PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 2,04 MBSHA-256 Hash: 337C0C11471CCEDB45FDF74C0A19B6363D1EFAD4FF4B294D3B03E680D20DF87F SHA-1 Hash: 524C96CE1362C2C6EF8DE996E10004625623DAAB MD5 Hash: 12850552EB23DE59E40B448B3FFAB03C Imphash: 3695333C60DEDECDCAFF1590409AA462 MajorOSVersion: 5 MinorOSVersion: 2 CheckSum: 002127C4 EntryPoint (rva): E2EFC SizeOfHeaders: 400 SizeOfImage: 211000 ImageBase: 0000000140000000 Architecture: x64 ExportTable: 147CB0 ImportTable: 14D7E8 IAT: 101000 Characteristics: 22 TimeDateStamp: 56F9DB89 Date: 29/03/2016 1:34:01 File Type: EXE File Type: DLL Number Of Sections: 7 ASLR: Disabled Section Names (Optional Header): .text, .rdata, .data, .pdata, .gfids, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | FFE00 | 1000 | FFDA0 |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
100200 | 50600 | 101000 | 505E6 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
150800 | 6800 | 152000 | D410 |
|
|
| .pdata | 0x40000040 Initialized Data Readable |
157000 | BE00 | 160000 | BC40 |
|
|
| .gfids | 0x40000040 Initialized Data Readable |
162E00 | 200 | 16C000 | D8 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
163000 | A1E00 | 16D000 | A1CD0 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
204E00 | 1600 | 20F000 | 1500 |
|
|
| Description |
| OriginalFilename: msedge.exe CompanyName: Microsoft Corporation LegalCopyright: Copyright Microsoft Corporation. All rights reserved. ProductName: Microsoft Edge FileVersion: 147.0.3912.60 FileDescription: ProductName ProductVersion: 147.0.3912.60 Language: English (United States) (ID=0x409) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
The section number (1) have the Entry Point Information -> EntryPoint (calculated) - E22FC Code -> 4883EC28E8B30200004883C428E972FEFFFFCCCC4883EC28E83B08000085C0742165488B042530000000488B4808EB05483B Assembler |SUB RSP, 0X28 |CALL 0X12BC |ADD RSP, 0X28 |JMP 0XE84 |INT3 |INT3 |SUB RSP, 0X28 |CALL 0X1858 |TEST EAX, EAX |JE 0X1042 |MOV RAX, QWORD PTR GS:[0X30] |MOV RCX, QWORD PTR [RAX + 8] |JMP 0X1035 |
| Signatures |
| Rich Signature Analyzer: Code -> D7C1BFAA93A0D1F993A0D1F993A0D1F9273C20F998A0D1F9273C22F91CA0D1F9273C23F985A0D1F9FDFBD2F894A0D1F9FDFBD4F88FA0D1F9FDFBD5F880A0D1F9273C25F991A0D1F9273C3EF988A0D1F993A0D0F9A8A2D1F941FBD9F833A0D1F941FBD1F892A0D1F941FB2EF992A0D1F993A046F992A0D1F941FBD3F892A0D1F95269636893A0D1F9 Footprint md5 Hash -> 20FD2FEB6E09DF769CB27AE5292FD588 • The Rich header apparently has not been modified Certificate - Digital Signature: • The file is signed but has been modified |
| Packer/Compiler |
| Compiler: Microsoft Visual Studio Detect It Easy (die) • PE+(64): compiler: Microsoft Visual C/C++(2015 v.14.0)[-] • PE+(64): linker: Microsoft Linker(14.0, Visual Studio 2015 14.0*)[-] • PE+(64): Sign tool: Windows Authenticode(2.0)[PKCS 7] • Entropy: 6.23919 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | WriteFile | Possible Call API By Name | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | CreateRemoteThread | Creates a thread in the address space of another process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| USER32.DLL | GetAsyncKeyState | Retrieves the status of a virtual key asynchronously. |
| SHELL32.DLL | ShellExecuteExW | Performs a run operation on a specific file. |
| NtosKrnl.exe | ZwDeviceIoControlFile | Possible Call API By Name | Sends a control code to a device driver to perform an operation. |
| NtosKrnl.exe | ZwFsControlFile | Possible Call API By Name | Performs a file system control operation on a file. |
| NtosKrnl.exe | ZwReadFile | Possible Call API By Name | Reads data from a file or device. |
| NtosKrnl.exe | ZwWaitForSingleObject | Possible Call API By Name | Waits for a specified object to reach a signaled state. |
| NtosKrnl.exe | ZwWriteFile | Possible Call API By Name | Writes data to a file or device. |
| Windows REG (UNICODE) |
| Software\Classes Software\Microsoft\Windows NT\CurrentVersion\AeDebug Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites Software\Microsoft\Windows\CurrentVersion\Run Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe Software\Microsoft\Windows\CurrentVersion\Applets\Regedit Software\Microsoft\Windows NT\CurrentVersion\KnownFunctionTableDlls Software\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\ System\CurrentControlSet\Services\ System\CurrentControlSet\Enum\ System\CurrentControlSet\Control\NetworkProvider\Order Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
| File Access |
| ProcessHacker.exe OLEAUT32.dll ole32.dll SHELL32.dll ADVAPI32.dll COMDLG32.dll GDI32.dll USER32.dll KERNEL32.dll UxTheme.dll VERSION.dll COMCTL32.dll WINSTA.dll ntdll.dll mscoree.dll .dat @.dat Temp |
| File Access (UNICODE) |
| Text files (*.txt *.txt txt;*.log com;*.bat ocx;*.sys exe;*.sys scr;*.cpl exe;*.pif sys;*.scr ntdll.dll user32.dll kernel32.dll exe;*.dll \x86\ProcessHacker.exe *.exe Executable files (*.exe msedge.exe regedit.exe \regedit.exe explorer.exe peview.exe Programs (*.exe \taskmgr.exe TASKMGR.EXE ProcessHacker.exe \wudfhost.exe \taskhostw.exe \taskhostex.exe \taskhost.exe \taskeng.exe \dllhost.exe \rundll32.exe \svchost.exe \winlogon.exe \lsm.exe \lsass.exe \services.exe \wininit.exe \csrss.exe \smss.exe GetPackagePath\explorer.exe \Release32\ProcessHacker.exe winlogon.exe wininit.exe smss.exe services.exe lsm.exe lsass.exe logonui.exe dwm.exe csrss.exe Dbghelp.dll cryptui.dll crypt32.dll wintrust.dll uxtheme.dll aclui.dll \shell32.dll \user32.dll \imageres.dll shlwapi.dll shell32.dll comctl32.dll clrjit.dll ni.dll mscorlib.dll mscorsvr.dll mscorwks.dll clr.dll \System32\kernel32.dll \System32\ntdll.dll \SysWow64\ntdll.dll \SysWow64\kernel32.dll symsrv.dll userenv.dll winsta.dll advapi32.dll ExtendedTools.dll ws2_32.dll dbghelp.dll \symsrv.dll \Debugging Tools for Windows (x64)\dbghelp.dll 0\Debuggers\x64\dbghelp.dll 1\Debuggers\x64\dbghelp.dll \Windows Kits\10\Debuggers\x64\dbghelp.dll NtAlpcQueryInformationntdll.dll GetSendMessageReceiveruser32.dll iphlpapi.dll *.dll DLL files (*.dll mscoree.dll \SystemRoot\system32\drivers\ntfs.sys \kprocesshacker.sys kprocesshacker.sys //forum.sys Search results.txt Process Hacker %s.txt Process Hacker Log.txt Information.txt Hidden Processes.txt Temp |
| Interest's Words |
| exec createobject attrib start pause shutdown systeminfo ping expand replace |
| Interest's Words (UNICODE) |
| PassWord <section exec attrib start pause regedit shutdown rundll32 ping rundll replace |
| Anti-VM/Sandbox/Debug Tricks (UNICODE) |
| LabTools - taskmgr LabTools - regedit OllyDbg Libary - dbghelp.dll |
| URLs |
| http://schemas.microsoft.com/SMI/2005/WindowsSettings http://schemas.microsoft.com/SMI/2011/WindowsSettings http://crl3.digicert.com/ha-cs-2011a.crl http://crl4.digicert.com/ha-cs-2011a.crl http://ocsp.digicert.com http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt http://www.digicert.com/ssl-cps-repository.htm http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl http://crl3.digicert.com/sha2-ha-cs-g1.crl http://crl4.digicert.com/sha2-ha-cs-g1.crl http://cacerts.digicert.com/DigiCertSHA2HighAssuranceCodeSigningCA.crt http://crl3.digicert.com/sha2-assured-ts.crl http://crl4.digicert.com/sha2-assured-ts.crl http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt https://www.digicert.com/CPS0 https://www.digicert.com/CPS0 https://www.digicert.com/CPS0 |
| URLs (UNICODE) |
| http://forum.sysinternals.com">Sysinternals Forums</a> <a href=" http://www.reactos.org">ReactOS</a>Process Hacker uses the following components: <a href=" http://www.minixml.org">Mini-XML</a> by Michael Sweet <a href=" http://www.pcre.org">PCRE</a> MD5 code by Jouni Malinen SHA1 code by Filip Navara, based on code by Steve Reid <a href=" http://www.famfamfam.com/lab/icons/silk">Silk icons</a> <a href=" http://www.fatcow.com/free-icons">Farm-fresh web icons</a> http://www.google.com/search?q="%s" http://processhacker.sourceforge.net">Process Hacker on SourceForge.net</a> https://sourceforge.net/project/project_donations.php?group_id=242527 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Unicode | WinAPI Sockets (accept) |
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Unicode | WinAPI Sockets (connect) |
| Text | Unicode | WinAPI Sockets (send) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Unicode | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Unicode | File (ReadFile) |
| Text | Ascii | Service (OpenSCManager) |
| Text | Ascii | Service (CreateService) |
| Text | Ascii | Service (StartServiceCtrlDispatcher) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Reconnaissance (FindNextFileW) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (ReleaseSemaphore) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (NtWriteVirtualMemory) |
| Text | Ascii | Stealth (CreateRemoteThread) |
| Text | Ascii | Stealth (NtUnmapViewOfSection) |
| Text | Ascii | Execution (CreateProcessA) |
| Text | Ascii | Execution (CreateProcessW) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Execution (ResumeThread) |
| Text | Ascii | Execution (NtResumeThread) |
| Text | Unicode | Privileges (SeAssignPrimaryTokenPrivilege) |
| Text | Unicode | Privileges (SeBackupPrivilege) |
| Text | Unicode | Privileges (SeImpersonatePrivilege) |
| Text | Unicode | Privileges (SeIncreaseQuotaPrivilege) |
| Text | Unicode | Privileges (SeRestorePrivilege) |
| Text | Unicode | Keyboard Key ({F10}) |
| Text | Unicode | Keyboard Key ({F11}) |
| Text | Unicode | Keyboard Key ({F12}) |
| Text | Unicode | Keyboard Key ({F2}) |
| Text | Unicode | Keyboard Key ({F3}) |
| Text | Unicode | Keyboard Key ({F4}) |
| Text | Unicode | Keyboard Key ({F5}) |
| Text | Unicode | Keyboard Key ({F6}) |
| Text | Unicode | Keyboard Key ({F7}) |
| Text | Unicode | Keyboard Key ({F8}) |
| Text | Unicode | Keyboard Key ({F9}) |
| Text | Ascii | Keyboard Key (Scroll) |
| Text | Unicode | Keyboard Key (Scroll) |
| Text | Unicode | Keyboard Key (Ctrl+C) |
| Text | Unicode | Keyboard Key (Ctrl+I) |
| Text | Unicode | Keyboard Key (Ctrl+S) |
| Text | Ascii | Unauthorized movement of funds or data (Transfer) |
| Text | Ascii | Technique used to insert malicious code into legitimate processes (Inject) |
| Text | Unicode | Technique used to insert malicious code into legitimate processes (Inject) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 (DLL) |
| Entry Point | Hex Pattern | PE-Exe Executable Image |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \AFX_DIALOG_LAYOUT\103\3081 | 16FE2C | 2 | 165E2C | 0000 | .. |
| \AFX_DIALOG_LAYOUT\105\3081 | 16FE30 | 2 | 165E30 | 0000 | .. |
| \AFX_DIALOG_LAYOUT\107\3081 | 16FE34 | 2 | 165E34 | 0000 | .. |
| \AFX_DIALOG_LAYOUT\121\3081 | 16FE38 | 2 | 165E38 | 0000 | .. |
| \AFX_DIALOG_LAYOUT\129\3081 | 16FE3C | 2 | 165E3C | 0000 | .. |
| \AFX_DIALOG_LAYOUT\130\3081 | 16FE40 | 2 | 165E40 | 0000 | .. |
| \AFX_DIALOG_LAYOUT\162\3081 | 16FE44 | 2 | 165E44 | 0000 | .. |
| \AFX_DIALOG_LAYOUT\171\3081 | 16FE48 | 2 | 165E48 | 0000 | .. |
| \AFX_DIALOG_LAYOUT\189\3081 | 16FE4C | 2 | 165E4C | 0000 | .. |
| \AFX_DIALOG_LAYOUT\198\3081 | 16FE50 | 2 | 165E50 | 0000 | .. |
| \AFX_DIALOG_LAYOUT\207\3081 | 16FE54 | 2 | 165E54 | 0000 | .. |
| \AFX_DIALOG_LAYOUT\215\3081 | 16FE58 | 2 | 165E58 | 0000 | .. |
| \AFX_DIALOG_LAYOUT\221\3081 | 16FE5C | 2 | 165E5C | 0000 | .. |
| \BITMAP\117\3081 | 16FE60 | 428 | 165E60 | 28000000100000001000000001002000000000000004000000000000000000000000000000000000FFFFFF00FFFFFF00FFFF | (............. ................................... |
| \BITMAP\118\3081 | 170288 | 428 | 166288 | 28000000100000001000000001002000000000000004000000000000000000000000000000000000FFFFFF00FFFFFF00FFFF | (............. ................................... |
| \ICON\1\1033 | 1706B0 | 5992 | 1666B0 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000059594944415478DAEC5D0570254796 | .PNG........IHDR.............\r.f..YYIDATx..].p%G. |
| \ICON\2\1033 | 176044 | 4228 | 16C044 | 2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000 | (...@......... ......B............................ |
| \ICON\3\1033 | 17A26C | 25A8 | 17026C | 2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000 | (...0........ ......%............................ |
| \ICON\4\1033 | 17C814 | 1A68 | 172814 | 2800000028000000500000000100200000000000401A00000000000000000000000000000000000000000000000000000000 | (...(...P..... .....@............................. |
| \ICON\5\1033 | 17E27C | 10A8 | 17427C | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\6\1033 | 17F324 | 988 | 175324 | 2800000018000000300000000100200000000000600900000000000000000000000000000000000000000000000000000000 | (.......0..... .................................. |
| \ICON\7\1033 | 17FCAC | 6B8 | 175CAC | 2800000014000000280000000100200000000000900600000000000000000000000000000000000000000000000000000000 | (.......(..... ................................... |
| \ICON\8\1033 | 180364 | 468 | 176364 | 2800000010000000200000000100200000000000400400000000000000000000000000000000000000000000000000000000 | (....... ..... .....@............................. |
| \ICON\9\1033 | 1807CC | 30 | 1767CC | 28000000010000000200000001001800000000000000000060000000600000000000000000000000FFFFFF0000000000 | (............................................. |
| \ICON\10\1033 | 1807FC | 30 | 1767FC | 28000000010000000200000001001800000000000000000060000000600000000000000000000000FFFFFF0000000000 | (............................................. |
| \ICON\11\1033 | 18082C | 30 | 17682C | 28000000010000000200000001001800000000000000000060000000600000000000000000000000FFFFFF0000000000 | (............................................. |
| \ICON\12\1033 | 18085C | 5556 | 17685C | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A8660000551D4944415478DAEC96C579033110 | .PNG........IHDR.............\r.f..U.IDATx....y.1. |
| \ICON\13\1033 | 185DB4 | 4228 | 17BDB4 | 2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000 | (...@......... ......B............................ |
| \ICON\14\1033 | 189FDC | 25A8 | 17FFDC | 2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000 | (...0........ ......%............................ |
| \ICON\15\1033 | 18C584 | 1A68 | 182584 | 2800000028000000500000000100200000000000401A00000000000000000000000000000000000000000000000000000000 | (...(...P..... .....@............................. |
| \ICON\16\1033 | 18DFEC | 10A8 | 183FEC | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\17\1033 | 18F094 | 988 | 185094 | 2800000018000000300000000100200000000000600900000000000000000000000000000000000000000000000000000000 | (.......0..... .................................. |
| \ICON\18\1033 | 18FA1C | 6B8 | 185A1C | 2800000014000000280000000100200000000000900600000000000000000000000000000000000000000000000000000000 | (.......(..... ................................... |
| \ICON\19\1033 | 1900D4 | 468 | 1860D4 | 2800000010000000200000000100200000000000400400000000000000000000000000000000000000000000000000000000 | (....... ..... .....@............................. |
| \ICON\20\1033 | 19053C | EA8 | 18653C | 2800000030000000600000000100080000000000000000000000000000000000000000000000000000000000F48B0000C1C0 | (...0............................................ |
| \ICON\21\1033 | 1913E4 | 8A8 | 1873E4 | 2800000020000000400000000100080000000000000000000000000000000000000000000000000000000000F48B0000B0AE | (... ...@......................................... |
| \ICON\22\1033 | 191C8C | 568 | 187C8C | 28000000100000002000000001000800000000000000000000000000000000000000000000000000F48B0000C1C0BF00DADA | (....... ......................................... |
| \ICON\23\1033 | 1921F4 | 7BE | 1881F4 | 89504E470D0A1A0A0000000D49484452000001000000010008030000006BAC58540000027F504C5445000000000000000000 | .PNG........IHDR.............k.XT....PLTE......... |
| \ICON\24\1033 | 1929B4 | 25A8 | 1889B4 | 2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000010000 | (...0........ ................................... |
| \ICON\25\1033 | 194F5C | 10A8 | 18AF5C | 2800000020000000400000000100200000000000000000000000000000000000000000000000000000000001000000020000 | (... ...@..... ................................... |
| \ICON\26\1033 | 196004 | 468 | 18C004 | 28000000100000002000000001002000000000000000000000000000000000000000000000000000808080668585858D8686 | (....... ..... ............................f...... |
| \ICON\27\1033 | 19646C | EA8 | 18C46C | 2800000030000000600000000100080000000000000000000000000000000000000000000000000000000000F48B0000C1C0 | (...0............................................ |
| \ICON\28\1033 | 197314 | 8A8 | 18D314 | 2800000020000000400000000100080000000000000000000000000000000000000000000000000000000000F48B0000B0AE | (... ...@......................................... |
| \ICON\29\1033 | 197BBC | 568 | 18DBBC | 28000000100000002000000001000800000000000000000000000000000000000000000000000000F48B0000C1C0BF00DADA | (....... ......................................... |
| \ICON\30\1033 | 198124 | 7BE | 18E124 | 89504E470D0A1A0A0000000D49484452000001000000010008030000006BAC58540000027F504C5445000000000000000000 | .PNG........IHDR.............k.XT....PLTE......... |
| \ICON\31\1033 | 1988E4 | 25A8 | 18E8E4 | 2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000010000 | (...0........ ................................... |
| \ICON\32\1033 | 19AE8C | 10A8 | 190E8C | 2800000020000000400000000100200000000000000000000000000000000000000000000000000000000001000000020000 | (... ...@..... ................................... |
| \ICON\33\1033 | 19BF34 | 468 | 191F34 | 28000000100000002000000001002000000000000000000000000000000000000000000000000000808080668585858D8686 | (....... ..... ............................f...... |
| \ICON\34\1033 | 19C39C | 468 | 19239C | 280000001000000020000000010020000000000000040000130B0000130B0000000000000000000000000000000000000000 | (....... ..... ................................... |
| \ICON\35\1033 | 19C804 | 988 | 192804 | 280000001800000030000000010020000000000000090000130B0000130B0000000000000000000000000000000000000000 | (.......0..... ................................... |
| \ICON\36\1033 | 19D18C | 10A8 | 19318C | 280000002000000040000000010020000000000000100000130B0000130B0000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\37\1033 | 19E234 | 25A8 | 194234 | 280000003000000060000000010020000000000000240000130B0000130B0000000000000000000000000000000000000000 | (...0........ ......$............................ |
| \ICON\38\1033 | 1A07DC | 4228 | 1967DC | 280000004000000080000000010020000000000000400000130B0000130B0000000000000000000000000000000000000000 | (...@......... ......@............................ |
| \ICON\39\1033 | 1A4A04 | 6D6 | 19AA04 | 89504E470D0A1A0A0000000D49484452000001000000010008030000006BAC585400000048504C5445000000FFFFFFFFFFFF | .PNG........IHDR.............k.XT...HPLTE......... |
| \ICON\40\1033 | 1A50DC | 6B8 | 19B0DC | 280000001400000028000000010020000000000040060000130B0000130B0000000000000000000000000000000000000000 | (.......(..... .....@............................. |
| \ICON\41\1033 | 1A5794 | 5438 | 19B794 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000053FF4944415478DAEC97C561C43010 | .PNG........IHDR.............\r.f..S.IDATx....a.0. |
| \ICON\42\1033 | 1AABCC | 4228 | 1A0BCC | 2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000 | (...@......... ......B............................ |
| \ICON\43\1033 | 1AEDF4 | 25A8 | 1A4DF4 | 2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000 | (...0........ ......%............................ |
| \ICON\44\1033 | 1B139C | 1A68 | 1A739C | 2800000028000000500000000100200000000000401A00000000000000000000000000000000000000000000000000000000 | (...(...P..... .....@............................. |
| \ICON\45\1033 | 1B2E04 | 10A8 | 1A8E04 | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\46\1033 | 1B3EAC | 988 | 1A9EAC | 2800000018000000300000000100200000000000600900000000000000000000000000000000000000000000000000000000 | (.......0..... .................................. |
| \ICON\47\1033 | 1B4834 | 6B8 | 1AA834 | 2800000014000000280000000100200000000000900600000000000000000000000000000000000000000000000000000000 | (.......(..... ................................... |
| \ICON\48\1033 | 1B4EEC | 468 | 1AAEEC | 2800000010000000200000000100200000000000400400000000000000000000000000000000000000000000000000000000 | (....... ..... .....@............................. |
| \ICON\49\1033 | 1B5354 | 541B | 1AB354 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000053E24944415478DAEC96C579033110 | .PNG........IHDR.............\r.f..S.IDATx....y.1. |
| \ICON\50\1033 | 1BA770 | 4228 | 1B0770 | 2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000 | (...@......... ......B............................ |
| \ICON\51\1033 | 1BE998 | 25A8 | 1B4998 | 2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000 | (...0........ ......%............................ |
| \ICON\52\1033 | 1C0F40 | 1A68 | 1B6F40 | 2800000028000000500000000100200000000000401A00000000000000000000000000000000000000000000000000000000 | (...(...P..... .....@............................. |
| \ICON\53\1033 | 1C29A8 | 10A8 | 1B89A8 | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\54\1033 | 1C3A50 | 988 | 1B9A50 | 2800000018000000300000000100200000000000600900000000000000000000000000000000000000000000000000000000 | (.......0..... .................................. |
| \ICON\55\1033 | 1C43D8 | 6B8 | 1BA3D8 | 2800000014000000280000000100200000000000900600000000000000000000000000000000000000000000000000000000 | (.......(..... ................................... |
| \ICON\56\1033 | 1C4A90 | 468 | 1BAA90 | 280000001000000020000000010020000000000040040000000000000000000000000000000000000000000000000000FFE6 | (....... ..... .....@............................. |
| \ICON\57\1033 | 1C4EF8 | 5992 | 1BAEF8 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000059594944415478DAEC5D0570254796 | .PNG........IHDR.............\r.f..YYIDATx..].p%G. |
| \ICON\58\1033 | 1CA88C | 4228 | 1C088C | 2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000 | (...@......... ......B............................ |
| \ICON\59\1033 | 1CEAB4 | 25A8 | 1C4AB4 | 2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000 | (...0........ ......%............................ |
| \ICON\60\1033 | 1D105C | 1A68 | 1C705C | 2800000028000000500000000100200000000000401A00000000000000000000000000000000000000000000000000000000 | (...(...P..... .....@............................. |
| \ICON\61\1033 | 1D2AC4 | 10A8 | 1C8AC4 | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\62\1033 | 1D3B6C | 988 | 1C9B6C | 2800000018000000300000000100200000000000600900000000000000000000000000000000000000000000000000000000 | (.......0..... .................................. |
| \ICON\63\1033 | 1D44F4 | 6B8 | 1CA4F4 | 2800000014000000280000000100200000000000900600000000000000000000000000000000000000000000000000000000 | (.......(..... ................................... |
| \ICON\64\1033 | 1D4BAC | 468 | 1CABAC | 2800000010000000200000000100200000000000400400000000000000000000000000000000000000000000000000000000 | (....... ..... .....@............................. |
| \ICON\65\1033 | 1D5014 | 11C1 | 1CB014 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000011884944415478DAECC1010D000008 | .PNG........IHDR.............\r.f....IDATx........ |
| \ICON\66\1033 | 1D61D8 | 4228 | 1CC1D8 | 2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000 | (...@......... ......B............................ |
| \ICON\67\1033 | 1DA400 | 25A8 | 1D0400 | 2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000 | (...0........ ......%............................ |
| \ICON\68\1033 | 1DC9A8 | 1A68 | 1D29A8 | 2800000028000000500000000100200000000000401A00000000000000000000000000000000000000000000000000000000 | (...(...P..... .....@............................. |
| \ICON\69\1033 | 1DE410 | 10A8 | 1D4410 | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\70\1033 | 1DF4B8 | 988 | 1D54B8 | 2800000018000000300000000100200000000000600900000000000000000000000000000000000000000000000000000000 | (.......0..... .................................. |
| \ICON\71\1033 | 1DFE40 | 6B8 | 1D5E40 | 2800000014000000280000000100200000000000900600000000000000000000000000000000000000000000000000000000 | (.......(..... ................................... |
| \ICON\72\1033 | 1E04F8 | 468 | 1D64F8 | 2800000010000000200000000100200000000000400400000000000000000000000000000000000000000000000000009291 | (....... ..... .....@............................. |
| \ICON\73\1033 | 1E0960 | 468 | 1D6960 | 280000001000000020000000010020000000000000040000130B0000130B0000000000000000000000000000000000000000 | (....... ..... ................................... |
| \ICON\74\1033 | 1E0DC8 | 988 | 1D6DC8 | 280000001800000030000000010020000000000000090000130B0000130B0000000000000000000000000000000000000000 | (.......0..... ................................... |
| \ICON\75\1033 | 1E1750 | 10A8 | 1D7750 | 280000002000000040000000010020000000000000100000130B0000130B0000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\76\1033 | 1E27F8 | 25A8 | 1D87F8 | 280000003000000060000000010020000000000000240000130B0000130B0000000000000000000000000000000000000000 | (...0........ ......$............................ |
| \ICON\77\1033 | 1E4DA0 | 4228 | 1DADA0 | 280000004000000080000000010020000000000000400000130B0000130B0000000000000000000000000000000000000000 | (...@......... ......@............................ |
| \ICON\78\1033 | 1E8FC8 | 6C6 | 1DEFC8 | 89504E470D0A1A0A0000000D49484452000001000000010008030000006BAC585400000048504C5445000000000000000000 | .PNG........IHDR.............k.XT...HPLTE......... |
| \ICON\79\1033 | 1E9690 | 6B8 | 1DF690 | 280000001400000028000000010020000000000040060000130B0000130B0000000000000000000000000000000000000000 | (.......(..... .....@............................. |
| \ICON\80\1033 | 1E9D48 | 468 | 1DFD48 | 280000001000000020000000010020000000000000040000130B0000130B00000000000000000000FFFFFF00FFFFFF00FFFF | (....... ..... ................................... |
| \ICON\81\1033 | 1EA1B0 | 10A8 | 1E01B0 | 280000002000000040000000010020000000000000100000130B0000130B0000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\82\1033 | 1EB258 | 25A8 | 1E1258 | 280000003000000060000000010020000000000000240000130B0000130B0000000000000000000000000000000000000000 | (...0........ ......$............................ |
| \ICON\83\1033 | 1ED800 | 47C | 1E3800 | 89504E470D0A1A0A0000000D49484452000001000000010008030000006BAC585400000048504C5445000000FFFFFFFFFFFF | .PNG........IHDR.............k.XT...HPLTE......... |
| \ICON\84\1033 | 1EDC7C | 468 | 1E3C7C | 280000001000000020000000010020000000000000040000130B0000130B00000000000000000000FFFFFF00FFFFFF00FFFF | (....... ..... ................................... |
| \ICON\85\1033 | 1EE0E4 | 10A8 | 1E40E4 | 280000002000000040000000010020000000000000100000130B0000130B0000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\86\1033 | 1EF18C | 25A8 | 1E518C | 280000003000000060000000010020000000000000240000130B0000130B0000000000000000000000000000000000000000 | (...0........ ......$............................ |
| \ICON\87\1033 | 1F1734 | 41B | 1E7734 | 89504E470D0A1A0A0000000D49484452000001000000010008030000006BAC585400000048504C5445000000FFFFFFFFFFFF | .PNG........IHDR.............k.XT...HPLTE......... |
| \ICON\88\1033 | 1F1B50 | 2DA | 1E7B50 | 89504E470D0A1A0A0000000D4948445200000100000001000403000000AE5CB5550000002D504C5445000000FFFFFFFFFFFF | .PNG........IHDR..............\.U...-PLTE......... |
| \ICON\89\1033 | 1F1E2C | 25A8 | 1E7E2C | 28000000300000006000000001002000000000000000000000000000000000000000000000000000FFFFFF09FFFFFF93FFFF | (...0........ ................................... |
| \ICON\90\1033 | 1F43D4 | 330 | 1EA3D4 | 28000000300000006000000001000100000000000000000000000000000000000000000000000000FFFFFF00000000008000 | (...0............................................ |
| \ICON\91\1033 | 1F4704 | 10A8 | 1EA704 | 28000000200000004000000001002000000000000000000000000000000000000000000000000000FFFFFF61FFFFFFE1FFFF | (... ...@..... ............................a...... |
| \ICON\92\1033 | 1F57AC | 130 | 1EB7AC | 28000000200000004000000001000100000000000000000000000000000000000000000000000000FFFFFF00000000008000 | (... ...@......................................... |
| \ICON\93\1033 | 1F58DC | 468 | 1EB8DC | 28000000100000002000000001002000000000000000000000000000000000000000000000000000FFFFFFC9FFFFFFFFFFFF | (....... ..... ................................... |
| \ICON\94\1033 | 1F5D44 | B0 | 1EBD44 | 28000000100000002000000001000100000000000000000000000000000000000000000000000000FFFFFF00000000000000 | (....... ......................................... |
| \ICON\95\1033 | 1F5DF4 | 468 | 1EBDF4 | 280000001000000020000000010020000000000000040000130B0000130B0000000000000000000000000000000000000000 | (....... ..... ................................... |
| \ICON\96\1033 | 1F625C | 136A | 1EC25C | 89504E470D0A1A0A0000000D4948445200000100000001000804000000F67B60ED000013314944415478DAECC10101000000 | .PNG........IHDR..............{....1IDATx........ |
| \ICON\97\1033 | 1F75C8 | 10A8 | 1ED5C8 | 280000002000000040000000010020000000000000100000130B0000130B0000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\98\1033 | 1F8670 | 25A8 | 1EE670 | 280000003000000060000000010020000000000000240000130B0000130B0000000000000000000000000000000000000000 | (...0........ ......$............................ |
| \ICON\99\1033 | 1FAC18 | 468 | 1F0C18 | 280000001000000020000000010020000000000000040000130B0000130B0000000000000000000000000000000000000000 | (....... ..... ................................... |
| \ICON\100\1033 | 1FB080 | 1202 | 1F1080 | 89504E470D0A1A0A0000000D4948445200000100000001000804000000F67B60ED000011C94944415478DAECC1370100300C | .PNG........IHDR..............{.....IDATx...7..0. |
| \ICON\101\1033 | 1FC284 | 10A8 | 1F2284 | 280000002000000040000000010020000000000000100000130B0000130B0000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\102\1033 | 1FD32C | 25A8 | 1F332C | 280000003000000060000000010020000000000000240000130B0000130B0000000000000000000000000000000000000000 | (...0........ ......$............................ |
| \MENU\102\3081 | 1FF8D4 | 762 | 1F58D4 | 00000000100026004800610063006B0065007200000000008C9C2600520075006E002E002E002E0008004300740072006C00 | ......&.H.a.c.k.e.r.......&.R.u.n.........C.t.r.l. |
| \MENU\110\3081 | 200038 | 2AE | 1F6038 | 000000009000540068007200650061006400000000008B9C260049006E0073007000650063007400080045006E0074006500 | ......T.h.r.e.a.d.......&.I.n.s.p.e.c.t...E.n.t.e. |
| \MENU\111\3081 | 2002E8 | AA | 1F62E8 | 000000009000480061006E0064006C006500000000007D9C430026006C006F00730065000800440065006C00000000007E9C | ......H.a.n.d.l.e.....}.C.&.l.o.s.e...D.e.l.....~. |
| \MENU\112\3081 | 200394 | 104 | 1F6394 | 0000000090004D006F00640075006C00650000000000829C260055006E006C006F00610064000800440065006C0000000000 | ......M.o.d.u.l.e.......&.U.n.l.o.a.d...D.e.l..... |
| \MENU\120\3081 | 200498 | 104 | 1F6498 | 00000000900043006F006D007000750074006500720000000000E09C26004C006F0063006B0000000000E19C4C006F006700 | ......C.o.m.p.u.t.e.r.......&.L.o.c.k.......L.o.g. |
| \MENU\123\3081 | 20059C | 4E8 | 1F659C | 000000009000500072006F00630065007300730000000000479C54002600650072006D0069006E0061007400650008004400 | ......P.r.o.c.e.s.s.....G.T.&.e.r.m.i.n.a.t.e...D. |
| \MENU\124\3081 | 200A84 | 146 | 1F6A84 | 000000009000530065007200760069006300650000000000AB9C260047006F00200074006F002000700072006F0063006500 | ......S.e.r.v.i.c.e.......&.G.o. .t.o. .p.r.o.c.e. |
| \MENU\133\3081 | 200BCC | 7C | 1F6BCC | 000000009000500072006900760069006C0065006700650000000000B49C260045006E00610062006C00650000000000B59C | ......P.r.i.v.i.l.e.g.e.......&.E.n.a.b.l.e....... |
| \MENU\134\3081 | 200C48 | 9E | 1F6C48 | 0000000090004F0062006A0065006300740000000000B79C430026006C006F00730065000800440065006C00000000000000 | ......O.b.j.e.c.t.......C.&.l.o.s.e...D.e.l....... |
| \MENU\151\3081 | 200CE8 | BC | 1F6CE8 | 000000009000550073006500720000000000CA9C260043006F006E006E0065006300740000000000BF9C2600440069007300 | ......U.s.e.r.......&.C.o.n.n.e.c.t.......&.D.i.s. |
| \MENU\164\3081 | 200DA4 | B6 | 1F6DA4 | 0000000090004E006500740077006F0072006B0000000000CB9C260047006F00200074006F002000700072006F0063006500 | ......N.e.t.w.o.r.k.......&.G.o. .t.o. .p.r.o.c.e. |
| \MENU\173\3081 | 200E5C | 2EC | 1F6E5C | 000000009000490063006F006E0000000000EB9C2600530068006F0077002F0048006900640065002000500072006F006300 | ......I.c.o.n.......&.S.h.o.w./.H.i.d.e. .P.r.o.c. |
| \MENU\181\3081 | 201148 | 102 | 1F7148 | 0000000090004D0065006D006F007200790000000000169D260052006500610064002F005700720069007400650020006D00 | ......M.e.m.o.r.y.......&.R.e.a.d./.W.r.i.t.e. .m. |
| \MENU\184\3081 | 20124C | C4 | 1F724C | 000000009000460069006C0074006500720000000000189D43006F006E007400610069006E0073002E002E002E0000000000 | ......F.i.l.t.e.r.......C.o.n.t.a.i.n.s........... |
| \MENU\204\3081 | 201310 | DC | 1F7310 | 00000000900045006D00700074007900000000003A9D45006D00700074007900200077006F0072006B0069006E0067002000 | ......E.m.p.t.y.....:.E.m.p.t.y. .w.o.r.k.i.n.g. . |
| \MENU\211\3081 | 2013EC | 106 | 1F73EC | 0000000090004D0069006E006900200049006E0066006F000000100026004F0070006100630069007400790000000000CE9C | ......M.i.n.i. .I.n.f.o.....&.O.p.a.c.i.t.y....... |
| \MENU\212\3081 | 2014F4 | 3E | 1F74F4 | 000000009000500072006F006300650073007300000000000000000080005F9D260047006F00200074006F002000700072006F0063006500730073000000 | ......P.r.o.c.e.s.s..........._.&.G.o. .t.o. .p.r.o.c.e.s.s... |
| \MENU\214\3081 | 201534 | 68 | 1F7534 | 00000000900045006E007600690072006F006E006D0065006E00740000000000629D2600450064006900740000000000649D | ......E.n.v.i.r.o.n.m.e.n.t.....b.&.E.d.i.t.....d. |
| \DIALOG\103\3081 | 20159C | 634 | 1F759C | 0100FFFF0000000000000000C800C8802100000000000401040100000000470065006E006500720061006C00000008009001 | ................!.............G.e.n.e.r.a.l....... |
| \DIALOG\104\3081 | 201BD0 | 80 | 1F7BD0 | 0100FFFF0000000000000000C800C88001000000000004010401000000004D006F00640075006C0065007300000008009001 | ..............................M.o.d.u.l.e.s....... |
| \DIALOG\105\3081 | 201C50 | 51E | 1F7C50 | 0100FFFF0000000000000000C800C8801A000000000004010401000000005400680072006500610064007300000008009001 | ..............................T.h.r.e.a.d.s....... |
| \DIALOG\106\3081 | 202170 | C8 | 1F8170 | 0100FFFF0000000000000000C800C8800200000000000401040100000000480061006E0064006C0065007300000008009001 | ..............................H.a.n.d.l.e.s....... |
| \DIALOG\107\3081 | 202238 | 118 | 1F8238 | 0100FFFF0000000000000000C800C880040000000000040104010000000045006E007600690072006F006E006D0065006E00 | ..............................E.n.v.i.r.o.n.m.e.n. |
| \DIALOG\108\3081 | 202350 | 112 | 1F8350 | 0100FFFF00000000000000004800CC800400000000000501E400000000005400680072006500610064002000530074006100 | ............H.................T.h.r.e.a.d. .S.t.a. |
| \DIALOG\121\3081 | 202464 | 2EC | 1F8464 | 0100FFFF0000000000000000C808C8800800000000000E01C30000000000410062006F007500740000000800900100014D00 | ..............................A.b.o.u.t.........M. |
| \DIALOG\125\3081 | 202750 | F0 | 1F8750 | 0100FFFF000000000000000048040840040000000000ED00C9000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\126\3081 | 202840 | 3AA | 1F8840 | 0100FFFF0000000000000000C800C8801400000000001A01B70000000000470065006E006500720061006C00000008009001 | ..............................G.e.n.e.r.a.l....... |
| \DIALOG\128\3081 | 202BEC | 3D4 | 1F8BEC | 0100FFFF0000000000000000C800C8801300000000000401B50000000000470065006E006500720061006C00000008009001 | ..............................G.e.n.e.r.a.l....... |
| \DIALOG\129\3081 | 202FC0 | FA | 1F8FC0 | 0100FFFF00000000000000004800CC800400000000003D01B8000000000049006E0066006F0072006D006100740069006F00 | ............H.........=.......I.n.f.o.r.m.a.t.i.o. |
| \DIALOG\130\3081 | 2030BC | 144 | 1F90BC | 0100FFFF00000000000000004800CC800500000000006501E90000000000460069006E0064002000480061006E0064006C00 | ............H.........e.......F.i.n.d. .H.a.n.d.l. |
| \DIALOG\131\3081 | 203200 | 3F4 | 1F9200 | 0100FFFF0000000000000000C800C880110000000000040104010000000054006F006B0065006E0000000800900100014D00 | ..............................T.o.k.e.n.........M. |
| \DIALOG\135\3081 | 2035F4 | 256 | 1F95F4 | 0100FFFF00000000000000004800CC800800000000005101DD0000000000480069006400640065006E002000500072006F00 | ............H.........Q.......H.i.d.d.e.n. .P.r.o. |
| \DIALOG\136\3081 | 20384C | 3D0 | 1F984C | 0100FFFF0000000000000000C800C88013000000000016017F0000000000520075006E002000410073000000080090010001 | ..............................R.u.n. .A.s......... |
| \DIALOG\137\3081 | 203C1C | F8 | 1F9C1C | 0100FFFF0000000000000000C800C880030000000000D8003E0000000000500072006F006700720065007300730000000800 | ........................>.....P.r.o.g.r.e.s.s..... |
| \DIALOG\138\3081 | 203D14 | E6 | 1F9D14 | 0100FFFF0000000000000000C800C8800300000000004201A200000000005000610067006500660069006C00650073000000 | ......................B.......P.a.g.e.f.i.l.e.s... |
| \DIALOG\139\3081 | 203DFC | 3CC | 1F9DFC | 0100FFFF0000000000000000C800C8801500000000000E01E40000000000470065006E006500720061006C00000008009001 | ..............................G.e.n.e.r.a.l....... |
| \DIALOG\140\3081 | 2041C8 | 280 | 1FA1C8 | 0100FFFF0000000000000000C800C8800C0000000000EC00BA000000000041006400760061006E0063006500640000000800 | ..............................A.d.v.a.n.c.e.d..... |
| \DIALOG\141\3081 | 204448 | 208 | 1FA448 | 0100FFFF0000000000000000C800C88009000000000004010401000000004A006F00620000000800900100014D0053002000 | ..............................J.o.b.........M.S. . |
| \DIALOG\142\3081 | 204650 | 18A | 1FA650 | 0100FFFF0000000000000000C800C880070000000000BA004C00000000004500760065006E00740000000800900100014D00 | ........................L.....E.v.e.n.t.........M. |
| \DIALOG\143\3081 | 2047DC | 166 | 1FA7DC | 0100FFFF0000000000000000C800C880060000000000BA004C00000000004D007500740061006E0074000000080090010001 | ........................L.....M.u.t.a.n.t......... |
| \DIALOG\144\3081 | 204944 | 18A | 1FA944 | 0100FFFF0000000000000000C800C880060000000000BA004C0000000000530065006D006100700068006F00720065000000 | ........................L.....S.e.m.a.p.h.o.r.e... |
| \DIALOG\145\3081 | 204AD0 | DC | 1FAAD0 | 0100FFFF0000000000000000C800C880030000000000BA004C0000000000540069006D006500720000000800900100014D00 | ........................L.....T.i.m.e.r.........M. |
| \DIALOG\146\3081 | 204BAC | 760 | 1FABAC | 0100FFFF0000000000000000C800C8802400000000000301BA00000000005300740061007400690073007400690063007300 | ................$.............S.t.a.t.i.s.t.i.c.s. |
| \DIALOG\147\3081 | 20530C | B4 | 1FB30C | 0100FFFF0000000000000000C800C880020000000000BA004C00000000004500760065006E00740020005000610069007200 | ........................L.....E.v.e.n.t. .P.a.i.r. |
| \DIALOG\148\3081 | 2053C0 | 154 | 1FB3C0 | 0100FFFF0000000000000000C800C880060000000000FF004C0000000000530065006300740069006F006E00000008009001 | ........................L.....S.e.c.t.i.o.n....... |
| \DIALOG\149\3081 | 205514 | CAC | 1FB514 | 0100FFFF0000000000000000C800C8804500000000001701E3000000000041006600660069006E0069007400790000000800 | ................E.............A.f.f.i.n.i.t.y..... |
| \DIALOG\150\3081 | 2061C0 | 14A | 1FC1C0 | 0100FFFF00000000000004004800CF80030000000000A701F70000000000530079007300740065006D00200049006E006600 | ............H.................S.y.s.t.e.m. .I.n.f. |
| \DIALOG\152\3081 | 20630C | 1DC | 1FC30C | 0100FFFF0000000000000000C800C8800A00000000001A01A300000000004D00650073007300610067006500000008009001 | ..............................M.e.s.s.a.g.e....... |
| \DIALOG\153\3081 | 2064E8 | 462 | 1FC4E8 | 0100FFFF0000000000000000C800C880150000000000C900950000000000530065007300730069006F006E00200050007200 | ..............................S.e.s.s.i.o.n. .P.r. |
| \DIALOG\154\3081 | 20694C | 122 | 1FC94C | 0100FFFF0000000000000000C800C88004000000000004010401000000004D0065006D006F00720079000000080090010001 | ..............................M.e.m.o.r.y......... |
| \DIALOG\155\3081 | 206A70 | 154 | 1FCA70 | 0100FFFF0000000000000000C800C880070000000000C7004900000000004400690061006C006F0067000000080090010001 | ........................I.....D.i.a.l.o.g......... |
| \DIALOG\162\3081 | 206BC4 | 482 | 1FCBC4 | 0100FFFF0000000000000000C800C880120000000000FA009A0000000000470065006E006500720061006C00000008009001 | ..............................G.e.n.e.r.a.l....... |
| \DIALOG\163\3081 | 207048 | 2DA | 1FD048 | 0100FFFF0000000000000000C800C8800A0000000000FA00AE000000000048006900670068006C0069006700680074006900 | ..............................H.i.g.h.l.i.g.h.t.i. |
| \DIALOG\166\3081 | 207324 | 2AA | 1FD324 | 0100FFFF0000000000000000C800C8800B00000000007D01CF0000000000430068006F006F0073006500200043006F006C00 | ......................}.......C.h.o.o.s.e. .C.o.l. |
| \DIALOG\167\3081 | 2075D0 | BE | 1FD5D0 | 0100FFFF00000000000000004800CC800200000000000501E400000000004E006500740077006F0072006B00200053007400 | ............H.................N.e.t.w.o.r.k. .S.t. |
| \DIALOG\168\3081 | 207690 | 2E0 | 1FD690 | 0100FFFF0000000000000000C800C8800F00000000001F018500000000004300720065006100740065002000530065007200 | ..............................C.r.e.a.t.e. .S.e.r. |
| \DIALOG\169\3081 | 207970 | 168 | 1FD970 | 0100FFFF0000000000000000C800C880060000000000040104010000000050006500720066006F0072006D0061006E006300 | ..............................P.e.r.f.o.r.m.a.n.c. |
| \DIALOG\170\3081 | 207AD8 | B8C | 1FDAD8 | 0100FFFF0000000000000000C800C8803B000000000004010401000000005300740061007400690073007400690063007300 | ................;.............S.t.a.t.i.s.t.i.c.s. |
| \DIALOG\171\3081 | 208664 | 4AA | 1FE664 | 0100FFFF0000000000000000C800C8800D0000000000FA0096000000000041006400760061006E0063006500640000000800 | ..............................A.d.v.a.n.c.e.d..... |
| \DIALOG\175\3081 | 208B10 | EA | 1FEB10 | 0100FFFF0000000000000000C800C8800300000000005F013301000000004700440049002000480061006E0064006C006500 | ......................_.3.....G.D.I. .H.a.n.d.l.e. |
| \DIALOG\178\3081 | 208BFC | 166 | 1FEBFC | 0100FFFF00000000000004004800CF8006000000000039012F01000000004C006F00670000000800900100014D0053002000 | ............H.........9./.....L.o.g.........M.S. . |
| \DIALOG\179\3081 | 208D64 | 184 | 1FED64 | 0100FFFF0000000000000000C800C880060000000000FA004B0000000000530079006D0062006F006C007300000008009001 | ........................K.....S.y.m.b.o.l.s....... |
| \DIALOG\180\3081 | 208EE8 | 184 | 1FEEE8 | 0100FFFF00000000000004004800CF80070000000000B9010D01000000004D0065006D006F00720079000000080090010001 | ............H.................M.e.m.o.r.y......... |
| \DIALOG\182\3081 | 20906C | 128 | 1FF06C | 0100FFFF0000000000000000C800C8800500000000000E01AB00000000004D0065006D006F00720079002000500072006F00 | ..............................M.e.m.o.r.y. .P.r.o. |
| \DIALOG\183\3081 | 209194 | 166 | 1FF194 | 0100FFFF00000000000000004800CF8006000000000039010A010000000052006500730075006C0074007300000008009001 | ............H.........9.......R.e.s.u.l.t.s....... |
| \DIALOG\185\3081 | 2092FC | 250 | 1FF2FC | 0100FFFF0000000000000000C800C880090000000000F10056000000000053007400720069006E0067002000530065006100 | ........................V.....S.t.r.i.n.g. .S.e.a. |
| \DIALOG\186\3081 | 20954C | 468 | 1FF54C | 0100FFFF0000000000000000C800C8800F0000000000FA009C00000000004700720061007000680073000000080090010001 | ..............................G.r.a.p.h.s......... |
| \DIALOG\187\3081 | 2099B4 | 46E | 1FF9B4 | 0100FFFF0000000000000000C800C880160000000000230110010000000050006C007500670069006E007300000008009001 | .............................P.l.u.g.i.n.s....... |
| \DIALOG\188\3081 | 209E24 | C6 | 1FFE24 | 0100FFFF0000000000000000C800C880020000000000DB00AF0000000000480061006E0064006C0065002000530074006100 | ..............................H.a.n.d.l.e. .S.t.a. |
| \DIALOG\189\3081 | 209EEC | 41E | 1FFEEC | 0100FFFF0000000000000000C800C8801700000000000401CA0000000000500072006F006300650073007300200052006500 | ..............................P.r.o.c.e.s.s. .R.e. |
| \DIALOG\190\3081 | 20A30C | 184 | 20030C | 0100FFFF00000000000000004800CC800500000000003D01EF0000000000530065006C006500630074002000610020005000 | ............H.........=.......S.e.l.e.c.t. .a. .P. |
| \DIALOG\191\3081 | 20A490 | 80 | 200490 | 0100FFFF0000000000000000C800C88001000000000004010501000000005300650072007600690063006500730000000800 | ..............................S.e.r.v.i.c.e.s..... |
| \DIALOG\193\3081 | 20A510 | 210 | 200510 | 0100FFFF0000000000000000C800C880070000000000E400540000000000520065006D006F0074006500200043006F006E00 | ........................T.....R.e.m.o.t.e. .C.o.n. |
| \DIALOG\194\3081 | 20A720 | 90 | 200720 | 0100FFFF0000000000000000C800C8800100000000000E01E400000000004300610070006100620069006C00690074006900 | ..............................C.a.p.a.b.i.l.i.t.i. |
| \DIALOG\195\3081 | 20A7B0 | 84 | 2007B0 | 0100FFFF0000000000000000C800C8800100000000000E01E400000000004100740074007200690062007500740065007300 | ..............................A.t.t.r.i.b.u.t.e.s. |
| \DIALOG\196\3081 | 20A834 | 110 | 200834 | 0100FFFF0000000000000100C804C8400400000000003C01C3000000000043005000550000000800900100014D0053002000 | ...............@......<.......C.P.U.........M.S. . |
| \DIALOG\197\3081 | 20A944 | 4C4 | 200944 | 0100FFFF000000000000010048000840170000000000ED0056000000000000000800900100014D0053002000530068006500 | ............H..@........V.............M.S. .S.h.e. |
| \DIALOG\198\3081 | 20AE08 | F5C | 200E08 | 0100FFFF0000000000000100480008404F00000000006601AB000000000000000800900100014D0053002000530068006500 | ............H..@O.....f...............M.S. .S.h.e. |
| \DIALOG\199\3081 | 20BD64 | 1A0 | 201D64 | 0100FFFF0000000000000100C804C8400600000000003C01FA00000000004D0065006D006F00720079000000080090010001 | ...............@......<.......M.e.m.o.r.y......... |
| \DIALOG\200\3081 | 20BF04 | E0 | 201F04 | 0100FFFF0000000000000000C804C8400300000000003C01BB000000000049002F004F0000000800900100014D0053002000 | ...............@......<.......I./.O.........M.S. . |
| \DIALOG\201\3081 | 20BFE4 | 550 | 201FE4 | 0100FFFF0000000000000000480008401A000000000014014B000000000000000800900100014D0053002000530068006500 | ............H..@........K.............M.S. .S.h.e. |
| \DIALOG\202\3081 | 20C534 | 80C | 202534 | 0100FFFF0000000008000000C800CA802A0000000000E400C300000000004D0065006D006F007200790020004C0069007300 | ................*.............M.e.m.o.r.y. .L.i.s. |
| \DIALOG\205\3081 | 20CD40 | 40 | 202D40 | 0100FFFF0000000000000100480408400000000000003C01B6000000000000000800900100014D00530020005300680065006C006C00200044006C0067000000 | ............H..@......<...............M.S. .S.h.e.l.l. .D.l.g... |
| \DIALOG\206\3081 | 20CD80 | 958 | 202D80 | 0100FFFF0000000000000100480008402F0000000000E600AB000000000000000800900100014D0053002000530068006500 | ............H..@/.....................M.S. .S.h.e. |
| \DIALOG\207\3081 | 20D6D8 | 102 | 2036D8 | 0100FFFF000000000000000048040040040000000000D90096000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\210\3081 | 20D7DC | 78 | 2037DC | 0100FFFF0000000000000000C800C880010000000000D9008D000000000043005000550000000800900100014D0053002000 | ..............................C.P.U.........M.S. . |
| \DIALOG\215\3081 | 20D854 | 11C | 203854 | 0100FFFF0000000000000000C800C8800400000000001501D900000000004D0069007400690067006100740069006F006E00 | ..............................M.i.t.i.g.a.t.i.o.n. |
| \DIALOG\221\3081 | 20D970 | 15C | 203970 | 0100FFFF00000000000000004800CC800600000000003701B100000000004500640069007400200045006E00760069007200 | ............H.........7.......E.d.i.t. .E.n.v.i.r. |
| \ACCELERATOR\102\3081 | 20DACC | 68 | 203ACC | 03001B00FE9C00000B004600929C00000B0052008C9C00000F0052008E9C00000B0053004A9C00000B004C00A89C00000B00 | ..........F.......R.......R.......S.J.....L....... |
| \ACCELERATOR\198\3081 | 20DB34 | 70 | 203B34 | 03003100479D000003003200489D000003003300499D0000030034004A9D0000030035004B9D0000030036004C9D00000300 | ..1.G.....2.H.....3.I.....4.J.....5.K.....6.L..... |
| \GROUP_ICON\IDR_MAINFRAME\1033 | 20DBA4 | 76 | 203BA4 | 000001000800000000000100200092590000010040400000010020002842000002003030000001002000A825000003002828 | ............ ..Y....@@.... .(B....00.... ..%....(( |
| \GROUP_ICON\IDR_MAINFRAME_2\1033 | 20DC1C | 14 | 203C1C | 0000010001000101000001001800300000000900 | ..............0..... |
| \GROUP_ICON\IDR_MAINFRAME_3\1033 | 20DC30 | 14 | 203C30 | 0000010001000101000001001800300000000A00 | ..............0..... |
| \GROUP_ICON\IDR_MAINFRAME_4\1033 | 20DC44 | 14 | 203C44 | 0000010001000101000001001800300000000B00 | ..............0..... |
| \GROUP_ICON\IDR_SXS\1033 | 20DC58 | 76 | 203C58 | 0000010008000000000001002000565500000C004040000001002000284200000D003030000001002000A82500000E002828 | ............ .VU....@@.... .(B....00.... ..%....(( |
| \GROUP_ICON\IDR_X001_APP_LIST\1033 | 20DCD0 | 68 | 203CD0 | 0000010007003030000001000800A80E000014002020000001000800A8080000150010100000010008006805000016000000 | ......00............ ....................h....... |
| \GROUP_ICON\IDR_X002_APP_LIST_SXS\1033 | 20DD38 | 68 | 203D38 | 0000010007003030000001000800A80E00001B002020000001000800A80800001C001010000001000800680500001D000000 | ......00............ ....................h....... |
| \GROUP_ICON\IDR_X003_INCOGNITO\1033 | 20DDA0 | 68 | 203DA0 | 000001000700101000000100200068040000220018180000010020008809000023002020000001002000A810000024003030 | ............ .h..."....... ...... .... .....$.00 |
| \GROUP_ICON\IDR_X004_DEV\1033 | 20DE08 | 76 | 203E08 | 00000100080000000000010020003854000029004040000001002000284200002A003030000001002000A82500002B002828 | ............ .8T..).@@.... .(B..*.00.... ..%..+.(( |
| \GROUP_ICON\IDR_X005_BETA\1033 | 20DE80 | 76 | 203E80 | 00000100080000000000010020001B540000310040400000010020002842000032003030000001002000A825000033002828 | ............ ..T..1.@@.... .(B..2.00.... ..%..3.(( |
| \GROUP_ICON\IDR_X006_HTML_DOC\1033 | 20DEF8 | 76 | 203EF8 | 00000100080000000000010020009259000039004040000001002000284200003A003030000001002000A82500003B002828 | ............ ..Y..9.@@.... .(B..:.00.... ..%..;.(( |
| \GROUP_ICON\IDR_X007_PDF_DOC\1033 | 20DF70 | 76 | 203F70 | 0000010008000000000001002000C1110000410040400000010020002842000042003030000001002000A825000043002828 | ............ .....A.@@.... .(B..B.00.... ..%..C.(( |
| \GROUP_ICON\IDR_X008_INCOGNITO_HC_W\1033 | 20DFE8 | 68 | 203FE8 | 00000100070010100000010020006804000049001818000001002000880900004A002020000001002000A81000004B003030 | ............ .h...I....... .....J. .... .....K.00 |
| \GROUP_ICON\IDR_X009_DEFAULT_ICON\1033 | 20E050 | 3E | 204050 | 00000100040010100000010020006804000050002020000001002000A810000051003030000001002000A8250000520000000000010020007C0400005300 | ............ .h...P. .... .....Q.00.... ..%..R....... .|...S. |
| \GROUP_ICON\IDR_X010_NEW_WINDOW\1033 | 20E090 | 3E | 204090 | 00000100040010100000010020006804000054002020000001002000A810000055003030000001002000A8250000560000000000010020001B0400005700 | ............ .h...T. .... .....U.00.... ..%..V....... .....W. |
| \GROUP_ICON\IDR_X011_WEBWIDGET_ICON\1033 | 20E0D0 | 68 | 2040D0 | 0000010007000000000001002000DA02000058003030000001002000A825000059003030020001000100300300005A002020 | ............ .....X.00.... ..%..Y.00......0...Z. |
| \GROUP_ICON\IDR_X012_EYE_HIDE_ICON\1033 | 20E138 | 3E | 204138 | 0000010004001010000001002000680400005F0000000000010020006A13000060002020000001002000A810000061003030000001002000A82500006200 | ............ .h..._....... .j.... .... .....a.00.... ..%..b. |
| \GROUP_ICON\IDR_X013_EYE_SHOW_ICON\1033 | 20E178 | 3E | 204178 | 000001000400101000000100200068040000630000000000010020000212000064002020000001002000A810000065003030000001002000A82500006600 | ............ .h...c....... .....d. .... .....e.00.... ..%..f. |
| \VERSION\1\1033 | 20E1B8 | 43C | 2041B8 | 3C0434000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | <.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\3081 | 20E5F4 | 6DC | 2045F4 | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| Intelligent String |
| • dumpautopool • dumpobj • mscoree.dll • <a href="http://forum.sysinternals.com">Sysinternals Forums</a> • <a href="http://www.reactos.org">ReactOS</a> • <a href="http://www.minixml.org">Mini-XML</a> by Michael Sweet • <a href="http://www.pcre.org">PCRE</a> • <a href="http://www.famfamfam.com/lab/icons/silk">Silk icons</a> • <a href="http://www.fatcow.com/free-icons">Farm-fresh web icons</a> • csrss.exe • dwm.exe • logonui.exe • lsass.exe • lsm.exe • services.exe • smss.exe • wininit.exe • winlogon.exe • \x86\ProcessHacker.exe • \..\x86\ProcessHacker.exe • \..\Release32\ProcessHacker.exe • *.dll • iphlpapi.dll • user32.dll • ntdll.dll • kernel32.dll • \explorer.exe • \smss.exe • \csrss.exe • \wininit.exe • \services.exe • \lsass.exe • \lsm.exe • \winlogon.exe • \svchost.exe • \rundll32.exe • \dllhost.exe • \taskeng.exe • \taskhost.exe • \taskhostex.exe • \taskhostw.exe • \wudfhost.exe • .exe • *.txt • Hidden Processes.txt • Information.txt • Process Hacker Log.txt • ProcessHacker.exe • kprocesshacker.sys • ProcessHacker.sig • .settings.xml • \Process Hacker 2\settings.xml • TASKMGR.EXE • \kprocesshacker.sys • \Windows Kits\10\Debuggers\x64\dbghelp.dll • \Windows Kits\8.1\Debuggers\x64\dbghelp.dll • \Windows Kits\8.0\Debuggers\x64\dbghelp.dll • \Debugging Tools for Windows (x64)\dbghelp.dll • *.txt;*.log • *.csv • Process Hacker %s.txt • *.exe;*.dll • \taskmgr.exe • https://sourceforge.net/project/project_donations.php?group_id=242527 • RunAsProgram • \symsrv.dll • dbghelp.dll • Dump files (*.dmp) • *.dmp • .dmp • Unable to access the dump file • Creating the dump file... • Unable to create the minidump thread • Unable to create the minidump • *.bin • %s_0x%Ix-0x%Ix.bin • Memory.bin • Search results.txt • ws2_32.dll • Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe • ExtendedTools.dll • .dll • \AppxMetadata\CodeIntegrity.cat • .bin • RunAsUserName • *.exe;*.pif;*.com;*.bat • peview.exe "%s" • http://www.google.com/search?q="%s" • *.exe;*.sys • advapi32.dll • winsta.dll • userenv.dll • runas • explorer.exe • \regedit.exe • regedit.exe • symsrv.dll • MiniDumpWriteDump • \SysWow64\kernel32.dll • \SysWow64\ntdll.dll • \System32\ntdll.dll • \System32\kernel32.dll • \SystemRoot\system32\drivers\ntfs.sys • .sys • clr.dll • mscorwks.dll • mscorsvr.dll • mscorlib.dll • mscorlib.ni.dll • clrjit.dll • TaskDialogIndirect • comctl32.dll • shell32.dll • shlwapi.dll • \imageres.dll • \user32.dll • \shell32.dll • aclui.dll • uxtheme.dll • wintrust.dll • crypt32.dll • CryptCATCatalogInfoFromContext • cryptui.dll • D:\Projects\processhacker2\bin\Release64\ProcessHacker.pdb • .bss • WINSTA.dll • KERNEL32.dll • dCreateDialogIndirectParamW • COMDLG32.dll • dCreate dump file... • <a href="http://processhacker.sourceforge.net">Process Hacker on SourceForge.net</a> • msedge.exe • <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"> • <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2011/WindowsSettings"> • +0U 00Hl00:+.http://www.digicert.com/ssl-cps-repository.htm0d+0VRAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference.0U00+s0q0$+0http://ocsp.digicert.com0I+0=http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0U00@><:http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@><:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0UHkX.ed0U0>iG&cd+0*HI||Kdi)}@f&3/DU5p • H0F08 • https://www.digicert.com/CPS0 • I0G08 |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 645 | N/A | .text | CALL QWORD PTR [RIP+0x10055D] |
| 680 | N/A | .text | CALL QWORD PTR [RIP+0x10051A] |
| 6B0 | N/A | .text | CALL QWORD PTR [RIP+0x1004EA] |
| 9F7 | N/A | .text | CALL QWORD PTR [RIP+0x1001C3] |
| A5E | N/A | .text | CALL QWORD PTR [RIP+0x100164] |
| B11 | N/A | .text | CALL QWORD PTR [RIP+0xFFB91] |
| B26 | N/A | .text | CALL QWORD PTR [RIP+0xFFB74] |
| D12 | N/A | .text | CALL QWORD PTR [RIP+0x100840] |
| E58 | N/A | .text | CALL QWORD PTR [RIP+0x100712] |
| EFE | N/A | .text | CALL QWORD PTR [RIP+0x100694] |
| FBD | N/A | .text | CALL QWORD PTR [RIP+0x10045D] |
| FDA | N/A | .text | CALL QWORD PTR [RIP+0x1005B0] |
| 1049 | N/A | .text | CALL QWORD PTR [RIP+0xFFB61] |
| 1060 | N/A | .text | CALL QWORD PTR [RIP+0xFF95A] |
| 10FD | N/A | .text | CALL QWORD PTR [RIP+0xFFAB5] |
| 1114 | N/A | .text | CALL QWORD PTR [RIP+0xFF8A6] |
| 11B6 | N/A | .text | CALL QWORD PTR [RIP+0x1003CC] |
| 1206 | N/A | .text | CALL QWORD PTR [RIP+0x10037C] |
| 128C | N/A | .text | CALL QWORD PTR [RIP+0xFF926] |
| 12A3 | N/A | .text | CALL QWORD PTR [RIP+0xFF717] |
| 137C | N/A | .text | CALL QWORD PTR [RIP+0xFF836] |
| 139A | N/A | .text | CALL QWORD PTR [RIP+0xFF818] |
| 13A4 | N/A | .text | CALL QWORD PTR [RIP+0xFF616] |
| 1469 | N/A | .text | CALL QWORD PTR [RIP+0xFFB89] |
| 14DD | N/A | .text | CALL QWORD PTR [RIP+0xFF6B5] |
| 153D | N/A | .text | CALL QWORD PTR [RIP+0xFFAB5] |
| 154B | N/A | .text | CALL QWORD PTR [RIP+0xFF46F] |
| 1620 | N/A | .text | CALL QWORD PTR [RIP+0xFF572] |
| 168E | N/A | .text | CALL QWORD PTR [RIP+0xFF95C] |
| 16A5 | N/A | .text | CALL QWORD PTR [RIP+0xFF315] |
| 177C | N/A | .text | CALL QWORD PTR [RIP+0xFF866] |
| 1793 | N/A | .text | CALL QWORD PTR [RIP+0xFF227] |
| 18C6 | N/A | .text | CALL QWORD PTR [RIP+0xFF824] |
| 1951 | N/A | .text | CALL QWORD PTR [RIP+0xFFAB9] |
| 195F | N/A | .text | CALL QWORD PTR [RIP+0xFFC2B] |
| 1AE3 | N/A | .text | CALL QWORD PTR [RIP+0xFF607] |
| 1B2C | N/A | .text | CALL QWORD PTR [RIP+0xFF81E] |
| 1B37 | N/A | .text | CALL QWORD PTR [RIP+0xFFA53] |
| 1DC4 | N/A | .text | CALL QWORD PTR [RIP+0xFF326] |
| 1E22 | N/A | .text | CALL QWORD PTR [RIP+0xFF6A8] |
| 1E2F | N/A | .text | CALL QWORD PTR [RIP+0xFF75B] |
| 1EF9 | N/A | .text | CALL QWORD PTR [RIP+0xFF421] |
| 202A | N/A | .text | CALL QWORD PTR [RIP+0xFF0C0] |
| 2088 | N/A | .text | CALL QWORD PTR [RIP+0xFF442] |
| 2095 | N/A | .text | CALL QWORD PTR [RIP+0xFF4F5] |
| 2259 | N/A | .text | CALL QWORD PTR [RIP+0xFF1B1] |
| 2324 | N/A | .text | CALL QWORD PTR [RIP+0xFEDC6] |
| 235B | N/A | .text | CALL QWORD PTR [RIP+0xFF1DF] |
| 2368 | N/A | .text | CALL QWORD PTR [RIP+0xFF222] |
| 242C | N/A | .text | CALL QWORD PTR [RIP+0xFEEEE] |
| 25B4 | N/A | .text | CALL QWORD PTR [RIP+0xFEB36] |
| 25EB | N/A | .text | CALL QWORD PTR [RIP+0xFED77] |
| 25F8 | N/A | .text | CALL QWORD PTR [RIP+0xFEF92] |
| 26BC | N/A | .text | CALL QWORD PTR [RIP+0xFEC5E] |
| 2857 | N/A | .text | CALL QWORD PTR [RIP+0xFE893] |
| 28C8 | N/A | .text | CALL QWORD PTR [RIP+0xFEA82] |
| 28F2 | N/A | .text | CALL QWORD PTR [RIP+0xFEC20] |
| 291C | N/A | .text | CALL QWORD PTR [RIP+0xFEBF6] |
| 2978 | N/A | .text | CALL QWORD PTR [RIP+0xFEB9A] |
| 29BF | N/A | .text | CALL QWORD PTR [RIP+0xFEBCB] |
| 29F9 | N/A | .text | CALL QWORD PTR [RIP+0xFEB91] |
| 2A5E | N/A | .text | CALL QWORD PTR [RIP+0xFEB2C] |
| 2BE3 | N/A | .text | CALL QWORD PTR [RIP+0xFE51F] |
| 2BF4 | N/A | .text | CALL QWORD PTR [RIP+0xFE996] |
| 2C8C | N/A | .text | CALL QWORD PTR [RIP+0xFE8FE] |
| 2CAF | N/A | .text | CALL QWORD PTR [RIP+0xFE853] |
| 2CDB | N/A | .text | CALL QWORD PTR [RIP+0xFE8AF] |
| 2F4B | N/A | .text | CALL QWORD PTR [RIP+0xFE19F] |
| 2FAC | N/A | .text | CALL QWORD PTR [RIP+0xFE5C6] |
| 2FB8 | N/A | .text | CALL QWORD PTR [RIP+0xFE5D2] |
| 3111 | N/A | .text | CALL QWORD PTR [RIP+0xFDFD9] |
| 3156 | N/A | .text | CALL QWORD PTR [RIP+0xFE304] |
| 31A8 | N/A | .text | CALL QWORD PTR [RIP+0xFE0B2] |
| 31B5 | N/A | .text | CALL QWORD PTR [RIP+0xFE3D5] |
| 31C0 | N/A | .text | CALL QWORD PTR [RIP+0xFE3CA] |
| 3290 | N/A | .text | CALL QWORD PTR [RIP+0xFDE5A] |
| 32E8 | N/A | .text | CALL QWORD PTR [RIP+0xFE062] |
| 331A | N/A | .text | CALL QWORD PTR [RIP+0xFE240] |
| 3330 | N/A | .text | CALL QWORD PTR [RIP+0xFE022] |
| 3340 | N/A | .text | CALL QWORD PTR [RIP+0xFE24A] |
| 334E | N/A | .text | CALL QWORD PTR [RIP+0xFE23C] |
| 34C4 | N/A | .text | CALL QWORD PTR [RIP+0xFDC26] |
| 352D | N/A | .text | CALL QWORD PTR [RIP+0xFE05D] |
| 3635 | N/A | .text | CALL QWORD PTR [RIP+0xFDAB5] |
| 368C | N/A | .text | CALL QWORD PTR [RIP+0xFDEE6] |
| 36A0 | N/A | .text | CALL QWORD PTR [RIP+0xFDEEA] |
| 376C | N/A | .text | CALL QWORD PTR [RIP+0xFDBAE] |
| 3896 | N/A | .text | CALL QWORD PTR [RIP+0xFD854] |
| 38E6 | N/A | .text | CALL QWORD PTR [RIP+0xFDC8C] |
| 38FA | N/A | .text | CALL QWORD PTR [RIP+0xFDC90] |
| 3A05 | N/A | .text | CALL QWORD PTR [RIP+0xFD6E5] |
| 3A61 | N/A | .text | CALL QWORD PTR [RIP+0xFDB11] |
| 3A75 | N/A | .text | CALL QWORD PTR [RIP+0xFDB15] |
| 3B41 | N/A | .text | CALL QWORD PTR [RIP+0xFD7D9] |
| 3C45 | N/A | .text | CALL QWORD PTR [RIP+0xFC86D] |
| 3C5D | N/A | .text | CALL QWORD PTR [RIP+0xFC81D] |
| 3C69 | N/A | .text | CALL QWORD PTR [RIP+0xFC871] |
| 3C7C | N/A | .text | CALL QWORD PTR [RIP+0xFC876] |
| 3C8E | N/A | .text | CALL QWORD PTR [RIP+0xFC84C] |
| 3C9C | N/A | .text | CALL QWORD PTR [RIP+0xFCD1E] |
| 1225A0-12299F | N/A | .rdata | Potential obfuscated jump sequence detected, count: 512 |
| 188CF0-188D87 | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 76 |
| 188FEC-18908B | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 80 |
| 1890AC-18914B | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 80 |
| 18916C-18920B | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 80 |
| 18B194-18B1F3 | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 48 |
| 18B290-18B2F7 | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 52 |
| 18B310-18B377 | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 52 |
| 18EC20-18ECB7 | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 76 |
| 18EF1C-18EFBB | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 80 |
| 18EFDC-18F07B | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 80 |
| 18F09C-18F13B | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 80 |
| 1910C4-191123 | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 48 |
| 1911C0-191227 | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 52 |
| 191240-1912A7 | N/A | .rsrc | Potential obfuscated jump sequence detected, count: 52 |
| 206400 | N/A | *Overlay* | 203A00000002020030823A0D06092A864886F70D | :......0.:...*.H... |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 1108165 | 51,8408% |
| Null Byte Code | 503199 | 23,54% |
© 2026 All rights reserved.