!This program cannot be run in DOS mode.
`.data
@.reloc
KERNEL32.dll
USER32.dll
msvcrt.dll
imagehlp.dll
ntdll.dll
VWVVVV
tGPPWSV
t$j\Xf;B
j\_f9>u
PSSSSSS
ole32.dll
CoCreateInstance
CLSIDFromString
CoInitializeEx
CoUninitialize
ntdll.dll
imagehlp.dll
msvcrt.dll
USER32.dll
KERNEL32.dll
HeapSetInformation
QueryActCtxW
CloseHandle
SetFilePointer
ReadFile
CreateFileW
LocalFree
lstrlenA
WideCharToMultiByte
LocalAlloc
lstrlenW
GetProcAddress
WaitForSingleObject
CreateProcessW
GetCommandLineW
Wow64EnableWow64FsRedirection
GetSystemDirectoryW
GetNativeSystemInfo
IsWow64Process
GetCurrentProcess
SetProcessDEPPolicy
FormatMessageW
GetLastError
LoadLibraryExW
FreeLibrary
ExitProcess
SetErrorMode
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
GetStartupInfoW
InterlockedExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
CompareStringW
ReleaseActCtx
DeactivateActCtx
GetFileAttributesW
SearchPathW
CreateActCtxW
GetModuleHandleW
ActivateActCtx
LoadIconW
CharNextW
DefWindowProcW
GetClassLongW
GetClassNameW
GetWindow
GetWindowLongW
SetWindowLongW
SetClassLongW
CreateWindowExW
RegisterClassW
LoadCursorW
LoadStringW
MessageBoxW
DestroyWindow
iswalpha
wcschr
__wgetmainargs
memset
_vsnwprintf
__set_app_type
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
_XcptFilter
_cexit
ImageDirectoryEntryToData
NtClose
NtOpenProcessToken
NtSetInformationToken
RtlImageNtHeader
NtSetInformationProcess
NtQueryInformationToken
rundll32.pdb
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" manifestVersion="1.0">
<assemblyIdentity
name="Microsoft.Windows.Shell.rundll32"
processorArchitecture="x86"
version="5.1.0.0"
type="win32"/>
<description>Rundll32</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
<?xml version='1.0' encoding='utf-8' standalone='yes'?>
<assembly
xmlns="urn:schemas-microsoft-com:asm.v1"
manifestVersion="1.0"
<assemblyIdentity
name="Microsoft.Windows.Shell.rundll32"
processorArchitecture="*"
type="win32"
version="5.1.0.0"
/>
<description>Rundll32</description>
</assembly>
wwwwwwwwwq
nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXnnnnnnnnnnnnkkaaaaagddddddddddddddddddddddddiiiXnnnnnnnnnnnnlTUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU!iXnnnnnnnnnnnnl
////////
44((((((( 2222UdXnnnnnnnnnnnnl
:////////
44((((((((( 22UdXnnnnnnnnnnnnj
/////////
44((((((( 22UdXnnnnnnnnnnnnj
:///////
44(((((((( UdXnnnnnnnnnnnnj
:////////
44(((((((( UgXnnnnnnnnnnnnj
////////
444((((((( VaXnnnnnnnnnnnnQ
/////////
44(((((((VaXnnnnnnnnnnnnQ
////////
4((((((VaXnnnnnnnnnnnnh
////////
4(((((VaXnnnnnnnnnnnnh
:////////
44(((WaXnnnnnnnnnnnnP
......
////////
44((WfXnnnnnnnnnnnnP
......
:////////
44WfXnnnnnnnnnnnnF
......
:////////
4W_XnnnnnnnnnnnnF
......
:////////
[_XnnnnnnnnnnnnO
......
/////////
[_XnnnnnnnnnnnnO
......
:////////
[bXnnnnnnnnnnnnE
........
////////
[]XnnnnnnnnnnnnE
......
////////[]XnnnnnnnnnnnnC
.......
://////[]XnnnnnnnnnnnnC
.......
://///[]Xnnnnnnnnnnnn<
......
:////^]Xnnnnnnnnnnnn<
///^]Xnnnnnnnnnnnn;
......
:/^\Xnnnnnnnnnnnn;
.......
^\Xnnnnnnnnnnnn8
......
`\Xnnnnnnnnnnnn8
......
`JXnnnnnnnnnnnn?
......
`JXnnnnnnnnnnnn?
......
`JXnnnnnnnnnnnn7
......
`ZXnnnnnnnnnnnn7RS
.....eZXnnnnnnnnnnnn3
....eDXnnnnnnnnnnnn3
...eDXnnnnnnnnnnnn,
.eDXnnnnnnnnnnnn,
W[[^^`eYXnnnnnnnnnnnn,
HHIIIIYcjXnnnnnnnnnnnn+
-Xnnnnnnnnnnnnn+
&Xnnnnnnnnnnnnnn1
%Xnnnnnnnnnnnnnnn1
$Xnnnnnnnnnnnnnnnn"
#Xnnnnnnnnnnnnnnnnn"
'Xnnnnnnnnnnnnnnnnnn!
Xnnnnnnnnnnnnnnnnnnn!(( ))) ***6600555===>>>GGBInnnnnnnnnnnnnn
Pjnqw~
Gehiqr|
G]ceiqty~
?X\cgiltw}
?MSX]chmqty}
:HNRT\cfiovy}
:BHJQW\cghlouy
0@CDIMWY]agiqry~
+9=ADJLQW\cgilrw{
"46=@CFKRSX_cjknxy
",169>CDJNRX]cekprx}
)*.57;ABHNQR\`eilrx
#&,-489@BIJOWY]chkn
!&*-169=ADLNUT[chj
#',/26;ABHLQW\_e
!&)/46;@BCKQWZ]
%)-169>@CHMRX
#'*-47;>E
#&(-36;
!#(*14
"+0:?GP^d
D?;72-)#!
JF@<83.(%"
RLIB>:5/*&
WSNIC?;61-
_[TPJF@<74
d`\VPLGA=9$
lfb]XSMHB>'
rmic^YUOJD,
xsojeaZVPK0
zvpkga[WQ+
|wqmhEE
iK2%)U+
I/"bH4''99
Q7+<Y@3
T8,@X;1
Q:+BUB/
Q8,RZB1 `@@
N. HY7!
O3$dS7"%U9
2,252@2L2
3-363=3Q3X3
4(444L4|4
565;5A5F5K5P5U5[5c5n5t5
8%8*878H8N8Y8
909H9R9X9a9
:)<:<V<a<g<
=*=R=g=
2L2W2j2
4/555j5
8;9^9u9
=L>P>[>v>{>
? ?)?4?B?G?M?X?_?h?l?w?|?
RunDLL
.manifest
requestedRunLevel
{00000000-0000-0000-0000-000000000000}
\\?\Volume
::$DATA
\\?\UNC\
rundll32.exe
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Windows host process (Rundll32)
FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)
InternalName
rundll
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
RUNDLL32.EXE
ProductName
Microsoft
Windows
Operating System
ProductVersion
6.1.7600.16385
VarFileInfo
Translation