013CB7 0000004182B7 0 >,>c>o> 000000013CC9 0000004182C9 0 ?@?S?c? 000000013CEB 0000004182EB 0 0'030:0A0\0f0 000000013CFF 0000004182FF 0 191A1F1r1 000000013D19 000000418319 0 2"2'2F2z2 000000013D37 000000418337 0 3"3,323D3V3q3w3 000000013D63 000000418363 0 4 4%4+43484>4F4K4Q4Y4 000000013D79 000000418379 0 4d4l4q4w4 000000013DB5 0000004183B5 0 5"5*5/555=5B5H5P5U5[5c5h5n5v5{5 000000013E05 000000418405 0 6!6&6,64696>6G6L6R6Z6 000000013E1B 00000041841B 0 6n6|6 000000013E35 000000418435 0 8#8:8X8 000000013E3F 00000041843F 0 9$9G9 000000013E55 000000418455 0 :(:3:;:H:R:x: 000000013E6B 00000041846B 0 ;X;l; 000000013E83 000000418483 0 =V>#?R?[? 000000013EB5 0000004184B5 0 4!5>5]5 000000013EBD 0000004184BD 0 6!6<6V6 000000013ECD 0000004184CD 0 8)9?9x9 000000013ED9 0000004184D9 0 :.:5:<:C:[:j:t: 000000013EEF 0000004184EF 0 : ;;; 000000013EFD 0000004184FD 0 =&=Q= 000000013F07 000000418507 0 >#>.>E>_>z> 000000013F1D 00000041851D 0 >4?j?}? 000000013F2D 00000041852D 0 0A0h0 000000013F3B 00000041853B 0 1(2q2 000000013F43 000000418543 0 3 4s4y4 000000013F59 000000418559 0 6 6&6 000000013F5F 00000041855F 0 7(7}7 000000013F73 000000418573 0 7 808a8y8 000000013F87 000000418587 0 8'9-929 000000013FC3 0000004185C3 0 <$<-< 000000013FD9 0000004185D9 0 <O=Y=t=~= 000000013FE3 0000004185E3 0 =&>E>Q>\? 000000013FF9 0000004185F9 0 20262B2R2X2g2n2~2 00000001402D 00000041862D 0 3$3/3r3 000000014053 000000418653 0 617=7d7z7 000000014065 000000418665 0 8Z8c8n8}8 000000014075 000000418675 0 9%979I9[9m9 0000000140AB 0000004186AB 0 0T2[2 0000000140C1 0000004186C1 0 384>4J4 0000000140CF 0000004186CF 0 595b5p5v5 0000000140D9 0000004186D9 0 5S6{6 0000000140DF 0000004186DF 0 658S8l8s8{8 000000014105 000000418705 0 9b9h9l9p9t9 00000001411D 00000041871D 0 :5:_: File pos Mem pos ID Text ======== ======= == ==== 00000001417B 00000041877B 0 0,1i1s1 000000014185 000000418785 0 2=3,42464;4A4E4K4O4U4Y4 00000001419D 00000041879D 0 4d4h4n4r4x4|4 0000000141B1 0000004187B1 0 50686 0000000141B7 0000004187B7 0 7r8~8 0000000141BF 0000004187BF 0 9 9/9 0000000141DD 0000004187DD 0 >-?D?~? 0000000141ED 0000004187ED 0 0f3x3 000000014237 000000418837 0 818W8u8|8 000000014257 000000418857 0 8Z9e9 00000001426F 00000041886F 0 : :$:(:,:0:4:~: 000000014295 000000418895 0 0d1}1 00000001429F 00000041889F 0 1B2~< 0000000142AB 0000004188AB 0 ?*?0? 0000000142B8 0000004188B8 0 p1t1x1|1 0000000142D7 0000004188D7 0 3$3,343<3D3L3T3\3d3l3t3|3 000000014304 000000418904 0 80<0@0D0\<d<l<t<|< 00000001433D 00000041893D 0 =$=,=4=<=D=L=T=\=d=l=t=|= 00000001437D 00000041897D 0 >$>,>4><>D>L>T>\>d>l>t>|> 0000000143BD 0000004189BD 0 ?$?,?4?<?D?L?T?\?d?l?t?|? 000000014407 000000418A07 0 0$0,040<0D0L0T0\0d0l0t0|0 000000014447 000000418A47 0 1$1,141<1D1L1T1\1d1l1t1|1 000000014487 000000418A87 0 2$2,242<2D2L2T2\2d2l2t2|2 0000000144C7 000000418AC7 0 3$3,343<3D3L3T3\3d3l3t3x3 000000014507 000000418B07 0 4 4(40484@4H4P4X4 000000014519 000000418B19 0 4h4p4x4 000000014547 000000418B47 0 5 5(50585@5H5P5X5 000000014559 000000418B59 0 5h5p5x5 000000014587 000000418B87 0 6 6(60686@6H6P6X6 000000014599 000000418B99 0 6h6p6x6 0000000145C7 000000418BC7 0 7 7(70787@7H7P7X7 0000000145D9 000000418BD9 0 7h7p7x7 000000014607 000000418C07 0 8 8(80888@8H8P8X8 000000014619 000000418C19 0 8h8p8x8 000000014647 000000418C47 0 9 9(90989@9H9P9X9 000000014659 000000418C59 0 9h9p9x9 000000014687 000000418C87 0 : :(:0:8:@:H:P:X: 000000014699 000000418C99 0 :h:p:x: 0000000146C5 000000418CC5 0 2$2@2L2h2 0000000146D7 000000418CD7 0 3(3H3d3h3 0000000146ED 000000418CED 0 404P4p4 000000014759 000000418D59 0 : :$:(:,:0:<:@:D:H:L:P:T:X:\: 000000014777 000000418D77 0 :d:h:l:p:t:x:|: 0000000147BF 000000418DBF 0 ;$;4;D;T;t; 0000000147F3 000000418DF3 0 = =$=(=,=8=<=@=D=H=L=P=T=\= 00000000D5B8 00000040E1B8 0 (null) 00000000D6C8 00000040E2C8 0 mscoree.dll 00000000E070 00000040EC70 0 runtime error 00000000E0B0 00000040ECB0 0 Program: 00000000E0C4 00000040ECC4 0 <program name unknown> 00000000E108 00000040ED08 0 Microsoft Visual C++ Runtime Library 00000000E154 00000040ED54 0 kernel32.dll 00000000E447 00000040F047 0 @ja-JP 00000000E454 00000040F054 0 zh-CN 00000000E460 00000040F060 0 ko-KR 00000000E46C 00000040F06C 0 zh-TW 00000000E5DC 00000040F1DC 0 Sunday 00000000E5EC 00000040F1EC 0 Monday 00000000E5FC 00000040F1FC 0 Tuesday 00000000E60C 00000040F20C 0 Wednesday File pos Mem pos ID Text ======== ======= == ==== 00000000E620 00000040F220 0 Thursday 00000000E634 00000040F234 0 Friday 00000000E644 00000040F244 0 Saturday 00000000E6B8 00000040F2B8 0 January 00000000E6C8 00000040F2C8 0 February 00000000E6DC 00000040F2DC 0 March 00000000E6E8 00000040F2E8 0 April 00000000E70C 00000040F30C 0 August 00000000E71C 00000040F31C 0 September 00000000E730 00000040F330 0 October 00000000E740 00000040F340 0 November 00000000E754 00000040F354 0 December 00000000E778 00000040F378 0 MM/dd/yy 00000000E78C 00000040F38C 0 dddd, MMMM dd, yyyy 00000000E7B4 00000040F3B4 0 HH:mm:ss 00000000E7C8 00000040F3C8 0 en-US 00000000E7D4 00000040F3D4 0 USER32.DLL 00000000FEB0 000000410AB0 0 zh-CHS 0000000100B4 000000410CB4 0 ar-SA 0000000100C0 000000410CC0 0 bg-BG 0000000100CC 000000410CCC 0 ca-ES 0000000100D8 000000410CD8 0 cs-CZ 0000000100E4 000000410CE4 0 da-DK 0000000100F0 000000410CF0 0 de-DE 0000000100FC 000000410CFC 0 el-GR 000000010108 000000410D08 0 fi-FI 000000010114 000000410D14 0 fr-FR 000000010120 000000410D20 0 he-IL 00000001012C 000000410D2C 0 hu-HU 000000010138 000000410D38 0 is-IS 000000010144 000000410D44 0 it-IT 000000010150 000000410D50 0 nl-NL 00000001015C 000000410D5C 0 nb-NO 000000010168 000000410D68 0 pl-PL 000000010174 000000410D74 0 pt-BR 000000010180 000000410D80 0 ro-RO 00000001018C 000000410D8C 0 ru-RU 000000010198 000000410D98 0 hr-HR 0000000101A4 000000410DA4 0 sk-SK 0000000101B0 000000410DB0 0 sq-AL 0000000101BC 000000410DBC 0 sv-SE 0000000101C8 000000410DC8 0 th-TH 0000000101D4 000000410DD4 0 tr-TR 0000000101E0 000000410DE0 0 ur-PK 0000000101EC 000000410DEC 0 id-ID 0000000101F8 000000410DF8 0 uk-UA 000000010204 000000410E04 0 be-BY 000000010210 000000410E10 0 sl-SI 00000001021C 000000410E1C 0 et-EE 000000010228 000000410E28 0 lv-LV 000000010234 000000410E34 0 lt-LT 000000010240 000000410E40 0 fa-IR 00000001024C 000000410E4C 0 vi-VN 000000010258 000000410E58 0 hy-AM 000000010264 000000410E64 0 az-AZ-Latn 00000001027C 000000410E7C 0 eu-ES 000000010288 000000410E88 0 mk-MK 000000010294 000000410E94 0 tn-ZA 0000000102A0 000000410EA0 0 xh-ZA 0000000102AC 000000410EAC 0 zu-ZA File pos Mem pos ID Text ======== ======= == ==== 0000000102B8 000000410EB8 0 af-ZA 0000000102C4 000000410EC4 0 ka-GE 0000000102D0 000000410ED0 0 fo-FO 0000000102DC 000000410EDC 0 hi-IN 0000000102E8 000000410EE8 0 mt-MT 0000000102F4 000000410EF4 0 se-NO 000000010300 000000410F00 0 ms-MY 00000001030C 000000410F0C 0 kk-KZ 000000010318 000000410F18 0 ky-KG 000000010324 000000410F24 0 sw-KE 000000010330 000000410F30 0 uz-UZ-Latn 000000010348 000000410F48 0 tt-RU 000000010354 000000410F54 0 bn-IN 000000010360 000000410F60 0 pa-IN 00000001036C 000000410F6C 0 gu-IN 000000010378 000000410F78 0 ta-IN 000000010384 000000410F84 0 te-IN 000000010390 000000410F90 0 kn-IN 00000001039C 000000410F9C 0 ml-IN 0000000103A8 000000410FA8 0 mr-IN 0000000103B4 000000410FB4 0 sa-IN 0000000103C0 000000410FC0 0 mn-MN 0000000103CC 000000410FCC 0 cy-GB 0000000103D8 000000410FD8 0 gl-ES 0000000103E4 000000410FE4 0 kok-IN 0000000103F4 000000410FF4 0 syr-SY 000000010404 000000411004 0 div-MV 000000010414 000000411014 0 quz-BO 000000010424 000000411024 0 ns-ZA 000000010430 000000411030 0 mi-NZ 00000001043C 00000041103C 0 ar-IQ 000000010448 000000411048 0 de-CH 000000010454 000000411054 0 en-GB 000000010460 000000411060 0 es-MX 00000001046C 00000041106C 0 fr-BE 000000010478 000000411078 0 it-CH 000000010484 000000411084 0 nl-BE 000000010490 000000411090 0 nn-NO 00000001049C 00000041109C 0 pt-PT 0000000104A8 0000004110A8 0 sr-SP-Latn 0000000104C0 0000004110C0 0 sv-FI 0000000104CC 0000004110CC 0 az-AZ-Cyrl 0000000104E4 0000004110E4 0 se-SE 0000000104F0 0000004110F0 0 ms-BN 0000000104FC 0000004110FC 0 uz-UZ-Cyrl 000000010514 000000411114 0 quz-EC 000000010524 000000411124 0 ar-EG 000000010530 000000411130 0 zh-HK 00000001053C 00000041113C 0 de-AT 000000010548 000000411148 0 en-AU 000000010554 000000411154 0 es-ES 000000010560 000000411160 0 fr-CA 00000001056C 00000041116C 0 sr-SP-Cyrl 000000010584 000000411184 0 se-FI 000000010590 000000411190 0 quz-PE 0000000105A0 0000004111A0 0 ar-LY 0000000105AC 0000004111AC 0 zh-SG 0000000105B8 0000004111B8 0 de-LU 0000000105C4 0000004111C4 0 en-CA 0000000105D0 0000004111D0 0 es-GT File pos Mem pos ID Text ======== ======= == ==== 0000000105DC 0000004111DC 0 fr-CH 0000000105E8 0000004111E8 0 hr-BA 0000000105F4 0000004111F4 0 smj-NO 000000010604 000000411204 0 ar-DZ 000000010610 000000411210 0 zh-MO 00000001061C 00000041121C 0 de-LI 000000010628 000000411228 0 en-NZ 000000010634 000000411234 0 es-CR 000000010640 000000411240 0 fr-LU 00000001064C 00000041124C 0 bs-BA-Latn 000000010664 000000411264 0 smj-SE 000000010674 000000411274 0 ar-MA 000000010680 000000411280 0 en-IE 00000001068C 00000041128C 0 es-PA 000000010698 000000411298 0 fr-MC 0000000106A4 0000004112A4 0 sr-BA-Latn 0000000106BC 0000004112BC 0 sma-NO 0000000106CC 0000004112CC 0 ar-TN 0000000106D8 0000004112D8 0 en-ZA 0000000106E4 0000004112E4 0 es-DO 0000000106F0 0000004112F0 0 sr-BA-Cyrl 000000010708 000000411308 0 sma-SE 000000010718 000000411318 0 ar-OM 000000010724 000000411324 0 en-JM 000000010730 000000411330 0 es-VE 00000001073C 00000041133C 0 sms-FI 00000001074C 00000041134C 0 ar-YE 000000010758 000000411358 0 en-CB 000000010764 000000411364 0 es-CO 000000010770 000000411370 0 smn-FI 000000010780 000000411380 0 ar-SY 00000001078C 00000041138C 0 en-BZ 000000010798 000000411398 0 es-PE 0000000107A4 0000004113A4 0 ar-JO 0000000107B0 0000004113B0 0 en-TT 0000000107BC 0000004113BC 0 es-AR 0000000107C8 0000004113C8 0 ar-LB 0000000107D4 0000004113D4 0 en-ZW 0000000107E0 0000004113E0 0 es-EC 0000000107EC 0000004113EC 0 ar-KW 0000000107F8 0000004113F8 0 en-PH 000000010804 000000411404 0 es-CL 000000010810 000000411410 0 ar-AE 00000001081C 00000041141C 0 es-UY 000000010828 000000411428 0 ar-BH 000000010834 000000411434 0 es-PY 000000010840 000000411440 0 ar-QA 00000001084C 00000041144C 0 es-BO 000000010858 000000411458 0 es-SV 000000010864 000000411464 0 es-HN 000000010870 000000411470 0 es-NI 00000001087C 00000041147C 0 es-PR 000000010888 000000411488 0 zh-CHT 0000000108A0 0000004114A0 0 af-za 0000000108AC 0000004114AC 0 ar-ae 0000000108B8 0000004114B8 0 ar-bh 0000000108C4 0000004114C4 0 ar-dz 0000000108D0 0000004114D0 0 ar-eg 0000000108DC 0000004114DC 0 ar-iq 0000000108E8 0000004114E8 0 ar-jo File pos Mem pos ID Text ======== ======= == ==== 0000000108F4 0000004114F4 0 ar-kw 000000010900 000000411500 0 ar-lb 00000001090C 00000041150C 0 ar-ly 000000010918 000000411518 0 ar-ma 000000010924 000000411524 0 ar-om 000000010930 000000411530 0 ar-qa 00000001093C 00000041153C 0 ar-sa 000000010948 000000411548 0 ar-sy 000000010954 000000411554 0 ar-tn 000000010960 000000411560 0 ar-ye 00000001096C 00000041156C 0 az-az-cyrl 000000010984 000000411584 0 az-az-latn 00000001099C 00000041159C 0 be-by 0000000109A8 0000004115A8 0 bg-bg 0000000109B4 0000004115B4 0 bn-in 0000000109C0 0000004115C0 0 bs-ba-latn 0000000109D8 0000004115D8 0 ca-es 0000000109E4 0000004115E4 0 cs-cz 0000000109F0 0000004115F0 0 cy-gb 0000000109FC 0000004115FC 0 da-dk 000000010A08 000000411608 0 de-at 000000010A14 000000411614 0 de-ch 000000010A20 000000411620 0 de-de 000000010A2C 00000041162C 0 de-li 000000010A38 000000411638 0 de-lu 000000010A44 000000411644 0 div-mv 000000010A54 000000411654 0 el-gr 000000010A60 000000411660 0 en-au 000000010A6C 00000041166C 0 en-bz 000000010A78 000000411678 0 en-ca 000000010A84 000000411684 0 en-cb 000000010A90 000000411690 0 en-gb 000000010A9C 00000041169C 0 en-ie 000000010AA8 0000004116A8 0 en-jm 000000010AB4 0000004116B4 0 en-nz 000000010AC0 0000004116C0 0 en-ph 000000010ACC 0000004116CC 0 en-tt 000000010AD8 0000004116D8 0 en-us 000000010AE4 0000004116E4 0 en-za 000000010AF0 0000004116F0 0 en-zw 000000010AFC 0000004116FC 0 es-ar 000000010B08 000000411708 0 es-bo 000000010B14 000000411714 0 es-cl 000000010B20 000000411720 0 es-co 000000010B2C 00000041172C 0 es-cr 000000010B38 000000411738 0 es-do 000000010B44 000000411744 0 es-ec 000000010B50 000000411750 0 es-es 000000010B5C 00000041175C 0 es-gt 000000010B68 000000411768 0 es-hn 000000010B74 000000411774 0 es-mx 000000010B80 000000411780 0 es-ni 000000010B8C 00000041178C 0 es-pa 000000010B98 000000411798 0 es-pe 000000010BA4 0000004117A4 0 es-pr 000000010BB0 0000004117B0 0 es-py 000000010BBC 0000004117BC 0 es-sv 000000010BC8 0000004117C8 0 es-uy 000000010BD4 0000004117D4 0 es-ve 000000010BE0 0000004117E0 0 et-ee File pos Mem pos ID Text ======== ======= == ==== 000000010BEC 0000004117EC 0 eu-es 000000010BF8 0000004117F8 0 fa-ir 000000010C04 000000411804 0 fi-fi 000000010C10 000000411810 0 fo-fo 000000010C1C 00000041181C 0 fr-be 000000010C28 000000411828 0 fr-ca 000000010C34 000000411834 0 fr-ch 000000010C40 000000411840 0 fr-fr 000000010C4C 00000041184C 0 fr-lu 000000010C58 000000411858 0 fr-mc 000000010C64 000000411864 0 gl-es 000000010C70 000000411870 0 gu-in 000000010C7C 00000041187C 0 he-il 000000010C88 000000411888 0 hi-in 000000010C94 000000411894 0 hr-ba 000000010CA0 0000004118A0 0 hr-hr 000000010CAC 0000004118AC 0 hu-hu 000000010CB8 0000004118B8 0 hy-am 000000010CC4 0000004118C4 0 id-id 000000010CD0 0000004118D0 0 is-is 000000010CDC 0000004118DC 0 it-ch 000000010CE8 0000004118E8 0 it-it 000000010CF4 0000004118F4 0 ja-jp 000000010D00 000000411900 0 ka-ge 000000010D0C 00000041190C 0 kk-kz 000000010D18 000000411918 0 kn-in 000000010D24 000000411924 0 kok-in 000000010D34 000000411934 0 ko-kr 000000010D40 000000411940 0 ky-kg 000000010D4C 00000041194C 0 lt-lt 000000010D58 000000411958 0 lv-lv 000000010D64 000000411964 0 mi-nz 000000010D70 000000411970 0 mk-mk 000000010D7C 00000041197C 0 ml-in 000000010D88 000000411988 0 mn-mn 000000010D94 000000411994 0 mr-in 000000010DA0 0000004119A0 0 ms-bn 000000010DAC 0000004119AC 0 ms-my 000000010DB8 0000004119B8 0 mt-mt 000000010DC4 0000004119C4 0 nb-no 000000010DD0 0000004119D0 0 nl-be 000000010DDC 0000004119DC 0 nl-nl 000000010DE8 0000004119E8 0 nn-no 000000010DF4 0000004119F4 0 ns-za 000000010E00 000000411A00 0 pa-in 000000010E0C 000000411A0C 0 pl-pl 000000010E18 000000411A18 0 pt-br 000000010E24 000000411A24 0 pt-pt 000000010E30 000000411A30 0 quz-bo 000000010E40 000000411A40 0 quz-ec 000000010E50 000000411A50 0 quz-pe 000000010E60 000000411A60 0 ro-ro 000000010E6C 000000411A6C 0 ru-ru 000000010E78 000000411A78 0 sa-in 000000010E84 000000411A84 0 se-fi 000000010E90 000000411A90 0 se-no 000000010E9C 000000411A9C 0 se-se 000000010EA8 000000411AA8 0 sk-sk 000000010EB4 000000411AB4 0 sl-si 000000010EC0 000000411AC0 0 sma-no File pos Mem pos ID Text ======== ======= == ==== 000000010ED0 000000411AD0 0 sma-se 000000010EE0 000000411AE0 0 smj-no 000000010EF0 000000411AF0 0 smj-se 000000010F00 000000411B00 0 smn-fi 000000010F10 000000411B10 0 sms-fi 000000010F20 000000411B20 0 sq-al 000000010F2C 000000411B2C 0 sr-ba-cyrl 000000010F44 000000411B44 0 sr-ba-latn 000000010F5C 000000411B5C 0 sr-sp-cyrl 000000010F74 000000411B74 0 sr-sp-latn 000000010F8C 000000411B8C 0 sv-fi 000000010F98 000000411B98 0 sv-se 000000010FA4 000000411BA4 0 sw-ke 000000010FB0 000000411BB0 0 syr-sy 000000010FC0 000000411BC0 0 ta-in 000000010FCC 000000411BCC 0 te-in 000000010FD8 000000411BD8 0 th-th 000000010FE4 000000411BE4 0 tn-za 000000010FF0 000000411BF0 0 tr-tr 000000010FFC 000000411BFC 0 tt-ru 000000011008 000000411C08 0 uk-ua 000000011014 000000411C14 0 ur-pk 000000011020 000000411C20 0 uz-uz-cyrl 000000011038 000000411C38 0 uz-uz-latn 000000011050 000000411C50 0 vi-vn 00000001105C 000000411C5C 0 xh-za 000000011068 000000411C68 0 zh-chs 000000011078 000000411C78 0 zh-cht 000000011088 000000411C88 0 zh-cn 000000011094 000000411C94 0 zh-hk 0000000110A0 000000411CA0 0 zh-mo 0000000110AC 000000411CAC 0 zh-sg 0000000110B8 000000411CB8 0 zh-tw 0000000110C4 000000411CC4 0 zu-za 0000000110D0 000000411CD0 0 CONOUT$ 0000000111F0 000000411DF0 0 ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "%s" /t REG_SZ /d "%s" 0000000112AC 000000411EAC 0 Global\%08X%08X 0000000112D0 000000411ED0 0 S:(ML;;NW;;;LW)D:(A;;0x1FFFFF;;;WD)(A;;0x1FFFFF;;;S-1-15-2-1) 00000001134C 000000411F4C 0 D:(A;;0x1FFFFF;;;WD) 000000011378 000000411F78 0 %s\%d%d%d.bat 0000000113B4 000000411FB4 0 /c "%s" 0000000113C4 000000411FC4 0 ComSpec 0000000113F8 000000411FF8 0 %s\rtkdrv2.exe 000000011418 000000412018 0 %s\updatea.bin 000000011438 000000412038 0 %s\updatea2.bin 000000011458 000000412058 0 rtksys2.exe 000000011494 000000412094 0 RtkDrv 0000000114C7 0000004120C7 0 lcreate "Realtek Audio Driver2" binPath= "%s" start= auto
=== DOWNLOAD ===