| / Chip 2007 January, February, March & April
/ Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / AntyRootkity / RootkitRevealer 1.70 / RootkitRevealer.exe / 26 / 177
|
| Microsoft Windows Dynamic Link Library | 2006-02-01 | 7.5 KB |
MacOS 8.1
|
Win98
|
DOS
view JSON data
|
view as text| Confidence | Program | Detection | Match Type | Support |
|---|---|---|---|---|
| 100% | dexvert | Microsoft Windows Dynamic Link Library (executable/dll) | magic | Supported |
| 100% | dexvert | MS-DOS/Windows or OS/2 Executable (executable/exe) | magic | Supported |
| 100% | file | PE32 executable for MS Windows 4.00 (native), Intel i386, 5 sections | default | |
| 99% | file | data | default | |
| 34% | TrID | Win32 Dynamic Link Library (generic) | default | |
| 23% | TrID | Win32 Executable (generic) | default | |
| 10% | TrID | Windows Icons Library (generic) | default (weak) | |
| 10% | TrID | OS/2 Executable (generic) | default | |
| 10% | TrID | Generic Win/DOS Executable | default | |
| 100% | siegfried | fmt/899 Windows Portable Executable (32 bit) | default | |
| 100% | gt2 | Ist eine ausf�hrbare Win32 Datei | default | |
| 100% | binwalkID | Microsoft executable, portable (PE) | default | |
| 100% | xdgMime | application/vnd.microsoft.portable-executable | default (weak) |
+--------+-------------------------+-------------------------+--------+--------+
|00000000| 4d 5a 90 00 03 00 00 00 | 04 00 00 00 ff ff 00 00 |MZ......|........|
|00000010| b8 00 00 00 00 00 00 00 | 40 00 00 00 00 00 00 00 |........|@.......|
|00000020| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000030| 00 00 00 00 00 00 00 00 | 00 00 00 00 c0 00 00 00 |........|........|
|00000040| 0e 1f ba 0e 00 b4 09 cd | 21 b8 01 4c cd 21 54 68 |........|!..L.!Th|
|00000050| 69 73 20 70 72 6f 67 72 | 61 6d 20 63 61 6e 6e 6f |is progr|am canno|
|00000060| 74 20 62 65 20 72 75 6e | 20 69 6e 20 44 4f 53 20 |t be run| in DOS |
|00000070| 6d 6f 64 65 2e 0d 0d 0a | 24 00 00 00 00 00 00 00 |mode....|$.......|
|00000080| 5f ef 01 db 1b 8e 6f 88 | 1b 8e 6f 88 1b 8e 6f 88 |_.....o.|..o...o.|
|00000090| 1b 8e 6f 88 05 8e 6f 88 | dc 88 69 88 1a 8e 6f 88 |..o...o.|..i...o.|
|000000a0| 2d a8 65 88 1a 8e 6f 88 | 52 69 63 68 1b 8e 6f 88 |-.e...o.|Rich..o.|
|000000b0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000000c0| 50 45 00 00 4c 01 05 00 | 29 83 b8 42 40 10 00 00 |PE..L...|)..B@...|
|000000d0| 54 00 00 00 e0 00 06 01 | 0b 01 06 00 20 09 00 00 |T.......|.... ...|
|000000e0| 80 04 00 00 00 00 00 00 | 8a 06 00 00 80 02 00 00 |........|........|
|000000f0| 60 09 00 00 00 00 00 08 | 20 00 00 00 20 00 00 00 |`.......| ... ...|
|00000100| 04 00 00 00 04 00 00 00 | 04 00 00 00 00 00 00 00 |........|........|
|00000110| 20 10 00 00 80 02 00 00 | 98 82 00 00 01 00 00 00 | .......|........|
|00000120| 00 00 10 00 00 10 00 00 | 00 00 10 00 00 10 00 00 |........|........|
|00000130| 00 00 00 00 10 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000140| 80 09 00 00 28 00 00 00 | c0 0b 00 00 c0 03 00 00 |....(...|........|
|00000150| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000160| 80 0f 00 00 58 00 00 00 | e0 02 00 00 54 00 00 00 |....X...|....T...|
|00000170| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000180| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000190| 00 00 00 00 00 00 00 00 | 80 02 00 00 58 00 00 00 |........|....X...|
|000001a0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000001b0| 00 00 00 00 00 00 00 00 | 2e 74 65 78 74 00 00 00 |........|.text...|
|000001c0| dc 06 00 00 80 02 00 00 | e0 06 00 00 80 02 00 00 |........|........|
|000001d0| 00 00 00 00 00 00 00 00 | 00 00 00 00 20 00 00 68 |........|.... ..h|
|000001e0| 2e 64 61 74 61 00 00 00 | 04 00 00 00 60 09 00 00 |.data...|....`...|
|000001f0| 20 00 00 00 60 09 00 00 | 00 00 00 00 00 00 00 00 | ...`...|........|
|00000200| 00 00 00 00 40 00 00 c8 | 49 4e 49 54 00 00 00 00 |....@...|INIT....|
|00000210| 30 02 00 00 80 09 00 00 | 40 02 00 00 80 09 00 00 |0.......|@.......|
|00000220| 00 00 00 00 00 00 00 00 | 00 00 00 00 20 00 00 e2 |........|.... ...|
|00000230| 2e 72 73 72 63 00 00 00 | c0 03 00 00 c0 0b 00 00 |.rsrc...|........|
|00000240| c0 03 00 00 c0 0b 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000250| 00 00 00 00 40 00 00 42 | 2e 72 65 6c 6f 63 00 00 |....@..B|.reloc..|
|00000260| 94 00 00 00 80 0f 00 00 | a0 00 00 00 80 0f 00 00 |........|........|
|00000270| 00 00 00 00 00 00 00 00 | 00 00 00 00 40 00 00 42 |........|....@..B|
|00000280| 1e 0a 00 00 2a 0a 00 00 | 3c 0a 00 00 52 0a 00 00 |....*...|<...R...|
|00000290| 6c 0a 00 00 78 0a 00 00 | 90 0a 00 00 a6 0a 00 00 |l...x...|........|
|000002a0| b0 0a 00 00 10 0a 00 00 | e0 0a 00 00 f4 0a 00 00 |........|........|
|000002b0| 08 0b 00 00 22 0b 00 00 | 34 0b 00 00 4c 0b 00 00 |...."...|4...L...|
|000002c0| 64 0b 00 00 76 0b 00 00 | 9c 0b 00 00 c6 0a 00 00 |d...v...|........|
|000002d0| 00 0a 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000002e0| 00 00 00 00 28 83 b8 42 | 00 00 00 00 01 00 00 00 |....(..B|........|
|000002f0| 52 0c 00 00 00 00 00 00 | 20 10 00 00 00 00 00 00 |R.......| .......|
|00000300| 28 83 b8 42 00 00 00 00 | 04 00 00 00 10 01 00 00 |(..B....|........|
|00000310| 00 00 00 00 74 1c 00 00 | 00 00 00 00 28 83 b8 42 |....t...|....(..B|
|00000320| 00 00 00 00 03 00 00 00 | 70 00 00 00 00 00 00 00 |........|p.......|
|00000330| 84 1d 00 00 00 00 00 00 | ff ff ff ff 1f 04 00 08 |........|........|
|00000340| 23 04 00 08 55 8b ec 8b | 45 08 8b 00 83 e8 00 74 |#...U...|E......t|
|00000350| 32 48 74 28 48 74 1e 48 | 74 14 48 74 0a 48 75 30 |2Ht(Ht.H|t.Ht.Hu0|
|00000360| a1 8c 02 00 08 eb 21 a1 | 88 02 00 08 eb 1a a1 84 |......!.|........|
|00000370| 02 00 08 eb 13 a1 80 02 | 00 08 eb 0c a1 a4 02 00 |........|........|
|00000380| 08 eb 05 a1 d0 02 00 08 | 8b 4d 0c 8b 40 01 89 01 |........|.M..@...|
|00000390| 8b 45 10 c7 00 04 00 00 | 00 33 c0 5d c2 0c 00 cc |.E......|.3.]....|
|000003a0| 55 8b ec 6a ff 68 38 03 | 00 08 68 8c 08 00 08 64 |U..j.h8.|..h....d|
|000003b0| a1 00 00 00 00 50 64 89 | 25 00 00 00 00 83 ec 2c |.....Pd.|%......,|
|000003c0| 53 56 57 89 65 e8 33 ff | 89 7d fc 8b 75 08 8d 46 |SVW.e.3.|.}..u..F|
|000003d0| 04 50 8d 45 c8 50 ff 15 | 94 02 00 08 c7 45 d0 18 |.P.E.P..|.....E..|
|000003e0| 00 00 00 8b 06 89 45 d4 | c7 45 dc 40 00 00 00 8d |......E.|.E.@....|
|000003f0| 45 c8 89 45 d8 89 7d e0 | 89 7d e4 8d 45 d0 50 68 |E..E..}.|.}..E.Ph|
|00000400| 19 00 02 00 ff 75 0c ff | 15 90 02 00 08 89 45 c4 |.....u..|......E.|
|00000410| 3b c7 7c 17 8b 4d 10 c7 | 01 04 00 00 00 eb 0c 6a |;.|..M..|.......j|
|00000420| 01 58 c3 8b 65 e8 b8 0d | 00 00 c0 83 4d fc ff 8b |.X..e...|....M...|
|00000430| 4d f0 64 89 0d 00 00 00 | 00 5f 5e 5b c9 c2 0c 00 |M.d.....|._^[....|
|00000440| 53 79 73 74 65 6d 00 56 | 57 ff 15 98 02 00 08 8b |System.V|W.......|
|00000450| f8 33 f6 8d 04 3e 6a 06 | 50 68 40 04 00 08 ff 15 |.3...>j.|Ph@.....|
|00000460| 9c 02 00 08 83 c4 0c 85 | c0 74 0e 46 81 fe 00 30 |........|.t.F...0|
|00000470| 00 00 72 df 33 c0 5f 5e | c3 8b c6 eb f9 cc 55 8b |..r.3._^|......U.|
|00000480| ec 56 8b 75 24 83 26 00 | 83 66 04 00 81 7d 20 00 |.V.u$.&.|.f...} .|
|00000490| 00 00 84 8d 46 04 74 1f | 81 7d 20 04 00 00 84 74 |....F.t.|.} ....t|
|000004a0| 08 c7 06 af 00 00 c0 eb | 1c 50 ff 75 18 ff 75 10 |........|.P.u..u.|
|000004b0| e8 8f fe ff ff eb 0c 50 | ff 75 18 ff 75 10 e8 dd |.......P|.u..u...|
|000004c0| fe ff ff 89 06 8b 06 5e | 5d c2 24 00 55 8b ec 83 |.......^|].$.U...|
|000004d0| ec 28 53 56 8b 75 0c 83 | 65 fc 00 57 8b 46 60 83 |.(SV.u..|e..W.F`.|
|000004e0| 66 1c 00 8b 4e 0c 8a 10 | 8b 78 08 8b 58 04 84 d2 |f...N...|.x..X...|
|000004f0| 74 2b 80 fa 0e 74 09 c7 | 45 fc 10 00 00 c0 eb 6a |t+...t..|E......j|
|00000500| ff 75 08 8d 56 18 52 ff | 70 0c 53 51 57 51 6a 01 |.u..V.R.|p.SQWQj.|
|00000510| ff 70 18 e8 66 ff ff ff | 89 45 fc eb 4d 6a 01 58 |.p..f...|.E..Mj.X|
|00000520| 89 45 d8 89 45 dc b8 14 | 00 00 00 99 83 65 e8 00 |.E..E...|.....e..|
|00000530| 89 45 e0 8d 45 ec 89 55 | e4 50 ff 15 b0 02 00 08 |.E..E..U|.P......|
|00000540| ff 15 ac 02 00 08 50 8d | 45 ec 50 8d 45 d8 50 ff |......P.|E.P.E.P.|
|00000550| 15 a8 02 00 08 84 c0 75 | 07 c7 45 fc 22 00 00 c0 |.......u|..E."...|
|00000560| 8d 45 ec 50 ff 15 cc 02 | 00 08 8b 7d fc 32 d2 8b |.E.P....|...}.2..|
|00000570| ce 89 7e 18 ff 15 a0 02 | 00 08 8b c7 5f 5e 5b c9 |..~.....|...._^[.|
|00000580| c2 08 00 cc 5c 00 44 00 | 6f 00 73 00 44 00 65 00 |....\.D.|o.s.D.e.|
|00000590| 76 00 69 00 63 00 65 00 | 73 00 5c 00 52 00 6b 00 |v.i.c.e.|s.\.R.k.|
|000005a0| 72 00 65 00 76 00 65 00 | 61 00 6c 00 31 00 35 00 |r.e.v.e.|a.l.1.5.|
|000005b0| 30 00 00 00 55 8b ec 83 | ec 38 56 57 6a 0c 8d 45 |0...U...|.8VWj..E|
|000005c0| c8 59 be 84 05 00 08 50 | 8d 7d c8 8d 45 f8 f3 a5 |.Y.....P|.}..E...|
|000005d0| 50 ff 15 94 02 00 08 8d | 45 f8 50 ff 15 b8 02 00 |P.......|E.P.....|
|000005e0| 08 8b 45 08 ff 70 04 ff | 15 b4 02 00 08 5f 5e c9 |..E..p..|....._^.|
|000005f0| c2 04 00 cc 5c 00 44 00 | 65 00 76 00 69 00 63 00 |....\.D.|e.v.i.c.|
|00000600| 65 00 5c 00 52 00 6b 00 | 52 00 65 00 76 00 65 00 |e.\.R.k.|R.e.v.e.|
|00000610| 61 00 6c 00 31 00 35 00 | 30 00 00 00 5c 00 44 00 |a.l.1.5.|0...\.D.|
|00000620| 6f 00 73 00 44 00 65 00 | 76 00 69 00 63 00 65 00 |o.s.D.e.|v.i.c.e.|
|00000630| 73 00 5c 00 52 00 6b 00 | 52 00 65 00 76 00 65 00 |s.\.R.k.|R.e.v.e.|
|00000640| 61 00 6c 00 31 00 35 00 | 30 00 00 00 5c 00 44 00 |a.l.1.5.|0...\.D.|
|00000650| 6f 00 73 00 44 00 65 00 | 76 00 69 00 63 00 65 00 |o.s.D.e.|v.i.c.e.|
|00000660| 73 00 5c 00 47 00 6c 00 | 6f 00 62 00 61 00 6c 00 |s.\.G.l.|o.b.a.l.|
|00000670| 5c 00 52 00 6b 00 52 00 | 65 00 76 00 65 00 61 00 |\.R.k.R.|e.v.e.a.|
|00000680| 6c 00 31 00 35 00 30 00 | 00 00 55 8b ec 81 ec b4 |l.1.5.0.|..U.....|
|00000690| 00 00 00 53 56 57 6a 0a | 59 be f4 05 00 08 8d 7d |...SVWj.|Y......}|
|000006a0| bc 6a 0c f3 a5 59 be 1c | 06 00 08 8d 7d 8c 6a 0f |.j...Y..|....}.j.|
|000006b0| f3 a5 59 be 4c 06 00 08 | 8d bd 4c ff ff ff 83 7d |..Y.L...|..L....}|
|000006c0| 0c 00 f3 a5 66 a5 bb cc | 04 00 08 75 2f 68 44 64 |....f...|...u/hDd|
|000006d0| 6b 20 68 50 01 00 00 6a | 00 ff 15 c4 02 00 08 8b |k hP...j|........|
|000006e0| f0 6a 54 59 33 c0 8b fe | 81 c6 a8 00 00 00 f3 ab |.jTY3...|........|
|000006f0| 6a 1c 8d 7e 38 59 8b c3 | f3 ab eb 03 8b 75 08 8b |j..~8Y..|.....u..|
|00000700| 3d 94 02 00 08 8d 45 bc | 50 8d 45 f4 50 ff d7 8d |=.....E.|P.E.P...|
|00000710| 45 fc 50 6a 01 6a 00 8d | 45 f4 68 00 84 00 00 50 |E.Pj.j..|E.h....P|
|00000720| 6a 00 56 ff 15 c0 02 00 | 08 85 c0 89 45 08 7c 6e |j.V.....|....E.|n|
|00000730| 8b 45 fc 80 60 1c 7f 8d | 45 8c 50 8d 45 ec 50 ff |.E..`...|E.P.E.P.|
|00000740| d7 83 7d 0c 00 75 30 8d | 85 4c ff ff ff 50 8d 45 |..}..u0.|.L...P.E|
|00000750| e4 50 ff d7 8b 3d bc 02 | 00 08 8d 45 f4 50 8d 45 |.P...=..|...E.P.E|
|00000760| e4 50 ff d7 85 c0 89 45 | 08 7d 1d 8d 45 f4 50 8d |.P.....E|.}..E.P.|
|00000770| 45 ec 50 ff d7 eb 0e 8d | 45 f4 50 8d 45 ec 50 ff |E.P.....|E.P.E.P.|
|00000780| 15 bc 02 00 08 89 45 08 | 83 7d 08 00 89 5e 70 89 |......E.|.}...^p.|
|00000790| 5e 40 89 5e 38 c7 46 34 | b4 05 00 08 7d 11 83 7d |^@.^8.F4|....}..}|
|000007a0| fc 00 74 15 ff 75 fc ff | 15 b4 02 00 08 eb 0a e8 |..t..u..|........|
|000007b0| 93 fc ff ff a3 60 09 00 | 08 8b 45 08 5f 5e 5b c9 |.....`..|..E._^[.|
|000007c0| c2 08 00 cc 55 8b ec 53 | 56 57 55 6a 00 6a 00 68 |....U..S|VWUj.j.h|
|000007d0| dc 07 00 08 ff 75 08 e8 | 7a 01 00 00 5d 5f 5e 5b |.....u..|z...]_^[|
|000007e0| 8b e5 5d c3 8b 4c 24 04 | f7 41 04 06 00 00 00 b8 |..]..L$.|.A......|
|000007f0| 01 00 00 00 74 0f 8b 44 | 24 08 8b 54 24 10 89 02 |....t..D|$..T$...|
|00000800| b8 03 00 00 00 c3 53 56 | 57 8b 44 24 10 50 6a fe |......SV|W.D$.Pj.|
|00000810| 68 e4 07 00 08 64 ff 35 | 00 00 00 00 64 89 25 00 |h....d.5|....d.%.|
|00000820| 00 00 00 8b 44 24 20 8b | 58 08 8b 70 0c 83 fe ff |....D$ .|X..p....|
|00000830| 74 20 3b 74 24 24 74 1a | 8d 34 76 8b 0c b3 89 4c |t ;t$$t.|.4v....L|
|00000840| 24 08 89 48 0c 83 7c b3 | 04 00 75 04 ff 54 b3 08 |$..H..|.|..u..T..|
|00000850| eb d1 64 8f 05 00 00 00 | 00 83 c4 0c 5f 5e 5b c3 |..d.....|...._^[.|
|00000860| 33 c0 64 8b 0d 00 00 00 | 00 81 79 04 e4 07 00 08 |3.d.....|..y.....|
|00000870| 75 10 8b 51 0c 8b 52 0c | 39 51 08 75 05 b8 01 00 |u..Q..R.|9Q.u....|
|00000880| 00 00 c3 cc 56 43 32 30 | 58 43 30 30 55 8b ec 83 |....VC20|XC00U...|
|00000890| ec 08 53 56 57 55 fc 8b | 5d 0c 8b 45 08 f7 40 04 |..SVWU..|]..E..@.|
|000008a0| 06 00 00 00 75 77 89 45 | f8 8b 45 10 89 45 fc 8d |....uw.E|..E..E..|
|000008b0| 45 f8 89 43 fc 8b 73 0c | 8b 7b 08 83 fe ff 74 56 |E..C..s.|.{....tV|
|000008c0| 8d 0c 76 83 7c 8f 04 00 | 74 3a 56 55 8d 6b 10 ff |..v.|...|t:VU.k..|
|000008d0| 54 8f 04 5d 5e 8b 5d 0c | 0b c0 74 28 78 31 8b 7b |T..]^.].|..t(x1.{|
|000008e0| 08 53 e8 dd fe ff ff 83 | c4 04 8d 6b 10 56 53 e8 |.S......|...k.VS.|
|000008f0| 12 ff ff ff 83 c4 08 8d | 0c 76 8b 04 8f 89 43 0c |........|.v....C.|
|00000900| ff 54 8f 08 8b 7b 08 8d | 0c 76 8b 34 8f eb ac b8 |.T...{..|.v.4....|
|00000910| 00 00 00 00 eb 1c b8 01 | 00 00 00 eb 15 55 8d 6b |........|.....U.k|
|00000920| 10 6a ff 53 e8 dd fe ff | ff 83 c4 08 5d b8 01 00 |.j.S....|....]...|
|00000930| 00 00 5d 5f 5e 5b 8b e5 | 5d c3 55 8b 4c 24 08 8b |..]_^[..|].U.L$..|
|00000940| 29 8b 41 1c 50 8b 41 18 | 50 e8 b8 fe ff ff 83 c4 |).A.P.A.|P.......|
|00000950| 08 5d c2 04 00 cc ff 25 | c8 02 00 08 00 00 00 00 |.].....%|........|
|00000960| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000970| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000980| a8 09 00 00 00 00 00 00 | 00 00 00 00 8e 0b 00 00 |........|........|
|00000990| 80 02 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000009a0| 00 00 00 00 00 00 00 00 | 1e 0a 00 00 2a 0a 00 00 |........|....*...|
|000009b0| 3c 0a 00 00 52 0a 00 00 | 6c 0a 00 00 78 0a 00 00 |<...R...|l...x...|
|000009c0| 90 0a 00 00 a6 0a 00 00 | b0 0a 00 00 10 0a 00 00 |........|........|
|000009d0| e0 0a 00 00 f4 0a 00 00 | 08 0b 00 00 22 0b 00 00 |........|...."...|
|000009e0| 34 0b 00 00 4c 0b 00 00 | 64 0b 00 00 76 0b 00 00 |4...L...|d...v...|
|000009f0| 9c 0b 00 00 c6 0a 00 00 | 00 0a 00 00 00 00 00 00 |........|........|
|00000a00| 60 03 5a 77 43 72 65 61 | 74 65 46 69 6c 65 00 00 |`.ZwCrea|teFile..|
|00000a10| 8e 03 5a 77 52 65 61 64 | 46 69 6c 65 00 00 92 03 |..ZwRead|File....|
|00000a20| 5a 77 53 61 76 65 4b 65 | 79 00 62 03 5a 77 43 72 |ZwSaveKe|y.b.ZwCr|
|00000a30| 65 61 74 65 53 65 63 74 | 69 6f 6e 00 74 03 5a 77 |eateSect|ion.t.Zw|
|00000a40| 4d 61 70 56 69 65 77 4f | 66 53 65 63 74 69 6f 6e |MapViewO|fSection|
|00000a50| 00 00 83 03 5a 77 51 75 | 65 72 79 49 6e 66 6f 72 |....ZwQu|eryInfor|
|00000a60| 6d 61 74 69 6f 6e 46 69 | 6c 65 00 00 79 03 5a 77 |mationFi|le..y.Zw|
|00000a70| 4f 70 65 6e 4b 65 79 00 | d0 02 52 74 6c 49 6e 69 |OpenKey.|..RtlIni|
|00000a80| 74 55 6e 69 63 6f 64 65 | 53 74 72 69 6e 67 00 00 |tUnicode|String..|
|00000a90| 0c 01 49 6f 47 65 74 43 | 75 72 72 65 6e 74 50 72 |..IoGetC|urrentPr|
|00000aa0| 6f 63 65 73 73 00 da 03 | 73 74 72 6e 63 6d 70 00 |ocess...|strncmp.|
|00000ab0| 45 01 49 6f 66 43 6f 6d | 70 6c 65 74 65 52 65 71 |E.IofCom|pleteReq|
|00000ac0| 75 65 73 74 00 00 47 03 | 53 65 52 65 6c 65 61 73 |uest..G.|SeReleas|
|00000ad0| 65 53 75 62 6a 65 63 74 | 43 6f 6e 74 65 78 74 00 |eSubject|Context.|
|00000ae0| 40 03 53 65 50 72 69 76 | 69 6c 65 67 65 43 68 65 |@.SePriv|ilegeChe|
|00000af0| 63 6b 00 00 45 00 45 78 | 47 65 74 50 72 65 76 69 |ck..E.Ex|GetPrevi|
|00000b00| 6f 75 73 4d 6f 64 65 00 | 32 03 53 65 43 61 70 74 |ousMode.|2.SeCapt|
|00000b10| 75 72 65 53 75 62 6a 65 | 63 74 43 6f 6e 74 65 78 |ureSubje|ctContex|
|00000b20| 74 00 fb 00 49 6f 44 65 | 6c 65 74 65 44 65 76 69 |t...IoDe|leteDevi|
|00000b30| 63 65 00 00 fc 00 49 6f | 44 65 6c 65 74 65 53 79 |ce....Io|DeleteSy|
|00000b40| 6d 62 6f 6c 69 63 4c 69 | 6e 6b 00 00 f7 00 49 6f |mbolicLi|nk....Io|
|00000b50| 43 72 65 61 74 65 53 79 | 6d 62 6f 6c 69 63 4c 69 |CreateSy|mbolicLi|
|00000b60| 6e 6b 00 00 f3 00 49 6f | 43 72 65 61 74 65 44 65 |nk....Io|CreateDe|
|00000b70| 76 69 63 65 00 00 36 00 | 45 78 41 6c 6c 6f 63 61 |vice..6.|ExAlloca|
|00000b80| 74 65 50 6f 6f 6c 57 69 | 74 68 54 61 67 00 6e 74 |tePoolWi|thTag.nt|
|00000b90| 6f 73 6b 72 6e 6c 2e 65 | 78 65 00 00 18 03 52 74 |oskrnl.e|xe....Rt|
|00000ba0| 6c 55 6e 77 69 6e 64 00 | 48 41 4c 2e 64 6c 6c 00 |lUnwind.|HAL.dll.|
|00000bb0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000bc0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 01 00 |........|........|
|00000bd0| 10 00 00 00 18 00 00 80 | 00 00 00 00 00 00 00 00 |........|........|
|00000be0| 00 00 00 00 00 00 01 00 | 01 00 00 00 30 00 00 80 |........|....0...|
|00000bf0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 01 00 |........|........|
|00000c00| 09 04 00 00 48 00 00 00 | 20 0c 00 00 5c 03 00 00 |....H...| ...\...|
|00000c10| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000c20| 5c 03 34 00 00 00 56 00 | 53 00 5f 00 56 00 45 00 |\.4...V.|S._.V.E.|
|00000c30| 52 00 53 00 49 00 4f 00 | 4e 00 5f 00 49 00 4e 00 |R.S.I.O.|N._.I.N.|
|00000c40| 46 00 4f 00 00 00 00 00 | bd 04 ef fe 00 00 01 00 |F.O.....|........|
|00000c50| 0a 00 01 00 00 00 00 00 | 0a 00 01 00 00 00 00 00 |........|........|
|00000c60| 3f 00 00 00 00 00 00 00 | 04 00 04 00 03 00 00 00 |?.......|........|
|00000c70| 07 00 00 00 00 00 00 00 | 00 00 00 00 ba 02 00 00 |........|........|
|00000c80| 01 00 53 00 74 00 72 00 | 69 00 6e 00 67 00 46 00 |..S.t.r.|i.n.g.F.|
|00000c90| 69 00 6c 00 65 00 49 00 | 6e 00 66 00 6f 00 00 00 |i.l.e.I.|n.f.o...|
|00000ca0| 96 02 00 00 01 00 30 00 | 34 00 30 00 39 00 30 00 |......0.|4.0.9.0.|
|00000cb0| 34 00 42 00 30 00 00 00 | 68 00 24 00 01 00 43 00 |4.B.0...|h.$...C.|
|00000cc0| 6f 00 6d 00 70 00 61 00 | 6e 00 79 00 4e 00 61 00 |o.m.p.a.|n.y.N.a.|
|00000cd0| 6d 00 65 00 00 00 00 00 | 53 00 79 00 73 00 69 00 |m.e.....|S.y.s.i.|
|00000ce0| 6e 00 74 00 65 00 72 00 | 6e 00 61 00 6c 00 73 00 |n.t.e.r.|n.a.l.s.|
|00000cf0| 20 00 2d 00 20 00 77 00 | 77 00 77 00 2e 00 73 00 | .-. .w.|w.w...s.|
|00000d00| 79 00 73 00 69 00 6e 00 | 74 00 65 00 72 00 6e 00 |y.s.i.n.|t.e.r.n.|
|00000d10| 61 00 6c 00 73 00 2e 00 | 63 00 6f 00 6d 00 00 00 |a.l.s...|c.o.m...|
|00000d20| 64 00 1e 00 01 00 46 00 | 69 00 6c 00 65 00 44 00 |d.....F.|i.l.e.D.|
|00000d30| 65 00 73 00 63 00 72 00 | 69 00 70 00 74 00 69 00 |e.s.c.r.|i.p.t.i.|
|00000d40| 6f 00 6e 00 00 00 00 00 | 52 00 6f 00 6f 00 74 00 |o.n.....|R.o.o.t.|
|00000d50| 6b 00 69 00 74 00 52 00 | 65 00 76 00 65 00 61 00 |k.i.t.R.|e.v.e.a.|
|00000d60| 6c 00 65 00 72 00 20 00 | 48 00 65 00 6c 00 70 00 |l.e.r. .|H.e.l.p.|
|00000d70| 65 00 72 00 20 00 44 00 | 72 00 69 00 76 00 65 00 |e.r. .D.|r.i.v.e.|
|00000d80| 72 00 00 00 2a 00 05 00 | 01 00 46 00 69 00 6c 00 |r...*...|..F.i.l.|
|00000d90| 65 00 56 00 65 00 72 00 | 73 00 69 00 6f 00 6e 00 |e.V.e.r.|s.i.o.n.|
|00000da0| 00 00 00 00 31 00 2e 00 | 31 00 30 00 00 00 00 00 |....1...|1.0.....|
|00000db0| 3a 00 0d 00 01 00 49 00 | 6e 00 74 00 65 00 72 00 |:.....I.|n.t.e.r.|
|00000dc0| 6e 00 61 00 6c 00 4e 00 | 61 00 6d 00 65 00 00 00 |n.a.l.N.|a.m.e...|
|00000dd0| 52 00 6b 00 72 00 65 00 | 76 00 65 00 61 00 6c 00 |R.k.r.e.|v.e.a.l.|
|00000de0| 2e 00 73 00 79 00 73 00 | 00 00 00 00 98 00 3a 00 |..s.y.s.|......:.|
|00000df0| 01 00 4c 00 65 00 67 00 | 61 00 6c 00 43 00 6f 00 |..L.e.g.|a.l.C.o.|
|00000e00| 70 00 79 00 72 00 69 00 | 67 00 68 00 74 00 00 00 |p.y.r.i.|g.h.t...|
|00000e10| 43 00 6f 00 70 00 79 00 | 72 00 69 00 67 00 68 00 |C.o.p.y.|r.i.g.h.|
|00000e20| 74 00 20 00 28 00 43 00 | 29 00 20 00 4d 00 2e 00 |t. .(.C.|). .M...|
|00000e30| 20 00 52 00 75 00 73 00 | 73 00 69 00 6e 00 6f 00 | .R.u.s.|s.i.n.o.|
|00000e40| 76 00 69 00 63 00 68 00 | 20 00 61 00 6e 00 64 00 |v.i.c.h.| .a.n.d.|
|00000e50| 20 00 42 00 72 00 79 00 | 63 00 65 00 20 00 43 00 | .B.r.y.|c.e. .C.|
|00000e60| 6f 00 67 00 73 00 77 00 | 65 00 6c 00 6c 00 20 00 |o.g.s.w.|e.l.l. .|
|00000e70| 31 00 39 00 39 00 36 00 | 2d 00 32 00 30 00 30 00 |1.9.9.6.|-.2.0.0.|
|00000e80| 35 00 00 00 42 00 0d 00 | 01 00 4f 00 72 00 69 00 |5...B...|..O.r.i.|
|00000e90| 67 00 69 00 6e 00 61 00 | 6c 00 46 00 69 00 6c 00 |g.i.n.a.|l.F.i.l.|
|00000ea0| 65 00 6e 00 61 00 6d 00 | 65 00 00 00 52 00 6b 00 |e.n.a.m.|e...R.k.|
|00000eb0| 72 00 65 00 76 00 65 00 | 61 00 6c 00 2e 00 53 00 |r.e.v.e.|a.l...S.|
|00000ec0| 79 00 73 00 00 00 00 00 | 40 00 10 00 01 00 50 00 |y.s.....|@.....P.|
|00000ed0| 72 00 6f 00 64 00 75 00 | 63 00 74 00 4e 00 61 00 |r.o.d.u.|c.t.N.a.|
|00000ee0| 6d 00 65 00 00 00 00 00 | 52 00 6f 00 6f 00 74 00 |m.e.....|R.o.o.t.|
|00000ef0| 6b 00 69 00 74 00 52 00 | 65 00 76 00 65 00 61 00 |k.i.t.R.|e.v.e.a.|
|00000f00| 6c 00 65 00 72 00 00 00 | 2e 00 05 00 01 00 50 00 |l.e.r...|......P.|
|00000f10| 72 00 6f 00 64 00 75 00 | 63 00 74 00 56 00 65 00 |r.o.d.u.|c.t.V.e.|
|00000f20| 72 00 73 00 69 00 6f 00 | 6e 00 00 00 31 00 2e 00 |r.s.i.o.|n...1...|
|00000f30| 31 00 30 00 00 00 00 00 | 44 00 00 00 01 00 56 00 |1.0.....|D.....V.|
|00000f40| 61 00 72 00 46 00 69 00 | 6c 00 65 00 49 00 6e 00 |a.r.F.i.|l.e.I.n.|
|00000f50| 66 00 6f 00 00 00 00 00 | 24 00 04 00 00 00 54 00 |f.o.....|$.....T.|
|00000f60| 72 00 61 00 6e 00 73 00 | 6c 00 61 00 74 00 69 00 |r.a.n.s.|l.a.t.i.|
|00000f70| 6f 00 6e 00 00 00 00 00 | 09 04 b0 04 00 00 00 00 |o.n.....|........|
|00000f80| 00 00 00 00 58 00 00 00 | 3c 33 40 33 61 33 68 33 |....X...|<3@3a3h3|
|00000f90| 6f 33 76 33 7d 33 84 33 | a6 33 ab 33 d8 33 09 34 |o3v3}3.3|.3.3.3.4|
|00000fa0| 4b 34 5a 34 60 34 3c 35 | 42 35 51 35 66 35 76 35 |K4Z4`4<5|B5Q5f5v5|
|00000fb0| c3 35 d3 35 dd 35 e9 35 | 9a 36 a7 36 b4 36 c7 36 |.5.5.5.5|.6.6.6.6|
|00000fc0| db 36 01 37 25 37 56 37 | 81 37 98 37 a9 37 b5 37 |.6.7%7V7|.7.7.7.7|
|00000fd0| d0 37 11 38 6c 38 58 39 | 00 00 00 00 00 00 00 00 |.7.8l8X9|........|
|00000fe0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000ff0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001000| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001010| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001020| 54 00 00 00 20 00 00 00 | 00 00 00 00 00 00 00 00 |T... ...|........|
|00001030| 80 02 00 00 a0 0b 00 00 | 60 09 00 00 00 07 00 00 |........|`.......|
|00001040| 40 63 6f 6d 70 2e 69 64 | 00 00 00 00 ff ff 00 00 |@comp.id|........|
|00001050| 03 00 24 54 36 37 36 33 | 00 00 38 03 00 00 01 00 |..$T6763|..8.....|
|00001060| 00 00 03 00 24 53 47 36 | 36 31 32 00 40 04 00 00 |....$SG6|612.@...|
|00001070| 01 00 00 00 03 00 24 53 | 47 36 36 37 37 00 84 05 |......$S|G6677...|
|00001080| 00 00 01 00 00 00 03 00 | 24 53 47 36 36 39 33 00 |........|$SG6693.|
|00001090| 4c 06 00 00 01 00 00 00 | 03 00 24 53 47 36 36 39 |L.......|..$SG669|
|000010a0| 30 00 1c 06 00 00 01 00 | 00 00 03 00 24 53 47 36 |0.......|....$SG6|
|000010b0| 36 38 37 00 f4 05 00 00 | 01 00 00 00 03 00 40 63 |687.....|......@c|
|000010c0| 6f 6d 70 2e 69 64 00 00 | 00 00 ff ff 00 00 03 00 |omp.id..|........|
|000010d0| 24 52 30 30 30 30 30 30 | 20 0c 00 00 04 00 00 00 |$R000000| .......|
|000010e0| 03 00 2e 69 64 61 74 61 | 24 36 8e 0b 00 00 03 00 |...idata|$6......|
|000010f0| 00 00 03 00 2e 74 65 78 | 74 00 00 00 84 08 00 00 |.....tex|t.......|
|00001100| 01 00 00 00 03 01 d1 00 | 00 00 04 00 47 00 00 00 |........|....G...|
|00001110| 00 00 00 00 00 00 00 00 | 24 24 24 30 30 30 30 31 |........|$$$00001|
|00001120| 8c 08 00 00 01 00 20 00 | 03 01 0e 00 00 00 00 00 |...... .|........|
|00001130| 00 00 ae 01 00 00 13 00 | 00 00 00 00 24 24 24 30 |........|....$$$0|
|00001140| 30 30 30 34 55 09 00 00 | 01 00 20 00 03 01 23 00 |0004U...|.. ...#.|
|00001150| 00 00 00 00 00 00 52 03 | 00 00 00 00 00 00 00 00 |......R.|........|
|00001160| 00 00 00 00 da 05 00 00 | 04 09 00 00 01 00 00 00 |........|........|
|00001170| 03 00 00 00 00 00 e7 05 | 00 00 0f 09 00 00 01 00 |........|........|
|00001180| 00 00 03 00 00 00 00 00 | f3 05 00 00 32 09 00 00 |........|....2...|
|00001190| 01 00 00 00 03 00 5f 6c | 68 5f 74 6f 70 00 bb 08 |......_l|h_top...|
|000011a0| 00 00 01 00 00 00 03 00 | 00 00 00 00 fe 05 00 00 |........|........|
|000011b0| 16 09 00 00 01 00 00 00 | 03 00 00 00 00 00 08 06 |........|........|
|000011c0| 00 00 1d 09 00 00 01 00 | 00 00 03 00 2e 74 65 78 |........|.....tex|
|000011d0| 74 00 00 00 c4 07 00 00 | 01 00 00 00 03 01 bf 00 |t.......|........|
|000011e0| 00 00 04 00 3d 00 00 00 | 00 00 00 00 00 00 00 00 |....=...|........|
|000011f0| 00 00 00 00 16 06 00 00 | dc 07 00 00 01 00 00 00 |........|........|
|00001200| 03 00 24 24 24 30 30 30 | 30 31 c4 07 00 00 01 00 |..$$$000|01......|
|00001210| 20 00 03 01 0f 00 00 00 | 00 00 00 00 9c 01 00 00 | .......|........|
|00001220| 14 00 00 00 00 00 24 24 | 24 30 30 30 30 33 e4 07 |......$$|$00003..|
|00001230| 00 00 01 00 20 00 03 01 | 1d 00 00 00 00 00 00 00 |.... ...|........|
|00001240| cc 01 00 00 22 00 00 00 | 00 00 00 00 00 00 21 06 |...."...|......!.|
|00001250| 00 00 e4 07 00 00 01 00 | 20 00 03 01 24 00 00 00 |........| ...$...|
|00001260| 22 00 00 00 d2 01 00 00 | 29 00 00 00 00 00 24 24 |".......|).....$$|
|00001270| 24 30 30 30 30 35 06 08 | 00 00 01 00 20 00 03 01 |$00005..|.... ...|
|00001280| 2b 00 00 00 00 00 00 00 | 08 02 00 00 30 00 00 00 |+.......|....0...|
|00001290| 00 00 24 24 24 30 30 30 | 30 37 60 08 00 00 01 00 |..$$$000|07`.....|
|000012a0| 20 00 03 01 39 00 00 00 | 00 00 00 00 c2 02 00 00 | ...9...|........|
|000012b0| 3e 00 00 00 00 00 24 24 | 24 30 30 30 30 39 83 08 |>.....$$|$00009..|
|000012c0| 00 00 01 00 20 00 03 01 | 47 00 00 00 00 00 00 00 |.... ...|G.......|
|000012d0| 04 03 00 00 00 00 00 00 | 00 00 5f 6c 75 5f 64 6f |........|.._lu_do|
|000012e0| 6e 65 52 08 00 00 01 00 | 00 00 03 00 00 00 00 00 |neR.....|........|
|000012f0| 32 06 00 00 05 08 00 00 | 01 00 00 00 03 00 00 00 |2.......|........|
|00001300| 00 00 3d 06 00 00 50 08 | 00 00 01 00 00 00 03 00 |..=...P.|........|
|00001310| 5f 6c 75 5f 74 6f 70 00 | 23 08 00 00 01 00 00 00 |_lu_top.|#.......|
|00001320| 03 00 5f 61 74 5f 64 6f | 6e 65 82 08 00 00 01 00 |.._at_do|ne......|
|00001330| 00 00 03 00 2e 69 64 61 | 74 61 24 36 a8 0b 00 00 |.....ida|ta$6....|
|00001340| 03 00 00 00 03 00 68 65 | 61 64 65 72 00 00 00 00 |......he|ader....|
|00001350| 00 00 fe ff 00 00 02 00 | 00 00 00 00 8a 01 00 00 |........|........|
|00001360| 00 00 00 00 ff ff 00 00 | 02 00 00 00 00 00 ed 00 |........|........|
|00001370| 00 00 80 02 00 00 01 00 | 00 00 02 00 00 00 00 00 |........|........|
|00001380| 00 01 00 00 84 02 00 00 | 01 00 00 00 02 00 00 00 |........|........|
|00001390| 00 00 1a 01 00 00 88 02 | 00 00 01 00 00 00 02 00 |........|........|
|000013a0| 00 00 00 00 37 01 00 00 | 8c 02 00 00 01 00 00 00 |....7...|........|
|000013b0| 02 00 00 00 00 00 58 01 | 00 00 90 02 00 00 01 00 |......X.|........|
|000013c0| 00 00 02 00 00 00 00 00 | 6c 01 00 00 94 02 00 00 |........|l.......|
|000013d0| 01 00 00 00 02 00 00 00 | 00 00 e0 01 00 00 98 02 |........|........|
|000013e0| 00 00 01 00 00 00 02 00 | 00 00 00 00 fd 01 00 00 |........|........|
|000013f0| 9c 02 00 00 01 00 00 00 | 02 00 00 00 00 00 0c 02 |........|........|
|00001400| 00 00 a0 02 00 00 01 00 | 00 00 02 00 00 00 00 00 |........|........|
|00001410| d8 00 00 00 a4 02 00 00 | 01 00 00 00 02 00 00 00 |........|........|
|00001420| 00 00 49 02 00 00 a8 02 | 00 00 01 00 00 00 02 00 |..I.....|........|
|00001430| 00 00 00 00 64 02 00 00 | ac 02 00 00 01 00 00 00 |....d...|........|
|00001440| 02 00 00 00 00 00 7f 02 | 00 00 b0 02 00 00 01 00 |........|........|
|00001450| 00 00 02 00 00 00 00 00 | a0 02 00 00 b4 02 00 00 |........|........|
|00001460| 01 00 00 00 02 00 00 00 | 00 00 b8 02 00 00 b8 02 |........|........|
|00001470| 00 00 01 00 00 00 02 00 | 00 00 00 00 d6 02 00 00 |........|........|
|00001480| bc 02 00 00 01 00 00 00 | 02 00 00 00 00 00 f4 02 |........|........|
|00001490| 00 00 c0 02 00 00 01 00 | 00 00 02 00 00 00 00 00 |........|........|
|000014a0| 0d 03 00 00 c4 02 00 00 | 01 00 00 00 02 00 00 00 |........|........|
|000014b0| 00 00 7c 05 00 00 c8 02 | 00 00 01 00 00 00 02 00 |..|.....|........|
|000014c0| 00 00 00 00 28 02 00 00 | cc 02 00 00 01 00 00 00 |....(...|........|
|000014d0| 02 00 00 00 00 00 c1 00 | 00 00 d0 02 00 00 01 00 |........|........|
|000014e0| 00 00 02 00 00 00 00 00 | 62 05 00 00 d4 02 00 00 |........|b.......|
|000014f0| 01 00 00 00 02 00 00 00 | 00 00 13 00 00 00 44 03 |........|......D.|
|00001500| 00 00 01 00 20 00 02 00 | 00 00 00 00 2a 00 00 00 |.... ...|....*...|
|00001510| a0 03 00 00 01 00 20 00 | 02 00 00 00 00 00 56 00 |...... .|......V.|
|00001520| 00 00 47 04 00 00 01 00 | 20 00 02 00 00 00 00 00 |..G.....| .......|
|00001530| 6e 00 00 00 7e 04 00 00 | 01 00 20 00 02 00 00 00 |n...~...|.. .....|
|00001540| 00 00 88 00 00 00 cc 04 | 00 00 01 00 20 00 02 00 |........|.... ...|
|00001550| 00 00 00 00 9c 00 00 00 | b4 05 00 00 01 00 20 00 |........|...... .|
|00001560| 02 00 00 00 00 00 04 00 | 00 00 8a 06 00 00 01 00 |........|........|
|00001570| 20 00 02 00 00 00 00 00 | f1 03 00 00 c4 07 00 00 | .......|........|
|00001580| 01 00 20 00 02 00 00 00 | 00 00 02 04 00 00 06 08 |.. .....|........|
|00001590| 00 00 01 00 20 00 02 00 | 00 00 00 00 12 04 00 00 |.... ...|........|
|000015a0| 60 08 00 00 01 00 20 00 | 02 00 00 00 00 00 98 01 |`..... .|........|
|000015b0| 00 00 8c 08 00 00 01 00 | 20 00 02 00 00 00 00 00 |........| .......|
|000015c0| 29 04 00 00 3a 09 00 00 | 01 00 20 00 02 00 00 00 |)...:...|.. .....|
|000015d0| 00 00 e3 03 00 00 56 09 | 00 00 01 00 20 00 02 00 |......V.|.... ...|
|000015e0| 00 00 00 00 ae 00 00 00 | 60 09 00 00 02 00 00 00 |........|`.......|
|000015f0| 02 00 00 00 00 00 3e 03 | 00 00 80 09 00 00 03 00 |......>.|........|
|00001600| 00 00 02 00 00 00 00 00 | 49 05 00 00 94 09 00 00 |........|I.......|
|00001610| 03 00 00 00 02 00 65 6e | 64 00 00 00 00 00 20 10 |......en|d..... .|
|00001620| 00 00 fe ff 00 00 02 00 | 4a 06 00 00 5f 44 72 69 |........|J..._Dri|
|00001630| 76 65 72 45 6e 74 72 79 | 40 38 00 5f 52 6b 52 65 |verEntry|@8._RkRe|
|00001640| 76 65 61 6c 47 65 74 53 | 79 73 63 61 6c 6c 40 31 |vealGetS|yscall@1|
|00001650| 32 00 5f 52 6b 52 65 76 | 65 61 6c 4f 70 65 6e 4b |2._RkRev|ealOpenK|
|00001660| 65 79 40 31 32 00 5f 52 | 61 6e 64 6f 6d 69 7a 65 |ey@12._R|andomize|
|00001670| 50 72 6f 63 65 73 73 4e | 61 6d 65 40 30 00 5f 47 |ProcessN|ame@0._G|
|00001680| 65 74 50 72 6f 63 65 73 | 73 4e 61 6d 65 4f 66 66 |etProces|sNameOff|
|00001690| 73 65 74 40 30 00 5f 52 | 6b 52 65 76 65 61 6c 44 |set@0._R|kRevealD|
|000016a0| 65 76 69 63 65 43 6f 6e | 74 72 6f 6c 40 33 36 00 |eviceCon|trol@36.|
|000016b0| 5f 52 6b 52 65 76 65 61 | 6c 44 69 73 70 61 74 63 |_RkRevea|lDispatc|
|000016c0| 68 40 38 00 5f 52 6b 52 | 65 76 65 61 6c 55 6e 6c |h@8._RkR|evealUnl|
|000016d0| 6f 61 64 40 34 00 5f 50 | 72 6f 63 65 73 73 4e 61 |oad@4._P|rocessNa|
|000016e0| 6d 65 4f 66 66 73 65 74 | 00 5f 5f 69 6d 70 5f 5f |meOffset|.__imp__|
|000016f0| 5a 77 43 72 65 61 74 65 | 46 69 6c 65 40 34 34 00 |ZwCreate|File@44.|
|00001700| 5f 5f 69 6d 70 5f 5f 5a | 77 52 65 61 64 46 69 6c |__imp__Z|wReadFil|
|00001710| 65 40 33 36 00 5f 5f 69 | 6d 70 5f 5f 5a 77 53 61 |e@36.__i|mp__ZwSa|
|00001720| 76 65 4b 65 79 40 38 00 | 5f 5f 69 6d 70 5f 5f 5a |veKey@8.|__imp__Z|
|00001730| 77 43 72 65 61 74 65 53 | 65 63 74 69 6f 6e 40 32 |wCreateS|ection@2|
|00001740| 38 00 5f 5f 69 6d 70 5f | 5f 5a 77 4d 61 70 56 69 |8.__imp_|_ZwMapVi|
|00001750| 65 77 4f 66 53 65 63 74 | 69 6f 6e 40 34 30 00 5f |ewOfSect|ion@40._|
|00001760| 5f 69 6d 70 5f 5f 5a 77 | 51 75 65 72 79 49 6e 66 |_imp__Zw|QueryInf|
|00001770| 6f 72 6d 61 74 69 6f 6e | 46 69 6c 65 40 32 30 00 |ormation|File@20.|
|00001780| 5f 5f 69 6d 70 5f 5f 5a | 77 4f 70 65 6e 4b 65 79 |__imp__Z|wOpenKey|
|00001790| 40 31 32 00 5f 5f 69 6d | 70 5f 5f 52 74 6c 49 6e |@12.__im|p__RtlIn|
|000017a0| 69 74 55 6e 69 63 6f 64 | 65 53 74 72 69 6e 67 40 |itUnicod|eString@|
|000017b0| 38 00 5f 5f 65 78 63 65 | 70 74 5f 6c 69 73 74 00 |8.__exce|pt_list.|
|000017c0| 5f 5f 65 78 63 65 70 74 | 5f 68 61 6e 64 6c 65 72 |__except|_handler|
|000017d0| 33 00 5f 5f 69 6d 70 5f | 5f 4b 65 51 75 65 72 79 |3.__imp_|_KeQuery|
|000017e0| 50 65 72 66 6f 72 6d 61 | 6e 63 65 43 6f 75 6e 74 |Performa|nceCount|
|000017f0| 65 72 40 34 00 5f 5f 69 | 6d 70 5f 5f 52 74 6c 52 |er@4.__i|mp__RtlR|
|00001800| 61 6e 64 6f 6d 40 34 00 | 5f 5f 69 6d 70 5f 5f 49 |andom@4.|__imp__I|
|00001810| 6f 47 65 74 43 75 72 72 | 65 6e 74 50 72 6f 63 65 |oGetCurr|entProce|
|00001820| 73 73 40 30 00 5f 5f 69 | 6d 70 5f 5f 73 74 72 6e |ss@0.__i|mp__strn|
|00001830| 63 6d 70 00 5f 5f 69 6d | 70 5f 40 49 6f 66 43 6f |cmp.__im|p_@IofCo|
|00001840| 6d 70 6c 65 74 65 52 65 | 71 75 65 73 74 40 38 00 |mpleteRe|quest@8.|
|00001850| 5f 5f 69 6d 70 5f 5f 53 | 65 52 65 6c 65 61 73 65 |__imp__S|eRelease|
|00001860| 53 75 62 6a 65 63 74 43 | 6f 6e 74 65 78 74 40 34 |SubjectC|ontext@4|
|00001870| 00 5f 5f 69 6d 70 5f 5f | 53 65 50 72 69 76 69 6c |.__imp__|SePrivil|
|00001880| 65 67 65 43 68 65 63 6b | 40 31 32 00 5f 5f 69 6d |egeCheck|@12.__im|
|00001890| 70 5f 5f 45 78 47 65 74 | 50 72 65 76 69 6f 75 73 |p__ExGet|Previous|
|000018a0| 4d 6f 64 65 40 30 00 5f | 5f 69 6d 70 5f 5f 53 65 |Mode@0._|_imp__Se|
|000018b0| 43 61 70 74 75 72 65 53 | 75 62 6a 65 63 74 43 6f |CaptureS|ubjectCo|
|000018c0| 6e 74 65 78 74 40 34 00 | 5f 5f 69 6d 70 5f 5f 49 |ntext@4.|__imp__I|
|000018d0| 6f 44 65 6c 65 74 65 44 | 65 76 69 63 65 40 34 00 |oDeleteD|evice@4.|
|000018e0| 5f 5f 69 6d 70 5f 5f 49 | 6f 44 65 6c 65 74 65 53 |__imp__I|oDeleteS|
|000018f0| 79 6d 62 6f 6c 69 63 4c | 69 6e 6b 40 34 00 5f 5f |ymbolicL|ink@4.__|
|00001900| 69 6d 70 5f 5f 49 6f 43 | 72 65 61 74 65 53 79 6d |imp__IoC|reateSym|
|00001910| 62 6f 6c 69 63 4c 69 6e | 6b 40 38 00 5f 5f 69 6d |bolicLin|k@8.__im|
|00001920| 70 5f 5f 49 6f 43 72 65 | 61 74 65 44 65 76 69 63 |p__IoCre|ateDevic|
|00001930| 65 40 32 38 00 5f 5f 69 | 6d 70 5f 5f 45 78 41 6c |e@28.__i|mp__ExAl|
|00001940| 6c 6f 63 61 74 65 50 6f | 6f 6c 57 69 74 68 54 61 |locatePo|olWithTa|
|00001950| 67 40 31 32 00 5f 5a 77 | 43 72 65 61 74 65 46 69 |g@12._Zw|CreateFi|
|00001960| 6c 65 40 34 34 00 5f 5f | 49 4d 50 4f 52 54 5f 44 |le@44.__|IMPORT_D|
|00001970| 45 53 43 52 49 50 54 4f | 52 5f 6e 74 6f 73 6b 72 |ESCRIPTO|R_ntoskr|
|00001980| 6e 6c 00 5f 5a 77 52 65 | 61 64 46 69 6c 65 40 33 |nl._ZwRe|adFile@3|
|00001990| 36 00 5f 5a 77 53 61 76 | 65 4b 65 79 40 38 00 5f |6._ZwSav|eKey@8._|
|000019a0| 5a 77 43 72 65 61 74 65 | 53 65 63 74 69 6f 6e 40 |ZwCreate|Section@|
|000019b0| 32 38 00 5f 5a 77 4d 61 | 70 56 69 65 77 4f 66 53 |28._ZwMa|pViewOfS|
|000019c0| 65 63 74 69 6f 6e 40 34 | 30 00 5f 5a 77 51 75 65 |ection@4|0._ZwQue|
|000019d0| 72 79 49 6e 66 6f 72 6d | 61 74 69 6f 6e 46 69 6c |ryInform|ationFil|
|000019e0| 65 40 32 30 00 5f 5a 77 | 4f 70 65 6e 4b 65 79 40 |e@20._Zw|OpenKey@|
|000019f0| 31 32 00 5f 52 74 6c 49 | 6e 69 74 55 6e 69 63 6f |12._RtlI|nitUnico|
|00001a00| 64 65 53 74 72 69 6e 67 | 40 38 00 5f 52 74 6c 55 |deString|@8._RtlU|
|00001a10| 6e 77 69 6e 64 40 31 36 | 00 5f 5f 67 6c 6f 62 61 |nwind@16|.__globa|
|00001a20| 6c 5f 75 6e 77 69 6e 64 | 32 00 5f 5f 6c 6f 63 61 |l_unwind|2.__loca|
|00001a30| 6c 5f 75 6e 77 69 6e 64 | 32 00 5f 5f 61 62 6e 6f |l_unwind|2.__abno|
|00001a40| 72 6d 61 6c 5f 74 65 72 | 6d 69 6e 61 74 69 6f 6e |rmal_ter|mination|
|00001a50| 00 5f 5f 73 65 68 5f 6c | 6f 6e 67 6a 6d 70 5f 75 |.__seh_l|ongjmp_u|
|00001a60| 6e 77 69 6e 64 40 34 00 | 5f 52 74 6c 52 61 6e 64 |nwind@4.|_RtlRand|
|00001a70| 6f 6d 40 34 00 5f 49 6f | 47 65 74 43 75 72 72 65 |om@4._Io|GetCurre|
|00001a80| 6e 74 50 72 6f 63 65 73 | 73 40 30 00 40 49 6f 66 |ntProces|s@0.@Iof|
|00001a90| 43 6f 6d 70 6c 65 74 65 | 52 65 71 75 65 73 74 40 |Complete|Request@|
|00001aa0| 38 00 5f 53 65 52 65 6c | 65 61 73 65 53 75 62 6a |8._SeRel|easeSubj|
|00001ab0| 65 63 74 43 6f 6e 74 65 | 78 74 40 34 00 5f 53 65 |ectConte|xt@4._Se|
|00001ac0| 50 72 69 76 69 6c 65 67 | 65 43 68 65 63 6b 40 31 |Privileg|eCheck@1|
|00001ad0| 32 00 5f 45 78 47 65 74 | 50 72 65 76 69 6f 75 73 |2._ExGet|Previous|
|00001ae0| 4d 6f 64 65 40 30 00 5f | 53 65 43 61 70 74 75 72 |Mode@0._|SeCaptur|
|00001af0| 65 53 75 62 6a 65 63 74 | 43 6f 6e 74 65 78 74 40 |eSubject|Context@|
|00001b00| 34 00 5f 49 6f 44 65 6c | 65 74 65 44 65 76 69 63 |4._IoDel|eteDevic|
|00001b10| 65 40 34 00 5f 49 6f 44 | 65 6c 65 74 65 53 79 6d |e@4._IoD|eleteSym|
|00001b20| 62 6f 6c 69 63 4c 69 6e | 6b 40 34 00 5f 49 6f 43 |bolicLin|k@4._IoC|
|00001b30| 72 65 61 74 65 53 79 6d | 62 6f 6c 69 63 4c 69 6e |reateSym|bolicLin|
|00001b40| 6b 40 38 00 5f 49 6f 43 | 72 65 61 74 65 44 65 76 |k@8._IoC|reateDev|
|00001b50| 69 63 65 40 32 38 00 5f | 45 78 41 6c 6c 6f 63 61 |ice@28._|ExAlloca|
|00001b60| 74 65 50 6f 6f 6c 57 69 | 74 68 54 61 67 40 31 32 |tePoolWi|thTag@12|
|00001b70| 00 5f 5f 4e 55 4c 4c 5f | 49 4d 50 4f 52 54 5f 44 |.__NULL_|IMPORT_D|
|00001b80| 45 53 43 52 49 50 54 4f | 52 00 7f 6e 74 6f 73 6b |ESCRIPTO|R..ntosk|
|00001b90| 72 6e 6c 5f 4e 55 4c 4c | 5f 54 48 55 4e 4b 5f 44 |rnl_NULL|_THUNK_D|
|00001ba0| 41 54 41 00 5f 5f 69 6d | 70 5f 5f 52 74 6c 55 6e |ATA.__im|p__RtlUn|
|00001bb0| 77 69 6e 64 40 31 36 00 | 5f 4b 65 51 75 65 72 79 |wind@16.|_KeQuery|
|00001bc0| 50 65 72 66 6f 72 6d 61 | 6e 63 65 43 6f 75 6e 74 |Performa|nceCount|
|00001bd0| 65 72 40 34 00 5f 5f 49 | 4d 50 4f 52 54 5f 44 45 |er@4.__I|MPORT_DE|
|00001be0| 53 43 52 49 50 54 4f 52 | 5f 48 41 4c 00 7f 48 41 |SCRIPTOR|_HAL..HA|
|00001bf0| 4c 5f 4e 55 4c 4c 5f 54 | 48 55 4e 4b 5f 44 41 54 |L_NULL_T|HUNK_DAT|
|00001c00| 41 00 5f 6c 68 5f 63 6f | 6e 74 69 6e 75 65 00 5f |A._lh_co|ntinue._|
|00001c10| 6c 68 5f 64 69 73 6d 69 | 73 73 00 5f 6c 68 5f 72 |lh_dismi|ss._lh_r|
|00001c20| 65 74 75 72 6e 00 5f 6c | 68 5f 62 61 67 69 74 00 |eturn._l|h_bagit.|
|00001c30| 5f 6c 68 5f 75 6e 77 69 | 6e 64 69 6e 67 00 5f 67 |_lh_unwi|nding._g|
|00001c40| 75 5f 72 65 74 75 72 6e | 00 5f 5f 75 6e 77 69 6e |u_return|.__unwin|
|00001c50| 64 5f 68 61 6e 64 6c 65 | 72 00 5f 75 68 5f 72 65 |d_handle|r._uh_re|
|00001c60| 74 75 72 6e 00 5f 6c 75 | 5f 63 6f 6e 74 69 6e 75 |turn._lu|_continu|
|00001c70| 65 00 00 00 01 00 00 00 | 10 01 00 00 00 70 72 6f |e.......|.....pro|
|00001c80| 64 3a 5c 77 69 6e 64 64 | 6b 5c 31 33 38 31 5c 6c |d:\windd|k\1381\l|
|00001c90| 69 62 5c 69 33 38 36 5c | 66 72 65 65 5c 72 6b 72 |ib\i386\|free\rkr|
|00001ca0| 65 76 65 61 6c 31 35 30 | 2e 73 79 73 00 00 00 00 |eveal150|.sys....|
|00001cb0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001cc0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001cd0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001ce0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001cf0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001d00| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001d10| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001d20| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001d30| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001d40| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001d50| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001d60| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001d70| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001d80| 00 00 00 00 44 03 00 00 | 5b 00 00 00 01 00 00 00 |....D...|[.......|
|00001d90| 03 00 03 d0 a0 03 00 00 | a0 00 00 00 10 00 00 00 |........|........|
|00001da0| 03 00 26 d3 47 04 00 00 | 36 00 00 00 00 00 00 00 |..&.G...|6.......|
|00001db0| 00 00 00 02 7e 04 00 00 | 4e 00 00 00 01 00 00 00 |....~...|N.......|
|00001dc0| 09 00 04 d1 cc 04 00 00 | b7 00 00 00 0b 00 00 00 |........|........|
|00001dd0| 02 00 10 d3 b4 05 00 00 | 3f 00 00 00 0f 00 00 00 |........|?.......|
|00001de0| 01 00 08 d2 8a 06 00 00 | 39 01 00 00 2e 00 00 00 |........|9.......|
|00001df0| 02 00 0c d3 | |.... | |
+--------+-------------------------+-------------------------+--------+--------+