PESCAN.IO — Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Executable header (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Size: 4,50 MB
SHA-256 Hash: 116438AEC169C78918BBFD58A2BDF3892BCE36063A7C868A6E39399608B8506F
SHA-1 Hash: DFF1074B32AD2C1E70EBADB50C1AC88E5954E3DF
MD5 Hash: 3208AEEC3CEA40150D6CB9FD35AF7EE8
Imphash: CA1BF874E3740029326330576E38145E
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 0048304A
EntryPoint (rva): 34E490
SizeOfHeaders: 400
SizeOfImage: 482000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 45CA60
IAT: 360000
Characteristics: 22
TimeDateStamp: 695EC443
Date: 07/01/2026 20:38:27
File Type: EXE
Number Of Sections: 5
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .reloc
Number Of Executable Sections: 1
Subsystem: Windows Console

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	60000020 (Code, Executable, Readable)	400	35EE00	1000	35EC2C	6,2422	34507672,98
.rdata	40000040 (Initialized Data, Readable)	35F200	FDC00	360000	FDAA8	5,4242	35861867,46
.data	C0000040 (Initialized Data, Readable, Writeable)	45CE00	200	45E000	C90	1,9228	76751,00
.pdata	40000040 (Initialized Data, Readable)	45D000	1C400	45F000	1C380	6,3741	2034773,42
.reloc	42000040 (Initialized Data, GP-Relative, Readable)	479400	5600	47C000	5478	5,4383	124683,72

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 34D890
Code -> 4883EC28E8DF0300004883C428E96AFEFFFFCCCC40534883EC20488BD933C9FF156B1F0100488BCBFF155A1F0100FF15B41E
• SUB RSP, 0X28
• CALL 0X13E8
• ADD RSP, 0X28
• JMP 0XE7C
• INT3
• INT3
• PUSH RBX
• SUB RSP, 0X20
• MOV RBX, RCX
• XOR ECX, ECX
• CALL QWORD PTR [RIP + 0X11F6B]
• MOV RCX, RBX
• CALL QWORD PTR [RIP + 0X11F5A]

Signatures

Rich Signature Analyzer:
Code -> E7A95791A3C839C2A3C839C2A3C839C2AAB0AAC2A9C839C2244138C3A1C839C224413AC3A7C839C224413DC3A9C839C224413CC3B4C839C2A3C838C226C839C2A3C839C2ACC839C235413BC3A2C839C252696368A3C839C2
Footprint md5 Hash -> 68BBA864D5733B10DD89866F1B45056A
• The Rich header apparently has not been modified
Certificate - Digital Signature:
• The file is signed and the signature is correct

Packer/Compiler

Detect It Easy (die)
• PE+(64): compiler: Microsoft Visual C/C++(-)[-]
• PE+(64): linker: Microsoft Linker(14.44**)[-]
• PE+(64): Sign tool: Windows Authenticode(2.0)[PKCS 7]
• Entropy: 6.25208

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	CreateMutexA	Create a named or unnamed mutex object for controlling access to a shared resource.
KERNEL32.DLL	GetModuleHandleA	Retrieves a handle to the specified module.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	LoadLibraryA	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	IsDebuggerPresent	Determines if the calling process is being debugged by a user-mode debugger.
KERNEL32.DLL	SleepEx	Pauses the execution of the current thread, optionally allowing the thread to be awakened by a kernel object or upon expiration of a timeout.

Windows REG

Software\PythonSearching \Software\Python\
Software\Python\
Software\Python,
Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\
Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\
Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\\Schemas
Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\\Schemas

File Access

\cmd.exe
.exe
?@\_cmd.exe
.pyenv/shimsScriptsbinpython.exepython3.exe
.pyenv/shimsScriptsbinpython.exe
.venvpyvenv.cfgbin/pythonScripts/python.exe
sys.exe
.pyenvpyenv-winpyenv.exe
managercrates\pet-poetry\src\manager.rs.poetrypoetry.localpipxvenvspoetry.exe
conda.exe
hon3.exe
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
VCRUNTIME140.dll
advapi32.dll
ntdll.dll
kernel32.dll
bcryptprimitives.dll
api-ms-win-core-synch-l1-2-0.dll
dbghelp.dll
activateactivate.bat
conda.execonda.bat
.dat
@.dat
environments.txt
Conda env in environments.txt
Found environments.txt
self.buf.ini
Temp
AppData
UserProfile

File Access (UNICODE)

NTDLL.DLL

Interest's Words

exec
attrib
start
ping
expand

Anti-VM/Sandbox/Debug Tricks

OllyDbg Libary - dbghelp.dll

URLs

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt
http://www.microsoft.com/pkiops/docs/primarycps.htm
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl
http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt
http://www.microsoft.com/pkiops/Docs/Repository.htm
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
https://github.com/clap-rs/clap/issues
https://code.visualstudio.com/

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	Unicode escape - \u00 - (Common Unicode escape sequences)
Text	Ascii	WinAPI Sockets (connect)
Text	Ascii	Registry (RegOpenKeyEx)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Anti-Analysis VM (IsDebuggerPresent)
Text	Ascii	Reconnaissance (FindNextFileW)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Execution (CreateProcessW)
Text	Ascii	Execution (CreateEventW)
Text	Ascii	Keyboard Key ({HOME})
Text	Ascii	Software that records user activity (Logger)
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)
Entry Point	Hex Pattern	PE-Exe Executable Image

Intelligent String

• api-ms-win-crt-math-l1-1-0.dll
• api-ms-win-crt-runtime-l1-1-0.dll
• advapi32.dll
• ntdll.dll
• C:\ProgrH
• s:\program files\undation.Python.PythonSoftwareFo________________4444444444444444
• D:\a\_work\1\s\crates\pet-jsonrpc\src\server.rs"6@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\builder\arg_group.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\serde_json-1.0.117\src\value\de.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\core\src\ops\function.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\aho-corasick-1.1.3\src\automaton.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\aho-corasick-1.1.3\src\packed\pattern.rsassertion failed: self.by_id.len() <= u16::MAX as usize
• d: patterns.len() >= 1D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\aho-corasick-1.1.3\src\packed\rabinkarp.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\aho-corasick-1.1.3\src\packed\teddy\generic.rsTeddy requires at least one pattern
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\aho-corasick-1.1.3\src\util\debug.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\aho-corasick-1.1.3\src\util\prefilter.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\aho-corasick-1.1.3\src\util\remapper.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\anstyle-parse-0.2.4\src\lib.rse6@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\anstream-0.6.14\src\wincon.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\anstyle-parse-0.2.4\src\params.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\anstream-0.6.14\src\adapter\strip.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\builder\arg.rs
• Fatal internal error. Please consider filing a bug report at https://github.com/clap-rs/clap/issues
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\builder\command.rsd6@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\util\graph.rsd6@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\builder\ext.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\error\format.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\error\mod.rsto pass '' as a value, use ' --
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\parser\arg_matcher.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\parser\error.rs6@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\parser\matches\arg_matches.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\parser\matches\matched_arg.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\parser\parser.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\parser\validator.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\mkeymap.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\output\help_template.rs6@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\util\flat_map.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_builder-4.5.7\src\util\flat_set.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_lex-0.7.1\src\ext.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\clap_lex-0.7.1\src\lib.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\std\src\sys\pal\windows\io.rs;7@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\env_logger-0.10.2\src\logger.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\env_logger-0.10.2\src\filter\mod.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\env_logger-0.10.2\src\fmt\writer\mod.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\env_logger-0.10.2\src\fmt\style.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\env_logger-0.10.2\src\fmt\mod.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\hashbrown-0.16.0\src\raw\mod.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\humantime-2.1.0\src\date.rsall times should be after the epochB7@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\memchr-2.7.4\src\arch\all\twoway.rs
• node_modules.cargo.devcontainer.github.git.tox.nox.hypothesis.ipynb_checkpoints.eggs.coverage.cache.pyre.ptype.pytest_cache.vscode__pycache____pypackages__.mypy_cachecython_debugenv.bakvenv.bak
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\std\src\thread\mod.rsZ7@
• :\ProgramData\conda\.condarc
• :\ProgramData\conda\condarc
• :\ProgramData\conda\condarc.d
• :\ProgramData\miniconda\.condarc
• :\ProgramData\miniconda\condarc
• :\ProgramData\miniconda\condarc.d
• :\ProgramData\miniconda3\.condarc
• :\ProgramData\miniconda3\condarc
• :\ProgramData\miniconda3\condarc.d
• :\ProgramData
• C:\ProgramData\conda\conda:\ProgramData\conda\conda
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml-0.8.14\src\value.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\base64-0.22.1\src\engine\mod.rsInvalid UTF8
• e::Incomplete(_)D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\winnow-0.6.13\src\parser.rsc7@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_edit-0.22.14\src\de\table.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_edit-0.22.14\src\parser\table.rs
• pet_poetry::managercrates\pet-poetry\src\manager.rs.poetrypoetry.localpipxvenvspoetry.exe
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\std\src\thread\scoped.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\serde_core-1.0.226\src\de\impls.rsoverflow deserializing SystemTime epoch offsetsecs_since_epochnanos_since_epoch
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\serde_json-1.0.117\src\de.rs7@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\generic-array-0.14.7\src\hex.rs
• import json, sys; print('093385e9-59f7-4a16-a604-14bf206256fe');print(json.dumps({'version': '.'.join(str(n) for n in sys.version_info), 'sys_prefix': sys.prefix, 'executable': sys.executable, 'is64_bit': sys.maxsize > 2**32}))
• D:\a\_work\1\s\crates\pet-jsonrpc\src\lib.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\std\src\path.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml-0.9.7\src\de\deserializer\table.rs
• D:\a\_work\1\s\crates\pet-python-utils\src\executable.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\std\src\sync\poison\once.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-1.10.5\src\regex\string.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\lazy_static-1.4.0\src\inline_lazy.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-1.10.5\src\builders.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\alloc\src\boxed\convert.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\aho-corasick-1.1.3\src\ahocorasick.rs%@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\aho-corasick-1.1.3\src\nfa\contiguous.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\aho-corasick-1.1.3\src\nfa\noncontiguous.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\aho-corasick-1.1.3\src\packed\api.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\memchr-2.7.4\src\arch\generic\packedpair.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\memchr-2.7.4\src\memmem\searcher.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\dfa\onepass.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\nfa\thompson\nfa.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\primitives.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\alphabet.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\dfa\remapper.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\search.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\hybrid\search.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\meta\error.rs8@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\meta\limited.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\meta\literal.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\meta\stopat.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\meta\strategy.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\meta\wrappers.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\nfa\thompson\backtrack.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\nfa\thompson\builder.rsmust call 'finish_pattern' first
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\nfa\thompson\compiler.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\nfa\thompson\map.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\nfa\thompson\pikevm.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\sparse_set.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\nfa\thompson\range_trie.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\captures.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\escape.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\interpolate.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\iter.rsassertion failed: m.is_empty()
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\utf8.rsassertion failed: b2 <= 256
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\pool.rsAhoCorasick::try_find is not expected to fail
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\prefilter\byteset.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\prefilter\memchr.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\prefilter\memmem.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\prefilter\teddy.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\wire.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\determinize\state.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\determinize\mod.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-automata-0.4.7\src\util\empty.rs98@
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\core\src\slice\sort\stable\quicksort.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\alloc\src\vec\mod.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-syntax-0.8.4\src\ast\parse.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-syntax-0.8.4\src\ast\visitor.rsU8@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-syntax-0.8.4\src\ast\mod.rsalphacntrllowerpunctspaceupper
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-syntax-0.8.4\src\debug.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-syntax-0.8.4\src\error.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-syntax-0.8.4\src\hir\interval.rs_8@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-syntax-0.8.4\src\hir\literal.rsassertion failed: seq1.len().map_or(true, |x| x <= self.limit_total)
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-syntax-0.8.4\src\hir\translate.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\regex-syntax-0.8.4\src\unicode.rs
• 1.1V1_110.0V10_011.0V11_012.0V12_012.1V12_113.0V13_014.0V14_015.0V15_02.0V2_02.1V2_13.0V3_03.1V3_13.2V3_24.0V4_04.1V4_15.0V5_05.1V5_15.2V5_26.0V6_06.1V6_16.2V6_26.3V6_37.0V7_08.0V8_09.0V9_0Unassignedunassignedv100v11v110v120v121v130v140v150v20v21v30v31v32v40v41v50v51v52v60v61v62v63v70v80v90
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\serde_core-1.0.226\src\de\mod.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\serde_core-1.0.226\src\format.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\serde_json-1.0.117\src\value\ser.rs
• NTDLL.DLL
• \\.\pipe\__rust_anonymous_pipe1__.
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\strsim-0.11.1\src\lib.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\std\src\io\mod.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\termcolor-1.4.1\src\lib.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\core\src\num\mod.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\alloc\src\collections\btree\map\entry.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\alloc\src\sync.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml-0.9.7\src\de\error.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml-0.9.7\src\de\parser\dearray.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml-0.9.7\src\de\parser\document.rsjZ>@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml-0.9.7\src\de\parser\inline_table.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml-0.9.7\src\de\parser\key.rs[>@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml-0.9.7\src\de\parser\value.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_datetime-0.6.6\src\datetime.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_datetime-0.7.2\src\datetime.rsT
• 8: corrupt contentsD:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\winnow-0.6.13\src\stream\mod.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\indexmap-2.11.4\src\map\core.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\indexmap-2.11.4\src\map\core\entry.rsk>@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\winnow-0.6.13\src\error.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_edit-0.22.14\src\array_of_tables.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_edit-0.22.14\src\encode.rs\u
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_edit-0.22.14\src\error.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_edit-0.22.14\src\inline_table.rsn>@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_edit-0.22.14\src\parser\datetime.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_edit-0.22.14\src\parser\document.rsgrammar ensures at least 1
• d: i < path.len()D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_edit-0.22.14\src\parser\error.rsHr>@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_edit-0.22.14\src\parser\inline_table.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_edit-0.22.14\src\parser\key.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_edit-0.22.14\src\parser\numbers.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_edit-0.22.14\src\parser\state.rsv>@
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\winnow-0.7.13\src\stream\token.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_parser-1.0.3\src\decoder\scalar.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_parser-1.0.3\src\decoder\string.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_parser-1.0.3\src\lexer\mod.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\toml_parser-1.0.3\src\parser\document.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\core\src\iter\traits\iterator.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\winreg-0.55.0\src\reg_key.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\core\src\str\pattern.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\alloc\src\slice.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\alloc\src\collections\btree\navigate.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\alloc\src\string.rs
• D:\a\_work\_temp\msrustup_home\packages\rust.tools-x86_64-pc-windows-msvc.1.85.1-ms-20250326.6\tools\lib/rustlib/src/rust\library\alloc\src\raw_vec.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\arraydeque-0.5.1\src\lib.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\hashbrown-0.14.5\src\raw\mod.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\yaml-rust2-0.8.1\src\parser.rs
• D:\a\_work\_temp\cargo_home\registry\src\index.crates.io-1949cf8c6b5b557f\yaml-rust2-0.8.1\src\yaml.rs
• pet.pdb
• .tls
• .bss
• api-ms-win-core-synch-l1-2-0.dll
• bcryptprimitives.dll
• api-ms-win-crt-stdio-l1-1-0.dll
• api-ms-win-crt-locale-l1-1-0.dll
• api-ms-win-crt-heap-l1-1-0.dll

Flow Anomalies

Offset	RVA	Section	Description
1BC2	N/A	.text	CALL QWORD PTR [RIP+0x35DB48]
1BD1	N/A	.text	CALL QWORD PTR [RIP+0x35DB31]
1EF6	N/A	.text	CALL QWORD PTR [RIP+0x35D814]
1F04	N/A	.text	CALL QWORD PTR [RIP+0x35D7FE]
1F2E	N/A	.text	CALL QWORD PTR [RIP+0x35D7DC]
1F40	N/A	.text	CALL QWORD PTR [RIP+0x35D7C2]
2216	N/A	.text	CALL QWORD PTR [RIP+0x35D4F4]
2225	N/A	.text	CALL QWORD PTR [RIP+0x35D4DD]
229C	N/A	.text	CALL QWORD PTR [RIP+0x35D46E]
22AE	N/A	.text	CALL QWORD PTR [RIP+0x35D454]
22EC	N/A	.text	CALL QWORD PTR [RIP+0x35D41E]
22FE	N/A	.text	CALL QWORD PTR [RIP+0x35D404]
2346	N/A	.text	CALL QWORD PTR [RIP+0x35D3C4]
2355	N/A	.text	CALL QWORD PTR [RIP+0x35D3AD]
33E8	N/A	.text	CALL QWORD PTR [RIP+0x35C47A]
3408	N/A	.text	CALL QWORD PTR [RIP+0x35C302]
3416	N/A	.text	CALL QWORD PTR [RIP+0x35C2EC]
341C	N/A	.text	CALL QWORD PTR [RIP+0x35C2EE]
342B	N/A	.text	CALL QWORD PTR [RIP+0x35C2D7]
343C	N/A	.text	CALL QWORD PTR [RIP+0x35C2CE]
344A	N/A	.text	CALL QWORD PTR [RIP+0x35C2B8]
353E	N/A	.text	CALL QWORD PTR [RIP+0x35C1CC]
354C	N/A	.text	CALL QWORD PTR [RIP+0x35C1B6]
35AE	N/A	.text	CALL QWORD PTR [RIP+0x35C15C]
35BC	N/A	.text	CALL QWORD PTR [RIP+0x35C146]
35FF	N/A	.text	CALL QWORD PTR [RIP+0x35C10B]
360E	N/A	.text	CALL QWORD PTR [RIP+0x35C0F4]
363A	N/A	.text	CALL QWORD PTR [RIP+0x35C0D0]
3649	N/A	.text	CALL QWORD PTR [RIP+0x35C0B9]
3AB7	N/A	.text	CALL QWORD PTR [RIP+0x35BDAB]
3AD7	N/A	.text	CALL QWORD PTR [RIP+0x35BC33]
3AE5	N/A	.text	CALL QWORD PTR [RIP+0x35BC1D]
3AEB	N/A	.text	CALL QWORD PTR [RIP+0x35BC1F]
3AFA	N/A	.text	CALL QWORD PTR [RIP+0x35BC08]
3B0B	N/A	.text	CALL QWORD PTR [RIP+0x35BBFF]
3B19	N/A	.text	CALL QWORD PTR [RIP+0x35BBE9]
3B6B	N/A	.text	CALL QWORD PTR [RIP+0x35BB9F]
3B79	N/A	.text	CALL QWORD PTR [RIP+0x35BB89]
3D57	N/A	.text	CALL QWORD PTR [RIP+0x35B9B3]
3D65	N/A	.text	CALL QWORD PTR [RIP+0x35B99D]
3DE7	N/A	.text	CALL QWORD PTR [RIP+0x35B923]
3DF5	N/A	.text	CALL QWORD PTR [RIP+0x35B90D]
3E48	N/A	.text	CALL QWORD PTR [RIP+0x35B8C2]
3E57	N/A	.text	CALL QWORD PTR [RIP+0x35B8AB]
3ED2	N/A	.text	CALL QWORD PTR [RIP+0x35B838]
3EE1	N/A	.text	CALL QWORD PTR [RIP+0x35B821]
3F33	N/A	.text	CALL QWORD PTR [RIP+0x35B7D7]
3F42	N/A	.text	CALL QWORD PTR [RIP+0x35B7C0]
431F	N/A	.text	CALL QWORD PTR [RIP+0x35B543]
433F	N/A	.text	CALL QWORD PTR [RIP+0x35B3CB]
434D	N/A	.text	CALL QWORD PTR [RIP+0x35B3B5]
4353	N/A	.text	CALL QWORD PTR [RIP+0x35B3B7]
4362	N/A	.text	CALL QWORD PTR [RIP+0x35B3A0]
4373	N/A	.text	CALL QWORD PTR [RIP+0x35B397]
4381	N/A	.text	CALL QWORD PTR [RIP+0x35B381]
44BE	N/A	.text	CALL QWORD PTR [RIP+0x35B24C]
44CC	N/A	.text	CALL QWORD PTR [RIP+0x35B236]
452E	N/A	.text	CALL QWORD PTR [RIP+0x35B1DC]
453C	N/A	.text	CALL QWORD PTR [RIP+0x35B1C6]
457F	N/A	.text	CALL QWORD PTR [RIP+0x35B18B]
458E	N/A	.text	CALL QWORD PTR [RIP+0x35B174]
45F9	N/A	.text	CALL QWORD PTR [RIP+0x35B111]
4608	N/A	.text	CALL QWORD PTR [RIP+0x35B0FA]
463A	N/A	.text	CALL QWORD PTR [RIP+0x35B0D0]
4649	N/A	.text	CALL QWORD PTR [RIP+0x35B0B9]
48EA	N/A	.text	CALL QWORD PTR [RIP+0x35AF78]
4910	N/A	.text	CALL QWORD PTR [RIP+0x35ADFA]
491E	N/A	.text	CALL QWORD PTR [RIP+0x35ADE4]
4924	N/A	.text	CALL QWORD PTR [RIP+0x35ADE6]
5203	N/A	.text	CALL QWORD PTR [RIP+0x35A65F]
5229	N/A	.text	CALL QWORD PTR [RIP+0x35A4E1]
5237	N/A	.text	CALL QWORD PTR [RIP+0x35A4CB]
523D	N/A	.text	CALL QWORD PTR [RIP+0x35A4CD]
524F	N/A	.text	CALL QWORD PTR [RIP+0x35A4B3]
54EC	N/A	.text	CALL QWORD PTR [RIP+0x35A376]
5512	N/A	.text	CALL QWORD PTR [RIP+0x35A1F8]
5520	N/A	.text	CALL QWORD PTR [RIP+0x35A1E2]
5526	N/A	.text	CALL QWORD PTR [RIP+0x35A1E4]
5538	N/A	.text	CALL QWORD PTR [RIP+0x35A1CA]
57CC	N/A	.text	CALL QWORD PTR [RIP+0x35A096]
57F2	N/A	.text	CALL QWORD PTR [RIP+0x359F18]
5800	N/A	.text	CALL QWORD PTR [RIP+0x359F02]
5806	N/A	.text	CALL QWORD PTR [RIP+0x359F04]
5818	N/A	.text	CALL QWORD PTR [RIP+0x359EEA]
5828	N/A	.text	CALL QWORD PTR [RIP+0x359EE2]
583A	N/A	.text	CALL QWORD PTR [RIP+0x359EC8]
584B	N/A	.text	CALL QWORD PTR [RIP+0x359EBF]
5859	N/A	.text	CALL QWORD PTR [RIP+0x359EA9]
5874	N/A	.text	CALL QWORD PTR [RIP+0x359E96]
5882	N/A	.text	CALL QWORD PTR [RIP+0x359E80]
5915	N/A	.text	CALL QWORD PTR [RIP+0x359B65]
59B6	N/A	.text	CALL QWORD PTR [RIP+0x359D54]
59C4	N/A	.text	CALL QWORD PTR [RIP+0x359D3E]
5A55	N/A	.text	CALL QWORD PTR [RIP+0x359CB5]
5A63	N/A	.text	CALL QWORD PTR [RIP+0x359C9F]
5B2A	N/A	.text	CALL QWORD PTR [RIP+0x359BE0]
5B38	N/A	.text	CALL QWORD PTR [RIP+0x359BCA]
5C4C	N/A	.text	CALL QWORD PTR [RIP+0x359C16]
5C8B	N/A	.text	CALL QWORD PTR [RIP+0x359A7F]
5C99	N/A	.text	CALL QWORD PTR [RIP+0x359A69]
366CC3-366DA2	N/A	.rdata	Unusual NOPS Space, count: 224
35F6D0	2D4C20	.rdata	TLS Callback \| Pointer to 1402D4C20 - 0x2D4020 .text
45D000	1000	.pdata	ExceptionHook \| Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata
45D00C	1400	.pdata	ExceptionHook \| Pointer to 1400 - 0x800 .text + UnwindInfo: .rdata
45D018	14E0	.pdata	ExceptionHook \| Pointer to 14E0 - 0x8E0 .text + UnwindInfo: .rdata
45D024	1510	.pdata	ExceptionHook \| Pointer to 1510 - 0x910 .text + UnwindInfo: .rdata
45D030	1730	.pdata	ExceptionHook \| Pointer to 1730 - 0xB30 .text + UnwindInfo: .rdata
45D03C	1750	.pdata	ExceptionHook \| Pointer to 1750 - 0xB50 .text + UnwindInfo: .rdata
45D048	1970	.pdata	ExceptionHook \| Pointer to 1970 - 0xD70 .text + UnwindInfo: .rdata
45D054	1990	.pdata	ExceptionHook \| Pointer to 1990 - 0xD90 .text + UnwindInfo: .rdata
45D060	1A10	.pdata	ExceptionHook \| Pointer to 1A10 - 0xE10 .text + UnwindInfo: .rdata
45D06C	1C50	.pdata	ExceptionHook \| Pointer to 1C50 - 0x1050 .text + UnwindInfo: .rdata
45D078	1C90	.pdata	ExceptionHook \| Pointer to 1C90 - 0x1090 .text + UnwindInfo: .rdata
45D084	1CD0	.pdata	ExceptionHook \| Pointer to 1CD0 - 0x10D0 .text + UnwindInfo: .rdata
45D090	1E90	.pdata	ExceptionHook \| Pointer to 1E90 - 0x1290 .text + UnwindInfo: .rdata
45D09C	2DF0	.pdata	ExceptionHook \| Pointer to 2DF0 - 0x21F0 .text + UnwindInfo: .rdata
45D0A8	2E40	.pdata	ExceptionHook \| Pointer to 2E40 - 0x2240 .text + UnwindInfo: .rdata
45D0B4	2E80	.pdata	ExceptionHook \| Pointer to 2E80 - 0x2280 .text + UnwindInfo: .rdata
45D0C0	2ED0	.pdata	ExceptionHook \| Pointer to 2ED0 - 0x22D0 .text + UnwindInfo: .rdata
45D0CC	2F20	.pdata	ExceptionHook \| Pointer to 2F20 - 0x2320 .text + UnwindInfo: .rdata
45D0D8	2F70	.pdata	ExceptionHook \| Pointer to 2F70 - 0x2370 .text + UnwindInfo: .rdata
45D0E4	2FB0	.pdata	ExceptionHook \| Pointer to 2FB0 - 0x23B0 .text + UnwindInfo: .rdata
45D0F0	2FF0	.pdata	ExceptionHook \| Pointer to 2FF0 - 0x23F0 .text + UnwindInfo: .rdata
45D0FC	3030	.pdata	ExceptionHook \| Pointer to 3030 - 0x2430 .text + UnwindInfo: .rdata
45D108	3070	.pdata	ExceptionHook \| Pointer to 3070 - 0x2470 .text + UnwindInfo: .rdata
45D114	3990	.pdata	ExceptionHook \| Pointer to 3990 - 0x2D90 .text + UnwindInfo: .rdata
45D120	3A40	.pdata	ExceptionHook \| Pointer to 3A40 - 0x2E40 .text + UnwindInfo: .rdata
45D12C	3C50	.pdata	ExceptionHook \| Pointer to 3C50 - 0x3050 .text + UnwindInfo: .rdata
45D138	3C90	.pdata	ExceptionHook \| Pointer to 3C90 - 0x3090 .text + UnwindInfo: .rdata
45D144	3CE0	.pdata	ExceptionHook \| Pointer to 3CE0 - 0x30E0 .text + UnwindInfo: .rdata
45D150	3D20	.pdata	ExceptionHook \| Pointer to 3D20 - 0x3120 .text + UnwindInfo: .rdata
45D15C	40F0	.pdata	ExceptionHook \| Pointer to 40F0 - 0x34F0 .text + UnwindInfo: .rdata
45D168	4120	.pdata	ExceptionHook \| Pointer to 4120 - 0x3520 .text + UnwindInfo: .rdata
45D174	4160	.pdata	ExceptionHook \| Pointer to 4160 - 0x3560 .text + UnwindInfo: .rdata
45D180	4190	.pdata	ExceptionHook \| Pointer to 4190 - 0x3590 .text + UnwindInfo: .rdata
45D18C	41D0	.pdata	ExceptionHook \| Pointer to 41D0 - 0x35D0 .text + UnwindInfo: .rdata
45D198	4220	.pdata	ExceptionHook \| Pointer to 4220 - 0x3620 .text + UnwindInfo: .rdata
45D1A4	4260	.pdata	ExceptionHook \| Pointer to 4260 - 0x3660 .text + UnwindInfo: .rdata
45D1B0	4290	.pdata	ExceptionHook \| Pointer to 4290 - 0x3690 .text + UnwindInfo: .rdata
45D1BC	4870	.pdata	ExceptionHook \| Pointer to 4870 - 0x3C70 .text + UnwindInfo: .rdata
45D1C8	48B0	.pdata	ExceptionHook \| Pointer to 48B0 - 0x3CB0 .text + UnwindInfo: .rdata
45D1D4	48F0	.pdata	ExceptionHook \| Pointer to 48F0 - 0x3CF0 .text + UnwindInfo: .rdata
45D1E0	4930	.pdata	ExceptionHook \| Pointer to 4930 - 0x3D30 .text + UnwindInfo: .rdata
45D1EC	4980	.pdata	ExceptionHook \| Pointer to 4980 - 0x3D80 .text + UnwindInfo: .rdata
45D1F8	49C0	.pdata	ExceptionHook \| Pointer to 49C0 - 0x3DC0 .text + UnwindInfo: .rdata
45D204	4A10	.pdata	ExceptionHook \| Pointer to 4A10 - 0x3E10 .text + UnwindInfo: .rdata
45D210	4A70	.pdata	ExceptionHook \| Pointer to 4A70 - 0x3E70 .text + UnwindInfo: .rdata
45D21C	4AB0	.pdata	ExceptionHook \| Pointer to 4AB0 - 0x3EB0 .text + UnwindInfo: .rdata
45D228	4B10	.pdata	ExceptionHook \| Pointer to 4B10 - 0x3F10 .text + UnwindInfo: .rdata
45D234	4B70	.pdata	ExceptionHook \| Pointer to 4B70 - 0x3F70 .text + UnwindInfo: .rdata
45D240	4BB0	.pdata	ExceptionHook \| Pointer to 4BB0 - 0x3FB0 .text + UnwindInfo: .rdata
45D24C	4BF0	.pdata	ExceptionHook \| Pointer to 4BF0 - 0x3FF0 .text + UnwindInfo: .rdata
45D258	5070	.pdata	ExceptionHook \| Pointer to 5070 - 0x4470 .text + UnwindInfo: .rdata
45D264	50A0	.pdata	ExceptionHook \| Pointer to 50A0 - 0x44A0 .text + UnwindInfo: .rdata
45D270	50E0	.pdata	ExceptionHook \| Pointer to 50E0 - 0x44E0 .text + UnwindInfo: .rdata
45D27C	5110	.pdata	ExceptionHook \| Pointer to 5110 - 0x4510 .text + UnwindInfo: .rdata
45D288	5150	.pdata	ExceptionHook \| Pointer to 5150 - 0x4550 .text + UnwindInfo: .rdata
45D294	51A0	.pdata	ExceptionHook \| Pointer to 51A0 - 0x45A0 .text + UnwindInfo: .rdata
45D2A0	51E0	.pdata	ExceptionHook \| Pointer to 51E0 - 0x45E0 .text + UnwindInfo: .rdata
45D2AC	5220	.pdata	ExceptionHook \| Pointer to 5220 - 0x4620 .text + UnwindInfo: .rdata
45D2B8	5260	.pdata	ExceptionHook \| Pointer to 5260 - 0x4660 .text + UnwindInfo: .rdata
45D2C4	5290	.pdata	ExceptionHook \| Pointer to 5290 - 0x4690 .text + UnwindInfo: .rdata
45D2D0	52C0	.pdata	ExceptionHook \| Pointer to 52C0 - 0x46C0 .text + UnwindInfo: .rdata
45D2DC	83D0	.pdata	ExceptionHook \| Pointer to 83D0 - 0x77D0 .text + UnwindInfo: .rdata
45D2E8	8470	.pdata	ExceptionHook \| Pointer to 8470 - 0x7870 .text + UnwindInfo: .rdata
45D2F4	8550	.pdata	ExceptionHook \| Pointer to 8550 - 0x7950 .text + UnwindInfo: .rdata
45D300	8630	.pdata	ExceptionHook \| Pointer to 8630 - 0x7A30 .text + UnwindInfo: .rdata
45D30C	86B0	.pdata	ExceptionHook \| Pointer to 86B0 - 0x7AB0 .text + UnwindInfo: .rdata
45D318	8740	.pdata	ExceptionHook \| Pointer to 8740 - 0x7B40 .text + UnwindInfo: .rdata
45D324	8810	.pdata	ExceptionHook \| Pointer to 8810 - 0x7C10 .text + UnwindInfo: .rdata
45D330	88D0	.pdata	ExceptionHook \| Pointer to 88D0 - 0x7CD0 .text + UnwindInfo: .rdata
45D33C	8970	.pdata	ExceptionHook \| Pointer to 8970 - 0x7D70 .text + UnwindInfo: .rdata
45D348	8A00	.pdata	ExceptionHook \| Pointer to 8A00 - 0x7E00 .text + UnwindInfo: .rdata
45D354	8AC0	.pdata	ExceptionHook \| Pointer to 8AC0 - 0x7EC0 .text + UnwindInfo: .rdata
45D360	8B70	.pdata	ExceptionHook \| Pointer to 8B70 - 0x7F70 .text + UnwindInfo: .rdata
45D36C	8C00	.pdata	ExceptionHook \| Pointer to 8C00 - 0x8000 .text + UnwindInfo: .rdata
45D378	8C90	.pdata	ExceptionHook \| Pointer to 8C90 - 0x8090 .text + UnwindInfo: .rdata
45D384	8D50	.pdata	ExceptionHook \| Pointer to 8D50 - 0x8150 .text + UnwindInfo: .rdata
45D390	8DE0	.pdata	ExceptionHook \| Pointer to 8DE0 - 0x81E0 .text + UnwindInfo: .rdata
45D39C	8E80	.pdata	ExceptionHook \| Pointer to 8E80 - 0x8280 .text + UnwindInfo: .rdata
45D3A8	8F30	.pdata	ExceptionHook \| Pointer to 8F30 - 0x8330 .text + UnwindInfo: .rdata
45D3B4	8FC0	.pdata	ExceptionHook \| Pointer to 8FC0 - 0x83C0 .text + UnwindInfo: .rdata
45D3C0	9050	.pdata	ExceptionHook \| Pointer to 9050 - 0x8450 .text + UnwindInfo: .rdata
45D3CC	90F0	.pdata	ExceptionHook \| Pointer to 90F0 - 0x84F0 .text + UnwindInfo: .rdata
45D3D8	9190	.pdata	ExceptionHook \| Pointer to 9190 - 0x8590 .text + UnwindInfo: .rdata
45D3E4	9210	.pdata	ExceptionHook \| Pointer to 9210 - 0x8610 .text + UnwindInfo: .rdata
45D3F0	92A0	.pdata	ExceptionHook \| Pointer to 92A0 - 0x86A0 .text + UnwindInfo: .rdata
45D3FC	9340	.pdata	ExceptionHook \| Pointer to 9340 - 0x8740 .text + UnwindInfo: .rdata
45D408	9420	.pdata	ExceptionHook \| Pointer to 9420 - 0x8820 .text + UnwindInfo: .rdata
45D414	94B0	.pdata	ExceptionHook \| Pointer to 94B0 - 0x88B0 .text + UnwindInfo: .rdata
45D420	9540	.pdata	ExceptionHook \| Pointer to 9540 - 0x8940 .text + UnwindInfo: .rdata
45D42C	95D0	.pdata	ExceptionHook \| Pointer to 95D0 - 0x89D0 .text + UnwindInfo: .rdata
45D438	9660	.pdata	ExceptionHook \| Pointer to 9660 - 0x8A60 .text + UnwindInfo: .rdata
45D444	96F0	.pdata	ExceptionHook \| Pointer to 96F0 - 0x8AF0 .text + UnwindInfo: .rdata
45D450	9780	.pdata	ExceptionHook \| Pointer to 9780 - 0x8B80 .text + UnwindInfo: .rdata
45D45C	9810	.pdata	ExceptionHook \| Pointer to 9810 - 0x8C10 .text + UnwindInfo: .rdata
45D468	98A0	.pdata	ExceptionHook \| Pointer to 98A0 - 0x8CA0 .text + UnwindInfo: .rdata
45D474	A9C0	.pdata	ExceptionHook \| Pointer to A9C0 - 0x9DC0 .text + UnwindInfo: .rdata
45D480	AA10	.pdata	ExceptionHook \| Pointer to AA10 - 0x9E10 .text + UnwindInfo: .rdata
45D48C	AA60	.pdata	ExceptionHook \| Pointer to AA60 - 0x9E60 .text + UnwindInfo: .rdata
45D498	AAA0	.pdata	ExceptionHook \| Pointer to AAA0 - 0x9EA0 .text + UnwindInfo: .rdata
45D4A4	AAF0	.pdata	ExceptionHook \| Pointer to AAF0 - 0x9EF0 .text + UnwindInfo: .rdata
47EA00	N/A	Overlay	48280000000202003082283906092A864886F70D \| H(......0.(9..*.H...)

Extra Analysis

Metric	Value	Percentage
Ascii Code	2704150	57,2516%
Null Byte Code	1002246	21,2193%
NOP Cave Found	0x9090909090	Block Count: 44 \| Total: 0,0023%

PESCAN.IO - Analysis Report Basic