PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Header PE (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Icon:

Size: 3,83 MB
SHA-256 Hash: 75704A6E19C3F6544ED8A7CB8577EC7DA0582F808720631DCBAC7406ECCE2996
SHA-1 Hash: 02C8CF05C6E39C69C201E474745B496A50407709
MD5 Hash: B29C9FC22B9DB4F4BDE345B60D5B4696
Imphash: 738D137A5705F026933740B2A368374E
MajorOSVersion: 10
MinorOSVersion: 0
CheckSum: 003DC9DC
EntryPoint (rva): 1B9D70
SizeOfHeaders: 400
SizeOfImage: 406000
ImageBase: 0000000140000000
Architecture: x64
ExportTable: 32AD10
ImportTable: 32AD98
IAT: 32B5B0
Characteristics: 22
TimeDateStamp: 69B1E98D
Date: 11/03/2026 22:15:41
File Type: EXE
File Type: DLL
Number Of Sections: 11
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .fptable, .tls, CPADinfo, _RDATA, malloc_h, .rsrc, .reloc
Number Of Executable Sections: 2
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	0x60000020 Code Executable Readable	400	2E6A00	1000	2E6843	6.4856	19994364.44
.rdata	0x40000040 Initialized Data Readable	2E6E00	50200	2E8000	50044	5.6353	9088925.83
.data	0xC0000040 Initialized Data Readable Writeable	337000	12600	339000	3FB78	2.4657	8535341.5
.pdata	0x40000040 Initialized Data Readable	349600	13800	379000	13680	6.0989	1499164.62
.fptable	0xC0000040 Initialized Data Readable Writeable	35CE00	200	38D000	100	0	130560
.tls	0xC0000040 Initialized Data Readable Writeable	35D000	400	38E000	29A	0.2125	248543.5
CPADinfo	0xC0000040 Initialized Data Readable Writeable	35D400	200	38F000	38	0.1223	127509
_RDATA	0x40000040 Initialized Data Readable	35D600	200	390000	1F4	4.2355	19784
malloc_h	0x60000020 Code Executable Readable	35D800	200	391000	111	4.1381	29140
.rsrc	0x40000040 Initialized Data Readable	35DA00	70800	392000	70638	6.474	7606762.2
.reloc	0x42000040 Initialized Data GP-Relative Readable	3CE200	2E00	403000	2D30	5.4334	67344.91

Description

OriginalFilename: chrome.exe
CompanyName: Google LLC
LegalCopyright: Copyright 2026 Google LLC. All rights reserved.
ProductName: Google Chrome
FileVersion: 146.0.7680.76
FileDescription: Google Chrome
ProductVersion: Official Build
SpecialBuild: extended
Language: English (United States) (ID=0x409)
CodePage: Unicode (UTF-16 LE) (0x4B0)

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 1B9170
Code -> 4883EC28E80B0000004883C428E97AFEFFFFCCCC48895C241855488BEC4883EC30488B05A8F2170048BB32A2DF2D992B0000

Assembler

|SUB RSP, 0X28

|CALL 0X1014

|ADD RSP, 0X28

|JMP 0XE8C

|INT3

|MOV QWORD PTR [RSP + 0X18], RBX

|PUSH RBP

|MOV RBP, RSP

|SUB RSP, 0X30

|MOV RAX, QWORD PTR [RIP + 0X17F2A8]

|MOVABS RBX, 0X2B992DDFA232

Signatures

Certificate - Digital Signature:
• The file is signed and the signature is correct

Packer/Compiler

Compiler: Pure Basic 4.x
Detect It Easy (die)
• PE+(64): compiler: Microsoft Visual C/C++(2015 v.14.0)[-]
• PE+(64): linker: Microsoft Linker(14.0)[-]
• PE+(64): Sign tool: Windows Authenticode(2.0)[PKCS 7]
• Entropy: 6.57118

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	CreateMutexW	Create a named or unnamed mutex object for controlling access to a shared resource.
KERNEL32.DLL	VirtualAlloc	Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL	GetModuleHandleA	Retrieves a handle to the specified module.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	LoadLibraryW	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	CreateRemoteThread	Creates a thread in the address space of another process.
KERNEL32.DLL	WriteProcessMemory	Writes data to an area of memory in a specified process.
KERNEL32.DLL	ReadProcessMemory	Reads data from an area of memory in a specified process.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	IsDebuggerPresent	Determines if the calling process is being debugged by a user-mode debugger.
KERNEL32.DLL	SleepEx	Pauses the execution of the current thread, optionally allowing the thread to be awakened by a kernel object or upon expiration of a timeout.

Windows REG (UNICODE)

SOFTWARE\Microsoft\Windows NT\CurrentVersion
Software\Google\Update\ClientState\
SOFTWARE\Policies\Google\Chrome

File Access

chrome.exe
v8.exe
ntdll.dll
KERNEL32.dll
VERSION.dll
chrome_elf.dll
WINHTTP.dll
api-ms-win-core-winrt-l1-1-0.dll
USERENV.dll
api-ms-win-power-base-l1-1-0.dll
ole32.dll
WINMM.dll
USER32.dll
SHLWAPI.dll
SHELL32.dll
dbghelp.dll
ADVAPI32.dll
kernel32.dll
verifier.dll
extensions/value_store/Extensions.Database.Open.Scr
viz,input.scr
viz,benchmark,input.scr
renderer,benchmark,rail,input.scr
interactions,input.scr
input,input.scr
cc,benchmark,input,input.scr
benchmark,latencyInfo,rail,input.scr
disabled-by-default-devtools.scr
input.scr
stability_report.Sys
extensions/value_store/Extensions.Dat
@.dat
Temp

File Access (UNICODE)

kernelbase.dll
ntdll.dll
kernel32.dll
chrome.exe
GdiDllInitializegdi32.dll
winhttp.dll
WTSQuerySessionInformationWwtsapi32.dll
GetUserNameWadvapi32.dll
api-ms-win-downlevel-shell32-l1-1-0.dll
dbghelp.dll
0Kernel32.dll
user32.dll
0u. ntdll.dll
chrome.dll
mscoree.dll
settings.dat
Temp
AppData

Interest's Words

PassWord
exec
attrib
start
hostname
shutdown
systeminfo
ping
expand
replace
route

Interest's Words (UNICODE)

start
rundll32
rundll

Anti-VM/Sandbox/Debug Tricks

OllyDbg Libary - dbghelp.dll

Anti-VM/Sandbox/Debug Tricks (UNICODE)

OllyDbg Libary - dbghelp.dll

URLs

http://ocsp.digicert.com
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
http://crl3.digicert.com/DigiCertTrustedRootG4.crl
http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt
http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl
http://www.digicert.com/CPS0
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
https://perfetto.dev/docs/contributing/getting-startedcommunity).
https://crashpad.chromium.org/
https://crashpad.chromium.org/bug/new

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Hex	Hex Pattern	SYSCALL (SYSCALL - 4C8BD1B8)
Text	Ascii	Unicode escape - \u00 - (Common Unicode escape sequences)
Text	Ascii	WinAPI Sockets (bind)
Text	Ascii	WinAPI Sockets (connect)
Text	Ascii	WinAPI Sockets (send)
Text	Ascii	Registry (RegCreateKeyEx)
Text	Ascii	Registry (RegOpenKeyEx)
Text	Ascii	Registry (RegSetValueEx)
Text	Ascii	File (GetTempPath)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Anti-Analysis VM (IsDebuggerPresent)
Text	Ascii	Anti-Analysis VM (GetSystemInfo)
Text	Ascii	Anti-Analysis VM (GlobalMemoryStatusEx)
Text	Ascii	Anti-Analysis VM (GetVersion)
Text	Ascii	Reconnaissance (FindNextFileW)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (GetThreadContext)
Text	Ascii	Stealth (ReleaseSemaphore)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Stealth (UnmapViewOfFile)
Text	Ascii	Stealth (MapViewOfFile)
Text	Ascii	Stealth (CreateFileMappingW)
Text	Ascii	Stealth (VirtualAlloc)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Stealth (ReadProcessMemory)
Text	Ascii	Stealth (CreateRemoteThread)
Text	Ascii	Stealth (NtUnmapViewOfSection)
Text	Ascii	Execution (CreateProcessA)
Text	Ascii	Execution (CreateProcessW)
Text	Ascii	Execution (ResumeThread)
Text	Ascii	Execution (CreateSemaphoreW)
Text	Ascii	Execution (CreateEventW)
Text	Ascii	Malicious code executed after exploiting a vulnerability (Payload)
Text	Ascii	Malware that monitors and collects user data (Spy)
Text	Ascii	Information used for user authentication (Credential)
Text	Ascii	Unauthorized movement of funds or data (Transfer)
Text	Unicode	Unauthorized movement of funds or data (Transfer)
Text	Ascii	Technique used to capture communications between systems (Intercept)
Text	Ascii	Abuse of power for personal gain or unethical purposes (Corruption)
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\GOOGLEUPDATEAPPLICATIONCOMMANDS\1\1033	3F3E30	4	3BF830	01000000	....
\LIMITEDACCESSFEATURE\IDENTITY\1033	3939E0	36	35F3E0	67006F006F0067006C0065002D006300680072006F006D0065005F00300071006700700066007A006700680031006500640066007900	g.o.o.g.l.e.-.c.h.r.o.m.e._.0.q.g.p.f.z.g.h.1.e.d.f.y.
\CURSOR\1\0	3F4290	134	3BFC90	070004002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\2\0	3F43E0	134	3BFDE0	070007002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\3\0	3F4530	134	3BFF30	0A0008002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\4\0	3F4680	134	3C0080	070004002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\5\0	3F47D0	134	3C01D0	0D000D002800000020000000400000000100010000000000800000000000000000000000020000000200000000000000FFFF	....(... ...@.....................................
\CURSOR\6\0	3F4908	CAC	3C0308	0D000D002800000020000000400000000100180000000000000C000000000000000000000000000000000000000000000000	....(... ...@.....................................
\CURSOR\7\0	3F55E0	134	3C0FE0	0D000D002800000020000000400000000100010000000000800000000000000000000000020000000200000000000000FFFF	....(... ...@.....................................
\CURSOR\8\0	3F5718	CAC	3C1118	0D000D002800000020000000400000000100180000000000000C000000000000000000000000000000000000000000000000	....(... ...@.....................................
\CURSOR\9\0	3F63F0	10AC	3C1DF0	1000100028000000200000004000000001002000000000000000000000000000000000000000000000000000000000000000	....(... ...@..... ...............................
\CURSOR\10\0	3F74B8	10AC	3C2EB8	1000100028000000200000004000000001002000000000008010000000000000000000000000000000000000000000000000	....(... ...@..... ...............................
\CURSOR\11\0	3F8580	10AC	3C3F80	1000100028000000200000004000000001002000000000000010000000000000000000000000000000000000000000000000	....(... ...@..... ...............................
\CURSOR\12\0	3F9648	10AC	3C5048	1000100028000000200000004000000001002000000000000010000000000000000000000000000000000000000000000000	....(... ...@..... ...............................
\CURSOR\13\0	3FA710	10AC	3C6110	1000100028000000200000004000000001002000000000000000000000000000000000000000000000000000000000000000	....(... ...@..... ...............................
\CURSOR\14\0	3FB7D8	10AC	3C71D8	1000100028000000200000004000000001002000000000000000000000000000000000000000000000000000000000000000	....(... ...@..... ...............................
\CURSOR\15\0	3FC8A0	10AC	3C82A0	1000100028000000200000004000000001002000000000000000000000000000000000000000000000000000000000000000	....(... ...@..... ...............................
\CURSOR\16\0	3FD968	10AC	3C9368	1000100028000000200000004000000001002000000000000000000000000000000000000000000000000000000000000000	....(... ...@..... ...............................
\CURSOR\17\0	3FEA30	10AC	3CA430	1000100028000000200000004000000001002000000000000000000000000000000000000000000000000000000000000000	....(... ...@..... ...............................
\CURSOR\18\0	3FFAF8	10AC	3CB4F8	1000100028000000200000004000000001002000000000000000000000000000000000000000000000000000000000000000	....(... ...@..... ...............................
\CURSOR\19\0	400BC0	10AC	3CC5C0	1000100028000000200000004000000001002000000000000000000000000000000000000000000000000000000000000000	....(... ...@..... ...............................
\CURSOR\20\0	401C88	134	3CD688	09000A002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\21\0	401DD8	134	3CD7D8	090003002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\22\0	401F28	134	3CD928	060006002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\23\0	402078	134	3CDA78	060006002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\ICON\1\1033	393A18	568	35F418	280000001000000020000000010008000000000000000000000000000000000000000000000000002B38E0002E3BE2002F43	(....... ...............................+8...;../C
\ICON\2\1033	393F80	8A8	35F980	280000002000000040000000010008000000000000000000000000000000000000000000000000002A36DF002C3DD3002D39	(... ...@...............................*6..,=..-9
\ICON\3\1033	394828	EA8	360228	280000003000000060000000010008000000000000000000000000000000000000000000000000002A36DE002C3BD7002838	(...0..................................*6..,;..(8
\ICON\4\1033	3956D0	468	3610D0	2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000	(....... ..... ...................................
\ICON\5\1033	395B38	10A8	361538	2800000020000000400000000100200000000000000000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\6\1033	396BE0	25A8	3625E0	2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000000000	(...0........ ...................................
\ICON\7\1033	399188	7CFC	364B88	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A86600007CC34944415478DAEC99D171E3460C	.PNG........IHDR.............\r.f..\|.IDATx....q.F.
\ICON\8\1033	3A0EF0	38	36C8F0	2800000001000000020000000100010000000000000000000000000000000000000000000000000000000000000000000000000080000000	(.......................................................
\ICON\9\1033	3A0F40	38	36C940	2800000001000000020000000100010000000000000000000000000000000000000000000000000000000000000000000000000080000000	(.......................................................
\ICON\10\1033	3A0F90	38	36C990	2800000001000000020000000100010000000000000000000000000000000000000000000000000000000000000000000000000080000000	(.......................................................
\ICON\11\1033	3A0FE0	568	36C9E0	28000000100000002000000001000800000000000000000000000000000000000000000000000000009FEF00009FFF0000A3	(....... .........................................
\ICON\12\1033	3A1548	8A8	36CF48	28000000200000004000000001000800000000000000000000000000000000000000000000000000009FEF00019FF40000A4	(... ...@.........................................
\ICON\13\1033	3A1DF0	EA8	36D7F0	28000000300000006000000001000800000000000000000000000000000000000000000000000000019FF50000A1F50000A3	(...0............................................
\ICON\14\1033	3A2C98	468	36E698	2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000	(....... ..... ...................................
\ICON\15\1033	3A3100	10A8	36EB00	2800000020000000400000000100200000000000000000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\16\1033	3A41A8	25A8	36FBA8	2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000000000	(...0........ ...................................
\ICON\17\1033	3A6750	7C98	372150	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A86600007C5F4944415478DAEC9DEB711D4792	.PNG........IHDR.............\r.f..\|_IDATx....q.G.
\ICON\18\1033	3AE450	EA8	379E50	28000000300000006000000001000800000000000000000000000000000000000000000000000000000000005A9D0000F48B	(...0......................................Z.....
\ICON\19\1033	3AF2F8	8A8	37ACF8	28000000200000004000000001000800000000000000000000000000000000000000000000000000000000005A9D0000F48B	(... ...@...................................Z.....
\ICON\20\1033	3AFBA0	568	37B5A0	280000001000000020000000010008000000000000000000000000000000000000000000000000005A9D0000F48B00003333	(....... ...............................Z.......33
\ICON\21\1033	3B0108	7FA	37BB08	89504E470D0A1A0A0000000D49484452000001000000010008030000006BAC585400000288504C5445000000000000000000	.PNG........IHDR.............k.XT....PLTE.........
\ICON\22\1033	3B0908	25A8	37C308	2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000010000	(...0........ ...................................
\ICON\23\1033	3B2EB0	10A8	37E8B0	2800000020000000400000000100200000000000000000000000000000000000000000000000000000000001000000020000	(... ...@..... ...................................
\ICON\24\1033	3B3F58	468	37F958	28000000100000002000000001002000000000000000000000000000000000000000000000000000808080668585858D8686	(....... ..... ............................f......
\ICON\25\1033	3B4428	EA8	37FE28	280000003000000060000000010008000000000000000000000000000000000000000000000000000000000000B0FF00C1C0	(...0............................................
\ICON\26\1033	3B52D0	8A8	380CD0	280000002000000040000000010008000000000000000000000000000000000000000000000000000000000000B0FF00B0AE	(... ...@.........................................
\ICON\27\1033	3B5B78	568	381578	2800000010000000200000000100080000000000000000000000000000000000000000000000000000B0FF00CCCCCC00DADA	(....... .........................................
\ICON\28\1033	3B60E0	7C8	381AE0	89504E470D0A1A0A0000000D49484452000001000000010008030000006BAC58540000027F504C5445000000000000000000	.PNG........IHDR.............k.XT....PLTE.........
\ICON\29\1033	3B68A8	25A8	3822A8	2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000010000	(...0........ ...................................
\ICON\30\1033	3B8E50	10A8	384850	2800000020000000400000000100200000000000000000000000000000000000000000000000000000000001000000020000	(... ...@..... ...................................
\ICON\31\1033	3B9EF8	468	3858F8	28000000100000002000000001002000000000000000000000000000000000000000000000000000808080668585858D8686	(....... ..... ............................f......
\ICON\32\1033	3BA3C8	4A8	385DC8	280000001100000020000000010020000000000040040000130B0000130B00000000000000000000FFFFFF00FFFFFF00FFFF	(....... ..... .....@.............................
\ICON\33\1033	3BA870	1234	386270	280000002100000042000000010020000000000004110000130B0000130B00000000000000000000FFFFFF00FFFFFF00FFFF	(...!...B..... ...................................
\ICON\34\1033	3BBAA8	2668	3874A8	2800000031000000600000000100200000000000C0240000130B0000130B00000000000000000000FFFFFF00FFFFFF00FFFF	(...1........ ......$............................
\ICON\35\1033	3BE110	184B	389B10	89504E470D0A1A0A0000000D4948445200000101000001000806000000B3B0C358000018124944415478DAED9D4D6C545796	.PNG........IHDR................X....IDATx...MlTW.
\ICON\36\1033	3BF9A0	568	38B3A0	2800000010000000200000000100080000000000000000000000000000000000000000000000000042403B0043403C005847	(....... ...............................B@;.C@<.XG
\ICON\37\1033	3BFF08	8A8	38B908	2800000020000000400000000100080000000000000000000000000000000000000000000000000043403B0043403C00424A	(... ...@...............................C@;.C@<.BJ
\ICON\38\1033	3C07B0	EA8	38C1B0	2800000030000000600000000100080000000000000000000000000000000000000000000000000024202000242120003330	(...0..................................$ .$! .30
\ICON\39\1033	3C1658	468	38D058	2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000	(....... ..... ...................................
\ICON\40\1033	3C1AC0	10A8	38D4C0	2800000020000000400000000100200000000000000000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\41\1033	3C2B68	25A8	38E568	2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000000000	(...0........ ...................................
\ICON\42\1033	3C5110	6C1C	390B10	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A86600006BE34944415478DAEC99D171DC460C	.PNG........IHDR.............\r.f..k.IDATx....q.F.
\ICON\43\1033	3CBD98	568	397798	2800000010000000200000000100080000000000000000000000000000000000000000000000000042403B0043403C005847	(....... ...............................B@;.C@<.XG
\ICON\44\1033	3CC300	8A8	397D00	2800000020000000400000000100080000000000000000000000000000000000000000000000000043403B0043403C00424A	(... ...@...............................C@;.C@<.BJ
\ICON\45\1033	3CCBA8	EA8	3985A8	2800000030000000600000000100080000000000000000000000000000000000000000000000000023202000242020002520	(...0.................................. .$ .%
\ICON\46\1033	3CDA50	468	399450	2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000	(....... ..... ...................................
\ICON\47\1033	3CDEB8	10A8	3998B8	2800000020000000400000000100200000000000000000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\48\1033	3CEF60	25A8	39A960	2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000000000	(...0........ ...................................
\ICON\49\1033	3D1508	6A18	39CF08	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000069DF4944415478DAEC99D171DC460C	.PNG........IHDR.............\r.f..i.IDATx....q.F.
\ICON\50\1033	3D7F88	568	3A3988	28000000100000002000000001000800000000000000000000000000000000000000000000000000000000000A0A0A002F3B	(....... ......................................./;
\ICON\51\1033	3D84F0	8A8	3A3EF0	28000000200000004000000001000800000000000000000000000000000000000000000000000000000000000B0B0B001414	(... ...@.........................................
\ICON\52\1033	3D8D98	EA8	3A4798	28000000300000006000000001000800000000000000000000000000000000000000000000000000000000000A0D0B002831	(...0..........................................(1
\ICON\53\1033	3D9C40	468	3A5640	2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000020000	(....... ..... ...................................
\ICON\54\1033	3DA0A8	10A8	3A5AA8	2800000020000000400000000100200000000000000000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\55\1033	3DB150	25A8	3A6B50	2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000000000	(...0........ ...................................
\ICON\56\1033	3DD6F8	8A38	3A90F8	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A8660000200049444154789CECBD7B985D4775	.PNG........IHDR.............\r.f.. .IDATx...{.]Gu
\ICON\57\1033	3E6198	568	3B1B98	28000000100000002000000001000800000000000000000000000000000000000000000000000000000000000A0A0A002F3B	(....... ......................................./;
\ICON\58\1033	3E6700	8A8	3B2100	28000000200000004000000001000800000000000000000000000000000000000000000000000000000000000B0B0B001414	(... ...@.........................................
\ICON\59\1033	3E6FA8	EA8	3B29A8	28000000300000006000000001000800000000000000000000000000000000000000000000000000000000000A0D0B002831	(...0..........................................(1
\ICON\60\1033	3E7E50	468	3B3850	2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000020000	(....... ..... ...................................
\ICON\61\1033	3E82B8	10A8	3B3CB8	2800000020000000400000000100200000000000000000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\62\1033	3E9360	25A8	3B4D60	2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000000000	(...0........ ...................................
\ICON\63\1033	3EB908	84C0	3B7308	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A8660000200049444154789CECBD7B9C5D4775	.PNG........IHDR.............\r.f.. .IDATx...{.]Gu
\GROUP_CURSOR\49890\0	3F43C8	14	3BFDC8	0000020001002000400001000100340100000100	...... .@.....4.....
\GROUP_CURSOR\49891\0	3F4518	14	3BFF18	0000020001002000400001000100340100000200	...... .@.....4.....
\GROUP_CURSOR\49892\0	3F4668	14	3C0068	0000020001002000400001000100340100000300	...... .@.....4.....
\GROUP_CURSOR\49893\0	3F47B8	14	3C01B8	0000020001002000400001000100340100000400	...... .@.....4.....
\GROUP_CURSOR\49894\0	3F55B8	22	3C0FB8	00000200020020004000010001003401000005002000400001001800AC0C00000600	...... .@.....4..... .@...........
\GROUP_CURSOR\49895\0	3F63C8	22	3C1DC8	00000200020020004000010001003401000007002000400001001800AC0C00000800	...... .@.....4..... .@...........
\GROUP_CURSOR\49896\0	3F74A0	14	3C2EA0	0000020001002000400001002000AC1000000900	...... .@... .......
\GROUP_CURSOR\49897\0	3F8568	14	3C3F68	0000020001002000400001002000AC1000000A00	...... .@... .......
\GROUP_CURSOR\49898\0	3F9630	14	3C5030	0000020001002000400001002000AC1000000B00	...... .@... .......
\GROUP_CURSOR\49899\0	3FA6F8	14	3C60F8	0000020001002000400001002000AC1000000C00	...... .@... .......
\GROUP_CURSOR\49900\0	3FB7C0	14	3C71C0	0000020001002000400001002000AC1000000D00	...... .@... .......
\GROUP_CURSOR\49901\0	3FC888	14	3C8288	0000020001002000400001002000AC1000000E00	...... .@... .......
\GROUP_CURSOR\49902\0	3FD950	14	3C9350	0000020001002000400001002000AC1000000F00	...... .@... .......
\GROUP_CURSOR\49903\0	3FEA18	14	3CA418	0000020001002000400001002000AC1000001000	...... .@... .......
\GROUP_CURSOR\49904\0	3FFAE0	14	3CB4E0	0000020001002000400001002000AC1000001100	...... .@... .......
\GROUP_CURSOR\49905\0	400BA8	14	3CC5A8	0000020001002000400001002000AC1000001200	...... .@... .......
\GROUP_CURSOR\49906\0	401C70	14	3CD670	0000020001002000400001002000AC1000001300	...... .@... .......
\GROUP_CURSOR\49907\0	401DC0	14	3CD7C0	0000020001002000400001000100340100001400	...... .@.....4.....
\GROUP_CURSOR\49908\0	401F10	14	3CD910	0000020001002000400001000100340100001500	...... .@.....4.....
\GROUP_CURSOR\49909\0	402060	14	3CDA60	0000020001002000400001000100340100001600	...... .@.....4.....
\GROUP_CURSOR\49910\0	4021B0	14	3CDBB0	0000020001002000400001000100340100001700	...... .@.....4.....
\GROUP_ICON\IDR_MAINFRAME\1033	3A0E88	68	36C888	00000100070010100000010008006805000001002020000001000800A808000002003030000001000800A80E000003001010	..............h..... ............00..............
\GROUP_ICON\IDR_MAINFRAME_2\1033	3A0F28	14	36C928	0000010001000101020001000100380000000800	..............8.....
\GROUP_ICON\IDR_MAINFRAME_3\1033	3A0F78	14	36C978	0000010001000101020001000100380000000900	..............8.....
\GROUP_ICON\IDR_MAINFRAME_4\1033	3A0FC8	14	36C9C8	0000010001000101020001000100380000000A00	..............8.....
\GROUP_ICON\IDR_SXS\1033	3AE3E8	68	379DE8	0000010007001010000001000800680500000B002020000001000800A80800000C003030000001000800A80E00000D001010	..............h..... ............00..............
\GROUP_ICON\IDR_X001_APP_LIST\1033	3B43C0	68	37FDC0	0000010007003030000001000800A80E000012002020000001000800A8080000130010100000010008006805000014000000	......00............ ....................h.......
\GROUP_ICON\IDR_X002_APP_LIST_SXS\1033	3BA360	68	385D60	0000010007003030000001000800A80E000019002020000001000800A80800001A001010000001000800680500001B000000	......00............ ....................h.......
\GROUP_ICON\IDR_X003_INCOGNITO\1033	3BF960	3E	38B360	0000010004001110000001002000A804000020002121000001002000341200002100313000000100200068260000220000000000010020004B1800002300	............ ..... .!!.... .4...!.10.... .h&.."....... .K....
\GROUP_ICON\IDR_X004_DEV\1033	3CBD30	68	397730	00000100070010100000010008006805000024002020000001000800A808000025003030000001000800A80E000026001010	..............h...$. ..........%.00..........&...
\GROUP_ICON\IDR_X005_BETA\1033	3D7F20	68	3A3920	0000010007001010000001000800680500002B002020000001000800A80800002C003030000001000800A80E00002D001010	..............h...+. ..........,.00..........-...
\GROUP_ICON\IDR_X006_HTML_DOC\1033	3E6130	68	3B1B30	00000100070010100000010008006805000032002020000001000800A808000033003030000001000800A80E000034001010	..............h...2. ..........3.00..........4...
\GROUP_ICON\IDR_X007_PDF_DOC\1033	3F3DC8	68	3BF7C8	00000100070010100000010008006805000039002020000001000800A80800003A003030000001000800A80E00003B001010	..............h...9. ..........:.00..........;...
\VERSION\1\1033	3F3E38	454	3BF838	540434000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000	T.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\1033	4021C8	46C	3CDBC8	3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D38223F3E0A3C617373656D626C792078	<?xml version="1.0" encoding="UTF-8"?>.<assembly x

Intelligent String

• ntdll.dll
• kernel32.dll
• .tls
• C22KERNEL32.DLL
• mscoree.dll
• .exe
• .cmd
• .bat
• .com
• chrome.dll
• Interceptors are experimental. If you want to use them, please get in touch with the project maintainers (https://perfetto.dev/docs/contributing/getting-startedcommunity).
• https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
• api-ms-win-core-synch-l1-2-0.dll
• .00x%llx..\..\base\trace_event\process_memory_dump.ccCountResidentBytesdiscarded%s:%s
• kernelbase.dll
• user32.dll
• Kernel32.dll
• bcryptprimitives.dll
• CreateAndOpenTemporaryFileInDir.tmp
• dbghelp.dll
• .pma
• UMA.PersistentAllocator..UsedPctN/A..\..\base\metrics\persistent_memory_allocator.ccCorruption detected in shared-memory segment.DumpWithoutCrashingFlushPartialPMA-DBG-file_namePMA-DBG-namePMA-DBG-memory_sizePMA-DBG-page_sizePMA-DBG-is_fullPMA-DBG-is_corruptedPMA-DBG-freeptrPMA-DBG-global_cookiePMA-DBG-refPMA-DBG-expected_typePMA-DBG-expected_sizePMA-DBG-block_sizePMA-DBG-block_cookiePMA-DBG-block_type_idPMA-DBG-block_nextPMA-DBG-ref_value_beforePMA-DBG-ref_value_afterPMA-DBG-ref_foundPMA-DBG-race_detected-active-spareUMA.PersistentAllocator.EarlyHistograms.
• debug.log
• NOTREACHED hit. LogMessageLOG_FATAL%s:%d: %spc:%p\u%04X\u003C\u2028\u2029
• FeatureList-feature-accessed-too-earlyFeatureList-early-access-allow-listStability.DumpWithoutCrashingStatus
• api-ms-win-downlevel-shell32-l1-1-0.dll
• . Check failed: false. Logging-FATAL_MILESTONELogging-DUMP_WILL_BE_CHECK_MESSAGELogging-NOTREACHED_MESSAGE
• shell32.dll
• advapi32.dll
• ..\..\third_party\crashpad\crashpad\util\win\initial_client_data.ccexpected 8 comma separated arguments0x%x,0x%x,0x%x,0x%x,0x%x,0x%llx,0x%llx,0x%llxcould not convert '' to HANDLE' to WinVMAddressverifier.dll
• settings.dat
• CreateNamedPipeforged shutdown request, got: unhandled message type: unexpected version. got: expecting: forged client pid, real pid: , got: ImpersonateNamedPipeClientfailed to open ConnectNamedPipeRegisterWaitForSingleObject crash dump requestedRegisterWaitForSingleObject non-crash dump requestedRegisterWaitForSingleObject process end::GetNamedPipeClientProcessId..\..\third_party\crashpad\crashpad\util\win\scoped_set_event.cc..\..\third_party\crashpad\crashpad\util\win\session_end_watcher.ccPostMessagecrashpad_SessionEndWatcher
• rundll32.exe
• ..\..\third_party\crashpad\crashpad\handler\user_stream_data_source.ccAddUserExtensionStream failed..\..\third_party\crashpad\crashpad\util\file\file_seeker.ccSeekSet(): expected ..\..\third_party\crashpad\crashpad\handler\minidump_to_upload_parameters.ccduplicate key duplicate annotation name list_annotations
• @dump
• upload_file_minidump..\..\third_party\crashpad\crashpad\handler\crash_report_upload_thread.ccreserved key application/octet-stream.dmp
• product%c%s=%s..\..\third_party\crashpad\crashpad\minidump\minidump_writable.ccsize
• ..\..\third_party\crashpad\crashpad\minidump\minidump_rva_list_writer.ccchild_count ..\..\third_party\crashpad\crashpad\minidump\minidump_writer_util.cctimestamp string cannot be converted to UTF-16 losslessly UTF-16 length will be truncated to UTF-16 length ..\..\third_party\crashpad\crashpad\minidump\minidump_string_writer.ccstring_bytes
• winamd64crashpad%s.%s,%s,%s..\..\third_party\crashpad\crashpad\util\numeric\in_range_cast.h%s; %s..\..\third_party\crashpad\crashpad\minidump\minidump_memory_writer.ccmemory_region_count
• ..\..\third_party\crashpad\crashpad\minidump\minidump_thread_writer.ccthread_count ..\..\third_party\crashpad\crashpad\minidump\minidump_thread_name_list_writer.ccthread_name_count ..\..\third_party\crashpad\crashpad\minidump\minidump_module_writer.ccmodule_count
• ..\..\third_party\crashpad\crashpad\minidump\minidump_unloaded_module_writer.ccunloaded_module_count ..\..\third_party\crashpad\crashpad\minidump\minidump_handle_writer.cchandle_count ..\..\third_party\crashpad\crashpad\minidump\minidump_file_writer.ccdiscarding duplicate stream of type stream_count out of rangeoffset ..\..\third_party\crashpad\crashpad\minidump\minidump_simple_string_dictionary_writer.ccentry_count ..\..\third_party\crashpad\crashpad\minidump\minidump_module_crashpad_info_writer.ccminidump_module_list_index ..\..\third_party\crashpad\crashpad\minidump\minidump_context_writer.ccunknown context architecture
• ..\..\third_party\crashpad\crashpad\util\win\module_version.ccGetFileVersionInfoSize: GetFileVersionInfo: VerQueryValue
• winhttp.dll
• gdi32.dll
• chrome.exe.pdb
• MiniDumpWriteDump
• chrome.exe
• :060U00Uq]dL.g?O0U0E1-Q!m0U0y+m0k0$+0http://ocsp.digicert.com0C+07http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0EU>0<0:864http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0U

Flow Anomalies

Offset	RVA	Section	Description
5E7	N/A	.text	CALL QWORD PTR [RIP+0x328A63]
6E7	N/A	.text	CALL QWORD PTR [RIP+0x328963]
6FE	N/A	.text	CALL QWORD PTR [RIP+0x32894C]
70E	N/A	.text	CALL QWORD PTR [RIP+0x32893C]
863	N/A	.text	CALL QWORD PTR [RIP+0x3287E7]
8CB	N/A	.text	CALL QWORD PTR [RIP+0x349E7F]
8D4	N/A	.text	CALL QWORD PTR [RIP+0x349DCE]
9E6	N/A	.text	CALL QWORD PTR [RIP+0x328664]
A8C	N/A	.text	CALL QWORD PTR [RIP+0x3285BE]
DF6	N/A	.text	JMP QWORD PTR [RIP+0x328254]
1497	N/A	.text	CALL QWORD PTR [RIP+0x327BB3]
14CD	N/A	.text	CALL QWORD PTR [RIP+0x327B7D]
1531	N/A	.text	CALL QWORD PTR [RIP+0x327B19]
1576	N/A	.text	CALL QWORD PTR [RIP+0x327AD4]
1598	N/A	.text	CALL QWORD PTR [RIP+0x327AB2]
15EC	N/A	.text	CALL QWORD PTR [RIP+0x327A5E]
160E	N/A	.text	CALL QWORD PTR [RIP+0x327A3C]
1637	N/A	.text	CALL QWORD PTR [RIP+0x329573]
164C	N/A	.text	CALL QWORD PTR [RIP+0x32986E]
197A	N/A	.text	CALL QWORD PTR [RIP+0x3276D0]
1FB1	N/A	.text	CALL QWORD PTR [RIP+0x328EF9]
20B8	N/A	.text	CALL QWORD PTR [RIP+0x326F92]
20D3	N/A	.text	CALL QWORD PTR [RIP+0x328ADF]
20EA	N/A	.text	CALL QWORD PTR [RIP+0x328AC8]
20FC	N/A	.text	CALL QWORD PTR [RIP+0x328AB6]
25CE	N/A	.text	CALL QWORD PTR [RIP+0x326A7C]
25E6	N/A	.text	JMP QWORD PTR [RIP+0x5B8B4800]
2AF6	N/A	.text	CALL QWORD PTR [RIP+0x326554]
2DD7	N/A	.text	CALL QWORD PTR [RIP+0x326273]
2E0D	N/A	.text	CALL QWORD PTR [RIP+0x32623D]
2F0C	N/A	.text	CALL QWORD PTR [RIP+0x32613E]
3379	N/A	.text	CALL QWORD PTR [RIP+0x325CD1]
340A	N/A	.text	CALL QWORD PTR [RIP+0x3277A8]
341B	N/A	.text	CALL QWORD PTR [RIP+0x327797]
343C	N/A	.text	CALL QWORD PTR [RIP+0x327776]
3823	N/A	.text	CALL QWORD PTR [RIP+0x325827]
3991	N/A	.text	CALL QWORD PTR [RIP+0x3256B9]
3A82	N/A	.text	CALL QWORD PTR [RIP+0x327130]
3E46	N/A	.text	CALL QWORD PTR [RIP+0x325204]
3E5C	N/A	.text	CALL QWORD PTR [RIP+0x3251EE]
3F43	N/A	.text	CALL QWORD PTR [RIP+0x32712F]
40D1	N/A	.text	CALL QWORD PTR [RIP+0x326E29]
44FB	N/A	.text	CALL QWORD PTR [RIP+0x326B77]
4563	N/A	.text	CALL QWORD PTR [RIP+0x326997]
4693	N/A	.text	CALL QWORD PTR [RIP+0x3249B7]
46A3	N/A	.text	CALL QWORD PTR [RIP+0x3249A7]
46D7	N/A	.text	CALL QWORD PTR [RIP+0x34602B]
4707	N/A	.text	CALL QWORD PTR [RIP+0x324943]
474E	N/A	.text	CALL QWORD PTR [RIP+0x345FBC]
47AE	N/A	.text	CALL QWORD PTR [RIP+0x345F64]
49C8	N/A	.text	CALL QWORD PTR [RIP+0x324682]
4B38	N/A	.text	CALL QWORD PTR [RIP+0x324512]
4BC3	N/A	.text	CALL QWORD PTR [RIP+0x324487]
4C8A	N/A	.text	CALL QWORD PTR [RIP+0x3243C0]
4D35	N/A	.text	CALL QWORD PTR [RIP+0x324315]
4E02	N/A	.text	CALL QWORD PTR [RIP+0x3260B0]
4E13	N/A	.text	CALL QWORD PTR [RIP+0x326097]
4F4A	N/A	.text	CALL QWORD PTR [RIP+0x326178]
4F67	N/A	.text	CALL QWORD PTR [RIP+0x32610B]
4FDB	N/A	.text	JMP QWORD PTR [RIP+0x325F1F]
5011	N/A	.text	CALL QWORD PTR [RIP+0x326061]
5115	N/A	.text	CALL QWORD PTR [RIP+0x325DE5]
537A	N/A	.text	CALL QWORD PTR [RIP+0x323CD0]
53AF	N/A	.text	CALL QWORD PTR [RIP+0x323C9B]
53EA	N/A	.text	CALL QWORD PTR [RIP+0x325A60]
53FF	N/A	.text	CALL QWORD PTR [RIP+0x325883]
541E	N/A	.text	CALL QWORD PTR [RIP+0x325A2C]
5433	N/A	.text	CALL QWORD PTR [RIP+0x32584F]
5568	N/A	.text	CALL QWORD PTR [RIP+0x325B0A]
55F5	N/A	.text	CALL QWORD PTR [RIP+0x325905]
573E	N/A	.text	CALL QWORD PTR [RIP+0x3257BC]
57A7	N/A	.text	CALL QWORD PTR [RIP+0x325753]
5A14	N/A	.text	CALL QWORD PTR [RIP+0x32565E]
5FC8	N/A	.text	CALL QWORD PTR [RIP+0x3250AA]
60E9	N/A	.text	CALL QWORD PTR [RIP+0x324E11]
6286	N/A	.text	CALL QWORD PTR [RIP+0x324DEC]
63A7	N/A	.text	CALL QWORD PTR [RIP+0x324B53]
6B0B	N/A	.text	CALL QWORD PTR [RIP+0x32253F]
7220	N/A	.text	CALL QWORD PTR [RIP+0x321E2A]
795A	N/A	.text	CALL QWORD PTR [RIP+0x323558]
796B	N/A	.text	CALL QWORD PTR [RIP+0x32353F]
8E32	N/A	.text	CALL QWORD PTR [RIP+0x320218]
9F91	N/A	.text	CALL QWORD PTR [RIP+0x3210E1]
9FBC	N/A	.text	JMP QWORD PTR [RIP+0x320F3E]
A051	N/A	.text	CALL QWORD PTR [RIP+0x321061]
A098	N/A	.text	CALL QWORD PTR [RIP+0x320B92]
A0EF	N/A	.text	CALL QWORD PTR [RIP+0x320FC3]
A124	N/A	.text	CALL QWORD PTR [RIP+0x320B06]
A17B	N/A	.text	CALL QWORD PTR [RIP+0x320F37]
A1B0	N/A	.text	CALL QWORD PTR [RIP+0x320A7A]
A25A	N/A	.text	CALL QWORD PTR [RIP+0x320E68]
A296	N/A	.text	CALL QWORD PTR [RIP+0x320E2C]
A2F5	N/A	.text	CALL QWORD PTR [RIP+0x320DCD]
A3BC	N/A	.text	CALL QWORD PTR [RIP+0x320CB6]
A414	N/A	.text	CALL QWORD PTR [RIP+0x320AE6]
A4CE	N/A	.text	CALL QWORD PTR [RIP+0x31EB7C]
A4E6	N/A	.text	CALL QWORD PTR [RIP+0x320964]
A4FB	N/A	.text	CALL QWORD PTR [RIP+0x320787]
A56B	N/A	.text	CALL QWORD PTR [RIP+0x320B07]
A691	N/A	.text	JMP QWORD PTR [RIP+0x320869]
37C704-37C79B	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 76
37CA00-37CA9F	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 80
37CAC0-37CB5F	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 80
37CB80-37CC1F	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 80
37EAE8-37EB47	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 48
37EBE4-37EC4B	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 52
37EC64-37ECCB	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 52
3826A4-38273B	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 76
3829A0-382A3F	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 80
382A60-382AFF	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 80
382B20-382BBF	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 80
384A88-384AE7	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 48
384B84-384BEB	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 52
384C04-384C6B	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 52
B4699-B46BF	N/A	.text	Unusual BP Cave, count: 39
B9D52-B9D7F	N/A	.text	Unusual BP Cave, count: 46
BAF91-BAFBF	N/A	.text	Unusual NOPS Space, count: 47
BC31A-BC33F	N/A	.text	Unusual BP Cave, count: 38
BD891-BD8BF	N/A	.text	Unusual NOPS Space, count: 47
BE7E2-BE7FF	N/A	.text	Unusual NOPS Space, count: 30
C4445-C447F	N/A	.text	Unusual BP Cave, count: 59
C50D4-C50FF	N/A	.text	Unusual NOPS Space, count: 44
C6482-C64BF	N/A	.text	Unusual BP Cave, count: 62
C6961-C697F	N/A	.text	Unusual NOPS Space, count: 31
C7C5D-C7C7F	N/A	.text	Unusual BP Cave, count: 35
CB6A2-CB6BF	N/A	.text	Unusual NOPS Space, count: 30
CC617-CC63F	N/A	.text	Unusual BP Cave, count: 41
CD9C7-CD9FF	N/A	.text	Unusual BP Cave, count: 57
CDAC1-CDADF	N/A	.text	Unusual NOPS Space, count: 31
CE222-CE23F	N/A	.text	Unusual NOPS Space, count: 30
CFB20-CFB3F	N/A	.text	Unusual NOPS Space, count: 32
D1F08-D1F3F	N/A	.text	Unusual NOPS Space, count: 56
D43D2-D43FF	N/A	.text	Unusual NOPS Space, count: 46
D6BD7-D6BFF	N/A	.text	Unusual NOPS Space, count: 41
2E6C43-2E6DFF	N/A	.text	Unusual BP Cave, count: 445
2E720C-2E723F	N/A	.rdata	Unusual NOPS Space, count: 52
2E7DC8-2E7DFF	N/A	.rdata	Unusual NOPS Space, count: 56
2E7E90-2E7EBF	N/A	.rdata	Unusual NOPS Space, count: 48
35D911-35D9FF	N/A	malloc_h	Unusual BP Cave, count: 239
328B08	25260	.rdata	TLS Callback \| Pointer to 140025260 - 0x24660 .text
328B10	1B8D60	.rdata	TLS Callback \| Pointer to 1401B8D60 - 0x1B8160 .text
328B18	B2230	.rdata	TLS Callback \| Pointer to 1400B2230 - 0xB1630 .text
328B20	1B8DE0	.rdata	TLS Callback \| Pointer to 1401B8DE0 - 0x1B81E0 .text
328B28	5BF0	.rdata	TLS Callback \| Pointer to 140005BF0 - 0x4FF0 .text
328B30	DD6E0	.rdata	TLS Callback \| Pointer to 1400DD6E0 - 0xDCAE0 .text
349600	1000	.pdata	ExceptionHook \| Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata
34960C	1150	.pdata	ExceptionHook \| Pointer to 1150 - 0x550 .text + UnwindInfo: .rdata
349618	1290	.pdata	ExceptionHook \| Pointer to 1290 - 0x690 .text + UnwindInfo: .rdata
349624	1860	.pdata	ExceptionHook \| Pointer to 1860 - 0xC60 .text + UnwindInfo: .rdata
349630	1A00	.pdata	ExceptionHook \| Pointer to 1A00 - 0xE00 .text + UnwindInfo: .rdata
34963C	20F0	.pdata	ExceptionHook \| Pointer to 20F0 - 0x14F0 .text + UnwindInfo: .rdata
349648	2220	.pdata	ExceptionHook \| Pointer to 2220 - 0x1620 .text + UnwindInfo: .rdata
349654	22C0	.pdata	ExceptionHook \| Pointer to 22C0 - 0x16C0 .text + UnwindInfo: .rdata
349660	2690	.pdata	ExceptionHook \| Pointer to 2690 - 0x1A90 .text + UnwindInfo: .rdata
34966C	2B30	.pdata	ExceptionHook \| Pointer to 2B30 - 0x1F30 .text + UnwindInfo: .rdata
349678	2D40	.pdata	ExceptionHook \| Pointer to 2D40 - 0x2140 .text + UnwindInfo: .rdata
349684	2DB0	.pdata	ExceptionHook \| Pointer to 2DB0 - 0x21B0 .text + UnwindInfo: .rdata
349690	3000	.pdata	ExceptionHook \| Pointer to 3000 - 0x2400 .text + UnwindInfo: .rdata
34969C	30B0	.pdata	ExceptionHook \| Pointer to 30B0 - 0x24B0 .text + UnwindInfo: .rdata
3496A8	3200	.pdata	ExceptionHook \| Pointer to 3200 - 0x2600 .text + UnwindInfo: .rdata
3496B4	32A0	.pdata	ExceptionHook \| Pointer to 32A0 - 0x26A0 .text + UnwindInfo: .rdata
3496C0	3620	.pdata	ExceptionHook \| Pointer to 3620 - 0x2A20 .text + UnwindInfo: .rdata
3496CC	40C0	.pdata	ExceptionHook \| Pointer to 40C0 - 0x34C0 .text + UnwindInfo: .rdata
3496D8	42E0	.pdata	ExceptionHook \| Pointer to 42E0 - 0x36E0 .text + UnwindInfo: .rdata
3496E4	4670	.pdata	ExceptionHook \| Pointer to 4670 - 0x3A70 .text + UnwindInfo: .rdata
3496F0	46D0	.pdata	ExceptionHook \| Pointer to 46D0 - 0x3AD0 .text + UnwindInfo: .rdata
3496FC	4A70	.pdata	ExceptionHook \| Pointer to 4A70 - 0x3E70 .text + UnwindInfo: .rdata
349708	5040	.pdata	ExceptionHook \| Pointer to 5040 - 0x4440 .text + UnwindInfo: .rdata
349714	50E0	.pdata	ExceptionHook \| Pointer to 50E0 - 0x44E0 .text + UnwindInfo: .rdata
349720	5250	.pdata	ExceptionHook \| Pointer to 5250 - 0x4650 .text + UnwindInfo: .rdata
34972C	5460	.pdata	ExceptionHook \| Pointer to 5460 - 0x4860 .text + UnwindInfo: .rdata
349738	59D0	.pdata	ExceptionHook \| Pointer to 59D0 - 0x4DD0 .text + UnwindInfo: .rdata
349744	5A90	.pdata	ExceptionHook \| Pointer to 5A90 - 0x4E90 .text + UnwindInfo: .rdata
349750	5B20	.pdata	ExceptionHook \| Pointer to 5B20 - 0x4F20 .text + UnwindInfo: .rdata
34975C	5C00	.pdata	ExceptionHook \| Pointer to 5C00 - 0x5000 .text + UnwindInfo: .rdata
349768	5D60	.pdata	ExceptionHook \| Pointer to 5D60 - 0x5160 .text + UnwindInfo: .rdata
349774	5DF0	.pdata	ExceptionHook \| Pointer to 5DF0 - 0x51F0 .text + UnwindInfo: .rdata
349780	5F40	.pdata	ExceptionHook \| Pointer to 5F40 - 0x5340 .text + UnwindInfo: .rdata
34978C	6070	.pdata	ExceptionHook \| Pointer to 6070 - 0x5470 .text + UnwindInfo: .rdata
349798	6800	.pdata	ExceptionHook \| Pointer to 6800 - 0x5C00 .text + UnwindInfo: .rdata
3497A4	74C0	.pdata	ExceptionHook \| Pointer to 74C0 - 0x68C0 .text + UnwindInfo: .rdata
3497B0	8480	.pdata	ExceptionHook \| Pointer to 8480 - 0x7880 .text + UnwindInfo: .rdata
3497BC	8650	.pdata	ExceptionHook \| Pointer to 8650 - 0x7A50 .text + UnwindInfo: .rdata
3497C8	87F0	.pdata	ExceptionHook \| Pointer to 87F0 - 0x7BF0 .text + UnwindInfo: .rdata
3497D4	8920	.pdata	ExceptionHook \| Pointer to 8920 - 0x7D20 .text + UnwindInfo: .rdata
3497E0	89F0	.pdata	ExceptionHook \| Pointer to 89F0 - 0x7DF0 .text + UnwindInfo: .rdata
3497EC	8AE0	.pdata	ExceptionHook \| Pointer to 8AE0 - 0x7EE0 .text + UnwindInfo: .rdata
3497F8	8B90	.pdata	ExceptionHook \| Pointer to 8B90 - 0x7F90 .text + UnwindInfo: .rdata
349804	8E00	.pdata	ExceptionHook \| Pointer to 8E00 - 0x8200 .text + UnwindInfo: .rdata
349810	9080	.pdata	ExceptionHook \| Pointer to 9080 - 0x8480 .text + UnwindInfo: .rdata
34981C	9190	.pdata	ExceptionHook \| Pointer to 9190 - 0x8590 .text + UnwindInfo: .rdata
349828	9490	.pdata	ExceptionHook \| Pointer to 9490 - 0x8890 .text + UnwindInfo: .rdata
349834	9C90	.pdata	ExceptionHook \| Pointer to 9C90 - 0x9090 .text + UnwindInfo: .rdata
349840	A790	.pdata	ExceptionHook \| Pointer to A790 - 0x9B90 .text + UnwindInfo: .rdata
34984C	A960	.pdata	ExceptionHook \| Pointer to A960 - 0x9D60 .text + UnwindInfo: .rdata
349858	A9F0	.pdata	ExceptionHook \| Pointer to A9F0 - 0x9DF0 .text + UnwindInfo: .rdata
349864	AB30	.pdata	ExceptionHook \| Pointer to AB30 - 0x9F30 .text + UnwindInfo: .rdata
349870	ABE0	.pdata	ExceptionHook \| Pointer to ABE0 - 0x9FE0 .text + UnwindInfo: .rdata
34987C	AF60	.pdata	ExceptionHook \| Pointer to AF60 - 0xA360 .text + UnwindInfo: .rdata
349888	AFA0	.pdata	ExceptionHook \| Pointer to AFA0 - 0xA3A0 .text + UnwindInfo: .rdata
349894	B0B0	.pdata	ExceptionHook \| Pointer to B0B0 - 0xA4B0 .text + UnwindInfo: .rdata
3498A0	B120	.pdata	ExceptionHook \| Pointer to B120 - 0xA520 .text + UnwindInfo: .rdata
3498AC	BCB0	.pdata	ExceptionHook \| Pointer to BCB0 - 0xB0B0 .text + UnwindInfo: .rdata
3498B8	BDF0	.pdata	ExceptionHook \| Pointer to BDF0 - 0xB1F0 .text + UnwindInfo: .rdata
3498C4	C160	.pdata	ExceptionHook \| Pointer to C160 - 0xB560 .text + UnwindInfo: .rdata
3498D0	C2A0	.pdata	ExceptionHook \| Pointer to C2A0 - 0xB6A0 .text + UnwindInfo: .rdata
3498DC	C400	.pdata	ExceptionHook \| Pointer to C400 - 0xB800 .text + UnwindInfo: .rdata
3498E8	C450	.pdata	ExceptionHook \| Pointer to C450 - 0xB850 .text + UnwindInfo: .rdata
3498F4	C470	.pdata	ExceptionHook \| Pointer to C470 - 0xB870 .text + UnwindInfo: .rdata
349900	C4B0	.pdata	ExceptionHook \| Pointer to C4B0 - 0xB8B0 .text + UnwindInfo: .rdata
34990C	C500	.pdata	ExceptionHook \| Pointer to C500 - 0xB900 .text + UnwindInfo: .rdata
349918	C550	.pdata	ExceptionHook \| Pointer to C550 - 0xB950 .text + UnwindInfo: .rdata
349924	C5A0	.pdata	ExceptionHook \| Pointer to C5A0 - 0xB9A0 .text + UnwindInfo: .rdata
349930	C7C0	.pdata	ExceptionHook \| Pointer to C7C0 - 0xBBC0 .text + UnwindInfo: .rdata
34993C	CAA0	.pdata	ExceptionHook \| Pointer to CAA0 - 0xBEA0 .text + UnwindInfo: .rdata
349948	CC10	.pdata	ExceptionHook \| Pointer to CC10 - 0xC010 .text + UnwindInfo: .rdata
349954	CCD0	.pdata	ExceptionHook \| Pointer to CCD0 - 0xC0D0 .text + UnwindInfo: .rdata
349960	CD70	.pdata	ExceptionHook \| Pointer to CD70 - 0xC170 .text + UnwindInfo: .rdata
34996C	CE90	.pdata	ExceptionHook \| Pointer to CE90 - 0xC290 .text + UnwindInfo: .rdata
349978	CF50	.pdata	ExceptionHook \| Pointer to CF50 - 0xC350 .text + UnwindInfo: .rdata
349984	D0B0	.pdata	ExceptionHook \| Pointer to D0B0 - 0xC4B0 .text + UnwindInfo: .rdata
349990	D0F0	.pdata	ExceptionHook \| Pointer to D0F0 - 0xC4F0 .text + UnwindInfo: .rdata
34999C	D180	.pdata	ExceptionHook \| Pointer to D180 - 0xC580 .text + UnwindInfo: .rdata
3499A8	D220	.pdata	ExceptionHook \| Pointer to D220 - 0xC620 .text + UnwindInfo: .rdata
3499B4	D4D0	.pdata	ExceptionHook \| Pointer to D4D0 - 0xC8D0 .text + UnwindInfo: .rdata
3499C0	D580	.pdata	ExceptionHook \| Pointer to D580 - 0xC980 .text + UnwindInfo: .rdata
3499CC	D640	.pdata	ExceptionHook \| Pointer to D640 - 0xCA40 .text + UnwindInfo: .rdata
3499D8	D6F0	.pdata	ExceptionHook \| Pointer to D6F0 - 0xCAF0 .text + UnwindInfo: .rdata
3499E4	D710	.pdata	ExceptionHook \| Pointer to D710 - 0xCB10 .text + UnwindInfo: .rdata
3499F0	D750	.pdata	ExceptionHook \| Pointer to D750 - 0xCB50 .text + UnwindInfo: .rdata
3499FC	D910	.pdata	ExceptionHook \| Pointer to D910 - 0xCD10 .text + UnwindInfo: .rdata
349A08	D940	.pdata	ExceptionHook \| Pointer to D940 - 0xCD40 .text + UnwindInfo: .rdata
349A14	D9A0	.pdata	ExceptionHook \| Pointer to D9A0 - 0xCDA0 .text + UnwindInfo: .rdata
349A20	DC30	.pdata	ExceptionHook \| Pointer to DC30 - 0xD030 .text + UnwindInfo: .rdata
349A2C	DEF0	.pdata	ExceptionHook \| Pointer to DEF0 - 0xD2F0 .text + UnwindInfo: .rdata
349A38	E770	.pdata	ExceptionHook \| Pointer to E770 - 0xDB70 .text + UnwindInfo: .rdata
349A44	E9C0	.pdata	ExceptionHook \| Pointer to E9C0 - 0xDDC0 .text + UnwindInfo: .rdata
349A50	EA30	.pdata	ExceptionHook \| Pointer to EA30 - 0xDE30 .text + UnwindInfo: .rdata
349A5C	EAC0	.pdata	ExceptionHook \| Pointer to EAC0 - 0xDEC0 .text + UnwindInfo: .rdata
349A68	EF90	.pdata	ExceptionHook \| Pointer to EF90 - 0xE390 .text + UnwindInfo: .rdata
349A74	F1A0	.pdata	ExceptionHook \| Pointer to F1A0 - 0xE5A0 .text + UnwindInfo: .rdata
349A80	F2F0	.pdata	ExceptionHook \| Pointer to F2F0 - 0xE6F0 .text + UnwindInfo: .rdata
349A8C	F380	.pdata	ExceptionHook \| Pointer to F380 - 0xE780 .text + UnwindInfo: .rdata
349A98	F400	.pdata	ExceptionHook \| Pointer to F400 - 0xE800 .text + UnwindInfo: .rdata
349AA4	F480	.pdata	ExceptionHook \| Pointer to F480 - 0xE880 .text + UnwindInfo: .rdata
35D800-35D9FF	391000	malloc_h	Executable section anomaly, first bytes: 4883EC384885D274
3D1000	N/A	Overlay	98280000000202003082288C06092A864886F70D \| .(......0.(...*.H...)

Extra Analysis

Metric	Value	Percentage
Ascii Code	2473810	61,6574%
Null Byte Code	601294	14,9867%
NOP Cave Found	0x9090909090	Block Count: 565 \| Total: 0,0352%

PESCAN.IO - Analysis Report Basic