PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 610,50 KBSHA-256 Hash: 1AE32F5DAE32DD3164ABB256C1B1018A579B47AEA587656357DE16682A2B20E2 SHA-1 Hash: 3524B93FC632019080E57956B656BB1E0E67D47F MD5 Hash: 8F13E5E48B1B44CF61735F76FA792B8F Imphash: 4EB0A7899185ACAD00EF1FF232A8F181 MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 1000 SizeOfHeaders: 1000 SizeOfImage: FE000 ImageBase: 400000 Architecture: x86 ImportTable: D3A50 Characteristics: 10F TimeDateStamp: 46774BF4 Date: 19/06/2007 3:22:28 File Type: EXE Number Of Sections: 6 ASLR: Disabled Section Names (Optional Header): *unnamed*, *unnamed*, *unnamed*, .rsrc, .data, .adata Number Of Executable Sections: 3 Subsystem: Windows GUI [Incomplete Binary or Compressor Packer - 405,50 KB Missing] |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| *unnamed* | 0xE0000040 Initialized Data Executable Readable Writeable |
1000 | 22C00 | 1000 | 47000 |
|
|
| *unnamed* | 0xE0000040 Initialized Data Executable Readable Writeable |
23C00 | 8200 | 48000 | 12000 |
|
|
| *unnamed* | 0xE0000040 Initialized Data Executable Readable Writeable |
2BE00 | 2000 | 5A000 | A000 |
|
|
| .rsrc | 0xE0000040 Initialized Data Executable Readable Writeable |
2DE00 | 40C00 | 64000 | 6F000 |
|
|
| .data | 0xE0000040 Initialized Data Executable Readable Writeable |
6EA00 | 2A000 | D3000 | 2A000 |
|
|
| .adata | 0xE0000040 Initialized Data Executable Readable Writeable |
98A00 | 0 | FD000 | 1000 |
|
|
| Description |
| OriginalFilename: L2Walker.EXE LegalCopyright: Copyright (C) 2004 ProductName: L2Walker FileDescription: L2Walker Language: Unknown (ID=0x800) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
The section number (3) have the Entry Point Information -> EntryPoint (calculated) - 1000 Code -> 6801304D00E801000000C3C3C4AB9A48186EF675EF2147D0753457B340EDFD94256FFB057850F39F088503B2B8C4007F1D51 Assembler |PUSH 0X4D3001 |CALL 0X100B |RET |RET |LES EBP, PTR [EBX + 0X6E18489A] |DIV BYTE PTR [EBP - 0X11] |AND DWORD PTR [EDI - 0X30], EAX |JNE 0X104E |PUSH EDI |MOV BL, 0X40 |IN EAX, DX |STD |XCHG EAX, ESP |AND EAX, 0X7805FB6F |PUSH EAX |LAHF |OR BYTE PTR [EBP - 0X3B474DFD], AL |ADD BYTE PTR [EDI + 0X1D], BH |PUSH ECX |
| Signatures |
| Rich Signature Analyzer: Code -> 7086DF6334E7B13034E7B13034E7B13031EBEC3036E7B130B7EFEE3033E7B130CEC4A83032E7B13027EFEC3036E7B130B7EFEC3025E7B13034E7B0307DE5B130BAF0BE3016E7B130BAF0EE3096E7B130BAF0D1304CE7B1301FC6963015E7B13031EBD13037E7B130BAF0D5303DE7B130D8ECEF3035E7B130BAF0EB3035E7B1305269636834E7B130 Footprint md5 Hash -> F186126C7494DE8A50A411C919667682 • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Duplicate Sections |
| Section *unnamed* duplicate 3 times |
| Packer/Compiler |
| Detect It Easy (die) • PE: protector: ASProtect(1.23-2.56)[-] • PE: protector: NTkrnl Protector(-)[-] • PE: linker: Microsoft Linker(7.10)[-] • Entropy: 7.91446 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| File Access |
| kernel32.dll oleaut32.dll lineageii.dll ws2_32.dll ole32.dll shlwapi.dll comctl32.dll shell32.dll advapi32.dll comdlg32.dll gdi32.dll user32.dll .dat |
| File Access (UNICODE) |
| L2Walker.EXE |
| Interest's Words |
| start |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (connect) |
| Entry Point | Hex Pattern | ASProtect 1.33 - 2.1 Registered - Alexey Solodovnikov |
| Entry Point | Hex Pattern | ASProtect v1.2 |
| Entry Point | Hex Pattern | ASProtect v1.2x |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \CURSOR\3\1033 | C01F8 | 134 | 89FF8 | 420200A0E8E718CFAD96030040C365568D0C9C07062C5F885BB82E01F59F924A4B0B6CCCEED1000D81EA8A0C643080980D00 | B...........@.eV.....,_.[......JK.l.........d0.... |
| \CURSOR\4\1033 | C0330 | B4 | 8A130 | C1C5E0F7D54061A8D0003428490FC098729200455074B1C112D99D01598CDD285CAE5FD39032DF0900135D18645220A29700 | .....@a...4(I...r..EPt......Y..(\._..2....].dR ... |
| \CURSOR\5\1033 | C0410 | 134 | 8A210 | 0950426D1087F0806B7090004B5AE14A68AA6506001336F2107CFF5DD100815885D73086B663002307DEAAB86B9C20007511 | .PBm....kp..KZ.Jh.e...6..|.]...X..0..c.....k. .u. |
| \CURSOR\6\1033 | C0548 | B4 | 8A348 | 002BA93641268C8E540B42E3F18D0E73A07D84FAF8AB00A487BB4B41D6D53E00DCE8034DEFAF132B00C752ACEBC2A0D77700 | .+.6A&..T.B....s.}........KA..>....M...+..R.....w. |
| \CURSOR\7\1033 | C67B8 | 134 | 905B8 | 046974DAD0F0A9420A1DAB49FC44FF35348FE871D69AE8DA571C7A2C6468DCB5CAD880ED8E935980C15D44949764BA4D7591 | .it....B...I.D.54..q....W.z,dh........Y..]D..d.Mu. |
| \CURSOR\8\1033 | C6908 | 134 | 90708 | 3FEAECE203BA87C5B2E02D38FC2870E3B65F1202DEDB8F79076A3A6B0237EB09675BE987EFDBA5D40CBA3842BD8BACAD94FA | ?.........-8.(p.._.....y.j:k.7..g[........8B...... |
| \CURSOR\9\1033 | C6A58 | 134 | 90858 | 3053E7139A3F40553D5748F984A3B5D20684552860EE9012E4C00582E8386F2996D3C7E2D4ABF2D280CFD84A8DF4895C84F9 | 0S...?@U=WH.......U(........8o)...........J...\.. |
| \CURSOR\10\1033 | C6BA8 | 134 | 909A8 | EC46D57726FB3CDA5110D28A6EC773D0B67DEE0106B68976C2C14BBD2B0D33FEAD818938B199005B7073A57F09CAD94FDBF7 | .F.w&.<.Q...n.s..}.....v..K.+.3....8...[ps.....O.. |
| \CURSOR\11\1033 | C6CF8 | 134 | 90AF8 | AE8E843F1B43A2D410119FB5561F969AD2C59C3777FDD8BBCCE7B3E0FD61C37C3D20C3184418DE8122951D857AD26FB1723C | ...?.C......V......7w........a.|= ..D..."...z.o.r< |
| \CURSOR\12\1033 | C6E48 | 134 | 90C48 | B5F9A2B5132E979CF73B8A61FCE4ACDBF0B60A34EBB12A928B12841E67A1EF9CB01C994AFA2DE5C3F21365EE25A1098AC516 | .........;.a.......4..*.....g......J.-....e.%..... |
| \CURSOR\13\1033 | C6F98 | 134 | 90D98 | 51D8C510AA745398100A96FC354870078872BCD99A4D547BA8ED0EF575CAEB1CEE70E530F972E6568B7EBA72579E4CB3615C | Q....tS.....5Hp..r...MT{....u....p.0.r.V.~.rW.L.a\ |
| \CURSOR\14\1033 | C70E8 | 134 | 90EE8 | 1A0AC3FF5467CF6DEF9AA6FB8FF20BC411173CA113F2CBF477B248C48A553344868DE06D0E835CEA7D34E3742A893AF8D9FC | ....Tg.m..........<.....w.H..U3D...m..\.}4.t*.:... |
| \CURSOR\15\1033 | C7238 | 134 | 91038 | F84582E11EB78F7680CCA53C6BD0FC09E5B628F666A8D235D55378C2E655825F11F0C18FB9C2DEE145BDB61D01FDB1DA8855 | .E.....v...<k.....(.f..5.Sx..U._........E........U |
| \CURSOR\16\1033 | C8280 | 134 | 92080 | 2E929BCC20ED2A34049F5F6DA00546E23704FA240BD0DEE5B65D74D0590078A1900DF6F35E5C3B798D06F19EF4A20970E836 | .... .*4.._m..F.7..$.....]t.Y.x.....\;y.......p.6 |
| \CURSOR\17\1033 | C83D0 | 134 | 921D0 | C6C9B08178BB66DC2FB7A4421C7DC2D2CEE97362DBED8F5EE850D2DC3FBB71778BF6697ABC247D7F360B772EBDC2B1045635 | ....x.f./..B.}....sb....P..?.qw..iz.$}.6.w.....V5 |
| \CURSOR\18\1033 | C8520 | 134 | 92320 | 6616DD8DFF935E34D342CE1C9CD589D97168F653D5139E3F0AC3319C5ECAF68FF3E475652EB82939FA5DE96319E4BB17C5BA | f.....4.B......qh.S...?..1......ue..)9.].c...... |
| \CURSOR\19\1033 | C8670 | 134 | 92470 | CCF49D91A3B0F3723EC8D0D985FC7E4A5784270B03729047B8E0268C8BD38D96F605823B80CFF1B522AB4DFDBE22EF2BCD55 | .......r>.....~JW.'..r.G..&........;....".M..".+.U |
| \CURSOR\20\1033 | C87C0 | 134 | 925C0 | B71098A137C2E5CCE27CE31A0177AD81BD34896C8964748833509FB8C2CABDF34AF192A9622AEFF946CCBCDFE36F1259F4BB | ....7....|...w...4.l.dt.3P......J...b*..F....o.Y.. |
| \CURSOR\27\1033 | CCEB0 | 134 | 96CB0 | 96EC1E72F5F61015CA1A9B55B22CE3DD46431AB41C2810C06664B7153F5020B7FF984075DD29638FE334A7ADFA2973471E04 | ...r.......U.,..FC...(..fd..?P ...@u.)c..4...)sG.. |
| \CURSOR\28\1033 | CCFE8 | B4 | 96DE8 | 03993440020719FC04486FBC572FCE5813FB3BB96A7F1238ACDABFB553ADAAB3CECE6C9484988B13E1CD0C8F97672211BD0D | ..4@.....Ho.W/.X..;.j..8....S.....l..........g"... |
| \CURSOR\29\1033 | CD0C8 | 134 | 96EC8 | 87F340BA404AB47803FE571F1027F02A7DA35FAB8BA1336EEA6E331F0E63609B505BDAACA2727ED760CDD7809BDE44C89CE8 | ..@.@J.x..W..'.*}._...3n.n3..c.P[...r~......D... |
| \CURSOR\30\1033 | CD218 | 134 | 97018 | D3CE7C124EFCEB03CEB36E9A1C9BC1F0EE43C6A0A77A8BB446DDE4130E900F5E73770AC62F63D9166612C020611C2A77D8F3 | ..|.N.....n......C...z..F......sw../c..f.. a.*w.. |
| \CURSOR\31\1033 | CD368 | 134 | 97168 | A39527F7CF74AA0C7D07D681CE3EE09DEFDE6A9936A3E0BD6CBF37789F3318FDF7D9B605F783F5FE07787C74C938E2251DDD | ..'..t..}....>....j.6...l.7x.3...........x|t.8.%.. |
| \CURSOR\32\1033 | CD4B8 | 134 | 972B8 | 8D5D0C6E0D14A7B8781041896C13A6D5B42860183A6260EFBA9C0E8574BA4B13BDF3690E44C8A6F456F4C72DE7502A403954 | .].n....x.A.l....(.:b.....t.K...i.D...V..-.P*@9T |
| \CURSOR\33\1033 | CD608 | 134 | 97408 | 9707CF5DB254B140D20AE48F259AF0F8C349FA4F9FF44A93157787E7A466E12B445E0AFABDAF119B100EE5BC9D7955AB2BEF | ...].T.@....%....I.O..J..w...f.+D...........yU.+. |
| \CURSOR\34\1033 | CD758 | 134 | 97558 | 1EA030A435274018DCA826E5F0DFAF26B5A8B802826CBB944A4994740A83695D8AC1793B5E4B300049E593A28C9AFF21DC06 | ..0.5'@...&....&.....l..JI.t..i]..y;K0.I......!.. |
| \CURSOR\35\1033 | CD8A8 | 134 | 976A8 | 2645B0F279D044CAC97ACA2F2B6CC29962D3CBBEA6766466B1AEB25048027255F0AEC32EBEB0813FE0025EE15EA78EC16CC8 | &E..y.D..z./+l..b....vdf...PH.rU.......?......l. |
| \CURSOR\36\1033 | CD9F8 | 134 | 977F8 | A90C09A4D16313CF6F061633D2430E0FB2FBDDF1D7E9E8011813EBC0AB500B4AAC193E6B2EA24C8158EC62B7D38450933AC2 | .....c..o..3.C...............P.J..>k..L.X.b...P.:. |
| \CURSOR\37\1033 | CDB48 | 134 | 97948 | 5824CBF4C56B7670425CA10305A55D3B825E983C711E87B299CA34E43E61D5FF7C8DAAC3E3ADD6C47697C7FA83585604C142 | X$...kvpB\....];..<q.....4.>a..|.......v....XV..B |
| \CURSOR\38\1033 | CDC98 | 134 | 97A98 | 0EDFCCB85D34D5786ADE7924EA17274438A9850C1AF6E1143525AD91BCECBE153CA5404797BB67FAD08B8B0686ADA5CE58C9 | ....]4.xj.y$..'D8.......5%......<.@G..g.........X. |
| \CURSOR\39\1033 | CDDE8 | 134 | 97BE8 | 04AF0BB63A90FC807BA665ECA42246C213C0F7055D42BDFF943E33E807E7FDB4F8F8C0DC153C6BB476E7F1D6780D8896F042 | ....:...{.e.."F.....]B...>3..........<k.v...x....B |
| \CURSOR\40\1033 | CDF38 | 134 | 97D38 | C542CA58E16792CBD41FFAB0C4AE329C4C1ED6B2C54E8D8453A2F01C95978DE2CAFDCCFD0D4C21AC455579DFDB90594667A7 | .B.X.g........2.L....N..S............L!.EUy...YFg. |
| \CURSOR\41\1033 | CE088 | 134 | 97E88 | B4A0E64C4C4BB1756F4A12271E165359A7D0222E6EC99D0A09A2250891D2E2E5A2B4CD957E2F834989450C7501B3624FB071 | ...LLK.uoJ.'..SY..".n.....%.........~/.I.E.u..bO.q |
| \CURSOR\42\1033 | CE1D8 | 134 | 97FD8 | 6B9F9F6E622235D2E379A1ACA02187B71BCCB90BB87B592DD36DFE3C5C89AD8181B3ECAD77F1731DA196F8C7299B28D4A066 | k..nb"5..y...!.......{Y-.m.<\.......w.s.....).(..f |
| \BITMAP\129\2048 | 67230 | 828 | 31030 | 11ADB078F955AAF881FC310CA8F73E8B78427428939D51990220C048C7741AFED8B70C4D096BA9E1A2D43BE3EA445C4866B2 | ...x.U....1...>.xBt(..Q.. .H.t.....M.k....;..D\Hf. |
| \BITMAP\134\2048 | 67A58 | 328 | 31858 | FC534D6C428C3E31EB751DC580FB47ED10370799037F58FFC0B7FA707C76F7560F2557BB7499B1497C99CED45F9FBC7472EE | .SMlB.>1.u....G..7....X....p|v.V.%W.t..I|..._..tr. |
| \BITMAP\135\2048 | 67D80 | 328 | 31B80 | 03E2EF79811E90CC6BDEB3DABF579A5DEB4064E8872709A4AB124C3BECEF7288D57DA01B550C47E8907DF81C9EA6A389C491 | ...y....k....W.].@d..'....L;..r..}..U.G..}........ |
| \BITMAP\136\2048 | 680A8 | 328 | 31EA8 | C9B14C5FDBDD37501BE540A7C17C3FCC3309FC1FFBE8FFA5F356F4077372AD4D6BADB31E6C20FC5DE50ADA5BD782D161B86A | ..L_..7P..@..|?.3........V..sr.Mk...l .]...[...a.j |
| \BITMAP\158\2048 | 683D0 | 115E8 | 321D0 | 96247835935A12A1B71D5E3F1BA96B9845C581AA151A73364C38A6B583432963F2896109E6D26C0C2862206E6C29D32273B3 | .$x5.Z....?..k.E.....s6L8...C)c..a...l.(b nl)."s. |
| \BITMAP\159\2048 | 799B8 | 115E8 | 437B8 | 84D8997A4378F71D9EC120F3073B7CAC83A284D6153F2DD6DB61D313A7EA6C6F8CF1A92CFC10FE13B6FF470AD7ED62ADEDDD | ...zCx.... ..;|......?-..a....lo...,......G...b... |
| \BITMAP\160\2048 | 8AFA0 | 115E8 | 54DA0 | 1155895EBE83BD28024EABD99D82194CDD824CFB6213D14BA80E8FCF8D7737557904160B04C3F77F38893340FAE805EAF078 | .U....(.N.....L..L.b..K.....w7Uy.......8.3@.....x |
| \BITMAP\162\2048 | 9C588 | 115E8 | 66388 | EA28ECA7B883A2FAD1CE51450AEF3D96B639DE5292B80408C2DD916751D9EBB403D347EFCA89F1461E67AB45B8B5D97C2EDC | .(........QE..=..9.R.......gQ.....G....F.g.E...|.. |
| \BITMAP\163\2048 | ADB70 | 115E8 | 77970 | 6BBAD10046216AA8918BB7FB00AEBFC28853C45562033C0E4FEB91CEF80F34CF0037C8475135182886001116EB2F8825045E | k...F!j..........S.Ub.<.O.....4..7.GQ5.(...../.%. |
| \BITMAP\169\2048 | BF158 | 528 | 88F58 | BCE5E08200288BEA81F562B71F0050A0C018CB6D26BB00527BA68402F336877FD32471897C1EFA808FF5C176AED1005DF8D9 | .....(....b...P....m&..R{....6...$q.|......v...].. |
| \BITMAP\9000\1033 | C95D0 | 24C | 933D0 | F9843E40F65EBD0C5073F3AEFEB916647DC97116EC8C91EF88993D8360F94734E34A21D37D0EE487C79C23DC84B1130CC1F8 | ..>@...Ps.....d}.q.......=..G4.J!.}............ |
| \BITMAP\9001\1033 | C9478 | 158 | 93278 | 4925130A13A11F1818BF9D388020C3044030A8698F2BE62F0740C2C4EB6DE0D3C179048DB91CB1C6F95F43F36AECD75E24E0 | I%.........8. ..@0.i.+./.@...m...y......._C.j..$. |
| \BITMAP\9002\1033 | C8910 | 1D0 | 92710 | 470B1A05C97462CA9228370A5FE21042D987E2B1CEB075144258A275C88C500B967A9E3C3312EE2211739A50D8849DA668E4 | G....tb..(7._..B......u.BX.u..P..z.<3..".s.P....h. |
| \BITMAP\9003\1033 | C8AE0 | 7E0 | 928E0 | B6744F602EA25C4E57A50019E26DAAEA48B3CA1941C9DD07046823FB2629FC89F6AE4198ED5B67CC6A8F31DD39C7101A7E98 | .tO..\NW....m..H...A....h.&)....A..[g.j.1.9...~. |
| \BITMAP\9004\1033 | C92C0 | 1B8 | 930C0 | 137B3EE76DBBA059A686CE56ECD06B0F1216969336717F27140505BF0C23DC0D1B6DA57A817BDB5856261EB49F4330B9B2F9 | .{>.m..Y...V..k.....6q.'........m.z.{.XV&...C0... |
| \BITMAP\9005\1033 | C9820 | 158 | 93620 | C156640BB6D462CE0A7EC10127FAAB04D78CB5051D0A0AF17CA16216B7161C826CFA3EB38936AD8226D79DB432155FFDDC04 | .Vd...b..~..'...........|.b.....l.>..6..&...2._... |
| \BITMAP\9006\1033 | C9978 | 158 | 93778 | 37E74A6B49F73998E975BB4AC56D28578F8527B1B03FFB798E50B5C4894BC39D463D0D8A5F9742E359E5163DD216CB3AB98B | 7.JkI.9..u.J.m(W..'..?.y.P...K..F=.._.B.Y..=...:.. |
| \BITMAP\9015\1033 | CBE40 | 2C0 | 95C40 | E35A01C2AF2FE26B23A1285678535647F6230ACD3F017C4F3FAACB2B4B0567C7B0F6EFC867421A4D29667EF36167DD78F48B | .Z.../.k.(VxSVG...?.|O?..+K.g.....gB.M)f~.ag.x.. |
| \BITMAP\9016\1033 | CC100 | 158 | 95F00 | 453B9EF185875F48A84CFA1D8524D65D3D919A8E3D2D76703D002C79D4162597A78E557706BFDF8B36036A506EE818B9AB98 | E;...._H.L...$.]=...=-vp=.,y..%...Uw....6.jPn..... |
| \BITMAP\9017\1033 | CC258 | 2C0 | 96058 | 7601835923139021A262D9CD58A6FADEBB005E82EBB9FB44E0EB2F97341E46139993415F056D8BC55AFECC89134F78031D8E | v..Y..!.b..X.........D../.4.F...A_.m..Z....Ox... |
| \BITMAP\9179\1033 | C9AD0 | 5A6 | 938D0 | 1C02EDEFE3B812F7D140BADA52CB85BD666735DD00CDA022F95F2826860BE291251B35B69284A2FAD648323D60286316945C | .........@..R...fg5...."._(&....%.5......H2=(c..\ |
| \BITMAP\9180\1033 | CA078 | 5A6 | 93E78 | 3CEE069932B8667153B847F63379A47A63A484A654AE7ED58E1C09B717A2C48AB49CC09A1F308206825782A467862479A515 | <...2.fqS.G.3y.zc...T.~..............0...W..g.$y.. |
| \BITMAP\9322\1033 | C50E8 | 1568 | 8EEE8 | C8C44B67D526007DF0C2F59E932DCA00E8AEE93F643249B414DC53488E008B516CE71B674D018C6ACD75D30998DC3C1F00B1 | ..Kg.&.}.....-.....?d2I...SH...Ql..gM..j.u....<... |
| \BITMAP\9352\1033 | C07A0 | 86A | 8A5A0 | CE2B7CD72C0C075E078252C1D947B02E419273E678029D05C91687D1E26EE09B2EFB00522633C3170FF0B100FD4ED0489CC9 | .+|.,....R..G..A.s.x........n.....R&3.......N.H.. |
| \BITMAP\9353\1033 | C1010 | 4028 | 8AE10 | 69813EC201E38CE8726E2C7CE486CA0002EAF3D5CCF1FEFC00A9A71D838E415A8009E9936EC40198E3108461D7E90B204670 | i.>.....rn,|..................AZ....n......a... Fp |
| \BITMAP\9407\1033 | C5038 | B0 | 8EE38 | E3CA2F0E5E78E7BE40B9840A294C039D8F42DA807798947BDB00197F9870CCA1B3D800995A58F2486F30E50F9E96F0C30091 | ../.x..@...)L...B..w..{.....p......ZX.Ho0........ |
| \BITMAP\9422\1033 | C6650 | 168 | 90450 | CE541C62C0BECF73DDB46C8F00E1543EF7348B9F427B95EC6DD60DF701D546964B1D3B30FBC301938D4D602AD002FFC20247 | .T.b...s..l...T>.4..B{..m.....F.K.;0.....M*.....G |
| \BITMAP\9902\1033 | C81B8 | C8 | 91FB8 | 58EF1ED2BB59148EF2A9D9B1DC8A01E91D0DEF5F4DF35B82E715BB12C1AC742FE877F3CE91CD7F6B21A693C8EE994C3F4DC7 | X....Y............._M.[.......t/.w.....k!.....L?M. |
| \BITMAP\9952\1033 | C0628 | 168 | 8A428 | F8B80152662F1F2512C4E116F458BE65BA9C1480EE995E5007391E610928C0F0C013EF001C628D474BFF30F1E68800F54A3F | ...Rf/.%.....X.e......P.9.a.(.......b.GK.0.....J? |
| \BITMAP\30994\1033 | CE410 | B8 | 98210 | F47FD71D558968AE909690307A27676C6D1C5D305FFE55614793503228AE58A729DA1D0401AFB75CCD608B0F196EFBF7E770 | ....U.h....0z'glm.]0_.UaG.P2(.X.)......\....n...p |
| \BITMAP\30996\1033 | CE4C8 | 144 | 982C8 | 42C102DCB9BC694B246A732780A0FEF97BE32EA479008A4802036FE541397CE7064EDF5C344074E0B99823971E93B53B9953 | B.....iK$js'....{...y..H..o.A9|..N.\4@t.......;.S |
| \ICON\1\2048 | D5BA8 | CA8 | 715A8 | 2800000020000000400000000100180000000000800C000000000000000000000000000000000000B57D52A571429C6531A5 | (... ...@................................}R.qB.e1. |
| \ICON\2\2048 | D5840 | 368 | 71240 | 2800000010000000200000000100180000000000400300000000000000000000000000000000000000000000000000000000 | (....... ...........@............................. |
| \ICON\21\1033 | D5558 | 2E8 | 70F58 | 2800000020000000400000000100040000000000800200000000000000000000000000000000000000000000000080000080 | (... ...@......................................... |
| \ICON\22\1033 | D4CB0 | 8A8 | 706B0 | 2800000020000000400000000100080000000000800400000000000000000000000000000000000000000000000080000080 | (... ...@......................................... |
| \ICON\23\1033 | D4748 | 568 | 70148 | 2800000010000000200000000100080000000000400100000000000000000000000000000000000000000000000080000080 | (....... ...........@............................. |
| \ICON\24\1033 | D4620 | 128 | 70020 | 2800000010000000200000000100040000000000C00000000000000000000000000000000000000000000000000080000080 | (....... ......................................... |
| \ICON\25\1033 | D41B8 | 468 | 6FBB8 | 2800000010000000200000000100200000000000400400000000000000000000000000000000000000000000000000000000 | (....... ..... .....@............................. |
| \ICON\26\1033 | D4090 | 128 | 6FA90 | 2800000010000000200000000100040000000000800000000000000000000000000000000000000000000000000080000080 | (....... ......................................... |
| \MENU\143\1033 | C00E0 | 76 | 89EE0 | 904DF87C43E600B7D4CBB9F3E968113DA183A42EDA3B8013D7161BC5B395000E7A6447E960FAE8FAE200804AF2777452F5EF | .M.|C........h.=.....;..........zdG.......J.wtR.. |
| \MENU\9014\1033 | CCCE0 | 1D0 | 96AE0 | 4EA2C1F6BBD3457F337669ED32A9F7C3DA3DB4EFDECCB86BC792DB24B25D3103C33BD13DC7C047F144FFCAF67D5B5C0DD437 | N.....E.3vi.2....=.....k...$.]1..;.=..G.D...}[\..7 |
| \MENU\9336\1033 | C7FE8 | 1CC | 91DE8 | F9ADD92EB258AC73D379D6CC8E256581B3DD4E92E3B5C1EB098976E9CD28C52F7737CE05B67DDAC87E78AEA6CE309E33C10A | .....X.s.y...%e...N.......v..(./w7...}..~x...0.3.. |
| \DIALOG\100\1033 | BF908 | 11C | 89708 | A8BC440B9350D0E580763D73402E00E058BD615ED94882E8F848812A16C09A00D73CDF877A7D7BE800651B3F8DB74C276A73 | ..D..P...v=s@...X.a.H...H.*.....<..z}{..e.?..L'js |
| \DIALOG\102\1033 | BFA28 | 1D8 | 89828 | AAF6D74087CA98EE078B000C5F0A4970E942E778D075AB00A8C1CA7760D9B98A004809A00583C9015900B08C2C914944D402 | ...@........_.Ip.B.x.u.....w....H......Y...,.ID.. |
| \DIALOG\170\1033 | BFEB8 | 224 | 89CB8 | 002BF8C8AB47066C043FBFE2007CF2CF58EDDF2C00E0A324846979451E00556E0C252089C7BF0082280BE5B787DF811F8485 | .+...G.l.?...|..X..,...$.iyE..Un.% .....(......... |
| \DIALOG\171\1033 | BFC00 | 2B8 | 89A00 | 00439FB6C2D65C24E57759B82800993AEA5F92831A12008225DAC060424707EACA016257AF755A286BF8B0A3002B4B9F95BA | .C....\$.wY.(..:._......%..BG....bW.uZ(k....+K... |
| \DIALOG\9013\1033 | CCAC8 | 218 | 968C8 | C3CAD20F342231212277689BFE04A8A4B227F7B9F22D1F887E7F58850F187DEFCEB337AB1AE87F5F747FF5FCF884E5652778 | ....4"1!"wh......'...-..~.X...}...7...._t......e'x |
| \DIALOG\9018\1033 | CC558 | 12C | 96358 | C0D5E5AF30DA11682EA95D82FDB5310396427CB66024F3724A4B8825C60771E5CD4BC6E9746FD3AF84707C076B6B69103CF2 | ....0..h..]...1..B|.$.rJK.%..q..K..to...p|.kki.<. |
| \DIALOG\9019\1033 | CCA38 | 8E | 96838 | BBD6FCA536F4933DB79CB37BE1E6FB4411249F7B38556284F3FA0854F8CC8E0CB711FB9642356C0947F08B2A3E9DB9E2CA8D | ....6..=...{...D.$.{8Ub....T........B5l.G..*>..... |
| \DIALOG\9020\1033 | CC688 | 3B0 | 96488 | 6E01057819BC608A34A150005F1B74CFCF34E23489E750523C699028428A28953FC04B4BA347532D72A339813BE020987AC2 | n..x...4.P._.t..4.4..PR<i.(B.(.?.KK.GS-r.9.;. .z. |
| \DIALOG\9304\1033 | C78C0 | 140 | 916C0 | 9E88B6051CF96E828D2B418F0BEAF50100AD848ABB6BB4933A0316D2D56023C8692B38F6F2AE831BE133DC718EB02D7A3072 | ......n..+A..........k..:.....i+8......3.q..-z0r |
| \DIALOG\9313\1033 | C7D28 | 1D2 | 91B28 | 01ECA87D54A32E09A38981292BF537CF90CE412C8F12D05B54913E858470CCD44C64CC5D05F9BADA688473D6A74D5576894F | ...}T......)+.7...A,...[T.>..p..Ld.]....h.s..MUv.O |
| \DIALOG\9328\1033 | C7F00 | E6 | 91D00 | A6F4BC3310738728F423B938E4ECA0F48CCE7EDCCF64760F9E73ABAA03C17F4D0302CC43B9C47FFB44F619E0176FA69785D3 | ...3.s.(..8......~..dv..s.....M...C....D....o.... |
| \DIALOG\9339\1033 | C7A00 | 322 | 91800 | 72B147444BD9FBC490638E93990F801DC18EE3A1C47114BFBF7EE0E1581F5ADC8306775504A6567B58C6823BE4217DD00170 | r.GDK....c...........q...~..X.Z...wU..V{X..;.!}..p |
| \DIALOG\9351\1033 | C7388 | 2C4 | 91188 | 35EC534877F772863ACBDDA323EEF00C416A03766302F8BB2E40C1FB6624031EE255A006E5024E9EE6EFAC7409CA8D4899E2 | 5.SHw.r.:......Aj.vc....@..f$...U....N....t...H.. |
| \DIALOG\9379\1033 | C7650 | 26A | 91450 | 3EC3FBA39D80A1EE5BC35C0545C349294A48EFCF9172FB25ACE321FFF3ACC9F7CB5F3DF96FAD15011312D07F8FAFF89B2988 | >.......[.\.E.I)JH...r.%..!......_=.o...........). |
| \DIALOG\30721\1033 | CE328 | E8 | 98128 | C670A49B9085AC2943594F422ECF0A86BCB1E355A640C39E1587FCAAB3E05D897D6036C19E256A78B593DA1961CD06F5ADB0 | .p.....)CYOB.......U.@........].}6..%jx....a..... |
| \STRING\7\1033 | CE610 | 1DC | 98410 | F5C5E14607C76E955F86717D80212E11D7417AFD9205099FD7CCB6B78A4124F40DB8C6303F15DE44D711E22B512C5178411E | ...F..n._.q}.!...Az..........A$....0?..D...+Q,QxA. |
| \STRING\8\1033 | CE7F0 | 39C | 985F0 | 84A487E12CDF80B60B360BE7A6CA68ADFECD77E6B5DCC7070AF2205EAD7F64FB1E2D565E34D54E70C6CED51DEDE943ABE44C | ....,....6....h...w....... ..d..-V4.Np......C..L |
| \STRING\9\1033 | CEB90 | 13E | 98990 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\564\1033 | CFF20 | 64 | 99D20 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\565\1033 | CFF88 | 596 | 99D88 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\566\1033 | D0520 | 52C | 9A320 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\567\1033 | D0FB8 | FC | 9ADB8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\568\1033 | D10B8 | 118 | 9AEB8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\569\1033 | D11D0 | 118 | 9AFD0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\570\1033 | D0E60 | 156 | 9AC60 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\571\1033 | CFE50 | CA | 99C50 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\573\1033 | D0A50 | 35E | 9A850 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\574\1033 | D0DB0 | AA | 9ABB0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\582\1033 | CED48 | 56 | 98B48 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\583\1033 | CEDA0 | 42 | 98BA0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\584\1033 | CF100 | 1D6 | 98F00 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\585\1033 | CEDE8 | 316 | 98BE8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\586\1033 | CFBB8 | E6 | 999B8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\588\1033 | CF6C8 | 4EC | 994C8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\589\1033 | CFCA0 | 13E | 99AA0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\590\1033 | CFDE0 | 2E | 99BE0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\591\1033 | CF530 | 82 | 99330 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\592\1033 | CF318 | FE | 99118 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\593\1033 | CF418 | 116 | 99218 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\594\1033 | CF5B8 | 10C | 993B8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\619\1033 | CFE10 | 3C | 99C10 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\622\1033 | CECD0 | 78 | 98AD0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\2188\1033 | CF2D8 | 3C | 990D8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\3841\1033 | D12E8 | 82 | 9B0E8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\3842\1033 | D1370 | 2A | 9B170 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\3843\1033 | D13A0 | 192 | 9B1A0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\3857\1033 | D1538 | 4E2 | 9B338 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\3858\1033 | D1DB0 | 31A | 9BBB0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\3859\1033 | D1AD0 | 2DC | 9B8D0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\3860\1033 | D2910 | 8A | 9C710 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\3865\1033 | D1A20 | AC | 9B820 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\3866\1033 | D2800 | DE | 9C600 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\3867\1033 | D20D0 | 4C4 | 9BED0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\3868\1033 | D2598 | 264 | 9C398 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\3869\1033 | D28E0 | 2C | 9C6E0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \STRING\3887\1033 | D29A0 | 42 | 9C7A0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \GROUP_CURSOR\9008\1033 | C88F8 | 14 | 926F8 | C061A6C554514D668615E924079A4ADE61B51251 | .a..TQMf...$..J.a..Q |
| \GROUP_CURSOR\9009\1033 | C83B8 | 14 | 921B8 | BEDBFFE799199EAAAC03924D85709E07A5978AE9 | ...........M.p...... |
| \GROUP_CURSOR\9010\1033 | C8508 | 14 | 92308 | 99DE44E7524ED3C9F2F8B0FB284E40BDAFEC2C15 | ..D.RN......(N@...,. |
| \GROUP_CURSOR\9011\1033 | C8658 | 14 | 92458 | 8BC671B53858D262A14D96F5D089C094E47BEE22 | ..q.8X.b.M.......{." |
| \GROUP_CURSOR\9012\1033 | C87A8 | 14 | 925A8 | 04298E60BD4991A23D4E827EF98B0F5307B54FDD | .)..I..=N.~...S..O. |
| \GROUP_CURSOR\9301\1033 | C68F0 | 14 | 906F0 | 7BFC8163675B1A06C5F7E5A99ED95A93C4110709 | {..cg[........Z..... |
| \GROUP_CURSOR\9302\1033 | C6A40 | 14 | 90840 | 6B8452897A07BDDAD59D5CD7D37059154FFE287F | k.R.z.....\..pY.O.(. |
| \GROUP_CURSOR\9303\1033 | C6B90 | 14 | 90990 | 0823F1F17488F140E78A88FFBEB9A72EC1BECA13 | ...t..@............ |
| \GROUP_CURSOR\9375\1033 | C6CE0 | 14 | 90AE0 | E8CDF2C3FB714DCF4FD757F196AF867A1DCE0E7B | .....qM.O.W....z...{ |
| \GROUP_CURSOR\9376\1033 | C6E30 | 14 | 90C30 | CE003760C1F7CBF728DCC0C1B72BE0F021199F5A | ..7....(....+..!..Z |
| \GROUP_CURSOR\9377\1033 | C6F80 | 14 | 90D80 | 1F971B75BC3E595568FD636D8C97DA9A58300F2C | ...u.>YUh.cm....X0., |
| \GROUP_CURSOR\9378\1033 | C70D0 | 14 | 90ED0 | 337C2B5285C5FC9A5A3C87C12115C501F0ABA785 | 3|+R....Z<..!....... |
| \GROUP_CURSOR\9425\1033 | C7220 | 14 | 91020 | 02793E19C5BEDE28F354363523AB779CE6DA137C | .y>....(.T65.w....| |
| \GROUP_CURSOR\9426\1033 | C7370 | 14 | 91170 | 44CCA7F88FA93755D9572B99B838D536EDC43D06 | D.....7U.W+..8.6..=. |
| \GROUP_CURSOR\9970\1033 | C03E8 | 22 | 8A1E8 | C2345E83F619AA2F0ED2E7B66DA10FF7ABE040C309D6BF4C66F626B587098F5F002B | .4..../....m.....@....Lf.&...._.+ |
| \GROUP_CURSOR\9971\1033 | C0600 | 22 | 8A400 | 00B75881C0D900CE1040F4E80F1B20008AF080F65F2342DD009D94DEC9516954CC00 | ..X......@.... ....._B......QiT.. |
| \GROUP_CURSOR\30977\1033 | CD0A0 | 22 | 96EA0 | CB00C6AA9160018F4FBBBAC6BDA85C3A077A087D984E5641F9FAE6745DC6D9F2BFED | .......O.....\:.z.}.NVA...t]..... |
| \GROUP_CURSOR\30998\1033 | CD890 | 14 | 97690 | 189AA9A4BB6B0F2AECC1E9F7F86F9478EF311FC5 | .....k.*.....o.x.1.. |
| \GROUP_CURSOR\30999\1033 | CD200 | 14 | 97000 | F0DA020C30E71176547C2F382C55A0ACF40FE32F | ....0..vT|/8,U...../ |
| \GROUP_CURSOR\31000\1033 | CD740 | 14 | 97540 | 80E44045DF655355CD0DC9BB1D111C8E274909EA | ..@E.eSU........'I.. |
| \GROUP_CURSOR\31001\1033 | CD5F0 | 14 | 973F0 | AABD90C11962662C1B98343199386184F15BAC78 | .....bf,..41.8a..[.x |
| \GROUP_CURSOR\31002\1033 | CDF20 | 14 | 97D20 | 306784DD881E9355B50C34C8FED27508E1383F7D | 0g.....U..4...u..8?} |
| \GROUP_CURSOR\31003\1033 | CD4A0 | 14 | 972A0 | DACD343127828CFFAF3CB607D2D64EAF632E06B6 | ..41'....<....N.c... |
| \GROUP_CURSOR\31004\1033 | CDB30 | 14 | 97930 | 4FC1F4268342E4CB21DA7F81BB901A031FB00248 | O..&.B..!..........H |
| \GROUP_CURSOR\31005\1033 | CD350 | 14 | 97150 | 6979FBADBF7F095F1867254A7938F56C8B6B717A | iy....._.g%Jy8.l.kqz |
| \GROUP_CURSOR\31006\1033 | CD9E0 | 14 | 977E0 | C5C8965BAF84BCFEB1DE57DDE381F97CDB5AAEB1 | ...[......W....|.Z.. |
| \GROUP_CURSOR\31007\1033 | CDC80 | 14 | 97A80 | 3FBBE763C7661107F6BB132F03796BDB274973EB | ?..c.f...../.yk.'Is. |
| \GROUP_CURSOR\31008\1033 | CDDD0 | 14 | 97BD0 | 426FD7C72F274237C7F6DEE7B828BB45091D5C65 | Bo../'B7.....(.E..\e |
| \GROUP_CURSOR\31009\1033 | CE070 | 14 | 97E70 | 390618FDC812A643C39BF58E92110C55EB597ED7 | 9......C.......U.Y~. |
| \GROUP_CURSOR\31010\1033 | CE1C0 | 14 | 97FC0 | 7FA5CD3D5358EAD8E0991925FBCD9B0E237DCDD5 | ...=SX.....%....}.. |
| \GROUP_CURSOR\31011\1033 | CE310 | 14 | 98110 | 75D84D8448871598409069256221C3B6C254D057 | u.M.H...@.i%b!...T.W |
| \GROUP_ICON\128\2048 | D407C | 14 | 6FA7C | 0000010001002020000001001800A80C00000100 | ...... ............ |
| \GROUP_ICON\154\2048 | D4068 | 14 | 6FA68 | 0000010001001010000001001800680300000200 | ..............h..... |
| \GROUP_ICON\9007\1033 | D4028 | 3E | 6FA28 | 0000010004002020100001000400E802000015002020000001000800A8080000160010100000010008006805000017001010100001000400280100001800 | ...... ............ ....................h.............(..... |
| \GROUP_ICON\9174\1033 | D4014 | 14 | 6FA14 | 0000010001001010000001002000680400001900 | ............ .h..... |
| \GROUP_ICON\9176\1033 | D4000 | 14 | 6FA00 | 0000010001001010100001000400280100001A00 | ..............(..... |
| \VERSION\1\2048 | D3D7C | 284 | 6F77C | 840234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \240\170\1033 | C01A8 | 4A | 89FA8 | 41900497EFC05AD438D3E50424D84B55A85C04C8BDA29A80E8FF750400E076909C1947F39200AC3D61055D2C33200006C80DFA2FC4B95A00740276C1CE1FDE34008268DBB869E0C0B400 | A.....Z.8...$.KU.\........u...v...G....=a.],3 ...../..Z.t.v....4..h..i.... |
| \240\171\1033 | C0158 | 4A | 89F58 | BDEE01FE7951DC133C058DC5AE3072018462496A58308B1C00406C83CB4C0250BF3F9D2C8039DB26AEE62105003F6BFFF63A4B8DE000289125F01635417C0160D0574E46C29DF0F15F04 | ....yQ..<....0r..bIjX0...@l..L.P.?.,.9.&..!..?k..:K...(.%..5A|..WNF...._. |
| \241\9015\1033 | CC518 | 14 | 96318 | 690E1CD0D3D0292F03D7FE6FE9D836B0F93E17D1 | i.....)/...o..6..>.. |
| \241\9016\1033 | CC530 | C | 96330 | 43199BE1F7DA2F636C3E0DA2 | C...../cl>.. |
| \241\9017\1033 | CC540 | 16 | 96340 | 28E966DC5A275F1D8CF94FD19D0B5FFBAFF38CA815B6 | (.f.Z'_...O..._....... |
| \241\9952\1033 | C0790 | C | 8A590 | 166B1BC407B15EE897789014 | .k......x.. |
| Intelligent String |
| • kernel32.dll • L2Walker.EXE • U.vIQ |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 14B62 | C0790 | *unnamed* | CALL [static] | Indirect call to absolute memory address |
| 27ACE | ADBB367 | *unnamed* | JMP [static] | Indirect jump to absolute memory address |
| 459FB | 30EADFA9 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 49E20 | 30EADFA9 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 4FF01 | 3FAA5E79 | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 55671 | 3FAA5E79 | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 5EB53 | 3FAA5E79 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 66B54 | 7572F106 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 6A33D | 62FFD0C3 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 6AE07 | 64D6EAF | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 6AF0E | 64D6EAF | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 6B22A | 6525E3FD | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 73016 | 305918 | .data | CALL [static] | Indirect call to absolute memory address |
| 7349B | 68DEDA01 | .data | JMP [static] | Indirect jump to absolute memory address |
| 745E4 | 16D443E0 | .data | JMP [static] | Indirect jump to absolute memory address |
| 7461B | 4CC048A3 | .data | CALL [static] | Indirect call to absolute memory address |
| 79E18 | CCE28C | .data | CALL [static] | Indirect call to absolute memory address |
| 7B7F7 | CCE28C | .data | CALL [static] | Indirect call to absolute memory address |
| 7E5BB | CCE28C | .data | JMP [static] | Indirect jump to absolute memory address |
| 7EBD7 | 1E517143 | .data | JMP [static] | Indirect jump to absolute memory address |
| 845BE | 1E517143 | .data | JMP [static] | Indirect jump to absolute memory address |
| 85C14 | 1E517143 | .data | JMP [static] | Indirect jump to absolute memory address |
| 85D93 | 1E517143 | .data | CALL [static] | Indirect call to absolute memory address |
| 87B00 | 1E517143 | .data | JMP [static] | Indirect jump to absolute memory address |
| 881EF | 47C80F9F | .data | CALL [static] | Indirect call to absolute memory address |
| 88B25 | 3E61301 | .data | JMP [static] | Indirect jump to absolute memory address |
| 1000-23BFF | 1000 | *unnamed* | Executable section anomaly, first bytes: 6801304D00E80100 |
| 2DE00-6E9FF | 64000 | .rsrc | Executable section anomaly, first bytes: 0000000000000000 |
| 6EA00-989FF | D3000 | .data | Executable section anomaly, first bytes: 9060E803000000E9 |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 417252 | 66,7441% |
| Null Byte Code | 24571 | 3,9304% |
© 2026 All rights reserved.