.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------.
! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV !
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
fead0633975c6c08f5509a7bd5c34d29bfdcacd3da47562efbf33121726f77b0
Date...........: 2019-11-18
Family.........: HelloWorld
File name......: rtksys2.exe
File size......: 82.50 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Additional note: Dropped from adf43c6957fd11e45ffa4f2a71eb0ef565da9c4a9bc9cd101d2ac485b5358c46,
execute also rtkdrv2.exe
Entropy:
Binary Histogram:
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 144 0x90
blocks_in_file: 3 3
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 0 0
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 0 0
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 240 0xf0
=== DOS STUB ===
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
=== RICH Header ===
LIB_ID VERSION TIMES_USED
225 e1 21005 520d 31 1f
223 df 21005 520d 18 12
224 e0 21005 520d 114 72
203 cb 65501 ffdd 7 7
1 1 0 0 101 65
228 e4 30501 7725 1 1
219 db 21005 520d 1 1
222 de 30501 7725 1 1
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 5 5
TimeDateStamp: "2019-09-16 21:53:25"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 12.0
SizeOfCode: 53248 0xd000
SizeOfInitializedData: 38400 0x9600
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 7777 0x1e61
BaseOfCode: 4096 0x1000
BaseOfData: 57344 0xe000
ImageBase: 4194304 0x400000
SectionAlignment: 4096 0x1000
FileAlignment: 512 0x200
OperatingSystemVersion: 5.1
ImageVersion: 0.0
SubsystemVersion: 5.1
Reserved1: 0 0
SizeOfImage: 102400 0x19000
SizeOfHeaders: 1024 0x400
CheckSum: 0 0
Subsystem: 2 2 WINDOWS_GUI
DllCharacteristics: 33088 0x8140 DYNAMIC_BASE, NX_COMPAT
TERMINAL_SERVER_AWARE
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 4096 0x1000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x 124d4 size:0x 50
RESOURCE rva:0x 17000 size:0x 440
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x 18000 size:0x e14
DEBUG rva:0x 0 size:0x 0
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 0 size:0x 0
LOAD_CONFIG rva:0x 12178 size:0x 40
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x e000 size:0x 164
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
.text 1000 cf34 d000 400 0 0 0 0 60000020 R-X CODE
.rdata e000 4d42 4e00 d400 0 0 0 0 40000040 R-- IDATA
.data 13000 31e0 1200 12200 0 0 0 0 c0000040 RW- IDATA
.rsrc 17000 440 600 13400 0 0 0 0 40000040 R-- IDATA
.reloc 18000 e14 1000 13a00 0 0 0 0 42000040 R-- IDATA DISCARDABLE
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0x13460 0 0x409 991 MANIFEST #1
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
KERNEL32.dll 550 Sleep
KERNEL32.dll 55f TerminateProcess
KERNEL32.dll 263 GetModuleFileNameW
KERNEL32.dll c2 CreateFileW
KERNEL32.dll 2e3 GetTempPathW
KERNEL32.dll 3ea OpenMutexW
KERNEL32.dll 3cd MoveFileW
KERNEL32.dll 3ee OpenProcess
KERNEL32.dll 40f Process32NextW
KERNEL32.dll f1 CreateToolhelp32Snapshot
KERNEL32.dll 11f DuplicateHandle
KERNEL32.dll 7f CloseHandle
KERNEL32.dll 10a DeleteFileW
KERNEL32.dll 3b2 LocalFree
KERNEL32.dll 1c8 GetCommandLineA
KERNEL32.dll 5df WriteFile
KERNEL32.dll 5a9 WaitForSingleObject
KERNEL32.dll 209 GetCurrentProcess
KERNEL32.dll db CreateProcessW
KERNEL32.dll 4ee SetErrorMode
KERNEL32.dll d1 CreateMutexW
KERNEL32.dll 229 GetEnvironmentVariableW
KERNEL32.dll 40d Process32FirstW
KERNEL32.dll 151 ExitProcess
KERNEL32.dll 2d6 GetSystemTimeAsFileTime
KERNEL32.dll 367 IsDebuggerPresent
KERNEL32.dll 36d IsProcessorFeaturePresent
KERNEL32.dll 121 EncodePointer
KERNEL32.dll fe DecodePointer
KERNEL32.dll 250 GetLastError
KERNEL32.dll 50a SetLastError
KERNEL32.dll 20e GetCurrentThreadId
KERNEL32.dll 266 GetModuleHandleExW
KERNEL32.dll 29d GetProcAddress
KERNEL32.dll 3d1 MultiByteToWideChar
KERNEL32.dll 5cb WideCharToMultiByte
KERNEL32.dll 2a2 GetProcessHeap
KERNEL32.dll 2c0 GetStdHandle
KERNEL32.dll 23e GetFileType
KERNEL32.dll 105 DeleteCriticalSection
KERNEL32.dll 2be GetStartupInfoW
KERNEL32.dll 262 GetModuleFileNameA
KERNEL32.dll 42d QueryPerformanceCounter
KERNEL32.dll 20a GetCurrentProcessId
KERNEL32.dll 227 GetEnvironmentStringsW
KERNEL32.dll 19d FreeEnvironmentStringsW
KERNEL32.dll 580 UnhandledExceptionFilter
KERNEL32.dll 541 SetUnhandledExceptionFilter
KERNEL32.dll 348 InitializeCriticalSectionAndSpinCount
KERNEL32.dll 571 TlsAlloc
KERNEL32.dll 573 TlsGetValue
KERNEL32.dll 574 TlsSetValue
KERNEL32.dll 572 TlsFree
KERNEL32.dll 267 GetModuleHandleW
KERNEL32.dll 125 EnterCriticalSection
KERNEL32.dll 3a2 LeaveCriticalSection
KERNEL32.dll 1dc GetConsoleCP
KERNEL32.dll 1ee GetConsoleMode
KERNEL32.dll 4fc SetFilePointerEx
KERNEL32.dll 372 IsValidCodePage
KERNEL32.dll 1a4 GetACP
KERNEL32.dll 286 GetOEMCP
KERNEL32.dll 1b3 GetCPInfo
KERNEL32.dll 333 HeapFree
KERNEL32.dll 3a7 LoadLibraryExW
KERNEL32.dll 4ac RtlUnwind
KERNEL32.dll 3fa OutputDebugStringW
KERNEL32.dll 520 SetStdHandle
KERNEL32.dll 5de WriteConsoleW
KERNEL32.dll 2c5 GetStringTypeW
KERNEL32.dll 32f HeapAlloc
KERNEL32.dll 336 HeapReAlloc
KERNEL32.dll 338 HeapSize
KERNEL32.dll 396 LCMapStringW
KERNEL32.dll 192 FlushFileBuffers
ADVAPI32.dll 2e3 SetSecurityDescriptorSacl
ADVAPI32.dll 161 GetSecurityDescriptorSacl
ADVAPI32.dll 81 ConvertStringSecurityDescriptorToSecurityDescriptorW
ADVAPI32.dll 2e9 SetServiceStatus
ADVAPI32.dll 2df SetSecurityDescriptorDacl
ADVAPI32.dll 18d InitializeSecurityDescriptor
ADVAPI32.dll 2a9 RegisterServiceCtrlHandlerA
ADVAPI32.dll 2f0 StartServiceCtrlDispatcherA
ADVAPI32.dll 15c GetSecurityDescriptorDacl
SHELL32.dll 133 ShellExecuteA
SHELL32.dll 137 ShellExecuteW
=== Packer / Compiler ===
MS Visual C++ 6.0 - 8.0
File pos Mem pos ID Text
======== ======= == ====
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000000D0 0000004000D0 0 RichSS
0000000001E8 0000004001E8 0 .text
000000000210 000000400210 0 .rdata
000000000237 000000400237 0 @.data
000000000260 000000400260 0 .rsrc
000000000287 000000400287 0 @.reloc
000000000719 000000401319 0 Ph@_A
0000000007B1 0000004013B1 0 PWWWWWW
0000000008CA 0000004014CA 0 Wh8 A
0000000009BF 0000004015BF 0 <u@_A
000000000C2F 00000040182F 0 PSSSSSS
000000000DB1 0000004019B1 0 WWPh<!A
000000000DC5 0000004019C5 0 WWhD!A
000000001679 000000402279 0 PPPPP
000000001A41 000000402641 0 t/HHt
000000001A84 000000402684 0 j*Xf;
000000001AE2 0000004026E2 0 j*Xf;
000000001B39 000000402739 0 htHjlZ;
000000001C7C 00000040287C 0 HHtXHHt
000000001EB9 000000402AB9 0 nt'joZ;
000000001F59 000000402B59 0 jgXf;
000000002030 000000402C30 0 YYjgXf9
0000000021E6 000000402DE6 0 >0t<NAj0X
0000000022C7 000000402EC7 0 Wj0XP
0000000023D3 000000402FD3 0 Wj XP
00000000264D 00000040324D 0 5ntel
00000000265D 00000040325D 0 5Genu
000000002A79 000000403679 0 t/HHt
000000002CC5 0000004038C5 0 HHtVHHt
0000000031BC 000000403DBC 0 >0t-N
0000000036E5 0000004042E5 0 ~pjCXf
0000000036F9 0000004042F9 0 Fhh6A
000000003D38 000000404938 0 jdhp"A
000000003D51 000000404951 0 j@j _W
000000003E11 000000404A11 0 } j@W
0000000041BC 000000404DBC 0 < t8< t4
000000004296 000000404E96 0 t@VSP
0000000042F1 000000404EF1 0 PPPPP
0000000043FF 000000404FFF 0 VhrFA
000000004423 000000405023 0 <v5hrFA
00000000450B 00000040510B 0 SSSSS
00000000466A 00000040526A 0 SPPP+
000000004673 000000405273 0 FVWPP
000000004699 000000405299 0 SVWPP
000000004AB1 0000004056B1 0 9=4_A
000000004FC6 000000405BC6 0 ;5$_A
00000000591F 00000040651F 0 ;=$_A
0000000067CC 0000004073CC 0 ~';_t|%3
0000000067E0 0000004073E0 0 wtVj
0000000067F5 0000004073F5 0 ;_tr.
000000006816 000000407416 0 GWVj
0000000069EB 0000004075EB 0 v N+D$
000000006AFC 0000004076FC 0 QVWSj
00000000723F 000000407E3F 0 URPQQh
000000007720 000000408320 0 tO9=$NA
00000000837F 000000408F7F 0 PP9E u
0000000089CD 0000004095CD 0 jA[jZZ+
000000009083 000000409C83 0 SVWUj
000000009124 000000409D24 0 ;t$,v-
File pos Mem pos ID Text
======== ======= == ====
0000000091A9 000000409DA9 0 UQPXY]Y[
0000000092CB 000000409ECB 0 ;=$_A
000000009474 00000040A074 0 ;5$_A
0000000096C4 00000040A2C4 0 PWWWWV
00000000975F 00000040A35F 0 PSSSSV
00000000A5FD 00000040B1FD 0 +t"HHt
00000000A653 00000040B253 0 9] t"
00000000ABC8 00000040B7C8 0 ,SVWj0X
00000000ACFC 00000040B8FC 0 u'j0X
00000000AE26 00000040BA26 0 Wj0XPV
00000000AEC5 00000040BAC5 0 PjdSQ
00000000B02E 00000040BC2E 0 -jd[;
00000000B083 00000040BC83 0 WWWWW
00000000B5D6 00000040C1D6 0 VVVVV
00000000C332 00000040CF32 0 PPPPP
00000000C3E6 00000040CFE6 0 v N+D$
00000000CE65 00000040DA65 0 SSSSS
00000000D5B0 00000040E1B0 0 (null)
00000000D5E9 00000040E1E9 0 ( 8PX
00000000D5F1 00000040E1F1 0 700WP
00000000D609 00000040E209 0 xpxxxx
00000000D6E0 00000040E2E0 0 CorExitProcess
00000000E170 00000040ED70 0 FlsAlloc
00000000E17C 00000040ED7C 0 FlsFree
00000000E184 00000040ED84 0 FlsGetValue
00000000E190 00000040ED90 0 FlsSetValue
00000000E19C 00000040ED9C 0 InitializeCriticalSectionEx
00000000E1B8 00000040EDB8 0 CreateEventExW
00000000E1C8 00000040EDC8 0 CreateSemaphoreExW
00000000E1DC 00000040EDDC 0 SetThreadStackGuarantee
00000000E1F4 00000040EDF4 0 CreateThreadpoolTimer
00000000E20C 00000040EE0C 0 SetThreadpoolTimer
00000000E220 00000040EE20 0 WaitForThreadpoolTimerCallbacks
00000000E240 00000040EE40 0 CloseThreadpoolTimer
00000000E258 00000040EE58 0 CreateThreadpoolWait
00000000E270 00000040EE70 0 SetThreadpoolWait
00000000E284 00000040EE84 0 CloseThreadpoolWait
00000000E298 00000040EE98 0 FlushProcessWriteBuffers
00000000E2B4 00000040EEB4 0 FreeLibraryWhenCallbackReturns
00000000E2D4 00000040EED4 0 GetCurrentProcessorNumber
00000000E2F0 00000040EEF0 0 GetLogicalProcessorInformation
00000000E310 00000040EF10 0 CreateSymbolicLinkW
00000000E324 00000040EF24 0 SetDefaultDllDirectories
00000000E340 00000040EF40 0 EnumSystemLocalesEx
00000000E354 00000040EF54 0 CompareStringEx
00000000E364 00000040EF64 0 GetDateFormatEx
00000000E374 00000040EF74 0 GetLocaleInfoEx
00000000E384 00000040EF84 0 GetTimeFormatEx
00000000E394 00000040EF94 0 GetUserDefaultLocaleName
00000000E3B0 00000040EFB0 0 IsValidLocaleName
00000000E3C4 00000040EFC4 0 LCMapStringEx
00000000E3D4 00000040EFD4 0 GetCurrentPackageId
00000000E3E8 00000040EFE8 0 GetTickCount64
00000000E3F8 00000040EFF8 0 GetFileInformationByHandleExW
00000000E418 00000040F018 0 SetFileInformationByHandleW
00000000E494 00000040F094 0 Sunday
00000000E49C 00000040F09C 0 Monday
00000000E4A4 00000040F0A4 0 Tuesday
00000000E4AC 00000040F0AC 0 Wednesday
00000000E4B8 00000040F0B8 0 Thursday
File pos Mem pos ID Text
======== ======= == ====
00000000E4C4 00000040F0C4 0 Friday
00000000E4CC 00000040F0CC 0 Saturday
00000000E508 00000040F108 0 January
00000000E510 00000040F110 0 February
00000000E51C 00000040F11C 0 March
00000000E524 00000040F124 0 April
00000000E53C 00000040F13C 0 August
00000000E544 00000040F144 0 September
00000000E550 00000040F150 0 October
00000000E558 00000040F158 0 November
00000000E564 00000040F164 0 December
00000000E578 00000040F178 0 MM/dd/yy
00000000E584 00000040F184 0 dddd, MMMM dd, yyyy
00000000E598 00000040F198 0 HH:mm:ss
00000000E7EC 00000040F3EC 0 MessageBoxW
00000000E7F8 00000040F3F8 0 GetActiveWindow
00000000E808 00000040F408 0 GetLastActivePopup
00000000E81C 00000040F41C 0 GetUserObjectInformationW
00000000E838 00000040F438 0 GetProcessWindowStation
00000000EDF8 00000040F9F8 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]
00000000EE39 00000040FA39 0 abcdefghijklmnopqrstuvwxyz{|}~
00000000EF78 00000040FB78 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
00000000EFB9 00000040FBB9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0000000110FF 000000411CFF 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
000000011140 000000411D40 0 abcdefghijklmnopqrstuvwxyz{|}~
000000011185 000000411D85 0 ('8PW
00000001118E 000000411D8E 0 700PP
0000000111A9 000000411DA9 0 xppwpp
0000000111C8 000000411DC8 0 e+000
0000000111D0 000000411DD0 0 1#SNAN
0000000111D8 000000411DD8 0 1#IND
0000000111E0 000000411DE0 0 1#INF
0000000111E8 000000411DE8 0 1#QNAN
000000011394 000000411F94 0 @echo off
0000000113A3 000000411FA3 0 del /F "%S"
0000000113D8 000000411FD8 0 del "%S"
0000000113E2 000000411FE2 0 if exist "%S" goto d
000000011470 000000412070 0 Realtek Audio Driver2
000000011488 000000412088 0 --install
0000000114B8 0000004120B8 0 --systeminstall
000000011544 000000412144 0 /c "net start "Realtek Audio Driver2""
00000001156C 00000041216C 0 cmd.exe
000000011A8A 00000041268A 0 ExitProcess
000000011A98 000000412698 0 GetEnvironmentVariableW
000000011AB2 0000004126B2 0 CreateMutexW
000000011AC2 0000004126C2 0 SetErrorMode
000000011AD2 0000004126D2 0 CreateProcessW
000000011AE4 0000004126E4 0 GetCurrentProcess
000000011AF8 0000004126F8 0 WaitForSingleObject
000000011B0E 00000041270E 0 WriteFile
000000011B1A 00000041271A 0 GetCommandLineA
000000011B2C 00000041272C 0 OpenProcess
000000011B3A 00000041273A 0 Sleep
000000011B42 000000412742 0 TerminateProcess
000000011B56 000000412756 0 GetModuleFileNameW
000000011B6C 00000041276C 0 CreateFileW
000000011B7A 00000041277A 0 GetTempPathW
000000011B8A 00000041278A 0 OpenMutexW
000000011B98 000000412798 0 MoveFileW
000000011BA4 0000004127A4 0 Process32FirstW
File pos Mem pos ID Text
======== ======= == ====
000000011BB6 0000004127B6 0 Process32NextW
000000011BC8 0000004127C8 0 CreateToolhelp32Snapshot
000000011BE4 0000004127E4 0 DuplicateHandle
000000011BF6 0000004127F6 0 CloseHandle
000000011C04 000000412804 0 DeleteFileW
000000011C12 000000412812 0 LocalFree
000000011C1C 00000041281C 0 KERNEL32.dll
000000011C2C 00000041282C 0 StartServiceCtrlDispatcherA
000000011C4A 00000041284A 0 RegisterServiceCtrlHandlerA
000000011C68 000000412868 0 InitializeSecurityDescriptor
000000011C88 000000412888 0 SetSecurityDescriptorDacl
000000011CA4 0000004128A4 0 SetServiceStatus
000000011CB8 0000004128B8 0 ConvertStringSecurityDescriptorToSecurityDescriptorW
000000011CF0 0000004128F0 0 GetSecurityDescriptorSacl
000000011D0C 00000041290C 0 SetSecurityDescriptorSacl
000000011D28 000000412928 0 GetSecurityDescriptorDacl
000000011D42 000000412942 0 ADVAPI32.dll
000000011D52 000000412952 0 ShellExecuteA
000000011D62 000000412962 0 ShellExecuteW
000000011D70 000000412970 0 SHELL32.dll
000000011D7E 00000041297E 0 GetSystemTimeAsFileTime
000000011D98 000000412998 0 IsDebuggerPresent
000000011DAC 0000004129AC 0 IsProcessorFeaturePresent
000000011DC8 0000004129C8 0 EncodePointer
000000011DD8 0000004129D8 0 DecodePointer
000000011DE8 0000004129E8 0 GetLastError
000000011DF8 0000004129F8 0 SetLastError
000000011E08 000000412A08 0 GetCurrentThreadId
000000011E1E 000000412A1E 0 GetModuleHandleExW
000000011E34 000000412A34 0 GetProcAddress
000000011E46 000000412A46 0 MultiByteToWideChar
000000011E5C 000000412A5C 0 WideCharToMultiByte
000000011E72 000000412A72 0 GetProcessHeap
000000011E84 000000412A84 0 GetStdHandle
000000011E94 000000412A94 0 GetFileType
000000011EA2 000000412AA2 0 DeleteCriticalSection
000000011EBA 000000412ABA 0 GetStartupInfoW
000000011ECC 000000412ACC 0 GetModuleFileNameA
000000011EE2 000000412AE2 0 QueryPerformanceCounter
000000011EFC 000000412AFC 0 GetCurrentProcessId
000000011F12 000000412B12 0 GetEnvironmentStringsW
000000011F2C 000000412B2C 0 FreeEnvironmentStringsW
000000011F46 000000412B46 0 UnhandledExceptionFilter
000000011F62 000000412B62 0 SetUnhandledExceptionFilter
000000011F80 000000412B80 0 InitializeCriticalSectionAndSpinCount
000000011FA8 000000412BA8 0 TlsAlloc
000000011FB4 000000412BB4 0 TlsGetValue
000000011FC2 000000412BC2 0 TlsSetValue
000000011FD0 000000412BD0 0 TlsFree
000000011FDA 000000412BDA 0 GetModuleHandleW
000000011FEE 000000412BEE 0 EnterCriticalSection
000000012006 000000412C06 0 LeaveCriticalSection
00000001201E 000000412C1E 0 GetConsoleCP
00000001202E 000000412C2E 0 GetConsoleMode
000000012040 000000412C40 0 SetFilePointerEx
000000012054 000000412C54 0 IsValidCodePage
000000012066 000000412C66 0 GetACP
000000012070 000000412C70 0 GetOEMCP
00000001207C 000000412C7C 0 GetCPInfo
000000012088 000000412C88 0 HeapFree
File pos Mem pos ID Text
======== ======= == ====
000000012094 000000412C94 0 LoadLibraryExW
0000000120A6 000000412CA6 0 RtlUnwind
0000000120B2 000000412CB2 0 OutputDebugStringW
0000000120C8 000000412CC8 0 SetStdHandle
0000000120D8 000000412CD8 0 WriteConsoleW
0000000120E8 000000412CE8 0 GetStringTypeW
0000000120FA 000000412CFA 0 HeapAlloc
000000012106 000000412D06 0 HeapReAlloc
000000012114 000000412D14 0 HeapSize
000000012120 000000412D20 0 LCMapStringW
000000012130 000000412D30 0 FlushFileBuffers
0000000126C2 0000004134C2 0
0000000127A9 0000004135A9 0 abcdefghijklmnopqrstuvwxyz
0000000127C9 0000004135C9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ
0000000128E2 0000004136E2 0
0000000129C2 0000004137C2 0 abcdefghijklmnopqrstuvwxyz
0000000129E2 0000004137E2 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ
0000000131C6 000000413FC6 0 z?aUY
000000013208 000000414008 0 zc%C1
00000001325B 00000041405B 0 -64OS
000000013463 000000417063 0 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
00000001349C 00000041709C 0 <assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity type="win32" name="consoletest" version="1.0.0.0"></assemblyIdentity><description> my exe </description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS></application></compatibility></assembly>
000000013A08 000000418008 0 A0U0i0~0
000000013A1F 00000041801F 0 1:1Z1
000000013A31 000000418031 0 2+2I2~2
000000013A43 000000418043 0 383W3|3
000000013A51 000000418051 0 4!4-494K4y4
000000013A6B 00000041806B 0 5b5o5
000000013A81 000000418081 0 6+6G6~6
000000013A9B 00000041809B 0 7+7M7W7\7b7j7}7
000000013AC3 0000004180C3 0 7@8P8_8f8l8r8|8
000000013AE3 0000004180E3 0 9 9B9G9N9h9
000000013B2D 00000041812D 0 090?0E0K0Q0W0
000000013B3B 00000041813B 0 0e0l0s0z0
000000013B65 000000418165 0 2F2Q2W2
000000013B6F 00000041816F 0 3*414G4Q4
000000013B7F 00000041817F 0 5:9}:
000000013B87 000000418187 0 ;$<*<L<R<
000000013B9C 00000041819C 0 m0q0u0y0}0
000000013BB9 0000004181B9 0 2%2T2
000000013BC9 0000004181C9 0 3"3;3E3R3\3r3
000000013BD7 0000004181D7 0 4Q5X5~5
000000013BF1 0000004181F1 0 <1<7<
000000013C1B 00000041821B 0 1Y2_2
000000013C3B 00000041823B 0 4+636<6E6g6
000000013C59 000000418259 0 7"7C7
000000013C65 000000418265 0 8#8)8:8Y8o8y8
000000013C7F 00000041827F 0 8%9,9;9n9
000000013C91 000000418291 0 :,:a:|:
000000013C9D 00000041829D 0 :#;[;n;
000000013CB7 0000004182B7 0 >,>c>o>
000000013CC9 0000004182C9 0 ?@?S?c?
000000013CEB 0000004182EB 0 0'030:0A0\0f0
000000013CFF 0000004182FF 0 191A1F1r1
000000013D19 000000418319 0 2"2'2F2z2
000000013D37 000000418337 0 3"3,323D3V3q3w3
000000013D63 000000418363 0 4 4%4+43484>4F4K4Q4Y4
000000013D79 000000418379 0 4d4l4q4w4
000000013DB5 0000004183B5 0 5"5*5/555=5B5H5P5U5[5c5h5n5v5{5
000000013E05 000000418405 0 6!6&6,64696>6G6L6R6Z6
File pos Mem pos ID Text
======== ======= == ====
000000013E1B 00000041841B 0 6n6|6
000000013E35 000000418435 0 8#8:8X8
000000013E3F 00000041843F 0 9$9G9
000000013E55 000000418455 0 :(:3:;:H:R:x:
000000013E6B 00000041846B 0 ;X;l;
000000013E83 000000418483 0 =V>#?R?[?
000000013EB5 0000004184B5 0 4!5>5]5
000000013EBD 0000004184BD 0 6!6<6V6
000000013ECD 0000004184CD 0 8)9?9x9
000000013ED9 0000004184D9 0 :.:5:<:C:[:j:t:
000000013EEF 0000004184EF 0 : ;;;
000000013EFD 0000004184FD 0 =&=Q=
000000013F07 000000418507 0 >#>.>E>_>z>
000000013F1D 00000041851D 0 >4?j?}?
000000013F2D 00000041852D 0 0A0h0
000000013F3B 00000041853B 0 1(2q2
000000013F43 000000418543 0 3 4s4y4
000000013F59 000000418559 0 6 6&6
000000013F5F 00000041855F 0 7(7}7
000000013F73 000000418573 0 7 808a8y8
000000013F87 000000418587 0 8'9-929
000000013FC3 0000004185C3 0 <$<-<
000000013FD9 0000004185D9 0 <O=Y=t=~=
000000013FE3 0000004185E3 0 =&>E>Q>\?
000000013FF9 0000004185F9 0 20262B2R2X2g2n2~2
00000001402D 00000041862D 0 3$3/3r3
000000014053 000000418653 0 617=7d7z7
000000014065 000000418665 0 8Z8c8n8}8
000000014075 000000418675 0 9%979I9[9m9
0000000140AB 0000004186AB 0 0T2[2
0000000140C1 0000004186C1 0 384>4J4
0000000140CF 0000004186CF 0 595b5p5v5
0000000140D9 0000004186D9 0 5S6{6
0000000140DF 0000004186DF 0 658S8l8s8{8
000000014105 000000418705 0 9b9h9l9p9t9
00000001411D 00000041871D 0 :5:_:
00000001417B 00000041877B 0 0,1i1s1
000000014185 000000418785 0 2=3,42464;4A4E4K4O4U4Y4
00000001419D 00000041879D 0 4d4h4n4r4x4|4
0000000141B1 0000004187B1 0 50686
0000000141B7 0000004187B7 0 7r8~8
0000000141BF 0000004187BF 0 9 9/9
0000000141DD 0000004187DD 0 >-?D?~?
0000000141ED 0000004187ED 0 0f3x3
000000014237 000000418837 0 818W8u8|8
000000014257 000000418857 0 8Z9e9
00000001426F 00000041886F 0 : :$:(:,:0:4:~:
000000014295 000000418895 0 0d1}1
00000001429F 00000041889F 0 1B2~<
0000000142AB 0000004188AB 0 ?*?0?
0000000142B8 0000004188B8 0 p1t1x1|1
0000000142D7 0000004188D7 0 3$3,343<3D3L3T3\3d3l3t3|3
000000014304 000000418904 0 80<0@0D0\<d<l<t<|<
00000001433D 00000041893D 0 =$=,=4=<=D=L=T=\=d=l=t=|=
00000001437D 00000041897D 0 >$>,>4><>D>L>T>\>d>l>t>|>
0000000143BD 0000004189BD 0 ?$?,?4?<?D?L?T?\?d?l?t?|?
000000014407 000000418A07 0 0$0,040<0D0L0T0\0d0l0t0|0
000000014447 000000418A47 0 1$1,141<1D1L1T1\1d1l1t1|1
000000014487 000000418A87 0 2$2,242<2D2L2T2\2d2l2t2|2
0000000144C7 000000418AC7 0 3$3,343<3D3L3T3\3d3l3t3x3
File pos Mem pos ID Text
======== ======= == ====
000000014507 000000418B07 0 4 4(40484@4H4P4X4
000000014519 000000418B19 0 4h4p4x4
000000014547 000000418B47 0 5 5(50585@5H5P5X5
000000014559 000000418B59 0 5h5p5x5
000000014587 000000418B87 0 6 6(60686@6H6P6X6
000000014599 000000418B99 0 6h6p6x6
0000000145C7 000000418BC7 0 7 7(70787@7H7P7X7
0000000145D9 000000418BD9 0 7h7p7x7
000000014607 000000418C07 0 8 8(80888@8H8P8X8
000000014619 000000418C19 0 8h8p8x8
000000014647 000000418C47 0 9 9(90989@9H9P9X9
000000014659 000000418C59 0 9h9p9x9
000000014687 000000418C87 0 : :(:0:8:@:H:P:X:
000000014699 000000418C99 0 :h:p:x:
0000000146C5 000000418CC5 0 2$2@2L2h2
0000000146D7 000000418CD7 0 3(3H3d3h3
0000000146ED 000000418CED 0 404P4p4
000000014759 000000418D59 0 : :$:(:,:0:<:@:D:H:L:P:T:X:\:
000000014777 000000418D77 0 :d:h:l:p:t:x:|:
0000000147BF 000000418DBF 0 ;$;4;D;T;t;
0000000147F3 000000418DF3 0 = =$=(=,=8=<=@=D=H=L=P=T=\=
00000000D5B8 00000040E1B8 0 (null)
00000000D6C8 00000040E2C8 0 mscoree.dll
00000000E070 00000040EC70 0 runtime error
00000000E0B0 00000040ECB0 0 Program:
00000000E0C4 00000040ECC4 0 <program name unknown>
00000000E108 00000040ED08 0 Microsoft Visual C++ Runtime Library
00000000E154 00000040ED54 0 kernel32.dll
00000000E447 00000040F047 0 @ja-JP
00000000E454 00000040F054 0 zh-CN
00000000E460 00000040F060 0 ko-KR
00000000E46C 00000040F06C 0 zh-TW
00000000E5DC 00000040F1DC 0 Sunday
00000000E5EC 00000040F1EC 0 Monday
00000000E5FC 00000040F1FC 0 Tuesday
00000000E60C 00000040F20C 0 Wednesday
00000000E620 00000040F220 0 Thursday
00000000E634 00000040F234 0 Friday
00000000E644 00000040F244 0 Saturday
00000000E6B8 00000040F2B8 0 January
00000000E6C8 00000040F2C8 0 February
00000000E6DC 00000040F2DC 0 March
00000000E6E8 00000040F2E8 0 April
00000000E70C 00000040F30C 0 August
00000000E71C 00000040F31C 0 September
00000000E730 00000040F330 0 October
00000000E740 00000040F340 0 November
00000000E754 00000040F354 0 December
00000000E778 00000040F378 0 MM/dd/yy
00000000E78C 00000040F38C 0 dddd, MMMM dd, yyyy
00000000E7B4 00000040F3B4 0 HH:mm:ss
00000000E7C8 00000040F3C8 0 en-US
00000000E7D4 00000040F3D4 0 USER32.DLL
00000000FEB0 000000410AB0 0 zh-CHS
0000000100B4 000000410CB4 0 ar-SA
0000000100C0 000000410CC0 0 bg-BG
0000000100CC 000000410CCC 0 ca-ES
0000000100D8 000000410CD8 0 cs-CZ
0000000100E4 000000410CE4 0 da-DK
0000000100F0 000000410CF0 0 de-DE
File pos Mem pos ID Text
======== ======= == ====
0000000100FC 000000410CFC 0 el-GR
000000010108 000000410D08 0 fi-FI
000000010114 000000410D14 0 fr-FR
000000010120 000000410D20 0 he-IL
00000001012C 000000410D2C 0 hu-HU
000000010138 000000410D38 0 is-IS
000000010144 000000410D44 0 it-IT
000000010150 000000410D50 0 nl-NL
00000001015C 000000410D5C 0 nb-NO
000000010168 000000410D68 0 pl-PL
000000010174 000000410D74 0 pt-BR
000000010180 000000410D80 0 ro-RO
00000001018C 000000410D8C 0 ru-RU
000000010198 000000410D98 0 hr-HR
0000000101A4 000000410DA4 0 sk-SK
0000000101B0 000000410DB0 0 sq-AL
0000000101BC 000000410DBC 0 sv-SE
0000000101C8 000000410DC8 0 th-TH
0000000101D4 000000410DD4 0 tr-TR
0000000101E0 000000410DE0 0 ur-PK
0000000101EC 000000410DEC 0 id-ID
0000000101F8 000000410DF8 0 uk-UA
000000010204 000000410E04 0 be-BY
000000010210 000000410E10 0 sl-SI
00000001021C 000000410E1C 0 et-EE
000000010228 000000410E28 0 lv-LV
000000010234 000000410E34 0 lt-LT
000000010240 000000410E40 0 fa-IR
00000001024C 000000410E4C 0 vi-VN
000000010258 000000410E58 0 hy-AM
000000010264 000000410E64 0 az-AZ-Latn
00000001027C 000000410E7C 0 eu-ES
000000010288 000000410E88 0 mk-MK
000000010294 000000410E94 0 tn-ZA
0000000102A0 000000410EA0 0 xh-ZA
0000000102AC 000000410EAC 0 zu-ZA
0000000102B8 000000410EB8 0 af-ZA
0000000102C4 000000410EC4 0 ka-GE
0000000102D0 000000410ED0 0 fo-FO
0000000102DC 000000410EDC 0 hi-IN
0000000102E8 000000410EE8 0 mt-MT
0000000102F4 000000410EF4 0 se-NO
000000010300 000000410F00 0 ms-MY
00000001030C 000000410F0C 0 kk-KZ
000000010318 000000410F18 0 ky-KG
000000010324 000000410F24 0 sw-KE
000000010330 000000410F30 0 uz-UZ-Latn
000000010348 000000410F48 0 tt-RU
000000010354 000000410F54 0 bn-IN
000000010360 000000410F60 0 pa-IN
00000001036C 000000410F6C 0 gu-IN
000000010378 000000410F78 0 ta-IN
000000010384 000000410F84 0 te-IN
000000010390 000000410F90 0 kn-IN
00000001039C 000000410F9C 0 ml-IN
0000000103A8 000000410FA8 0 mr-IN
0000000103B4 000000410FB4 0 sa-IN
0000000103C0 000000410FC0 0 mn-MN
0000000103CC 000000410FCC 0 cy-GB
0000000103D8 000000410FD8 0 gl-ES
File pos Mem pos ID Text
======== ======= == ====
0000000103E4 000000410FE4 0 kok-IN
0000000103F4 000000410FF4 0 syr-SY
000000010404 000000411004 0 div-MV
000000010414 000000411014 0 quz-BO
000000010424 000000411024 0 ns-ZA
000000010430 000000411030 0 mi-NZ
00000001043C 00000041103C 0 ar-IQ
000000010448 000000411048 0 de-CH
000000010454 000000411054 0 en-GB
000000010460 000000411060 0 es-MX
00000001046C 00000041106C 0 fr-BE
000000010478 000000411078 0 it-CH
000000010484 000000411084 0 nl-BE
000000010490 000000411090 0 nn-NO
00000001049C 00000041109C 0 pt-PT
0000000104A8 0000004110A8 0 sr-SP-Latn
0000000104C0 0000004110C0 0 sv-FI
0000000104CC 0000004110CC 0 az-AZ-Cyrl
0000000104E4 0000004110E4 0 se-SE
0000000104F0 0000004110F0 0 ms-BN
0000000104FC 0000004110FC 0 uz-UZ-Cyrl
000000010514 000000411114 0 quz-EC
000000010524 000000411124 0 ar-EG
000000010530 000000411130 0 zh-HK
00000001053C 00000041113C 0 de-AT
000000010548 000000411148 0 en-AU
000000010554 000000411154 0 es-ES
000000010560 000000411160 0 fr-CA
00000001056C 00000041116C 0 sr-SP-Cyrl
000000010584 000000411184 0 se-FI
000000010590 000000411190 0 quz-PE
0000000105A0 0000004111A0 0 ar-LY
0000000105AC 0000004111AC 0 zh-SG
0000000105B8 0000004111B8 0 de-LU
0000000105C4 0000004111C4 0 en-CA
0000000105D0 0000004111D0 0 es-GT
0000000105DC 0000004111DC 0 fr-CH
0000000105E8 0000004111E8 0 hr-BA
0000000105F4 0000004111F4 0 smj-NO
000000010604 000000411204 0 ar-DZ
000000010610 000000411210 0 zh-MO
00000001061C 00000041121C 0 de-LI
000000010628 000000411228 0 en-NZ
000000010634 000000411234 0 es-CR
000000010640 000000411240 0 fr-LU
00000001064C 00000041124C 0 bs-BA-Latn
000000010664 000000411264 0 smj-SE
000000010674 000000411274 0 ar-MA
000000010680 000000411280 0 en-IE
00000001068C 00000041128C 0 es-PA
000000010698 000000411298 0 fr-MC
0000000106A4 0000004112A4 0 sr-BA-Latn
0000000106BC 0000004112BC 0 sma-NO
0000000106CC 0000004112CC 0 ar-TN
0000000106D8 0000004112D8 0 en-ZA
0000000106E4 0000004112E4 0 es-DO
0000000106F0 0000004112F0 0 sr-BA-Cyrl
000000010708 000000411308 0 sma-SE
000000010718 000000411318 0 ar-OM
000000010724 000000411324 0 en-JM
File pos Mem pos ID Text
======== ======= == ====
000000010730 000000411330 0 es-VE
00000001073C 00000041133C 0 sms-FI
00000001074C 00000041134C 0 ar-YE
000000010758 000000411358 0 en-CB
000000010764 000000411364 0 es-CO
000000010770 000000411370 0 smn-FI
000000010780 000000411380 0 ar-SY
00000001078C 00000041138C 0 en-BZ
000000010798 000000411398 0 es-PE
0000000107A4 0000004113A4 0 ar-JO
0000000107B0 0000004113B0 0 en-TT
0000000107BC 0000004113BC 0 es-AR
0000000107C8 0000004113C8 0 ar-LB
0000000107D4 0000004113D4 0 en-ZW
0000000107E0 0000004113E0 0 es-EC
0000000107EC 0000004113EC 0 ar-KW
0000000107F8 0000004113F8 0 en-PH
000000010804 000000411404 0 es-CL
000000010810 000000411410 0 ar-AE
00000001081C 00000041141C 0 es-UY
000000010828 000000411428 0 ar-BH
000000010834 000000411434 0 es-PY
000000010840 000000411440 0 ar-QA
00000001084C 00000041144C 0 es-BO
000000010858 000000411458 0 es-SV
000000010864 000000411464 0 es-HN
000000010870 000000411470 0 es-NI
00000001087C 00000041147C 0 es-PR
000000010888 000000411488 0 zh-CHT
0000000108A0 0000004114A0 0 af-za
0000000108AC 0000004114AC 0 ar-ae
0000000108B8 0000004114B8 0 ar-bh
0000000108C4 0000004114C4 0 ar-dz
0000000108D0 0000004114D0 0 ar-eg
0000000108DC 0000004114DC 0 ar-iq
0000000108E8 0000004114E8 0 ar-jo
0000000108F4 0000004114F4 0 ar-kw
000000010900 000000411500 0 ar-lb
00000001090C 00000041150C 0 ar-ly
000000010918 000000411518 0 ar-ma
000000010924 000000411524 0 ar-om
000000010930 000000411530 0 ar-qa
00000001093C 00000041153C 0 ar-sa
000000010948 000000411548 0 ar-sy
000000010954 000000411554 0 ar-tn
000000010960 000000411560 0 ar-ye
00000001096C 00000041156C 0 az-az-cyrl
000000010984 000000411584 0 az-az-latn
00000001099C 00000041159C 0 be-by
0000000109A8 0000004115A8 0 bg-bg
0000000109B4 0000004115B4 0 bn-in
0000000109C0 0000004115C0 0 bs-ba-latn
0000000109D8 0000004115D8 0 ca-es
0000000109E4 0000004115E4 0 cs-cz
0000000109F0 0000004115F0 0 cy-gb
0000000109FC 0000004115FC 0 da-dk
000000010A08 000000411608 0 de-at
000000010A14 000000411614 0 de-ch
000000010A20 000000411620 0 de-de
000000010A2C 00000041162C 0 de-li
File pos Mem pos ID Text
======== ======= == ====
000000010A38 000000411638 0 de-lu
000000010A44 000000411644 0 div-mv
000000010A54 000000411654 0 el-gr
000000010A60 000000411660 0 en-au
000000010A6C 00000041166C 0 en-bz
000000010A78 000000411678 0 en-ca
000000010A84 000000411684 0 en-cb
000000010A90 000000411690 0 en-gb
000000010A9C 00000041169C 0 en-ie
000000010AA8 0000004116A8 0 en-jm
000000010AB4 0000004116B4 0 en-nz
000000010AC0 0000004116C0 0 en-ph
000000010ACC 0000004116CC 0 en-tt
000000010AD8 0000004116D8 0 en-us
000000010AE4 0000004116E4 0 en-za
000000010AF0 0000004116F0 0 en-zw
000000010AFC 0000004116FC 0 es-ar
000000010B08 000000411708 0 es-bo
000000010B14 000000411714 0 es-cl
000000010B20 000000411720 0 es-co
000000010B2C 00000041172C 0 es-cr
000000010B38 000000411738 0 es-do
000000010B44 000000411744 0 es-ec
000000010B50 000000411750 0 es-es
000000010B5C 00000041175C 0 es-gt
000000010B68 000000411768 0 es-hn
000000010B74 000000411774 0 es-mx
000000010B80 000000411780 0 es-ni
000000010B8C 00000041178C 0 es-pa
000000010B98 000000411798 0 es-pe
000000010BA4 0000004117A4 0 es-pr
000000010BB0 0000004117B0 0 es-py
000000010BBC 0000004117BC 0 es-sv
000000010BC8 0000004117C8 0 es-uy
000000010BD4 0000004117D4 0 es-ve
000000010BE0 0000004117E0 0 et-ee
000000010BEC 0000004117EC 0 eu-es
000000010BF8 0000004117F8 0 fa-ir
000000010C04 000000411804 0 fi-fi
000000010C10 000000411810 0 fo-fo
000000010C1C 00000041181C 0 fr-be
000000010C28 000000411828 0 fr-ca
000000010C34 000000411834 0 fr-ch
000000010C40 000000411840 0 fr-fr
000000010C4C 00000041184C 0 fr-lu
000000010C58 000000411858 0 fr-mc
000000010C64 000000411864 0 gl-es
000000010C70 000000411870 0 gu-in
000000010C7C 00000041187C 0 he-il
000000010C88 000000411888 0 hi-in
000000010C94 000000411894 0 hr-ba
000000010CA0 0000004118A0 0 hr-hr
000000010CAC 0000004118AC 0 hu-hu
000000010CB8 0000004118B8 0 hy-am
000000010CC4 0000004118C4 0 id-id
000000010CD0 0000004118D0 0 is-is
000000010CDC 0000004118DC 0 it-ch
000000010CE8 0000004118E8 0 it-it
000000010CF4 0000004118F4 0 ja-jp
000000010D00 000000411900 0 ka-ge
File pos Mem pos ID Text
======== ======= == ====
000000010D0C 00000041190C 0 kk-kz
000000010D18 000000411918 0 kn-in
000000010D24 000000411924 0 kok-in
000000010D34 000000411934 0 ko-kr
000000010D40 000000411940 0 ky-kg
000000010D4C 00000041194C 0 lt-lt
000000010D58 000000411958 0 lv-lv
000000010D64 000000411964 0 mi-nz
000000010D70 000000411970 0 mk-mk
000000010D7C 00000041197C 0 ml-in
000000010D88 000000411988 0 mn-mn
000000010D94 000000411994 0 mr-in
000000010DA0 0000004119A0 0 ms-bn
000000010DAC 0000004119AC 0 ms-my
000000010DB8 0000004119B8 0 mt-mt
000000010DC4 0000004119C4 0 nb-no
000000010DD0 0000004119D0 0 nl-be
000000010DDC 0000004119DC 0 nl-nl
000000010DE8 0000004119E8 0 nn-no
000000010DF4 0000004119F4 0 ns-za
000000010E00 000000411A00 0 pa-in
000000010E0C 000000411A0C 0 pl-pl
000000010E18 000000411A18 0 pt-br
000000010E24 000000411A24 0 pt-pt
000000010E30 000000411A30 0 quz-bo
000000010E40 000000411A40 0 quz-ec
000000010E50 000000411A50 0 quz-pe
000000010E60 000000411A60 0 ro-ro
000000010E6C 000000411A6C 0 ru-ru
000000010E78 000000411A78 0 sa-in
000000010E84 000000411A84 0 se-fi
000000010E90 000000411A90 0 se-no
000000010E9C 000000411A9C 0 se-se
000000010EA8 000000411AA8 0 sk-sk
000000010EB4 000000411AB4 0 sl-si
000000010EC0 000000411AC0 0 sma-no
000000010ED0 000000411AD0 0 sma-se
000000010EE0 000000411AE0 0 smj-no
000000010EF0 000000411AF0 0 smj-se
000000010F00 000000411B00 0 smn-fi
000000010F10 000000411B10 0 sms-fi
000000010F20 000000411B20 0 sq-al
000000010F2C 000000411B2C 0 sr-ba-cyrl
000000010F44 000000411B44 0 sr-ba-latn
000000010F5C 000000411B5C 0 sr-sp-cyrl
000000010F74 000000411B74 0 sr-sp-latn
000000010F8C 000000411B8C 0 sv-fi
000000010F98 000000411B98 0 sv-se
000000010FA4 000000411BA4 0 sw-ke
000000010FB0 000000411BB0 0 syr-sy
000000010FC0 000000411BC0 0 ta-in
000000010FCC 000000411BCC 0 te-in
000000010FD8 000000411BD8 0 th-th
000000010FE4 000000411BE4 0 tn-za
000000010FF0 000000411BF0 0 tr-tr
000000010FFC 000000411BFC 0 tt-ru
000000011008 000000411C08 0 uk-ua
000000011014 000000411C14 0 ur-pk
000000011020 000000411C20 0 uz-uz-cyrl
000000011038 000000411C38 0 uz-uz-latn
File pos Mem pos ID Text
======== ======= == ====
000000011050 000000411C50 0 vi-vn
00000001105C 000000411C5C 0 xh-za
000000011068 000000411C68 0 zh-chs
000000011078 000000411C78 0 zh-cht
000000011088 000000411C88 0 zh-cn
000000011094 000000411C94 0 zh-hk
0000000110A0 000000411CA0 0 zh-mo
0000000110AC 000000411CAC 0 zh-sg
0000000110B8 000000411CB8 0 zh-tw
0000000110C4 000000411CC4 0 zu-za
0000000110D0 000000411CD0 0 CONOUT$
0000000111F0 000000411DF0 0 ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "%s" /t REG_SZ /d "%s"
0000000112AC 000000411EAC 0 Global\%08X%08X
0000000112D0 000000411ED0 0 S:(ML;;NW;;;LW)D:(A;;0x1FFFFF;;;WD)(A;;0x1FFFFF;;;S-1-15-2-1)
00000001134C 000000411F4C 0 D:(A;;0x1FFFFF;;;WD)
000000011378 000000411F78 0 %s\%d%d%d.bat
0000000113B4 000000411FB4 0 /c "%s"
0000000113C4 000000411FC4 0 ComSpec
0000000113F8 000000411FF8 0 %s\rtkdrv2.exe
000000011418 000000412018 0 %s\updatea.bin
000000011438 000000412038 0 %s\updatea2.bin
000000011458 000000412058 0 rtksys2.exe
000000011494 000000412094 0 RtkDrv
0000000114C7 0000004120C7 0 lcreate "Realtek Audio Driver2" binPath= "%s" start= auto
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000000D0 0000004000D0 0 RichSS
0000000001E8 0000004001E8 0 .text
000000000210 000000400210 0 .rdata
000000000237 000000400237 0 @.data
000000000260 000000400260 0 .rsrc
000000000287 000000400287 0 @.reloc
000000000719 000000401319 0 Ph@_A
0000000007B1 0000004013B1 0 PWWWWWW
0000000008CA 0000004014CA 0 Wh8 A
0000000009BF 0000004015BF 0 <u@_A
000000000C2F 00000040182F 0 PSSSSSS
000000000DB1 0000004019B1 0 WWPh<!A
000000000DC5 0000004019C5 0 WWhD!A
000000001679 000000402279 0 PPPPP
000000001A41 000000402641 0 t/HHt
000000001A84 000000402684 0 j*Xf;
000000001AE2 0000004026E2 0 j*Xf;
000000001B39 000000402739 0 htHjlZ;
000000001C7C 00000040287C 0 HHtXHHt
000000001EB9 000000402AB9 0 nt'joZ;
000000001F59 000000402B59 0 jgXf;
000000002030 000000402C30 0 YYjgXf9
0000000021E6 000000402DE6 0 >0t<NAj0X
0000000022C7 000000402EC7 0 Wj0XP
0000000023D3 000000402FD3 0 Wj XP
00000000264D 00000040324D 0 5ntel
00000000265D 00000040325D 0 5Genu
000000002A79 000000403679 0 t/HHt
000000002CC5 0000004038C5 0 HHtVHHt
0000000031BC 000000403DBC 0 >0t-N
0000000036E5 0000004042E5 0 ~pjCXf
0000000036F9 0000004042F9 0 Fhh6A
000000003D38 000000404938 0 jdhp"A
000000003D51 000000404951 0 j@j _W
000000003E11 000000404A11 0 } j@W
File pos Mem pos ID Text
======== ======= == ====
0000000041BC 000000404DBC 0 < t8< t4
000000004296 000000404E96 0 t@VSP
0000000042F1 000000404EF1 0 PPPPP
0000000043FF 000000404FFF 0 VhrFA
000000004423 000000405023 0 <v5hrFA
00000000450B 00000040510B 0 SSSSS
00000000466A 00000040526A 0 SPPP+
000000004673 000000405273 0 FVWPP
000000004699 000000405299 0 SVWPP
000000004AB1 0000004056B1 0 9=4_A
000000004FC6 000000405BC6 0 ;5$_A
00000000591F 00000040651F 0 ;=$_A
0000000067CC 0000004073CC 0 ~';_t|%3
0000000067E0 0000004073E0 0 wtVj
0000000067F5 0000004073F5 0 ;_tr.
000000006816 000000407416 0 GWVj
0000000069EB 0000004075EB 0 v N+D$
000000006AFC 0000004076FC 0 QVWSj
00000000723F 000000407E3F 0 URPQQh
000000007720 000000408320 0 tO9=$NA
00000000837F 000000408F7F 0 PP9E u
0000000089CD 0000004095CD 0 jA[jZZ+
000000009083 000000409C83 0 SVWUj
000000009124 000000409D24 0 ;t$,v-
0000000091A9 000000409DA9 0 UQPXY]Y[
0000000092CB 000000409ECB 0 ;=$_A
000000009474 00000040A074 0 ;5$_A
0000000096C4 00000040A2C4 0 PWWWWV
00000000975F 00000040A35F 0 PSSSSV
00000000A5FD 00000040B1FD 0 +t"HHt
00000000A653 00000040B253 0 9] t"
00000000ABC8 00000040B7C8 0 ,SVWj0X
00000000ACFC 00000040B8FC 0 u'j0X
00000000AE26 00000040BA26 0 Wj0XPV
00000000AEC5 00000040BAC5 0 PjdSQ
00000000B02E 00000040BC2E 0 -jd[;
00000000B083 00000040BC83 0 WWWWW
00000000B5D6 00000040C1D6 0 VVVVV
00000000C332 00000040CF32 0 PPPPP
00000000C3E6 00000040CFE6 0 v N+D$
00000000CE65 00000040DA65 0 SSSSS
00000000D5B0 00000040E1B0 0 (null)
00000000D5E9 00000040E1E9 0 ( 8PX
00000000D5F1 00000040E1F1 0 700WP
00000000D609 00000040E209 0 xpxxxx
00000000D6E0 00000040E2E0 0 CorExitProcess
00000000E170 00000040ED70 0 FlsAlloc
00000000E17C 00000040ED7C 0 FlsFree
00000000E184 00000040ED84 0 FlsGetValue
00000000E190 00000040ED90 0 FlsSetValue
00000000E19C 00000040ED9C 0 InitializeCriticalSectionEx
00000000E1B8 00000040EDB8 0 CreateEventExW
00000000E1C8 00000040EDC8 0 CreateSemaphoreExW
00000000E1DC 00000040EDDC 0 SetThreadStackGuarantee
00000000E1F4 00000040EDF4 0 CreateThreadpoolTimer
00000000E20C 00000040EE0C 0 SetThreadpoolTimer
00000000E220 00000040EE20 0 WaitForThreadpoolTimerCallbacks
00000000E240 00000040EE40 0 CloseThreadpoolTimer
00000000E258 00000040EE58 0 CreateThreadpoolWait
00000000E270 00000040EE70 0 SetThreadpoolWait
File pos Mem pos ID Text
======== ======= == ====
00000000E284 00000040EE84 0 CloseThreadpoolWait
00000000E298 00000040EE98 0 FlushProcessWriteBuffers
00000000E2B4 00000040EEB4 0 FreeLibraryWhenCallbackReturns
00000000E2D4 00000040EED4 0 GetCurrentProcessorNumber
00000000E2F0 00000040EEF0 0 GetLogicalProcessorInformation
00000000E310 00000040EF10 0 CreateSymbolicLinkW
00000000E324 00000040EF24 0 SetDefaultDllDirectories
00000000E340 00000040EF40 0 EnumSystemLocalesEx
00000000E354 00000040EF54 0 CompareStringEx
00000000E364 00000040EF64 0 GetDateFormatEx
00000000E374 00000040EF74 0 GetLocaleInfoEx
00000000E384 00000040EF84 0 GetTimeFormatEx
00000000E394 00000040EF94 0 GetUserDefaultLocaleName
00000000E3B0 00000040EFB0 0 IsValidLocaleName
00000000E3C4 00000040EFC4 0 LCMapStringEx
00000000E3D4 00000040EFD4 0 GetCurrentPackageId
00000000E3E8 00000040EFE8 0 GetTickCount64
00000000E3F8 00000040EFF8 0 GetFileInformationByHandleExW
00000000E418 00000040F018 0 SetFileInformationByHandleW
00000000E494 00000040F094 0 Sunday
00000000E49C 00000040F09C 0 Monday
00000000E4A4 00000040F0A4 0 Tuesday
00000000E4AC 00000040F0AC 0 Wednesday
00000000E4B8 00000040F0B8 0 Thursday
00000000E4C4 00000040F0C4 0 Friday
00000000E4CC 00000040F0CC 0 Saturday
00000000E508 00000040F108 0 January
00000000E510 00000040F110 0 February
00000000E51C 00000040F11C 0 March
00000000E524 00000040F124 0 April
00000000E53C 00000040F13C 0 August
00000000E544 00000040F144 0 September
00000000E550 00000040F150 0 October
00000000E558 00000040F158 0 November
00000000E564 00000040F164 0 December
00000000E578 00000040F178 0 MM/dd/yy
00000000E584 00000040F184 0 dddd, MMMM dd, yyyy
00000000E598 00000040F198 0 HH:mm:ss
00000000E7EC 00000040F3EC 0 MessageBoxW
00000000E7F8 00000040F3F8 0 GetActiveWindow
00000000E808 00000040F408 0 GetLastActivePopup
00000000E81C 00000040F41C 0 GetUserObjectInformationW
00000000E838 00000040F438 0 GetProcessWindowStation
00000000EDF8 00000040F9F8 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]
00000000EE39 00000040FA39 0 abcdefghijklmnopqrstuvwxyz{|}~
00000000EF78 00000040FB78 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
00000000EFB9 00000040FBB9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0000000110FF 000000411CFF 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
000000011140 000000411D40 0 abcdefghijklmnopqrstuvwxyz{|}~
000000011185 000000411D85 0 ('8PW
00000001118E 000000411D8E 0 700PP
0000000111A9 000000411DA9 0 xppwpp
0000000111C8 000000411DC8 0 e+000
0000000111D0 000000411DD0 0 1#SNAN
0000000111D8 000000411DD8 0 1#IND
0000000111E0 000000411DE0 0 1#INF
0000000111E8 000000411DE8 0 1#QNAN
000000011394 000000411F94 0 @echo off
0000000113A3 000000411FA3 0 del /F "%S"
0000000113D8 000000411FD8 0 del "%S"
File pos Mem pos ID Text
======== ======= == ====
0000000113E2 000000411FE2 0 if exist "%S" goto d
000000011470 000000412070 0 Realtek Audio Driver2
000000011488 000000412088 0 --install
0000000114B8 0000004120B8 0 --systeminstall
000000011544 000000412144 0 /c "net start "Realtek Audio Driver2""
00000001156C 00000041216C 0 cmd.exe
000000011A8A 00000041268A 0 ExitProcess
000000011A98 000000412698 0 GetEnvironmentVariableW
000000011AB2 0000004126B2 0 CreateMutexW
000000011AC2 0000004126C2 0 SetErrorMode
000000011AD2 0000004126D2 0 CreateProcessW
000000011AE4 0000004126E4 0 GetCurrentProcess
000000011AF8 0000004126F8 0 WaitForSingleObject
000000011B0E 00000041270E 0 WriteFile
000000011B1A 00000041271A 0 GetCommandLineA
000000011B2C 00000041272C 0 OpenProcess
000000011B3A 00000041273A 0 Sleep
000000011B42 000000412742 0 TerminateProcess
000000011B56 000000412756 0 GetModuleFileNameW
000000011B6C 00000041276C 0 CreateFileW
000000011B7A 00000041277A 0 GetTempPathW
000000011B8A 00000041278A 0 OpenMutexW
000000011B98 000000412798 0 MoveFileW
000000011BA4 0000004127A4 0 Process32FirstW
000000011BB6 0000004127B6 0 Process32NextW
000000011BC8 0000004127C8 0 CreateToolhelp32Snapshot
000000011BE4 0000004127E4 0 DuplicateHandle
000000011BF6 0000004127F6 0 CloseHandle
000000011C04 000000412804 0 DeleteFileW
000000011C12 000000412812 0 LocalFree
000000011C1C 00000041281C 0 KERNEL32.dll
000000011C2C 00000041282C 0 StartServiceCtrlDispatcherA
000000011C4A 00000041284A 0 RegisterServiceCtrlHandlerA
000000011C68 000000412868 0 InitializeSecurityDescriptor
000000011C88 000000412888 0 SetSecurityDescriptorDacl
000000011CA4 0000004128A4 0 SetServiceStatus
000000011CB8 0000004128B8 0 ConvertStringSecurityDescriptorToSecurityDescriptorW
000000011CF0 0000004128F0 0 GetSecurityDescriptorSacl
000000011D0C 00000041290C 0 SetSecurityDescriptorSacl
000000011D28 000000412928 0 GetSecurityDescriptorDacl
000000011D42 000000412942 0 ADVAPI32.dll
000000011D52 000000412952 0 ShellExecuteA
000000011D62 000000412962 0 ShellExecuteW
000000011D70 000000412970 0 SHELL32.dll
000000011D7E 00000041297E 0 GetSystemTimeAsFileTime
000000011D98 000000412998 0 IsDebuggerPresent
000000011DAC 0000004129AC 0 IsProcessorFeaturePresent
000000011DC8 0000004129C8 0 EncodePointer
000000011DD8 0000004129D8 0 DecodePointer
000000011DE8 0000004129E8 0 GetLastError
000000011DF8 0000004129F8 0 SetLastError
000000011E08 000000412A08 0 GetCurrentThreadId
000000011E1E 000000412A1E 0 GetModuleHandleExW
000000011E34 000000412A34 0 GetProcAddress
000000011E46 000000412A46 0 MultiByteToWideChar
000000011E5C 000000412A5C 0 WideCharToMultiByte
000000011E72 000000412A72 0 GetProcessHeap
000000011E84 000000412A84 0 GetStdHandle
000000011E94 000000412A94 0 GetFileType
000000011EA2 000000412AA2 0 DeleteCriticalSection
File pos Mem pos ID Text
======== ======= == ====
000000011EBA 000000412ABA 0 GetStartupInfoW
000000011ECC 000000412ACC 0 GetModuleFileNameA
000000011EE2 000000412AE2 0 QueryPerformanceCounter
000000011EFC 000000412AFC 0 GetCurrentProcessId
000000011F12 000000412B12 0 GetEnvironmentStringsW
000000011F2C 000000412B2C 0 FreeEnvironmentStringsW
000000011F46 000000412B46 0 UnhandledExceptionFilter
000000011F62 000000412B62 0 SetUnhandledExceptionFilter
000000011F80 000000412B80 0 InitializeCriticalSectionAndSpinCount
000000011FA8 000000412BA8 0 TlsAlloc
000000011FB4 000000412BB4 0 TlsGetValue
000000011FC2 000000412BC2 0 TlsSetValue
000000011FD0 000000412BD0 0 TlsFree
000000011FDA 000000412BDA 0 GetModuleHandleW
000000011FEE 000000412BEE 0 EnterCriticalSection
000000012006 000000412C06 0 LeaveCriticalSection
00000001201E 000000412C1E 0 GetConsoleCP
00000001202E 000000412C2E 0 GetConsoleMode
000000012040 000000412C40 0 SetFilePointerEx
000000012054 000000412C54 0 IsValidCodePage
000000012066 000000412C66 0 GetACP
000000012070 000000412C70 0 GetOEMCP
00000001207C 000000412C7C 0 GetCPInfo
000000012088 000000412C88 0 HeapFree
000000012094 000000412C94 0 LoadLibraryExW
0000000120A6 000000412CA6 0 RtlUnwind
0000000120B2 000000412CB2 0 OutputDebugStringW
0000000120C8 000000412CC8 0 SetStdHandle
0000000120D8 000000412CD8 0 WriteConsoleW
0000000120E8 000000412CE8 0 GetStringTypeW
0000000120FA 000000412CFA 0 HeapAlloc
000000012106 000000412D06 0 HeapReAlloc
000000012114 000000412D14 0 HeapSize
000000012120 000000412D20 0 LCMapStringW
000000012130 000000412D30 0 FlushFileBuffers
0000000126C2 0000004134C2 0
0000000127A9 0000004135A9 0 abcdefghijklmnopqrstuvwxyz
0000000127C9 0000004135C9 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ
0000000128E2 0000004136E2 0
0000000129C2 0000004137C2 0 abcdefghijklmnopqrstuvwxyz
0000000129E2 0000004137E2 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ
0000000131C6 000000413FC6 0 z?aUY
000000013208 000000414008 0 zc%C1
00000001325B 00000041405B 0 -64OS
000000013463 000000417063 0 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
00000001349C 00000041709C 0 <assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity type="win32" name="consoletest" version="1.0.0.0"></assemblyIdentity><description> my exe </description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS></application></compatibility></assembly>
000000013A08 000000418008 0 A0U0i0~0
000000013A1F 00000041801F 0 1:1Z1
000000013A31 000000418031 0 2+2I2~2
000000013A43 000000418043 0 383W3|3
000000013A51 000000418051 0 4!4-494K4y4
000000013A6B 00000041806B 0 5b5o5
000000013A81 000000418081 0 6+6G6~6
000000013A9B 00000041809B 0 7+7M7W7\7b7j7}7
000000013AC3 0000004180C3 0 7@8P8_8f8l8r8|8
000000013AE3 0000004180E3 0 9 9B9G9N9h9
000000013B2D 00000041812D 0 090?0E0K0Q0W0
000000013B3B 00000041813B 0 0e0l0s0z0
000000013B65 000000418165 0 2F2Q2W2
000000013B6F 00000041816F 0 3*414G4Q4
File pos Mem pos ID Text
======== ======= == ====
000000013B7F 00000041817F 0 5:9}:
000000013B87 000000418187 0 ;$<*<L<R<
000000013B9C 00000041819C 0 m0q0u0y0}0
000000013BB9 0000004181B9 0 2%2T2
000000013BC9 0000004181C9 0 3"3;3E3R3\3r3
000000013BD7 0000004181D7 0 4Q5X5~5
000000013BF1 0000004181F1 0 <1<7<
000000013C1B 00000041821B 0 1Y2_2
000000013C3B 00000041823B 0 4+636<6E6g6
000000013C59 000000418259 0 7"7C7
000000013C65 000000418265 0 8#8)8:8Y8o8y8
000000013C7F 00000041827F 0 8%9,9;9n9
000000013C91 000000418291 0 :,:a:|:
000000013C9D 00000041829D 0 :#;[;n;
000000013CB7 0000004182B7 0 >,>c>o>
000000013CC9 0000004182C9 0 ?@?S?c?
000000013CEB 0000004182EB 0 0'030:0A0\0f0
000000013CFF 0000004182FF 0 191A1F1r1
000000013D19 000000418319 0 2"2'2F2z2
000000013D37 000000418337 0 3"3,323D3V3q3w3
000000013D63 000000418363 0 4 4%4+43484>4F4K4Q4Y4
000000013D79 000000418379 0 4d4l4q4w4
000000013DB5 0000004183B5 0 5"5*5/555=5B5H5P5U5[5c5h5n5v5{5
000000013E05 000000418405 0 6!6&6,64696>6G6L6R6Z6
000000013E1B 00000041841B 0 6n6|6
000000013E35 000000418435 0 8#8:8X8
000000013E3F 00000041843F 0 9$9G9
000000013E55 000000418455 0 :(:3:;:H:R:x:
000000013E6B 00000041846B 0 ;X;l;
000000013E83 000000418483 0 =V>#?R?[?
000000013EB5 0000004184B5 0 4!5>5]5
000000013EBD 0000004184BD 0 6!6<6V6
000000013ECD 0000004184CD 0 8)9?9x9
000000013ED9 0000004184D9 0 :.:5:<:C:[:j:t:
000000013EEF 0000004184EF 0 : ;;;
000000013EFD 0000004184FD 0 =&=Q=
000000013F07 000000418507 0 >#>.>E>_>z>
000000013F1D 00000041851D 0 >4?j?}?
000000013F2D 00000041852D 0 0A0h0
000000013F3B 00000041853B 0 1(2q2
000000013F43 000000418543 0 3 4s4y4
000000013F59 000000418559 0 6 6&6
000000013F5F 00000041855F 0 7(7}7
000000013F73 000000418573 0 7 808a8y8
000000013F87 000000418587 0 8'9-929
000000013FC3 0000004185C3 0 <$<-<
000000013FD9 0000004185D9 0 <O=Y=t=~=
000000013FE3 0000004185E3 0 =&>E>Q>\?
000000013FF9 0000004185F9 0 20262B2R2X2g2n2~2
00000001402D 00000041862D 0 3$3/3r3
000000014053 000000418653 0 617=7d7z7
000000014065 000000418665 0 8Z8c8n8}8
000000014075 000000418675 0 9%979I9[9m9
0000000140AB 0000004186AB 0 0T2[2
0000000140C1 0000004186C1 0 384>4J4
0000000140CF 0000004186CF 0 595b5p5v5
0000000140D9 0000004186D9 0 5S6{6
0000000140DF 0000004186DF 0 658S8l8s8{8
000000014105 000000418705 0 9b9h9l9p9t9
00000001411D 00000041871D 0 :5:_:
File pos Mem pos ID Text
======== ======= == ====
00000001417B 00000041877B 0 0,1i1s1
000000014185 000000418785 0 2=3,42464;4A4E4K4O4U4Y4
00000001419D 00000041879D 0 4d4h4n4r4x4|4
0000000141B1 0000004187B1 0 50686
0000000141B7 0000004187B7 0 7r8~8
0000000141BF 0000004187BF 0 9 9/9
0000000141DD 0000004187DD 0 >-?D?~?
0000000141ED 0000004187ED 0 0f3x3
000000014237 000000418837 0 818W8u8|8
000000014257 000000418857 0 8Z9e9
00000001426F 00000041886F 0 : :$:(:,:0:4:~:
000000014295 000000418895 0 0d1}1
00000001429F 00000041889F 0 1B2~<
0000000142AB 0000004188AB 0 ?*?0?
0000000142B8 0000004188B8 0 p1t1x1|1
0000000142D7 0000004188D7 0 3$3,343<3D3L3T3\3d3l3t3|3
000000014304 000000418904 0 80<0@0D0\<d<l<t<|<
00000001433D 00000041893D 0 =$=,=4=<=D=L=T=\=d=l=t=|=
00000001437D 00000041897D 0 >$>,>4><>D>L>T>\>d>l>t>|>
0000000143BD 0000004189BD 0 ?$?,?4?<?D?L?T?\?d?l?t?|?
000000014407 000000418A07 0 0$0,040<0D0L0T0\0d0l0t0|0
000000014447 000000418A47 0 1$1,141<1D1L1T1\1d1l1t1|1
000000014487 000000418A87 0 2$2,242<2D2L2T2\2d2l2t2|2
0000000144C7 000000418AC7 0 3$3,343<3D3L3T3\3d3l3t3x3
000000014507 000000418B07 0 4 4(40484@4H4P4X4
000000014519 000000418B19 0 4h4p4x4
000000014547 000000418B47 0 5 5(50585@5H5P5X5
000000014559 000000418B59 0 5h5p5x5
000000014587 000000418B87 0 6 6(60686@6H6P6X6
000000014599 000000418B99 0 6h6p6x6
0000000145C7 000000418BC7 0 7 7(70787@7H7P7X7
0000000145D9 000000418BD9 0 7h7p7x7
000000014607 000000418C07 0 8 8(80888@8H8P8X8
000000014619 000000418C19 0 8h8p8x8
000000014647 000000418C47 0 9 9(90989@9H9P9X9
000000014659 000000418C59 0 9h9p9x9
000000014687 000000418C87 0 : :(:0:8:@:H:P:X:
000000014699 000000418C99 0 :h:p:x:
0000000146C5 000000418CC5 0 2$2@2L2h2
0000000146D7 000000418CD7 0 3(3H3d3h3
0000000146ED 000000418CED 0 404P4p4
000000014759 000000418D59 0 : :$:(:,:0:<:@:D:H:L:P:T:X:\:
000000014777 000000418D77 0 :d:h:l:p:t:x:|:
0000000147BF 000000418DBF 0 ;$;4;D;T;t;
0000000147F3 000000418DF3 0 = =$=(=,=8=<=@=D=H=L=P=T=\=
00000000D5B8 00000040E1B8 0 (null)
00000000D6C8 00000040E2C8 0 mscoree.dll
00000000E070 00000040EC70 0 runtime error
00000000E0B0 00000040ECB0 0 Program:
00000000E0C4 00000040ECC4 0 <program name unknown>
00000000E108 00000040ED08 0 Microsoft Visual C++ Runtime Library
00000000E154 00000040ED54 0 kernel32.dll
00000000E447 00000040F047 0 @ja-JP
00000000E454 00000040F054 0 zh-CN
00000000E460 00000040F060 0 ko-KR
00000000E46C 00000040F06C 0 zh-TW
00000000E5DC 00000040F1DC 0 Sunday
00000000E5EC 00000040F1EC 0 Monday
00000000E5FC 00000040F1FC 0 Tuesday
00000000E60C 00000040F20C 0 Wednesday
File pos Mem pos ID Text
======== ======= == ====
00000000E620 00000040F220 0 Thursday
00000000E634 00000040F234 0 Friday
00000000E644 00000040F244 0 Saturday
00000000E6B8 00000040F2B8 0 January
00000000E6C8 00000040F2C8 0 February
00000000E6DC 00000040F2DC 0 March
00000000E6E8 00000040F2E8 0 April
00000000E70C 00000040F30C 0 August
00000000E71C 00000040F31C 0 September
00000000E730 00000040F330 0 October
00000000E740 00000040F340 0 November
00000000E754 00000040F354 0 December
00000000E778 00000040F378 0 MM/dd/yy
00000000E78C 00000040F38C 0 dddd, MMMM dd, yyyy
00000000E7B4 00000040F3B4 0 HH:mm:ss
00000000E7C8 00000040F3C8 0 en-US
00000000E7D4 00000040F3D4 0 USER32.DLL
00000000FEB0 000000410AB0 0 zh-CHS
0000000100B4 000000410CB4 0 ar-SA
0000000100C0 000000410CC0 0 bg-BG
0000000100CC 000000410CCC 0 ca-ES
0000000100D8 000000410CD8 0 cs-CZ
0000000100E4 000000410CE4 0 da-DK
0000000100F0 000000410CF0 0 de-DE
0000000100FC 000000410CFC 0 el-GR
000000010108 000000410D08 0 fi-FI
000000010114 000000410D14 0 fr-FR
000000010120 000000410D20 0 he-IL
00000001012C 000000410D2C 0 hu-HU
000000010138 000000410D38 0 is-IS
000000010144 000000410D44 0 it-IT
000000010150 000000410D50 0 nl-NL
00000001015C 000000410D5C 0 nb-NO
000000010168 000000410D68 0 pl-PL
000000010174 000000410D74 0 pt-BR
000000010180 000000410D80 0 ro-RO
00000001018C 000000410D8C 0 ru-RU
000000010198 000000410D98 0 hr-HR
0000000101A4 000000410DA4 0 sk-SK
0000000101B0 000000410DB0 0 sq-AL
0000000101BC 000000410DBC 0 sv-SE
0000000101C8 000000410DC8 0 th-TH
0000000101D4 000000410DD4 0 tr-TR
0000000101E0 000000410DE0 0 ur-PK
0000000101EC 000000410DEC 0 id-ID
0000000101F8 000000410DF8 0 uk-UA
000000010204 000000410E04 0 be-BY
000000010210 000000410E10 0 sl-SI
00000001021C 000000410E1C 0 et-EE
000000010228 000000410E28 0 lv-LV
000000010234 000000410E34 0 lt-LT
000000010240 000000410E40 0 fa-IR
00000001024C 000000410E4C 0 vi-VN
000000010258 000000410E58 0 hy-AM
000000010264 000000410E64 0 az-AZ-Latn
00000001027C 000000410E7C 0 eu-ES
000000010288 000000410E88 0 mk-MK
000000010294 000000410E94 0 tn-ZA
0000000102A0 000000410EA0 0 xh-ZA
0000000102AC 000000410EAC 0 zu-ZA
File pos Mem pos ID Text
======== ======= == ====
0000000102B8 000000410EB8 0 af-ZA
0000000102C4 000000410EC4 0 ka-GE
0000000102D0 000000410ED0 0 fo-FO
0000000102DC 000000410EDC 0 hi-IN
0000000102E8 000000410EE8 0 mt-MT
0000000102F4 000000410EF4 0 se-NO
000000010300 000000410F00 0 ms-MY
00000001030C 000000410F0C 0 kk-KZ
000000010318 000000410F18 0 ky-KG
000000010324 000000410F24 0 sw-KE
000000010330 000000410F30 0 uz-UZ-Latn
000000010348 000000410F48 0 tt-RU
000000010354 000000410F54 0 bn-IN
000000010360 000000410F60 0 pa-IN
00000001036C 000000410F6C 0 gu-IN
000000010378 000000410F78 0 ta-IN
000000010384 000000410F84 0 te-IN
000000010390 000000410F90 0 kn-IN
00000001039C 000000410F9C 0 ml-IN
0000000103A8 000000410FA8 0 mr-IN
0000000103B4 000000410FB4 0 sa-IN
0000000103C0 000000410FC0 0 mn-MN
0000000103CC 000000410FCC 0 cy-GB
0000000103D8 000000410FD8 0 gl-ES
0000000103E4 000000410FE4 0 kok-IN
0000000103F4 000000410FF4 0 syr-SY
000000010404 000000411004 0 div-MV
000000010414 000000411014 0 quz-BO
000000010424 000000411024 0 ns-ZA
000000010430 000000411030 0 mi-NZ
00000001043C 00000041103C 0 ar-IQ
000000010448 000000411048 0 de-CH
000000010454 000000411054 0 en-GB
000000010460 000000411060 0 es-MX
00000001046C 00000041106C 0 fr-BE
000000010478 000000411078 0 it-CH
000000010484 000000411084 0 nl-BE
000000010490 000000411090 0 nn-NO
00000001049C 00000041109C 0 pt-PT
0000000104A8 0000004110A8 0 sr-SP-Latn
0000000104C0 0000004110C0 0 sv-FI
0000000104CC 0000004110CC 0 az-AZ-Cyrl
0000000104E4 0000004110E4 0 se-SE
0000000104F0 0000004110F0 0 ms-BN
0000000104FC 0000004110FC 0 uz-UZ-Cyrl
000000010514 000000411114 0 quz-EC
000000010524 000000411124 0 ar-EG
000000010530 000000411130 0 zh-HK
00000001053C 00000041113C 0 de-AT
000000010548 000000411148 0 en-AU
000000010554 000000411154 0 es-ES
000000010560 000000411160 0 fr-CA
00000001056C 00000041116C 0 sr-SP-Cyrl
000000010584 000000411184 0 se-FI
000000010590 000000411190 0 quz-PE
0000000105A0 0000004111A0 0 ar-LY
0000000105AC 0000004111AC 0 zh-SG
0000000105B8 0000004111B8 0 de-LU
0000000105C4 0000004111C4 0 en-CA
0000000105D0 0000004111D0 0 es-GT
File pos Mem pos ID Text
======== ======= == ====
0000000105DC 0000004111DC 0 fr-CH
0000000105E8 0000004111E8 0 hr-BA
0000000105F4 0000004111F4 0 smj-NO
000000010604 000000411204 0 ar-DZ
000000010610 000000411210 0 zh-MO
00000001061C 00000041121C 0 de-LI
000000010628 000000411228 0 en-NZ
000000010634 000000411234 0 es-CR
000000010640 000000411240 0 fr-LU
00000001064C 00000041124C 0 bs-BA-Latn
000000010664 000000411264 0 smj-SE
000000010674 000000411274 0 ar-MA
000000010680 000000411280 0 en-IE
00000001068C 00000041128C 0 es-PA
000000010698 000000411298 0 fr-MC
0000000106A4 0000004112A4 0 sr-BA-Latn
0000000106BC 0000004112BC 0 sma-NO
0000000106CC 0000004112CC 0 ar-TN
0000000106D8 0000004112D8 0 en-ZA
0000000106E4 0000004112E4 0 es-DO
0000000106F0 0000004112F0 0 sr-BA-Cyrl
000000010708 000000411308 0 sma-SE
000000010718 000000411318 0 ar-OM
000000010724 000000411324 0 en-JM
000000010730 000000411330 0 es-VE
00000001073C 00000041133C 0 sms-FI
00000001074C 00000041134C 0 ar-YE
000000010758 000000411358 0 en-CB
000000010764 000000411364 0 es-CO
000000010770 000000411370 0 smn-FI
000000010780 000000411380 0 ar-SY
00000001078C 00000041138C 0 en-BZ
000000010798 000000411398 0 es-PE
0000000107A4 0000004113A4 0 ar-JO
0000000107B0 0000004113B0 0 en-TT
0000000107BC 0000004113BC 0 es-AR
0000000107C8 0000004113C8 0 ar-LB
0000000107D4 0000004113D4 0 en-ZW
0000000107E0 0000004113E0 0 es-EC
0000000107EC 0000004113EC 0 ar-KW
0000000107F8 0000004113F8 0 en-PH
000000010804 000000411404 0 es-CL
000000010810 000000411410 0 ar-AE
00000001081C 00000041141C 0 es-UY
000000010828 000000411428 0 ar-BH
000000010834 000000411434 0 es-PY
000000010840 000000411440 0 ar-QA
00000001084C 00000041144C 0 es-BO
000000010858 000000411458 0 es-SV
000000010864 000000411464 0 es-HN
000000010870 000000411470 0 es-NI
00000001087C 00000041147C 0 es-PR
000000010888 000000411488 0 zh-CHT
0000000108A0 0000004114A0 0 af-za
0000000108AC 0000004114AC 0 ar-ae
0000000108B8 0000004114B8 0 ar-bh
0000000108C4 0000004114C4 0 ar-dz
0000000108D0 0000004114D0 0 ar-eg
0000000108DC 0000004114DC 0 ar-iq
0000000108E8 0000004114E8 0 ar-jo
File pos Mem pos ID Text
======== ======= == ====
0000000108F4 0000004114F4 0 ar-kw
000000010900 000000411500 0 ar-lb
00000001090C 00000041150C 0 ar-ly
000000010918 000000411518 0 ar-ma
000000010924 000000411524 0 ar-om
000000010930 000000411530 0 ar-qa
00000001093C 00000041153C 0 ar-sa
000000010948 000000411548 0 ar-sy
000000010954 000000411554 0 ar-tn
000000010960 000000411560 0 ar-ye
00000001096C 00000041156C 0 az-az-cyrl
000000010984 000000411584 0 az-az-latn
00000001099C 00000041159C 0 be-by
0000000109A8 0000004115A8 0 bg-bg
0000000109B4 0000004115B4 0 bn-in
0000000109C0 0000004115C0 0 bs-ba-latn
0000000109D8 0000004115D8 0 ca-es
0000000109E4 0000004115E4 0 cs-cz
0000000109F0 0000004115F0 0 cy-gb
0000000109FC 0000004115FC 0 da-dk
000000010A08 000000411608 0 de-at
000000010A14 000000411614 0 de-ch
000000010A20 000000411620 0 de-de
000000010A2C 00000041162C 0 de-li
000000010A38 000000411638 0 de-lu
000000010A44 000000411644 0 div-mv
000000010A54 000000411654 0 el-gr
000000010A60 000000411660 0 en-au
000000010A6C 00000041166C 0 en-bz
000000010A78 000000411678 0 en-ca
000000010A84 000000411684 0 en-cb
000000010A90 000000411690 0 en-gb
000000010A9C 00000041169C 0 en-ie
000000010AA8 0000004116A8 0 en-jm
000000010AB4 0000004116B4 0 en-nz
000000010AC0 0000004116C0 0 en-ph
000000010ACC 0000004116CC 0 en-tt
000000010AD8 0000004116D8 0 en-us
000000010AE4 0000004116E4 0 en-za
000000010AF0 0000004116F0 0 en-zw
000000010AFC 0000004116FC 0 es-ar
000000010B08 000000411708 0 es-bo
000000010B14 000000411714 0 es-cl
000000010B20 000000411720 0 es-co
000000010B2C 00000041172C 0 es-cr
000000010B38 000000411738 0 es-do
000000010B44 000000411744 0 es-ec
000000010B50 000000411750 0 es-es
000000010B5C 00000041175C 0 es-gt
000000010B68 000000411768 0 es-hn
000000010B74 000000411774 0 es-mx
000000010B80 000000411780 0 es-ni
000000010B8C 00000041178C 0 es-pa
000000010B98 000000411798 0 es-pe
000000010BA4 0000004117A4 0 es-pr
000000010BB0 0000004117B0 0 es-py
000000010BBC 0000004117BC 0 es-sv
000000010BC8 0000004117C8 0 es-uy
000000010BD4 0000004117D4 0 es-ve
000000010BE0 0000004117E0 0 et-ee
File pos Mem pos ID Text
======== ======= == ====
000000010BEC 0000004117EC 0 eu-es
000000010BF8 0000004117F8 0 fa-ir
000000010C04 000000411804 0 fi-fi
000000010C10 000000411810 0 fo-fo
000000010C1C 00000041181C 0 fr-be
000000010C28 000000411828 0 fr-ca
000000010C34 000000411834 0 fr-ch
000000010C40 000000411840 0 fr-fr
000000010C4C 00000041184C 0 fr-lu
000000010C58 000000411858 0 fr-mc
000000010C64 000000411864 0 gl-es
000000010C70 000000411870 0 gu-in
000000010C7C 00000041187C 0 he-il
000000010C88 000000411888 0 hi-in
000000010C94 000000411894 0 hr-ba
000000010CA0 0000004118A0 0 hr-hr
000000010CAC 0000004118AC 0 hu-hu
000000010CB8 0000004118B8 0 hy-am
000000010CC4 0000004118C4 0 id-id
000000010CD0 0000004118D0 0 is-is
000000010CDC 0000004118DC 0 it-ch
000000010CE8 0000004118E8 0 it-it
000000010CF4 0000004118F4 0 ja-jp
000000010D00 000000411900 0 ka-ge
000000010D0C 00000041190C 0 kk-kz
000000010D18 000000411918 0 kn-in
000000010D24 000000411924 0 kok-in
000000010D34 000000411934 0 ko-kr
000000010D40 000000411940 0 ky-kg
000000010D4C 00000041194C 0 lt-lt
000000010D58 000000411958 0 lv-lv
000000010D64 000000411964 0 mi-nz
000000010D70 000000411970 0 mk-mk
000000010D7C 00000041197C 0 ml-in
000000010D88 000000411988 0 mn-mn
000000010D94 000000411994 0 mr-in
000000010DA0 0000004119A0 0 ms-bn
000000010DAC 0000004119AC 0 ms-my
000000010DB8 0000004119B8 0 mt-mt
000000010DC4 0000004119C4 0 nb-no
000000010DD0 0000004119D0 0 nl-be
000000010DDC 0000004119DC 0 nl-nl
000000010DE8 0000004119E8 0 nn-no
000000010DF4 0000004119F4 0 ns-za
000000010E00 000000411A00 0 pa-in
000000010E0C 000000411A0C 0 pl-pl
000000010E18 000000411A18 0 pt-br
000000010E24 000000411A24 0 pt-pt
000000010E30 000000411A30 0 quz-bo
000000010E40 000000411A40 0 quz-ec
000000010E50 000000411A50 0 quz-pe
000000010E60 000000411A60 0 ro-ro
000000010E6C 000000411A6C 0 ru-ru
000000010E78 000000411A78 0 sa-in
000000010E84 000000411A84 0 se-fi
000000010E90 000000411A90 0 se-no
000000010E9C 000000411A9C 0 se-se
000000010EA8 000000411AA8 0 sk-sk
000000010EB4 000000411AB4 0 sl-si
000000010EC0 000000411AC0 0 sma-no
File pos Mem pos ID Text
======== ======= == ====
000000010ED0 000000411AD0 0 sma-se
000000010EE0 000000411AE0 0 smj-no
000000010EF0 000000411AF0 0 smj-se
000000010F00 000000411B00 0 smn-fi
000000010F10 000000411B10 0 sms-fi
000000010F20 000000411B20 0 sq-al
000000010F2C 000000411B2C 0 sr-ba-cyrl
000000010F44 000000411B44 0 sr-ba-latn
000000010F5C 000000411B5C 0 sr-sp-cyrl
000000010F74 000000411B74 0 sr-sp-latn
000000010F8C 000000411B8C 0 sv-fi
000000010F98 000000411B98 0 sv-se
000000010FA4 000000411BA4 0 sw-ke
000000010FB0 000000411BB0 0 syr-sy
000000010FC0 000000411BC0 0 ta-in
000000010FCC 000000411BCC 0 te-in
000000010FD8 000000411BD8 0 th-th
000000010FE4 000000411BE4 0 tn-za
000000010FF0 000000411BF0 0 tr-tr
000000010FFC 000000411BFC 0 tt-ru
000000011008 000000411C08 0 uk-ua
000000011014 000000411C14 0 ur-pk
000000011020 000000411C20 0 uz-uz-cyrl
000000011038 000000411C38 0 uz-uz-latn
000000011050 000000411C50 0 vi-vn
00000001105C 000000411C5C 0 xh-za
000000011068 000000411C68 0 zh-chs
000000011078 000000411C78 0 zh-cht
000000011088 000000411C88 0 zh-cn
000000011094 000000411C94 0 zh-hk
0000000110A0 000000411CA0 0 zh-mo
0000000110AC 000000411CAC 0 zh-sg
0000000110B8 000000411CB8 0 zh-tw
0000000110C4 000000411CC4 0 zu-za
0000000110D0 000000411CD0 0 CONOUT$
0000000111F0 000000411DF0 0 ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "%s" /t REG_SZ /d "%s"
0000000112AC 000000411EAC 0 Global\%08X%08X
0000000112D0 000000411ED0 0 S:(ML;;NW;;;LW)D:(A;;0x1FFFFF;;;WD)(A;;0x1FFFFF;;;S-1-15-2-1)
00000001134C 000000411F4C 0 D:(A;;0x1FFFFF;;;WD)
000000011378 000000411F78 0 %s\%d%d%d.bat
0000000113B4 000000411FB4 0 /c "%s"
0000000113C4 000000411FC4 0 ComSpec
0000000113F8 000000411FF8 0 %s\rtkdrv2.exe
000000011418 000000412018 0 %s\updatea.bin
000000011438 000000412038 0 %s\updatea2.bin
000000011458 000000412058 0 rtksys2.exe
000000011494 000000412094 0 RtkDrv
0000000114C7 0000004120C7 0 lcreate "Realtek Audio Driver2" binPath= "%s" start= auto