nprobert/windows_tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added static binary tools collection (originally in SVN archive)

Browse Source
This commit is contained in:
Neal Probert
2021-02-11 10:21:04 -05:00
parent cd42e4e051
commit eae7957d51
164 changed files with 53763 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
static/ADB-PuTTY.exe Normal file
View File

Binary file not shown.

BIN
static/Analyze.exe Normal file
View File

Binary file not shown.

BIN
static/CenoCipher.exe Normal file
View File

Binary file not shown.

BIN
static/DssPlay.exe Normal file
View File

Binary file not shown.

BIN
static/HJSplit/hjsplit.exe Normal file
View File

Binary file not shown.

19
static/HJSplit/readme.txt Normal file
View File

@ -0,0 +1,19 @@
HJSplit 3.0
Description
File splitting program for Windows XP, 7, Vista, 200x, NT, 9x, ME, Linux/Wine and all 64bit editions of Windows.
HJSplit is able to split files of any type and any size.
Homepage: www.hjsplit.org
Version: 3.0
Release date: November 11, 2010
Licence for use
Freeware. Free for private/personal use and free corporate (business, govermnent, non-profit, etc.) use.
Licence for distribution
You can distribute this program, freely and without charge (on CD-Roms, Websites, etc.) provided that you do not change the program or the zip file in any way, that the program is clearly freeware or shareware, that you do not ask any money for the program itself. You may charge a nominal fee for material and/or distribution costs.
Copyright 1995 - 2010 Freebyte.com
http://www.freebyte.com

79
static/LADS/LADS_ReadMe.txt Normal file
View File

@ -0,0 +1,79 @@
LADS - Freeware version 3.20
(C) Copyright 1998-2003 Frank Heyne Software (http://www.heysoft.de)
LADS lists the name and size of every alternate data stream (ADS)
it finds in the specified directory (with or without subdirectories).
This software is provided "as is", without warranty of any kind!
Use it on your own risk!
Usage: LADS [Directory] [/S] [/D] [/A] [/Xname]
Directory: directory to scan, current if ommitted
/S include Subdirectories
/D Debug LADS (I hope you never need to use this option ;-)
/A give a summary of All bytes used in the scanned directories
(All files and directories are considered as uncompressed
and all security decriptions are skipped for calculating
this number!)
/Xname eXclude any ADS "name"
/Pfile read Parameters from "file"
The /X switch allows to eXclude ADSs which have a name of your choice.
It is useful if you run some kind of AV software, which adds an ADS to
every scanned file. The output of LADS is difficult to handle if it lists
tens of thousands of ADSs with the same name.
Therefore you now can, for instance, run
LADS C:\ /s /xCA_INOCULATEIT
and get only a list of those ADSs which have not been created by
the AV software.
Since version 3.20 of LADs you can exclude as many ADSs as you want from scanning.
To not need to write the parameters for every scan again and again, you can put
all or a part of them into a parameter file. The parameter file is a simple text
file, each line contains a parameter and no white space. For the example above,
you could create a parameter file LADSparam.txt with the following 3 lines:
C:\
/s
/xCA_INOCULATEIT
and call the program this way:
LADS /pLADSparam.txt
To learn more about alternate data streams, have a look at the
ADS FAQ at http://www.heysoft.de/
Pleas send bug reports and queries regarding LADS to
Frank Heyne (fh@heysoft.de)
Guarantee and responsibility
----------------------------
This program was developed with largest care. However, the author can
not guarantee, that the program runs under each version of Windows NT
on each computer flawlessly.
There is no warranty for the program, to the extent permitted by
applicable law. The copyright holder provides the program "as is"
without warranty of any kind, either expressed or implied, including,
but not limited to, the implied warranties of merchantability and
fitness for a particular purpose. The entire risk as to the quality
and performance of the program is with you. Should the program prove
defective, you assume the cost of all necessary servicing, repair or
correction. In no event unless required by applicable law will the
copyright holder be liable to you for damages, including any general,
special, incidental or consequential damages arising out of the use or
inability to use the program (including but not limited to loss of
data or data being rendered inaccurate or losses sustained by you or
third parties or a failure of the program to operate with any other
programs), even if such holder or other party has been advised of the
possibility of such damages.

BIN
static/LADS/lads.exe Normal file
View File

Binary file not shown.

BIN
static/PCAN-View/PcanView.exe Normal file
View File

Binary file not shown.

BIN
static/PCAN-View/PcanView_deu.chm Normal file
View File

Binary file not shown.

BIN
static/PCAN-View/PcanView_enu.chm Normal file
View File

Binary file not shown.

BIN
static/PCAN-View/PeakOemDrv.exe Normal file
View File

Binary file not shown.

BIN
static/PEiD-0.95-20081103/PEiD.exe Normal file
View File

Binary file not shown.

13
static/PEiD-0.95-20081103/external.txt Normal file
View File

@ -0,0 +1,13 @@
;The file userdb.txt is used to store the external signatures.
;External signatures can be modified by the user as and when he requires.
;The signatures are in the format
[Name of the Packer v1.0]
signature = 50 E8 ?? ?? ?? ?? 58 25 ?? F0 FF FF 8B C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3
ep_only = true
;The ?? in the signature represent wildcard bytes (they are skipped while scanning)
;ep_only can be either true or false. When true, the signature is scanned for at the EntryPoint only.
;Else it is scanned throughout the file.
;A '*' in the results of PEiD signifies that the external database was used for scanning the file.

BIN
static/PEiD-0.95-20081103/plugins/GenOEP.dll Normal file
View File

Binary file not shown.

BIN
static/PEiD-0.95-20081103/plugins/ImpREC.dll Normal file
View File

Binary file not shown.

BIN
static/PEiD-0.95-20081103/plugins/ZDRx.dll Normal file
View File

Binary file not shown.

BIN
static/PEiD-0.95-20081103/plugins/kanal.dll Normal file
View File

Binary file not shown.

109
static/PEiD-0.95-20081103/plugins/kanal.htm Normal file
View File

@ -0,0 +1,109 @@
<html>
<head>
<title>KANAL - Krypto Analyzer for PEiD</title>
</head>
<body>
<h2><i>KANAL</i> - Krypto Analyzer for PEiD</h2>
<h3>Version 2.92</h3>
<p>
This plugin searches for known crypto algorithms, functions and libraries inside
of the specified module.
</p>
<p>
<h4>Usage:</h4>
Load the file into PEiD and select &quot;Krypto ANALyzer&quot; from the
plugins menu. A new dialog will open and the detected crypto algorithms,
constants, functions and libraries will be listed. The offset of the signature
is displayed for every item; if the analyzed file is a PE executable, also
the virtual address of the signature is displayed.
So, the results look like
<pre>Crypto name :: File offset :: Virtual address</pre>
</p>
<p>
For PE executable files, <i>KANAL</i> searches for &quot;reasonable&quot; references
of the detected piece of code or data. If, for example, some kind of crypto
substitution table is detected, <i>KANAL</i> attempts to find the address
where the table is referenced from. The references are displayed as subitems
of the detected crypto item (so, you have to expand the item to see it).
If no reference of the detected signature is found
(e.g. because it's not a piece of data, but rather a constant contained inside
of an assembly instruction), the text &quot;The reference is above&quot;
is displayed.
</p>
<p>
<h4>User interface:</h4>
<ul>
<li>Using the <b>Export</b> button, you can save the results to a file,
or copy them to clipboard. The possible output formats are:
<ul>
<li><b>List of Items</b> - text file containing the list of detected crypto algorithms
with the corresponding addresses (i.e. what you see in the results window,
unexpanded items).</li>
<li><b>List of Items with References</b> - text file containing the list of detected
crypto algorithms with the corresponding addresses and references (i.e. what you see
in the results window, expanded items).</li>
<li><b>IDC Script - Bookmarks</b> - IDC script for IDA Pro; when executed,
it creates a list of bookmarks corresponding to the detected results.</li>
<li><b>IDC Script - Comments</b> - IDC script for IDA Pro; when executed,
it sets the comments (containing detected crypto algorithms and their description)
for the corresponding addresses.</li>
<li><b>IDC Script - Bookmarks &amp; Comments</b> - IDC script for IDA Pro;
when executed, it sets both the bookmarks of detected results and their comments.</li>
</ul>
<li>When you <b>right click</b> on any line of the results, the corresponding address is
copied into the clipboard (both for the crypto itself and for the references).</li>
<li>When you <b>select</b> an item from the list, a simple description, corresponding
to the crypto item, will be displayed in the bottom part of the window.</li>
</ul>
</p>
<p>
<h4>Limitations:</h4>
<ul>
<li>The detection of crypto algorithms is limited to those possible to identify
by a specific signature (such as fixed s-boxes, permutation tables,
initialization values, etc). Simple mathematical algorithms, such as RSA,
cannot be detected in a generic way. Even some of the algorithms that normally
can be detected by their tables (e.g. AES) can be implemented such that
the tables are not static, but rather generated dynamically during the runtime
using special formulas; in such cases they probably won't be recognized
by <i>KANAL</i>.</li>
<li>Some functions (even RSA) can be detected according to their implementation
in specific crypto libraries. This kind of detection, however, depends on the
compiler used, its optimization settings, etc - so it won't work in all cases.</li>
<li>A few of the algorithms are detected by a single DWORD - so, they are
susceptible to occasional false alarms.</li>
<li>Some crypto algorithms share a common initialization code - so if multiple
crypto algorithms are present in the file, they may be &quot;mixed up&quot;
sometimes. The plugin tries to filter the results somehow (to guess which
algorithm it actually is, using the &quot;shared&quot; code),
but it may not be 100% accurate, of course.</li>
</ul>
</p>
<p>
<h4>Notes:</h4>
<ul>
<li>The processed file is just scanned for known patterns - no part of the file is
executed. So, it's safe to use <i>KANAL</i> on malicious files.</li>
</ul>
</p>
<hr>
<p>
<h4>Credits:</h4>
<b>igNorAMUS</b> - maintaining the source and all the detections at the moment<br>
<b>snaker</b> - the original coding and detections<br>
<b>Maxx</b> - detection of various functions from common crypto libraries<br>
<b>pusher</b> - testing and bug reports<br>
</p>
</body>
</html>

9
static/PEiD-0.95-20081103/pluginsdk/C++/defs.h Normal file
View File

@ -0,0 +1,9 @@
//#include <windows.h>
#ifdef _DLLMACRO
#define DllExport __declspec(dllexport)
#else
#define DllExport __declspec(dllimport)
#endif
DllExport DWORD DoMyJob(HWND hMainDlg, char *szFname, DWORD lpReserved, LPVOID lpParam);
DllExport LPSTR LoadDll();

40
static/PEiD-0.95-20081103/pluginsdk/C++/null.c Normal file
View File

@ -0,0 +1,40 @@
#include <windows.h>
#include "defs.h"
DWORD DoMyJob(HWND hMainDlg, char *szFname, DWORD lpReserved, LPVOID lpParam)
{
//hMainDlg: HWND of PEiD window
//szFname: Filename
//lpReserved: PEiD passes 'PEiD' as the value
//lpParam: NULL passed, for future use
// Write your main code here
return 1;
}
LPSTR LoadDll()
{
return "Name of the plugin";
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}

30
static/PEiD-0.95-20081103/pluginsdk/Delphi/Sample.dpr Normal file
View File

@ -0,0 +1,30 @@
//sample provided by _pusher_
library Sample;
uses
Windows;
type DLL_RET_MSG = record
szMsgText: PChar;
szMsgHead: PChar;
dRetVal: DWORD;
dRetExVal: DWORD;
dFlags: DWORD;
end;
function LoadDll:PChar;cdecl;
begin
result:='Name for Plugin';
end;
function DoMyJob(hMainDlg: HWND; szFname: PChar; lpReserved: DWORD; DRM: DLL_RET_MSG):DWORD; cdecl;
begin
Messagebox(hMainDlg,Pchar('hello world'+#13+#10+'FileName: '+szFname),'',MB_OK);
result:=1; //this is like showing peid all went well.
end;
exports
DoMyJob,
LoadDll;
end.

4
static/PEiD-0.95-20081103/pluginsdk/MASM/compile.bat Normal file
View File

@ -0,0 +1,4 @@
\masm32\bin\ml /c /coff /Cp masm_plugin.asm
\masm32\bin\link /dll /DEF:masm_plugin.def /subsystem:windows /libpath:\masm32\lib masm_plugin.obj
pause

75
static/PEiD-0.95-20081103/pluginsdk/MASM/masm_plugin.asm Normal file
View File

@ -0,0 +1,75 @@
;******************************************************************************
;* PEiD Plugin Example by diablo2oo2 *
;******************************************************************************
.586p
.mmx
.model flat, stdcall
option casemap :none
;******************************************************************************
;* INCLUDES *
;******************************************************************************
include \masm32\include\windows.inc
include \masm32\macros\macros.asm
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\shell32.inc
include \masm32\include\advapi32.inc
include \masm32\include\gdi32.inc
include \masm32\include\comctl32.inc
include \masm32\include\comdlg32.inc
include \masm32\include\masm32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\gdi32.lib
includelib \masm32\lib\comctl32.lib
includelib \masm32\lib\comdlg32.lib
includelib \masm32\lib\masm32.lib
;******************************************************************************
;* DATA & CONSTANTS *
;******************************************************************************
.const
.data
.data?
hInstance dd ?
;******************************************************************************
;* CODE *
;******************************************************************************
.code
align 16
DllEntry proc _hInstance:HINSTANCE, _reason:DWORD, _reserved1:DWORD
m2m hInstance,_hInstance
mov eax,TRUE
ret
DllEntry endp
align 16
LoadDll proc
;---Name of the plugin---
mov eax,chr$("MASM Plugin Example")
ret
LoadDll endp
align 16
DoMyJob proc _hwnd:dword,_filename:dword,_lpreserved:dword,_lpparam:dword
invoke MessageBox,_hwnd,_filename,chr$("MASM Plugin Example"),MB_OK
;---job done!---
pop ebp ;stack fix
mov eax,1
retn ;stack fix
DoMyJob endp
end DllEntry

4
static/PEiD-0.95-20081103/pluginsdk/MASM/masm_plugin.def Normal file
View File

@ -0,0 +1,4 @@
LIBRARY masm_plugin
EXPORTS
LoadDll
DoMyJob

84
static/PEiD-0.95-20081103/pluginsdk/PowerBASIC/PEiD_Plugin.bas Normal file
View File

@ -0,0 +1,84 @@
' =================================================
'
' PEiD's Plugin skeleton for PowerBASIC
' (C) 2004 by Marco Pontello - http://mark0.net
'
' This code is to be considered "public domain".
' Feel free to do what you want with it.
'
' -------------------------------------------------
'
' PEiD is a file identifier especially tailored for
' PE (Portable executable) files. It detects most
' common packers, cryptors and compilers. It also
' sports a range of useful tools and plugins.
'
' PEiD's home: http://peid.has.it/
'
' =================================================
#COMPILE DLL
#DIM ALL
$PROGRAMVER = "1.0"
$PROGRAMTITLE = "MyPlugin"
#INCLUDE "WIN32API.INC"
' --- Global declarations
GLOBAL ghDLLInstance AS LONG
GLOBAL ghPEiDDialog AS LONG
' --- Exported functions
DECLARE FUNCTION DoMyJob CDECL ALIAS "DoMyJob" (BYVAL hMainDlg AS DWORD, _
BYREF szfName AS ASCIIZ, BYVAL lpReserved AS DWORD, _
BYVAL lpVoid AS DWORD) AS DWORD
DECLARE FUNCTION LoadDll CDECL ALIAS "LoadDll" () AS DWORD
' --- Return Plugin Name to PEiD
' PEiD call this at startup to build a list with the name of all
' available Plugins
FUNCTION LoadDll CDECL ALIAS "LoadDll" () EXPORT AS DWORD
STATIC szPluginName AS ASCIIZ * 256
szPluginName = $PROGRAMTITLE
FUNCTION = VARPTR(szPluginName)
END FUNCTION
' --- Main Plugin routine
' This is called by PEiD when the Plugin is selected/run
FUNCTION DoMyJob CDECL ALIAS "DoMyJob" (BYVAL hMainDlg AS DWORD, _
BYREF szfName AS ASCIIZ, BYVAL lpReserved AS DWORD, _
BYVAL lpVoid AS DWORD) EXPORT AS DWORD
ghPEiDDialog = hMainDlg
MsgBox "PEiD's file: " & szfName, %MB_SYSTEMMODAL, $PROGRAMTITLE
FUNCTION = 1
EXIT FUNCTION
END FUNCTION
' --- Main DLL entry
FUNCTION LibMain (BYVAL hInstance AS LONG, BYVAL fwdReason AS LONG, _
BYVAL lpvReserved AS LONG) AS LONG
SELECT CASE fwdReason
CASE %DLL_PROCESS_ATTACH
ghDLLInstance = hInstance
FUNCTION = 1
CASE %DLL_PROCESS_DETACH
FUNCTION = 1
CASE %DLL_THREAD_ATTACH
FUNCTION = 1
CASE %DLL_THREAD_DETACH
FUNCTION = 1
END SELECT
EXIT FUNCTION
END FUNCTION

6
static/PEiD-0.95-20081103/pluginsdk/readme.txt Normal file
View File

@ -0,0 +1,6 @@
The Sample sources were provided by
PowerBASIC, Mark0
C++ , snaker
Delphi, _pusher_
MASM, diablo2oo2

166
static/PEiD-0.95-20081103/readme.txt Normal file
View File

@ -0,0 +1,166 @@
PE iDentifier v0.95 (2008.11.03) by snaker, Qwerton, Jibz & xineohP
------------------------------------------------------
PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files.
PEiD is special in some aspects when compared to other identifiers already out there!
1. It has a superb GUI and the interface is really intuitive and simple.
2. Detection rates are amongst the best given by any other identifier.
3. Special scanning modes for *advanced* detections of modified and unknown files.
4. Shell integration, Command line support, Always on top and Drag'n'Drop capabilities.
5. Multiple file and directory scanning with recursion.
6. Task viewer and controller.
7. Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
8. Extra scanning techniques used for even better detections.
9. Heuristic Scanning options.
10. New PE details, Imports, Exports and TLS viewers
11. New built in quick disassembler.
12. New built in hex viewer.
13. External signature interface which can be updated by the user.
There are 3 different and unique scanning modes in PEiD.
The *Normal Mode* scans the PE files at their Entry Point for all documented signatures. This is what all other identifiers also do.
The *Deep Mode* scans the PE file's Entry Point containing section for all the documented signatures. This ensures detection of around 80% of modified and scrambled files.
The *Hardcore Mode* does a complete scan of the entire PE file for the documented signatures. You should use this mode as a last option as the small signatures often tend to occur a lot in many files and so erroneous outputs may result.
The scanner's inbuilt scanning techniques have error control methods which generally ensure correct outputs even if the last mode is chosen. The first two methods produce almost instantaneous outputs but the last method is a bit slow due to obvious reasons!
Command line Options
--------------------
PEiD now fully supports commandline parameters.
peid -time // Show statistics before quitting
peid -r // Recurse through subdirectories
peid -nr // Don't scan subdirectories even if its set
peid -hard // Scan files in Hardcore Mode
peid -deep // Scan files in Deep Mode
peid -norm // Scan files in Normal Mode
peid <file1> <file2> <dir1> <dir2>
You can combine one or more of the parameters.
For example.
peid -hard -time -r c:\windows\system32
peid -time -deep c:\windows\system32\*.dll
Task Viewing / Control Module
-----------------------------
You can scan currently running tasks with PEiD. The files are scanned from memory. Processes can also be terminated. You can also optionally dump a module and scan the dumped image. You can also view all dependant modules of the processes.
Multiple File Scan Module
-------------------------
You can scan multiple files at one go with PEiD. Just drag and drop the files on the PEiD main dialog and the Multiple File Scan Dialog will popup displaying the results. You can keep dragging and dropping files onto this dialog as well. It also offers you to choose from the different scanning modes and optionally load a single file in PEiD. It allows you to skip the non PE files so that the list looks clean. You can also scan the contents of a directory choosing files of custom extension if required. MFS v0.02 now supports recursive directory scanning.
Disassembler Module
-------------------
You can have a quick disassembly of the file loaded in PEiD. Double click to follow JMPs and CALLs and use the Back button to trace back to the original positions. You can copy disassembled output to the clipboard. A new CADT core with custom String Reference Finder has been cooked up.
CADT is coded by Ms-Rem.
Hex Viewer Module
-------------------
You can have a quick hex view of the file loaded in PEiD. A modified version of 16Edit by y0da is used for this purpose.
We intend to update the signatures quite often to keep pace with this ever evolving scene :)
Please report bugs, ideas, new signatures or packer info to:
pusher -> sir.pusher(at)gmail(dot)com ( Administration / Coder )
snaker -> snaker(at)myrealbox(dot)com
Jibz -> peid(at)ibsensoftware(dot)com
Qwerton -> qwaci(at)gmx(dot)net
ALL SUGGESTIONS, IDEAS, BUG REPORTS AND CRITICS ARE WELCOME.
History
-------
0.7 Beta -> First public release.
0.8 Public -> Added support for 40 more packers. OEP finding module. Task viewing/control module.
GUI changes. General signature bug fixes. Multiple File and Directory Scanning module.
0.9 Recode -> Completely recoded from scratch. New Plugin Interface which lets you use extra features.
Added more than 130 new signatures. Fixed many detections and general bugs.
0.91 Reborn -> Recoded everything again. New faster and better scanning engine. New internal signature system.
MFS v0.02 now supports Recursive Scanning. Commandline Parser now updated and more powerful.
Detections fine tuned and newer detections added. Very basic Heuristic scanning.
0.92 Classic -> Added support for external database, independent of internal signatures. Added PE details lister.
Added Import, Export, TLS and Section viewers. Added Disassembler. Added Hex Viewer.
Added ability to use plugins from Multiscan window. Added exporting of Multiscan results.
Added ability to abort MultiScan without loosing results.
Added ability to show process icons in Task Viewer.
Added ability to show modules under a process in Task Viewer. Added some more detections.
0.93 Elixir -> Added sorting of Plugin menu items. Submenus are created based on subfolders in the directory.
Added Brizo disassembler core. Added some more detections.
Fixed documented and undocumented vulnerability issues.
Fixed some general bugs.
Removed mismatch mode scanner which needs further improvements.
0.94 Flux -> Too much is new to remember.
MFS, Task Viewer and Disassembler windows maximizable.
New smaller and lighter disassembler core CADT.
New KANAL 2.90 with much more detections and export features.
Added loads of new signatures. Thanks to all the external signature collections online.
String References integrated into disassembler.
Fixed documented and undocumented crashes.
Fixed some general bugs.
0.95 Phoenix -> Fixed some crashing bugs.
Minor Core update.
Crash Fix in Securom detection.
Greets
------
Qwerton, Jibz, CHRiST0PH, uno, DAEMON, MackT, VAG, SAC, Gamumba, SnowP and all the rest at uG, Michael Hering, tE!, pusher, {igNo}, Maxx, CoDE, BaND, Snacker, skamer, HypnZ, ParaBytes, Clansman, BuLLeT, Devine9, innuendo, Corby, cokine, AiRW0lF, fxfighter, GodsJiva, Carpathia, _death, artik, r!sc, NoodleSPA, SiR_dReaM, CHoRDLeSS, NeOXQuiCk, un4Giv3n, RZX, 7xS, LibX and all who helped with PEiD :)
snaker, Jibz, cokine, Iczelion, Clansman, Z-Wing, Unknown One/TMG, PeeWee, DnNuke, sinny/BAFH, all the other nice people in CiA, uG and all of you who helped us develope PEiD. Thanks.
snaker, Qwerton, DAEMON, VaG, Parabytes, bse, f0dder, Stone, Michael Hering, Iczelion, Steve Hutchesson, Eugene Suslikov, and everybody in #unpacking and #compression.
Qwerton - Hope you get time someday again, was nice working with you :)
Jibz - You rock evil friend. Thanks for all your help. It's a pleasure working with you. Hope things work out!
Michael Hering - FILE INFO is still the absolute best. Your suggestions rock :)
uG2oo6 - Delicious Slumber!
MackT - Thanks for all your help and for ImpREC of course ;)
Unknown One - Spend more time with us :)
BaND - Thanks for all your testing and help.
pusher - Thanks for your help and all the testing and the constant encouragment ;)
Maxx - Thanks for the encouragment, your code and suggestions should be added next time :)
Kaparo & Aaron - Thanks for your sites :)
BoB - Thanks for taking over the PEiD project, and the contribution.
We would also like to thank the *few* people who sent us their comments and feedback about PEiD.
Also greetings to everyone who has supported PEiD till date. Without you this new release would never be possible.
You can check out the PEiD homepage at http://www.peid.info and the PEiD Forums at http://www.peid.info/forum
snaker, Qwerton, Jibz & xineohP Productions
-2008-

5
static/PEiD-0.95-20081103/userdb.txt Normal file
View File

@ -0,0 +1,5 @@
[Name of the Packer v1.0]
signature = 50 E8 ?? ?? ?? ?? 58 25 ?? F0 FF FF 8B C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3
ep_only = true

BIN
static/PeStudio/AddToExplorerMenu.reg Normal file
View File

Binary file not shown.

BIN
static/PeStudio/RemoveFromExplorerMenu.reg Normal file
View File

Binary file not shown.

136
static/PeStudio/changelog.txt Normal file
View File

@ -0,0 +1,136 @@
File: changelog.txt
Project: pestudio
Author: Marc Ochsenmeier
Email info@winitor.com
Web: www.winitor.com
Copyright (C) 2009-2015, Marc Ochsenmeier
Version 8.50
. Fixed a bug when handling exported functions of 54bit executables
Version 8.49
. Added detection of Windows builtin services
. Fixed a bug when handling strings
. Leveraged Indicators for embedded files
Version 8.48
. Extended Thresholds
. Extended Indicators
. Show virustotal score for Overlay (when available)
. Fixed an issue in the Debug detection
. Fixed an issue in imported symbols by ordinal for 64bit files
Version 8.47
. Added computation of Imports Hash (imphash)
. Added detection of strings embedded in non-PE files
. Extended detection of processor types
. Fixed a hangup
. Updated AV list
Version 8.46
. Added new thresholds
. Extended detection
. Fixed a crash with malformed files
. Corrected duplicates during collection of functions statistics
Version 8.00 to 8.45
. Added Virustotal aging and submission date
. Extended Languages detection and mapping
. Added PeID Signature detection of Executable embedded in Resources
. Added PeID Signature detection of Executable embedded in Overlay
. Added XML-based detection of PeID Signatures
. Added XML-based detection of OIDs
. Added XML-based detection of useragent
. Extented blacklists
. Added detection of references to Firefox API
. Added MD5 Blacklist for a file and its Resources
. Extended detection of Overlay
. Extended validation of Sections
. Resolve OpenSSL ordinals API to User friendly names
. Added Blacklist of MD5 dedicated to the Overlay
. Extended detection of files embedded in Resources
. Added detection of Regular Expressions and Threshold
. Cache Virustotal scores when Internet connection drops
. Fixed a bug when handling the imports of some images
. Added Functions Groups classification
. Resources with unknown Signature and containing only text are now tagged as Text
. Fixed a bug when handling the Characteristics of the FileHeader
. Added MD5, SHA1 and Virustotal Score for Overlay
. Fixed a bug when handling the <PreferedVirustotalEngine>
. Fixed a bug when handling the virustotal Engines
. Added Thresholds for DOS Stub and Header size
. Added Thresholds for Blacklisted Imported Libs and Blacklisted functions number
. Added Thresholds for Blacklisted Strings count
. Added Thresholds for Blacklisted Exported Functions count
Version 6.00 to 7.00
. Added Dump of Indicators
. Added Dump of Manifest
. Added Context menu for Certificates
. Added Dump of Certificates
. Raw discovery of fundamental characteristics of the Certificate(s) embedded in the Image
. Handle non-printable characters in XML report
. Added more Indicators specific to the location of the Entry Point
. Added more details (offset and size) for each file Cave detected
. Show the name of the section BaseOfCode is located in
. Fixed reporting of the Libraries in the XML report
. Simplified Indicators XML file
. Added Indicators specific for First and Last Sections
. Take virtual Section into account when pointing the overlay
. Fixed detection of MPRESS under 64bit
Version 6.00
. Fixed a bug by reading Symbols
. Extended Indicators for Embedded Resources
. Corrected missing Dependencies for some types of images
. Renamed *.XML files to PeStudio*.XML
. Interfaces to PeParser (PeParser.h and PeParser.lib) are now part of the Package.
. Added Indexing of String
. Added Detection of duplicated Section Names
. Allow Strings length choice for filtering at the UI
. Show Strings at the UI
. Added Strings count in output XML
. Detect Section-less images and added in Indicators.XML
. Correct Address Offset of reported Strings
Version 5.00
. The Strings contained in the file analysed can now be exported to the output XML file
. Added validation Check of AddressOfEntryPoint field
. Custom Resources are shown in orange colour
. Corrected handling of Certificate Directory
. Corrected colouring of Indicators
. When handling a resources only images, some validity checks are different
. Enhanced detection of device driver images
. renamed parameters for command prompt (see Prompt support description above)
. Added detection of CAB, PDF, RIFF, GIF, PNG files
. Added detection of "requireAdministrator" Execution Level from the Manifest
. Added Command Prompt support (see Prompt support description above)
. Added "The image exports XY Symbols" as new Indicator
. Added more obsolete functions in the WindowsFunctionsDeprecated.xml file (delivered with this project)
Version 1.0 to 4.0
. Now fully support 64bit Images on 32bit Platform
. Show Resources Languages
. Show Type of Debug information (NB09, NB10, NB11, RSDS )
. Show imported Functions of missing libraries
. Show total number of Bytes available in Caves
. Show Gaps in Exported Symbols collection
. Show Section Name the Base of Data belongs to
. Added OptionalHeader to XML report
. Added detection of duplicated Sections names
. Added detection of Code-less images
. Added detection of Section containing the Entry point
. Corrected filtering of Obsolete Imported Functions
. Corrected Imported Symbols for 64bit images
. Corrected Page-able Section Flag
. Corrected detection of msstyles "Resources Only" Images
. Corrected a crash that takes place when switching between Tree and list View in Resources Tab
. Added Detection of Image Obfuscation (encryption, compression) as Evidence
. Un-decorate function names
. Support Manifest dependentAssembly.
. support Side-by-Side libraries.
. Support Forwarded Functions
. Filtering Obsolete Functions
. Enumeration of Implicit dependencies and other general information

5556
static/PeStudio/features.xml Normal file
View File

File diff suppressed because it is too large Load Diff

5645
static/PeStudio/functions.xml Normal file
View File

File diff suppressed because it is too large Load Diff

375
static/PeStudio/indicators.xml Normal file
View File

@ -0,0 +1,375 @@
<xml version="1.0" encoding="utf-8">
<!--
This file is part of the pestudio solution (www.winitor.com)
It contains the Indicators shown at the GUI, CUI and XML report file.
-->
<EnableIndicators>1</EnableIndicators>
<ShowIndicators>1</ShowIndicators>
<ShowIndicatorsSuspicious>1</ShowIndicatorsSuspicious>
<ShowIndicatorsHints>1</ShowIndicatorsHints>
<ShowIndicatorsStandards>1</ShowIndicatorsStandards>
<ShowIndicatorsFeatures>1</ShowIndicatorsFeatures>
<ShowIndicatorsFunctionsGroups>1</ShowIndicatorsFunctionsGroups>
<indicators>
<!-- General -->
<indicator enable="0" severity="2" id="1000">The file is not Portable Executable (PE)</indicator>
<indicator enable="1" severity="2" id="1001">The MZ signature is missing</indicator>
<indicator enable="1" severity="2" id="1002">The size of the file has reached the minimum threshold provided (%i bytes)</indicator>
<indicator enable="1" severity="2" id="1003">The size of the file has reached the maximum threshold provided (%i bytes)</indicator>
<indicator enable="1" severity="1" id="1004">The size of the Optional Header is Suspicious (it should be %i)</indicator>
<indicator enable="1" severity="1" id="1005">The size of the File Header is Suspicious</indicator>
<indicator enable="1" severity="1" id="1007">The size of the digital Certificate has reached the minimum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1008">The size of the digital Certificate has reached the minimum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1009">The content of the Digital Certificate is unexpected</indicator>
<indicator enable="1" severity="9" id="1023">The file is managed (.NET)</indicator>
<indicator enable="0" severity="2" id="1024">The file references (%s) Debug symbols</indicator>
<indicator enable="1" severity="2" id="1025">The file is digitally signed with (%i) Certificate(s)</indicator>
<indicator enable="0" severity="9" id="1026">The file is bound to %i Libraries</indicator>
<indicator enable="1" severity="2" id="1027">The file is Code-less</indicator>
<indicator enable="1" severity="2" id="1034">The file uses static Thread Local Storage (TLS)</indicator>
<indicator enable="1" severity="2" id="1036">The file checksum is invalid</indicator>
<indicator enable="1" severity="1" id="1037">The Entry Point is outside the file</indicator>
<indicator enable="1" severity="1" id="1038">The Certificate issuer (%s) has expired (%s)</indicator>
<indicator enable="1" severity="1" id="1039">The Certificate subject (%s) has expired (%s)</indicator>
<indicator enable="1" severity="2" id="1040">The file is not signed with a Digital Certificate</indicator>
<indicator enable="0" severity="2" id="1043">The file has no Manifest</indicator>
<indicator enable="1" severity="1" id="1051">The file will be copied to the system swap file and will run from it if started from a Network Location</indicator>
<indicator enable="1" severity="1" id="1052">The file will be copied to the system swap file and will run from it if started from a Removable Media</indicator>
<indicator enable="1" severity="2" id="1055">The file runs in the Visual Basic Virtual Machine</indicator>
<indicator enable="1" severity="2" id="1056">The file is a Device Driver</indicator>
<indicator enable="0" severity="2" id="1057">The file is statically linked to the C Runtime Library</indicator>
<indicator enable="0" severity="2" id="1100">The file uses Data Execution Prevention (DEP) as Mitigation technique</indicator>
<indicator enable="1" severity="2" id="1101">The file ignores Data Execution Prevention (DEP) as Mitigation technique</indicator>
<indicator enable="1" severity="2" id="1102">The file uses Address Space Layout Randomization (ASLR) as Mitigation technique</indicator>
<indicator enable="1" severity="2" id="1103">The file ignores Address Space Layout Randomization (ASLR) as Mitigation technique</indicator>
<indicator enable="1" severity="2" id="1105">The file does not use Structured Exception Handling (SEH)</indicator>
<indicator enable="0" severity="2" id="1106">The file uses Cookies placed on the Stack (GS) as Mitigation technique</indicator>
<indicator enable="1" severity="2" id="1107">The file ignores Cookies placed on the Stack (GS) as Mitigation technique</indicator>
<indicator enable="0" severity="2" id="1109">The file ignores Code Integrity</indicator>
<indicator enable="1" severity="2" id="1111">The file is isolation aware but should not be isolated</indicator>
<indicator enable="0" severity="2" id="1112">The file uses Safe Structured Exception Handling (SafeSEH) as Mitigation technique</indicator>
<indicator enable="0" severity="2" id="1113">The file registers (%i) Exception Handlers</indicator>
<indicator enable="1" severity="1" id="1114">The Virustotal score (%i/%i) of the overlay has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1115">The Virustotal score (%i/%i) of the overlay has reached the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="2" id="1117">The Checksum (0x%08X) detected is different than the Checksum (0x%08X) computed</indicator>
<indicator enable="1" severity="1" id="1120">The Virustotal score (%i/%i) of the file has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1121">The Virustotal score (%i/%i) of the file has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="2" id="1122">The preferred Virustotal AV Engine (%s) has detected the file as Infected</indicator>
<indicator enable="1" severity="2" id="1123">The preferred Virustotal AV Engine (%s) has detected the file as Clean</indicator>
<indicator enable="1" severity="1" id="1150">The Debug data is invalid</indicator>
<indicator enable="1" severity="2" id="1152">The Debug file name is different than the file name (%s)</indicator>
<indicator enable="1" severity="1" id="1153">The Debug file name extension is suspicous</indicator>
<indicator enable="1" severity="1" id="1154">The debug file name contains %i unprintable characters</indicator>
<indicator enable="1" severity="1" id="1155">The Age of the Debug Symbol file has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1156">The Age of the Debug Symbol file has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1200">The PointerToSymbolTable (0x%08X) is invalid (should be zero)</indicator>
<indicator enable="1" severity="1" id="1201">The NumberOfSymbols (0x%08X) is invalid (should be zero)</indicator>
<indicator enable="1" severity="1" id="1203">The SizeOfCode (0x%08X) is suspicious</indicator>
<indicator enable="1" severity="1" id="1204">The BaseOfCode (0x%08X) is invalid</indicator>
<indicator enable="1" severity="1" id="1205">The BaseOfData (0x%08X) is invalid</indicator>
<indicator enable="1" severity="1" id="1206">The FileAlignment (0x%08X) is invalid</indicator>
<indicator enable="1" severity="1" id="1207">The SizeOfImage (0x%08X) is invalid</indicator>
<indicator enable="1" severity="2" id="1208">The size of initialized data has reached the maximum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1209">The SizeOfHeaders (0x%08X) is invalid</indicator>
<indicator enable="1" severity="1" id="1210">The NumberOfRvaAndSizes (0x%08X) is invalid (Maximum is %i)</indicator>
<indicator enable="1" severity="1" id="1211">The Entry point is suspicious</indicator>
<indicator enable="1" severity="1" id="1213">The count of shared section(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1214">The count of section(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1215">The count of writable and Executable section(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1217">The count of Nameless section(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1220">The file contains writable and Shared section which presents a vector attack</indicator>
<indicator enable="1" severity="1" id="1222">The last section is Executable</indicator>
<indicator enable="1" severity="1" id="1223">The first section (name:%s) is writable</indicator>
<indicator enable="1" severity="1" id="1225">The Entry point (0x%08X) is outside the first section</indicator>
<indicator enable="0" severity="2" id="1226">The Entry point (0x%08X) is in the first section (Name:%s)</indicator>
<indicator enable="1" severity="1" id="1227">The file size (%i bytes) of the section (name:%s) has reached the minimum threshold (%i bytes) provided</indicator>
<indicator enable="0" severity="9" id="1229">The file signature is '%s'</indicator>
<indicator enable="1" severity="2" id="1232">The file is resource-less</indicator>
<indicator enable="1" severity="1" id="1233">The count (%i) of Languages in the resources has reached the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="2" id="1234">The file contains %i custom resource Item(s)</indicator>
<indicator enable="0" severity="2" id="1235">The file contains %i Built-in resources Item(s)</indicator>
<indicator enable="1" severity="1" id="1236">The file contains %i resource(s) in a Language (%s) defined as blacklisted</indicator>
<indicator enable="1" severity="1" id="1237">The ico (%s) resource is invalid</indicator>
<indicator enable="1" severity="1" id="1238">The signature of the resource (%s:%s) is Unknown</indicator>
<indicator enable="1" severity="1" id="1239">The file contains a resource (%s:%s) which is not supported anymore</indicator>
<indicator enable="0" severity="2" id="1240">The Manifest does not contain Trust Information</indicator>
<indicator enable="1" severity="2" id="1241">The Manifest Identity name (%s) is different than the file name</indicator>
<indicator enable="1" severity="2" id="1242">The Manifest 'description' name (%s) is different than the file name</indicator>
<indicator enable="0" severity="1" id="1243">The size (%i bytes) of the resource (%s.%s) has reached the minimum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1244">The size (%i bytes) of the resource (%s.%s) is bigger than the maximum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1245">The section (name:%s) is blacklisted</indicator>
<indicator enable="1" severity="1" id="1246">The count of executable section(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1247">The file has no executable section</indicator>
<indicator enable="1" severity="1" id="1248">The count of blacklisted section(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1252">The file Exports %i Obsolete Symbols</indicator>
<indicator enable="1" severity="2" id="1253">The file Exports %i Anonymous Symbols</indicator>
<indicator enable="1" severity="2" id="1254">The file exports %i Forwarded Symbols</indicator>
<indicator enable="0" severity="2" id="1256">The file exports %i Decorated Symbols</indicator>
<indicator enable="1" severity="1" id="1259">The count of exported blacklisted functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1261">The count of deprecated imported functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="2" id="1262">The file imports %i anonymous Symbols</indicator>
<indicator enable="1" severity="2" id="1263">The file imports %i forwarded Symbols</indicator>
<indicator enable="1" severity="2" id="1264">The file imports %i decorated Symbols</indicator>
<indicator enable="1" severity="1" id="1265">The count of imported functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1266">The count of imported blacklisted functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="2" id="1267">The imported ordinal (%s) has been resolved to a Function Name (%s)</indicator>
<indicator enable="1" severity="1" id="1268">The Symbol (%s) is imported several (%i) times</indicator>
<indicator enable="0" severity="2" id="1269">The file imports %i Anonymous Symbol(s) that have been resolved</indicator>
<indicator enable="1" severity="1" id="1270">The count of Antidebug imported functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="3" id="1271">The count of Undocumented imported functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="3" id="1272">The count of Ordinal imported functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="3" id="1273">The count of Unsafe imported functions has reached the maximum threshold (%i) provided</indicator>
<!--<indicator enable="1" severity="1" id=""></indicator>-->
<!--<indicator enable="1" severity="1" id=""></indicator>-->
<!--<indicator enable="1" severity="1" id=""></indicator>-->
<indicator enable="0" severity="0" id="1282"></indicator>
<indicator enable="0" severity="0" id="1283"></indicator>
<indicator enable="1" severity="2" id="1285">The file is compressed (obfuscated)</indicator>
<!--<indicator enable="1" severity="2" id="1300"></indicator>-->
<indicator enable="1" severity="1" id="1301">The %s Directory is missing</indicator>
<indicator enable="1" severity="1" id="1302">The %s Directory is invalid</indicator>
<indicator enable="1" severity="1" id="1303">The %s Directory is outside the file</indicator>
<indicator enable="1" severity="1" id="1304">The Offset (0x%08X) of the %s Directory is outside a section</indicator>
<indicator enable="1" severity="1" id="1305">The Virtual Address (0x%08X) of the %s Directory is suspicious</indicator>
<indicator enable="1" severity="1" id="1306">The count (%i) of empty directories has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="2" id="1320">The time stamp of the File Header is empty</indicator>
<indicator enable="1" severity="1" id="1321">The time stamp of the File Header (Year:%i) has reached the maximum threshold (Year:%i) provided</indicator>
<indicator enable="1" severity="1" id="1322">The time stamp of the File Header (Year:%i) has reached the minimum threshold (Year:%i) provided</indicator>
<indicator enable="1" severity="1" id="1323">The time stamp of the Debug block (Year:%i) has reached the maximum threshold (Year:%i) provided</indicator>
<indicator enable="1" severity="1" id="1324">The time stamp of the Debug block (Year:%i) has reached the minimum threshold (Year:%i) provided</indicator>
<indicator enable="1" severity="1" id="1400">The Manifest requires Administrative permission</indicator>
<indicator enable="1" severity="1" id="1401">The file requests User Interface Privilege Isolation (UIPI)</indicator>
<indicator enable="0" severity="1" id="1423">The file has no Cave</indicator>
<indicator enable="1" severity="1" id="1424">The file original name is "%s"</indicator>
<indicator enable="0" severity="1" id="1431">The count of strings has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1432">The count of blacklisted strings has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1433">The file contains %i MIME64 Encoding string(s)</indicator>
<indicator enable="1" severity="1" id="1434">The file contains a hardcoded IP Address (%s)</indicator>
<indicator enable="1" severity="1" id="1435">The count of blacklisted strings has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1438">The file contains (%i) Function names mapped to another name</indicator>
<indicator enable="1" severity="1" id="1481">The file imports %i Library(s) with invalid Name</indicator>
<indicator enable="1" severity="1" id="1483">The file imports %i Library(s) with Suspicious Name</indicator>
<indicator enable="1" severity="1" id="1484">The count of imported Libraries has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1485">The count of blacklisted imported Library(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="2" id="1501">The Version has no Translation data</indicator>
<indicator enable="1" severity="1" id="1502">The Version contains suspicious data</indicator>
<indicator enable="1" severity="1" id="1503">The size (%i bytes) of the Version resource is bigger than the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="2" id="1505">The Version '%s' is Empty </indicator>
<indicator enable="1" severity="2" id="1506">The Version '%s' is suspicious</indicator>
<indicator enable="1" severity="2" id="1507">The Version instance '%s' is suspicious</indicator>
<indicator enable="1" severity="2" id="1508">The Version does NOT contain the '%s' section</indicator>
<indicator enable="1" severity="1" id="1510">The Version translation block internal Name is Misspelled</indicator>
<indicator enable="1" severity="1" id="1511">The Version file OS (%s) is suspicious</indicator>
<indicator enable="1" severity="2" id="1512">The file supports OLE Self-Registration</indicator>
<indicator enable="1" severity="1" id="1513">The file is missing the Root structure that contains all other Version information</indicator>
<indicator enable="1" severity="1" id="1514">The file embeds a file (Type: %s, MD5: %s, Virustotal: %i/%i)</indicator>
<indicator enable="1" severity="1" id="1520">The file is target for % Machine</indicator>
<indicator enable="0" severity="1" id="1521">..</indicator>
<indicator enable="1" severity="1" id="1523">The count of functions with Elevated (Administrative) privilege has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1524">The count (%i) of Registered Exception Handlers has reached the maximum threshold provided (%i)</indicator>
<indicator enable="1" severity="1" id="1590">The size (%i bytes) of the MS-DOS Header has reached the minimum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1591">The size (%i bytes) of the MS-DOS Header is bigger than the maximum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1600">The file is a fake Microsoft executable</indicator>
<indicator enable="1" severity="1" id="1601">The size of the MS-DOS Stub has reached the minimum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1602">The size of the MS-DOS Stub is bigger than the maximum threshold (%i bytes) provided</indicator>
<indicator enable="0" severity="2" id="1603">The resource (%s.%s) has been detected as '%s'</indicator>
<indicator enable="1" severity="2" id="1604">The OriginalFilename (%s) is different than the file name</indicator>
<indicator enable="1" severity="1" id="1605">The Entry Point is in the last section</indicator>
<indicator enable="1" severity="2" id="1606">The count of Sections has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="2" id="1607">The count of Sections has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1610">The file embeds a file (Type: %s, MD5: %s)</indicator>
<indicator enable="1" severity="1" id="1611">The file references the '%s' Windows builtin Service</indicator>
<indicator enable="1" severity="2" id="1620">The file has no version information</indicator>
<indicator enable="1" severity="2" id="1621">The file is self-extractable with IEXPRESS</indicator>
<indicator enable="0" severity="1" id="1622">The count of strings (type: %s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1623">The size of code is bigger than the size (%i bytes) of the file</indicator>
<indicator enable="1" severity="1" id="1624">The count of regex items detected has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1625">The section (name: %s) is not Readable</indicator>
<indicator enable="1" severity="1" id="1626">The count of Windows built-in Privileges detected has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1627">The count of Object IDs (OID) items detected has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1628">The file signature (%s) is blacklisted</indicator>
<indicator enable="1" severity="1" id="1629">The file signature (%s) of the overlay is blacklisted</indicator>
<indicator enable="1" severity="1" id="1630">The file signature (%s) of the resource (%s.%s) is blacklisted</indicator>
<indicator enable="1" severity="1" id="1631">The file contains self-modifying code</indicator>
<indicator enable="1" severity="1" id="1632">The count of file extensions detected has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1633">The count of Keyboard Keys detected has reached the maximum threshold (%i) provided</indicator>
<!-- Features -->
<indicator enable="1" severity="2" id="3000">The file references a Smartcard</indicator>
<indicator enable="1" severity="2" id="3001">The file references virtual machine (VM)</indicator>
<indicator enable="1" severity="2" id="3002">The file references the Remote Desktop Session Host Server</indicator>
<indicator enable="1" severity="2" id="3003">The file references the Protected Storage</indicator>
<indicator enable="1" severity="2" id="3004">The file references the Active Directory (AD)</indicator>
<indicator enable="1" severity="2" id="3005">The file references the Windows Native API</indicator>
<indicator enable="1" severity="2" id="3006">The file references the Simple Network Management Protocol (SNMP)</indicator>
<indicator enable="1" severity="2" id="3007">The file references the Security Descriptor Definition Language (SDDL)</indicator>
<indicator enable="1" severity="2" id="3008">The file references the cabinet (CAB) interface</indicator>
<indicator enable="0" severity="1" id="3009">tbd</indicator>
<indicator enable="1" severity="2" id="3010">The file references the Lightweight Directory Access Protocol (LDAP)</indicator>
<indicator enable="1" severity="2" id="3011">The file modifies the registry</indicator>
<indicator enable="1" severity="2" id="3012">The file references the Security Account Manager (SAM)</indicator>
<indicator enable="1" severity="2" id="3013">The file references the Clipboard</indicator>
<indicator enable="1" severity="1" id="3014">The file references the installation of Hook(s) to change or control the behaviour of the system</indicator>
<indicator enable="1" severity="2" id="3015">The file references the Security Descriptor Definition Language (SDDL)</indicator>
<indicator enable="1" severity="2" id="3016">The file references the Service Control Manager (SCM)</indicator>
<indicator enable="0" severity="1" id="3017"></indicator>
<indicator enable="1" severity="2" id="3018">The file references the Windows Indexing engine</indicator>
<indicator enable="0" severity="2" id="3019"></indicator>
<indicator enable="1" severity="2" id="3020">The file references the Desktop window</indicator>
<indicator enable="1" severity="2" id="3021">The file references the Router Administration interface</indicator>
<indicator enable="1" severity="2" id="3022">The file references the Mail (MAPI) interface</indicator>
<indicator enable="1" severity="2" id="3023">The file references the Microsoft Identity Manager</indicator>
<indicator enable="1" severity="2" id="3024">The file references data from a Socket</indicator>
<indicator enable="1" severity="2" id="3025">The file references the Internet Protocol Helper to retrieve or modify network configuration settings</indicator>
<indicator enable="0" severity="2" id="3026">The file accesses libraries at runtime</indicator>
<indicator enable="1" severity="2" id="3027">The file starts child Processes</indicator>
<indicator enable="1" severity="2" id="3028">The file references the Microsoft Digest Access</indicator>
<indicator enable="1" severity="2" id="3029">The file references the Windows Cryptographic Primitives Library</indicator>
<indicator enable="1" severity="2" id="3030">The file references the Local Security Authority Server (LSASS)</indicator>
<indicator enable="1" severity="2" id="3031">The file references the Local Security Authority (LSA) process </indicator>
<indicator enable="1" severity="2" id="3032">The file references the Internet Explorer Zone Manager</indicator>
<indicator enable="1" severity="2" id="3033">The file references the Credential Manager User Interface</indicator>
<indicator enable="1" severity="2" id="3034">The file references the Windows Setup API</indicator>
<indicator enable="1" severity="2" id="3035">The file references the Windows Cryptographic interface</indicator>
<indicator enable="1" severity="2" id="3036">The file references the Windows Debug Helper</indicator>
<indicator enable="1" severity="2" id="3037">The file references the Windows IP Helper</indicator>
<indicator enable="1" severity="2" id="3038">The file references the Power Profile Helper</indicator>
<indicator enable="1" severity="2" id="3039">The file references the Multiple Provider Router</indicator>
<indicator enable="1" severity="1" id="3040">The file references the File Transfer Protocol (FTP)</indicator>
<indicator enable="1" severity="2" id="3041">The file references users credentials</indicator>
<indicator enable="1" severity="2" id="3042">The file references the resources of an executable</indicator>
<indicator enable="1" severity="1" id="3043">The file queries for files and streams</indicator>
<indicator enable="1" severity="2" id="3044">The file references the Backup API</indicator>
<indicator enable="0" severity="2" id="3045"></indicator>
<indicator enable="0" severity="5" id="3046">The file creates and or modifies file(s)</indicator>
<indicator enable="1" severity="2" id="3047">The file references the Remote Access Service (RAS)</indicator>
<indicator enable="1" severity="2" id="3048">The file references the Performance Counters</indicator>
<indicator enable="1" severity="2" id="3049">The file references the Event Log</indicator>
<indicator enable="0" severity="2" id="3050">The file references the system Power</indicator>
<indicator enable="1" severity="2" id="3051">The file references the HTML Help Control</indicator>
<indicator enable="1" severity="2" id="3052">The file queries for Processes and Modules</indicator>
<indicator enable="1" severity="2" id="3053">The file references Inter-Process Communication (IPC)</indicator>
<indicator enable="0" severity="2" id="3054">The file references the Console</indicator>
<indicator enable="1" severity="2" id="3055">The file references the Scheduler</indicator>
<indicator enable="1" severity="2" id="3056">The file references the Windows Management Instrumentation (WMI)</indicator>
<indicator enable="1" severity="2" id="3057">The file dynamically binds to the .NET runtime</indicator>
<indicator enable="1" severity="2" id="3058">The file references the Windows default safe DLL search path</indicator>
<indicator enable="1" severity="2" id="3059">The file references a Printer Driver</indicator>
<indicator enable="1" severity="2" id="3060">The file references Dynamic Data Exchange (DDE)</indicator>
<indicator enable="1" severity="2" id="3061">The file queries for visible/invisible window</indicator>
<indicator enable="1" severity="2" id="3062">The file references Function(s) callback executed when the program exits</indicator>
<indicator enable="1" severity="1" id="3063">The file transfers control to a Debugger</indicator>
<indicator enable="1" severity="2" id="3064">The file references the AutoIt scripting Engine</indicator>
<indicator enable="1" severity="2" id="3065">The file references Microsoft the Setup Interface (MSI)</indicator>
<indicator enable="1" severity="2" id="3066">The file references Microsoft Detour to trojanize other executable</indicator>
<indicator enable="1" severity="2" id="3067">The file references the Domain Name System (DNS) API</indicator>
<indicator enable="0" severity="2" id="3068">The file creates temporary file(s)</indicator>
<indicator enable="1" severity="2" id="3069">The file references the WLAN interface</indicator>
<indicator enable="0" severity="2" id="3070">The file references the environment variables</indicator>
<indicator enable="1" severity="2" id="3071">The file provides a Control Panel Application callback</indicator>
<indicator enable="1" severity="2" id="3072">The file monitors Registry operations</indicator>
<indicator enable="1" severity="2" id="3073">The file exposes the Password Secrets of Internet Explorer</indicator>
<indicator enable="1" severity="2" id="3074">The file references the DHCP Client Service</indicator>
<indicator enable="1" severity="2" id="3075">The file changes the NetBIOS or the DNS name of the local computer</indicator>
<indicator enable="1" severity="2" id="3076">The file scans the mounted folders on a volume</indicator>
<indicator enable="1" severity="2" id="3077">The file sends data on a Socket</indicator>
<indicator enable="1" severity="2" id="3078">The file references the Internet Explorer (IE) server</indicator>
<indicator enable="1" severity="2" id="3079">The file logs the Internet Explorer (IE) hits</indicator>
<indicator enable="1" severity="2" id="3080">The file synthesizes mouse motion and button clicks</indicator>
<indicator enable="1" severity="1" id="3081">The file changes the protection of the Virtual Address Space</indicator>
<indicator enable="1" severity="2" id="3082">The file references the RPC Network Data Representation (NDR) Engine</indicator>
<indicator enable="1" severity="2" id="3083">The file references the Windows Software Quality Metrics (SQM)</indicator>
<indicator enable="1" severity="2" id="3084">The file references the Event Tracing for Windows (ETW) framework</indicator>
<indicator enable="1" severity="2" id="3085">The file inserts itself in the chain of the Clipboard Listeners</indicator>
<indicator enable="1" severity="2" id="3086">The file references the Open Database Connectivity (ODBC) installer</indicator>
<indicator enable="1" severity="2" id="3087">The file references the Single-Instance Store (SIS) backup framework</indicator>
<indicator enable="1" severity="2" id="3088">The file installs a Device or a Driver</indicator>
<indicator enable="1" severity="2" id="3089">The file invokes the ODBC Driver Tracing mechanism</indicator>
<indicator enable="1" severity="2" id="3090">The file references Bitlocker</indicator>
<indicator enable="1" severity="2" id="3091">The file registers itself as a boot Driver</indicator>
<indicator enable="1" severity="2" id="3092">The file walks up and records the stack information</indicator>
<indicator enable="1" severity="2" id="3093">The file references the Windows Scripting Host engine</indicator>
<indicator enable="1" severity="2" id="3094">The file references the Console Based Script Host engine</indicator>
<indicator enable="1" severity="2" id="3095">The file references the HTML Application Host engine</indicator>
<indicator enable="1" severity="2" id="3096">The file references the VB Scripting Encoder/Decoder engine</indicator>
<indicator enable="1" severity="2" id="3097">The file references the Java Scripting Encoder/Decoder engine</indicator>
<indicator enable="1" severity="2" id="3098">The file references the Windows File Protection</indicator>
<indicator enable="1" severity="2" id="3099">The file simulates keyboard input</indicator>
<indicator enable="1" severity="2" id="3100">The file references the Multimedia Class Scheduler service (MMCSS)</indicator>
<indicator enable="1" severity="2" id="3101">The file references the Group Policy (GP)</indicator>
<indicator enable="1" severity="2" id="3102">The file references a communications device</indicator>
<indicator enable="1" severity="2" id="3103">The file monitors a communications device</indicator>
<indicator enable="1" severity="2" id="3104">The file references the local Running Object Table (ROT)</indicator>
<indicator enable="1" severity="2" id="3105">The file references the Human Interface Devices (HID) Protocol</indicator>
<indicator enable="1" severity="2" id="3106">The file references Simple Mail Transfer Protocol (SMTP)</indicator>
<indicator enable="1" severity="2" id="3107">The file references the Internet Control Message Protocol (ICMP)</indicator>
<indicator enable="1" severity="2" id="3108">The file fingerprints Antivirus (AV) or monitoring tools</indicator>
<indicator enable="1" severity="2" id="3109">The file references the Windows Capture Library</indicator>
<indicator enable="1" severity="1" id="3110">The file references Microsoft Office</indicator>
<indicator enable="1" severity="1" id="3111">The file enumerates Network resources or existing connections</indicator>
<indicator enable="1" severity="1" id="3112">The file references Alternate Data Stream (ADS)</indicator>
<indicator enable="1" severity="1" id="3113">The file fingerprints for Web browsers</indicator>
<indicator enable="1" severity="1" id="3114">The file fingerprints for Sandboxes</indicator>
<indicator enable="1" severity="1" id="3115">The file fingerprints for Email clients</indicator>
<indicator enable="1" severity="1" id="3116">The file references the Firefox API</indicator>
<indicator enable="1" severity="1" id="3117">The file references the Shim Engine</indicator>
<indicator enable="1" severity="1" id="3118">The file references the Windows Address Book</indicator>
<!-- Functions groups -->
<indicator enable="1" usermode="1" severity="1" id="4000">The count (%i) of Security Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4001">The count (%i) of Authorization Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="2" id="4002">The count (%i) of Registry Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4003">The count (%i) of Memory Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4004">The count (%i) of Tool Help Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4005">The count (%i) of Backup Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4006">The count (%i) of Event Logging Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4007">The count (%i) of Event Tracing Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4008">The count (%i) of Error Handling Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4009">The count (%i) of Directory Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4010">The count (%i) of Debugging Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4011">The count (%i) of Console Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4012">The count (%i) of ImageHlp Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4013">The count (%i) of Communication Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4014">The count (%i) of COM Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4015">The count (%i) of System Information Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4016">The count (%i) of Package Query Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4017">The count (%i) of Setup Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4018">The count (%i) of Structured Storage Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4019">The count (%i) of Dynamic Data Exchange Management Library (DDEML) Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4020">The count (%i) of Clipboard Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4021">The count (%i) of WinINet Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4022">The count (%i) of Dynamic-Link Library Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4023">The count (%i) of Process and Thread Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4024">The count (%i) of WinHttp Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4025">The count (%i) of Zw Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4026">The count (%i) of Rtl Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4027">The count (%i) of Native (Nt) Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4028">The count (%i) of DHCP Server Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4029">The count (%i) of Network Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4030">The count (%i) of DNS Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4031">The count (%i) of Mailslot Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4032">The count (%i) of RPC Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4033">The count (%i) of SEH Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4034">The count (%i) of Service Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4035">The count (%i) of File Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4036">The count (%i) of Video Capture Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4037">The count (%i) of Cabinet Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4038">The count (%i) of Single-Instance Store (SIS) Backup Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4039">The count (%i) of Performance Counters Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4040">The count (%i) of Atom Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4041">The count (%i) of Device Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4042">The count (%i) of Remote Access Service Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4043">The count (%i) of Remote Access Service Custom Scripting Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4044">The count (%i) of WinSNMP Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4045">The count (%i) of Router Information Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4046">The count (%i) of Network Data Representation (Ndr) Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4047">The count (%i) of Power Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4048">The count (%i) of Remote Desktop Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4049">The count (%i) of WLAN Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4050">The count (%i) of SNMP Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4051">The count (%i) of WinDbgExt Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4052">The count (%i) of DDE Functions has reached the maximum threshold (%i) provided</indicator>
</indicators>
</xml>

385
static/PeStudio/languages.xml Normal file
View File

@ -0,0 +1,385 @@
<!--
This file is part of the pestudio solution (www.winitor.com)
It contains the list of Languages that will be detected as blackListed by this solution.
-->
<xml version="1.0" encoding="utf-8">
<settings>
<setting>
<!--
1: Enable the search for BlackListed Languages
0: Disable the search for BlackListed Languages
-->
<enable>1</enable>
</setting>
</settings>
<!--
You can edit this part using the id according to your needs
Please use following URL as Reference for the appropriate ids
http://msdn.microsoft.com/en-us/library/dd318693(v=vs.85).aspx
-->
<languages>
<language id="0x0C00" bl="0">Neutral</language>
<language id="0x1400" bl="0">Neutral</language>
<language id="0x007F" bl="0">Neutral</language>
<language id="0x0000" bl="0">Neutral</language>
<language id="0x0800" bl="0">Neutral</language>
<language id="0x1000" bl="0">Neutral</language>
<language id="0x080c" bl="1">French Belgium</language>
<language id="0x0C0C" bl="1">French Canada</language>
<language id="0x040c" bl="0">French France</language>
<language id="0x140C" bl="0">French Luxembourg</language>
<language id="0x180C" bl="0">French Monaco</language>
<language id="0x100C" bl="0">French Switzerland</language>
<language id="0x2801" bl="1">Syria</language>
<language id="0x0401" bl="1">Saudi Arabia</language>
<language id="0x0436" bl="0">Afrikaans</language>
<language id="0x041C" bl="1">Albanian</language>
<language id="0x0484" bl="0">Alsatian</language>
<language id="0x045E" bl="0">Amharic</language>
<language id="0x1401" bl="0">Arabic</language>
<language id="0x3C01" bl="0">Arabic Bahrain</language>
<language id="0x0C01" bl="0">Arabic Egypt</language>
<language id="0x0801" bl="0">Arabic Iraq</language>
<language id="0x2C01" bl="0">Arabic Jordan</language>
<language id="0x3401" bl="0">Arabic Kuwait</language>
<language id="0x3001" bl="0">Arabic Lebanon</language>
<language id="0x1001" bl="0">Arabic Libya</language>
<language id="0x1801" bl="0">Arabic Morocco</language>
<language id="0x2001" bl="0">Arabic Oman</language>
<language id="0x4001" bl="0">Arabic Qatar</language>
<language id="0x0401" bl="0">Arabic Saudi</language>
<language id="0x2801" bl="0">Arabic Syria</language>
<language id="0x1C01" bl="0">Arabic Tunisia</language>
<language id="0x3801" bl="0">Arabic U.A.E</language>
<language id="0x042B" bl="0">Armenian</language>
<language id="0x044D" bl="0">Assamese</language>
<language id="0x082C" bl="0">Azeri</language>
<language id="0x0445" bl="0">Bangla</language>
<language id="0x046D" bl="0">Bashkir</language>
<language id="0x042D" bl="0">Basque</language>
<language id="0x0423" bl="0">Belarusian</language>
<language id="0x781A" bl="1">Bosnian</language>
<language id="0x201A" bl="1">Bosnian</language>
<language id="0x047E" bl="1">Breton</language>
<language id="0x0402" bl="0">Bulgarian</language>
<language id="0x0492" bl="0">Central Kurdish</language>
<language id="0x045C" bl="0">Cherokee</language>
<language id="0x0403" bl="0">Catalan</language>
<language id="0x0C04" bl="0">Chinese Hong Kong</language>
<language id="0x1404" bl="0">Chinese Macao SAR</language>
<language id="0x1004" bl="0">Chinese Singapore</language>
<language id="0x0804" bl="0">Chinese Simplified</language>
<language id="0x0404" bl="0">Chinese Traditional</language>
<language id="0x0483" bl="0">Corsican</language>
<language id="0x001A" bl="0">Croatian Neutral</language>
<language id="0x101A" bl="0">Croatian Bosnia Herzegovina</language>
<language id="0x041A" bl="0">Croatian Croatia</language>
<language id="0x0405" bl="1">Czech</language>
<language id="0x0406" bl="0">Danish Denmark</language>
<language id="0x048C" bl="1">Dari</language>
<language id="0x0465" bl="1">Divehi Maldives </language>
<language id="0x0813" bl="0">Belgium Dutch</language>
<language id="0x0413" bl="0">Netherlands</language>
<language id="0x0409" bl="0">English United States</language>
<language id="0x0C09" bl="0">English Australia</language>
<language id="0x2809" bl="0">English Belize</language>
<language id="0x1009" bl="0">English Canada</language>
<language id="0x2409" bl="0">English Caribbean</language>
<language id="0x4009" bl="0">English India</language>
<language id="0x1809" bl="0">English Ireland</language>
<language id="0x1809" bl="0">English Ireland</language>
<language id="0x2009" bl="0">English Jamaica</language>
<language id="0x4409" bl="0">English Malaysia</language>
<language id="0x1409" bl="0">English New Zealand</language>
<language id="0x3409" bl="0">English Philippines</language>
<language id="0x4809" bl="0">English Singapore</language>
<language id="0x1c09" bl="0">English South Africa</language>
<language id="0x2C09" bl="0">English Trinidad and Tobago</language>
<language id="0x0809" bl="0">English United Kingdom</language>
<language id="0x3009" bl="0">English Zimbabwe</language>
<language id="0x0425" bl="0">Estonian</language>
<language id="0x0438" bl="0">Faroese</language>
<language id="0x0464" bl="0">Filipino</language>
<language id="0x040B" bl="0">Finnish</language>
<language id="0x0462" bl="0">Frisian</language>
<language id="0x0456" bl="0">Galician</language>
<language id="0x0437" bl="0">Georgian</language>
<language id="0x0400" bl="0">Neutral</language>
<language id="0x0407" bl="0">German</language>
<language id="0x0C07" bl="0">German Austria</language>
<language id="0x1407" bl="0">German Lichtenstein</language>
<language id="0x1007" bl="0">German Luxembourg</language>
<language id="0x0807" bl="0">German Switzerland</language>
<language id="0x0408" bl="0">Greek</language>
<language id="0x046F" bl="0">Greenlandic</language>
<language id="0x0447" bl="0">Gujarati</language>
<language id="0x0468" bl="0">Hausa</language>
<language id="0x0475" bl="1">Hawiian</language>
<language id="0x040D" bl="0">Hebrew</language>
<language id="0x0439" bl="0">Hindi</language>
<language id="0x040E" bl="0">Hungarian</language>
<language id="0x040F" bl="0">Icelandic</language>
<language id="0x0470" bl="0">Igb</language>
<language id="0x0421" bl="0">Indonesian</language>
<language id="0x085D" bl="0">Inuktitut</language>
<language id="0x083C" bl="0">Irish</language>
<language id="0x0434" bl="0">isiXhosa</language>
<language id="0x0435" bl="0">isiZulu</language>
<language id="0x0410" bl="0">Italian</language>
<language id="0x0411" bl="0">Japanese</language>
<language id="0x044B" bl="0">Kannada</language>
<language id="0x043F" bl="0">Kazakh</language>
<language id="0x0453" bl="0">Khmer</language>
<language id="0x0486" bl="0">Kiche</language>
<language id="0x0487" bl="0">Kinyarwanda</language>
<language id="0x0457" bl="0">Konkani</language>
<language id="0x0412" bl="1">Korean</language>
<language id="0x0440" bl="0">Kyrgyz</language>
<language id="0x0454" bl="0">Lao</language>
<language id="0x0426" bl="0">Latvian</language>
<language id="0x0427" bl="0">Lithuanian</language>
<language id="0x082E" bl="0">Lower Sorbian</language>
<language id="0x046E" bl="0">Luxembourgish</language>
<language id="0x042F" bl="0">Macedonian</language>
<language id="0x083E" bl="0">Malay</language>
<language id="0x044C" bl="0">Malayalam</language>
<language id="0x043A" bl="0">Maltese</language>
<language id="0x0481" bl="1">Maori</language>
<language id="0x047A" bl="0">Mapudungun</language>
<language id="0x044E" bl="0">Marathi</language>
<language id="0x047C" bl="0">Mohawk</language>
<language id="0x0450" bl="0">Mongolian</language>
<language id="0x0461" bl="0">Nepali</language>
<language id="0x0414" bl="0">Norwegian</language>
<language id="0x0482" bl="0">Occitan</language>
<language id="0x0448" bl="0">Oriya</language>
<language id="0x0463" bl="0">Pashto</language>
<language id="0x0429" bl="0">Persian</language>
<language id="0x0415" bl="0">Polish</language>
<language id="0x0416" bl="0">Portuguese</language>
<language id="0x0867" bl="0">Pular</language>
<language id="0x0446" bl="0">Punjabi</language>
<language id="0x046B" bl="0">Quechua</language>
<language id="0x0418" bl="1">Romanian</language>
<language id="0x0417" bl="0">Romansh</language>
<language id="0x0419" bl="0">Russian</language>
<language id="0x0485" bl="0">Sakha</language>
<language id="0x243B" bl="0">Sami</language>
<language id="0x103B" bl="0">Sami</language>
<language id="0x0C3B" bl="0">Sami</language>
<language id="0x203B" bl="0">Sami</language>
<language id="0x183B" bl="0">Sami</language>
<language id="0x044F" bl="0">Sanskrit</language>
<language id="0x7C1A" bl="0">Serbian</language>
<language id="0x046C" bl="0">Sesotho sa Leboa</language>
<language id="0x0832" bl="0">Setswana Tswana</language>
<language id="0x0859" bl="0">Sindhi</language>
<language id="0x045B" bl="0">Sinhala</language>
<language id="0x041B" bl="0">Slovak</language>
<language id="0x0424" bl="1">Slovenian</language>
<language id="0x2C0A" bl="0">Spanish</language>
<language id="0x400A" bl="0">Spanish Bolivia</language>
<language id="0x340A" bl="0">Spanish Chile</language>
<language id="0x240A" bl="0">Spanish Colombia</language>
<language id="0x140A" bl="0">Spanish Costa Rica</language>
<language id="0x1C0A" bl="0">Spanish Dominican Republic</language>
<language id="0x300A" bl="0">Spanish Ecuador</language>
<language id="0x440A" bl="0">Spanish El Salvador</language>
<language id="0x100A" bl="0">Spanish Guatemala</language>
<language id="0x480A" bl="0">Spanish Honduras</language>
<language id="0x080A" bl="0">Spanish Mexico</language>
<language id="0x4C0A" bl="0">Spanish Nicaragua</language>
<language id="0x180A" bl="0">Spanish Panama</language>
<language id="0x3C0A" bl="0">Spanish Paraguay</language>
<language id="0x280A" bl="0">Spanish Peru</language>
<language id="0x500A" bl="0">Spanish Puerto Rico</language>
<language id="0x0C0A" bl="0">Spanish Spain</language>
<language id="0x040A" bl="0">Spanish Spain Traditional</language>
<language id="0x540A" bl="0">Spanish United States</language>
<language id="0x380A" bl="0">Spanish Uruguay</language>
<language id="0x200A" bl="0">Spanish Venezuela</language>
<language id="0x0441" bl="0">Swahili</language>
<language id="0x081D" bl="0">Swedish</language>
<language id="0x041D" bl="0">Swedish</language>
<language id="0x045A" bl="0">Syria</language>
<language id="0x0428" bl="0">Tajik</language>
<language id="0x085F" bl="0">Tamazight</language>
<language id="0x0449" bl="0">Tamil</language>
<language id="0x0444" bl="0">Tatar</language>
<language id="0x044A" bl="1">Telugu</language>
<language id="0x041E" bl="0">Thai</language>
<language id="0x0451" bl="0">Tibetan</language>
<language id="0x0873" bl="0">Tigrinya</language>
<language id="0x041F" bl="0">Turkish</language>
<language id="0x0442" bl="0">Turkmen</language>
<language id="0x0422" bl="0">Ukrainian</language>
<language id="0x042E" bl="0">Upper Sorbian</language>
<language id="0x0820" bl="0">Urdu</language>
<language id="0x0480" bl="0">Uyghur</language>
<language id="0x0843" bl="0">Uzbek</language>
<language id="0x0803" bl="0">Valencian</language>
<language id="0x042A" bl="0">Vietnamese</language>
<language id="0x0452" bl="0">Welsh</language>
<language id="0x0488" bl="0">Wolof</language>
<language id="0x0478" bl="0">Yi</language>
<language id="0x046A" bl="0">Yoruba</language>
</languages>
<codepages>
<codepage id="037">IBM EBCDIC US-Canada</codepage>
<codepage id="437">OEM United States</codepage>
<codepage id="500">IBM EBCDIC International</codepage>
<codepage id="708">Arabic</codepage>
<codepage id="709">Arabic</codepage>
<codepage id="710">Arabic</codepage>
<codepage id="720">Arabic</codepage>
<codepage id="737">OEM Greek)</codepage>
<codepage id="775">OEM Baltic</codepage>
<codepage id="850">OEM Multilingual Latin 1</codepage>
<codepage id="852">OEM Latin 2</codepage>
<codepage id="855">OEM Cyrillic (primarily Russian)</codepage>
<codepage id="857">OEM Turkish</codepage>
<codepage id="858">OEM Multilingual Latin 1 + Euro symbol</codepage>
<codepage id="860">OEM Portuguese</codepage>
<codepage id="861">OEM Icelandic</codepage>
<codepage id="862">OEM Hebrew</codepage>
<codepage id="863">OEM French Canadian</codepage>
<codepage id="864">OEM Arabic</codepage>
<codepage id="865">OEM Nordic</codepage>
<codepage id="866">OEM Russian</codepage>
<codepage id="869">OEM Modern Greek</codepage>
<codepage id="870">IBM EBCDIC Multilingual</codepage>
<codepage id="874">ANSI/OEM Thai</codepage>
<codepage id="875">EBCDIC Greek Modern</codepage>
<codepage id="932">ANSI/OEM Japanese</codepage>
<codepage id="936">ANSI/OEM Simplified Chinese</codepage>
<codepage id="949">ANSI/OEM Korean</codepage>
<codepage id="950">ANSI/OEM Traditional Chinese</codepage>
<codepage id="1026">IBM EBCDIC Turkish (Latin 5)</codepage>
<codepage id="1047">IBM EBCDIC Latin 1/Open System</codepage>
<codepage id="1140">IBM EBCDIC US-Canada</codepage>
<codepage id="1141">IBM EBCDIC Germany</codepage>
<codepage id="1142">IBM EBCDIC Denmark-Norway</codepage>
<codepage id="1143">IBM EBCDIC Finland-Sweden</codepage>
<codepage id="1144">IBM EBCDIC Italy</codepage>
<codepage id="1145">IBM EBCDIC Latin America-Spain</codepage>
<codepage id="1146">IBM EBCDIC United Kingdom</codepage>
<codepage id="1147">IBM EBCDIC France</codepage>
<codepage id="1148">IBM EBCDIC International</codepage>
<codepage id="1149">IBM EBCDIC Icelandic</codepage>
<codepage id="1200">Unicode UTF-16, little endian byte order</codepage>
<codepage id="1201">Unicode UTF-16, big endian byte order</codepage>
<codepage id="1250">ANSI Central European</codepage>
<codepage id="1251">ANSI Cyrillic</codepage>
<codepage id="1252">ANSI Latin 1</codepage>
<codepage id="1253">ANSI Greek</codepage>
<codepage id="1254">ANSI Turkish</codepage>
<codepage id="1255">ANSI Hebrew</codepage>
<codepage id="1256">ANSI Arabic</codepage>
<codepage id="1257">ANSI Baltic</codepage>
<codepage id="1258">ANSI/OEM Vietnamese</codepage>
<codepage id="1361">Korean (Johab)</codepage>
<codepage id="10000">MAC Roman</codepage>
<codepage id="10001">Japanese (Mac)</codepage>
<codepage id="10002">MAC Traditional Chinese (Big5)</codepage>
<codepage id="10003">Korean</codepage>
<codepage id="10004">Arabic</codepage>
<codepage id="10005">Hebrew</codepage>
<codepage id="10006">Greek</codepage>
<codepage id="10007">Cyrillic</codepage>
<codepage id="10008">MAC Simplified Chinese</codepage>
<codepage id="10010">Romanian</codepage>
<codepage id="10017">Ukrainian</codepage>
<codepage id="10021">Thai</codepage>
<codepage id="10029">MAC Latin 2</codepage>
<codepage id="10079">Icelandic</codepage>
<codepage id="10081">Turkish</codepage>
<codepage id="10082">Croatian</codepage>
<codepage id="12000">UTF-32, little endian byte order</codepage>
<codepage id="12001">Unicode UTF-32, big endian byte order</codepage>
<codepage id="20000">CNS Taiwan</codepage>
<codepage id="20001">TCA Taiwan</codepage>
<codepage id="20002">Eten Taiwan</codepage>
<codepage id="20003">IBM5550 Taiwan</codepage>
<codepage id="20004">TeleText Taiwan</codepage>
<codepage id="20005">Wang Taiwan</codepage>
<codepage id="20105">IRV International Alphabet</codepage>
<codepage id="20106">IA5 German</codepage>
<codepage id="20107">IA5 Swedish)</codepage>
<codepage id="20108">IA5 Norwegian</codepage>
<codepage id="20127">US-ASCII</codepage>
<codepage id="20261">T.61</codepage>
<codepage id="20269">ISO 6937 Non-Spacing Accent</codepage>
<codepage id="20273">IBM EBCDIC Germany</codepage>
<codepage id="20277">IBM EBCDIC Denmark-Norway</codepage>
<codepage id="20278">IBM EBCDIC Finland-Sweden</codepage>
<codepage id="20280">IBM EBCDIC Italy</codepage>
<codepage id="20284">IBM EBCDIC Latin America-Spain</codepage>
<codepage id="20285">IBM EBCDIC United Kingdom</codepage>
<codepage id="20290">IBM EBCDIC Japanese Katakana Extended</codepage>
<codepage id="20297">IBM EBCDIC France</codepage>
<codepage id="20420">IBM EBCDIC Arabic</codepage>
<codepage id="20423">IBM EBCDIC Greek</codepage>
<codepage id="20424">IBM EBCDIC Hebrew</codepage>
<codepage id="20833">IBM EBCDIC Korean Extended</codepage>
<codepage id="20838">IBM EBCDIC Thai</codepage>
<codepage id="20866">Russian</codepage>
<codepage id="20871">IBM EBCDIC Icelandic</codepage>
<codepage id="20880">IBM EBCDIC Cyrillic Russian</codepage>
<codepage id="20905">IBM EBCDIC Turkish</codepage>
<codepage id="20924">IBM EBCDIC Latin</codepage>
<codepage id="20932">Japanese</codepage>
<codepage id="20936">Simplified Chinese</codepage>
<codepage id="20949">Korean Wansung</codepage>
<codepage id="21025">IBM EBCDIC Cyrillic Serbian-Bulgarian</codepage>
<codepage id="21027">(deprecated)</codepage>
<codepage id="21866">Ukrainian (KOI8-U)</codepage>
<codepage id="28591">ISO 8859-1 Latin 1</codepage>
<codepage id="28592">ISO 8859-2 Central European</codepage>
<codepage id="28593">ISO 8859-3 Latin 3</codepage>
<codepage id="28594">ISO 8859-4 Baltic</codepage>
<codepage id="28595">ISO 8859-5 Cyrillic</codepage>
<codepage id="28596">ISO 8859-6 Arabic</codepage>
<codepage id="28597">SO 8859-7 Greek</codepage>
<codepage id="28598">ISO 8859-8 Hebrew</codepage>
<codepage id="28599">ISO 8859-9 Turkish</codepage>
<codepage id="28603">ISO 8859-13 Estonian</codepage>
<codepage id="28605">ISO 8859-15 Latin 9</codepage>
<codepage id="29001">Europa 3</codepage>
<codepage id="38598">ISO 8859-8 Hebrew</codepage>
<codepage id="50220">ISO 2022 Japanese</codepage>
<codepage id="50221">ISO 2022 Japanese</codepage>
<codepage id="50222">ISO 2022 Japanese</codepage>
<codepage id="50225">ISO 2022 Korean</codepage>
<codepage id="50227">ISO 2022 Simplified Chinese</codepage>
<codepage id="50229">ISO 2022 Traditional Chinese</codepage>
<codepage id="50930">EBCDIC Japanese Extended</codepage>
<codepage id="50931">EBCDIC US-Canada and Japanese</codepage>
<codepage id="50933">EBCDIC Korean Extended and Korean</codepage>
<codepage id="50935">EBCDIC Simplified Chinese Extended and Simplified Chinese</codepage>
<codepage id="50936">EBCDIC Simplified Chinese</codepage>
<codepage id="50937">EBCDIC US-Canada and Traditional Chinese</codepage>
<codepage id="50939">EBCDIC Japanese (Latin) Extended and Japanese</codepage>
<codepage id="51932">EUC Japanese</codepage>
<codepage id="51936">EUC Simplified Chinese</codepage>
<codepage id="51949">EUC Korean</codepage>
<codepage id="51950">EUC Traditional Chinese</codepage>
<codepage id="52936">HZ-GB2312 Simplified Chinese</codepage>
<codepage id="54936">GB18030 Simplified Chinese</codepage>
<codepage id="57002">ISCII Devanagari</codepage>
<codepage id="57003">ISCII Bengali</codepage>
<codepage id="57004">ISCII Tamil</codepage>
<codepage id="57005">ISCII Telugu</codepage>
<codepage id="57006">ISCII Assamese</codepage>
<codepage id="57007">ISCII Oriya</codepage>
<codepage id="57008">ISCII Kannada</codepage>
<codepage id="57009">ISCII Malayalam</codepage>
<codepage id="57010">ISCII Gujarati</codepage>
<codepage id="57011">ISCII Punjabi</codepage>
<codepage id="65000">Unicode (UTF-7)</codepage>
<codepage id="65001">Unicode (UTF-8)</codepage>
</codepages>
</xml>

BIN
static/PeStudio/peparser.dll Normal file
View File

Binary file not shown.

BIN
static/PeStudio/pestudio.exe Normal file
View File

Binary file not shown.

BIN
static/PeStudio/pestudioprompt.exe Normal file
View File

Binary file not shown.

502
static/PeStudio/resources.xml Normal file
View File

@ -0,0 +1,502 @@
<!--
This file is part of the pestudio solution (www.winitor.com)
It contains the list of "Well-Known Resources" be detected as blackListed by this solution.
-->
<xml version="1.0" encoding="utf-8">
<settings>
<setting>
<enable>1</enable>
</setting>
</settings>
<resources>
<resource id="0" type="1" name="10">9169CFD16C29D67C272110C98D99FAA0</resource>
<resource id="0" type="1" name="10">E90C0F3F64201C4ABE053F03685227E6</resource>
<resource id="0" type="1" name="10">3F503C5B58D429020C13B8777C90A0A7</resource>
<resource id="0" type="1" name="10">BB8A97C30CCF21CEA5B65C1B3437A9CF</resource>
<resource id="0" type="1" name="10">18DEEB86648B4AD4CBB54CE7A0BAC23A</resource>
<resource id="0" type="1" name="10">D8614B4527F37ADD0DEA8A1EB6602D9A</resource>
<resource id="0" type="1" name="10">DC8828ACADF7FC1E3B5243E98F28BA2E</resource>
<resource id="0" type="1" name="10">F1F8DD2BE32FEE1DFEFA05931FF3F741</resource>
<resource id="0" type="1" name="10">1C9152CA4E98467F2222373A31895656</resource>
<resource id="0" type="1" name="10">E296BDC5D85FE5D9FC98A84E8CE20646</resource>
<resource id="0" type="1" name="10">4959293BE73FF9ED16CFA3DA2238E7EA</resource>
<resource id="0" type="1" name="10">6702B90C5864ADCDC8B47E5A6AD12F41</resource>
<resource id="0" type="1" name="10">C3394A1B82898C219C212D17996EFE8E</resource>
<resource id="0" type="1" name="10">4AA1872BD44D4C27324219547CEA292A</resource>
<resource id="0" type="1" name="10">3549F68D2766BBE560F0817CCFB10623</resource>
<resource id="0" type="1" name="10">444F0DDD1F84957AD323A5BA2AFBE5FA</resource>
<resource id="0" type="1" name="10">DE01111B81541B4B2A428B79B24045A0</resource>
<resource id="0" type="1" name="10">EB85FA5580E17004196AEEB718F4D5E1</resource>
<resource id="0" type="1" name="10">17BC0DF705FF9093929AEB5DE3ED569B</resource>
<resource id="0" type="1" name="10">E6B2E03204104703F2F52B5421D630D9</resource>
<resource id="0" type="1" name="10">9231C7349D760F77D38CB0901AF078B0</resource>
<resource id="0" type="1" name="10">B8FBBD3E478611354B749068A7EBEF70</resource>
<resource id="0" type="1" name="10">30834EC3CF0FA7F523DCBACFCB29F96B</resource>
<resource id="0" type="1" name="10">5EA49897E04010D41CA8BA23302FC4F3</resource>
<resource id="0" type="1" name="10">64580AF1E3B4739E5FB8EC58B79EE7F8</resource>
<resource id="0" type="1" name="10">137F549D5CA7B9FBE85D17C2CDE1947D</resource>
<resource id="0" type="1" name="10">C618C9640E539622E4A3789E801B1867</resource>
<resource id="0" type="1" name="10">A1FE17D347B1156212CDC11E9007B60C</resource>
<resource id="0" type="1" name="10">87296F8F8BE3838BD1578CC933115352</resource>
<resource id="0" type="1" name="10">1899BCC2D01CF773F8DE7D36D4CF71BE</resource>
<resource id="0" type="1" name="10">6A037D68D7AE1E10FB5177AE00A3E53F</resource>
<resource id="0" type="1" name="10">E4D0A554CCB5BC70AE04708BAE42290B</resource>
<resource id="0" type="1" name="10">1A214429314D7FBAB656C908BCD70FD2</resource>
<resource id="0" type="1" name="10">1193E37985638AE509758B0E30309D1B</resource>
<resource id="0" type="1" name="10">9E23E43D5B35D0AFF563F63A1FC9CB09</resource>
<resource id="0" type="1" name="10">57C5E491FD1F4766D507333A194A8F92</resource>
<resource id="0" type="1" name="10">6F8AF2B9EEC13BD7E3CC7CCD947BE9C7</resource>
<resource id="0" type="1" name="10">B6873B8CFD1CF8890AE2616CD92A48C2</resource>
<resource id="0" type="1" name="10">6F8AF2B9EEC13BD7E3CC7CCD947BE9C7</resource>
<resource id="0" type="1" name="10">B6873B8CFD1CF8890AE2616CD92A48C2</resource>
<resource id="0" type="1" name="10">6F8AF2B9EEC13BD7E3CC7CCD947BE9C7</resource>
<resource id="0" type="1" name="10">B6873B8CFD1CF8890AE2616CD92A48C2</resource>
<resource id="0" type="1" name="10">242FE4BAE927CF380507169339294131</resource>
<resource id="0" type="1" name="10">909D03DE4694F7A8EC4FFE5FA24A3152</resource>
<resource id="0" type="1" name="10">664BA9A824DCE9261944F773912B39C2</resource>
<resource id="0" type="1" name="10">E3382B6A21544C03B23552E84043A733</resource>
<resource id="0" type="1" name="10">02EF9E192F55B1B970B5A894C068C5DC</resource>
<resource id="0" type="1" name="10">6C17A1B99ACD02374AF61B396361B430</resource>
<resource id="0" type="1" name="10">D14591DA67A51E346B91E7600656AEA7</resource>
<resource id="0" type="1" name="10">011C6ED16ACB4DC46B4DF44005FB5EC3</resource>
<resource id="0" type="1" name="10">22643A9505A56B069EB4B371611EACD8</resource>
<resource id="0" type="1" name="10">D4742746CD02263535B0E1A250256B46</resource>
<resource id="0" type="1" name="10">BC4C88DCB309E3C4740E1E2488E94D93</resource>
<resource id="0" type="1" name="10">BE743AEB7A0B66DB50D4B4BCA06F25D3</resource>
<resource id="0" type="1" name="10">9B0D8E918F4D74B60D88F00F68565875</resource>
<resource id="0" type="1" name="10">FF9DA435637956C5E80B0845C9EA4D36</resource>
<resource id="0" type="1" name="10">154BC0506D993EDC97B2F5103C052009</resource>
<resource id="0" type="1" name="10">1B2A520AF7D2B911FA80AD122B5032F4</resource>
<resource id="0" type="1" name="10">399D1914A61AA0E1330757AE645DED7E</resource>
<resource id="0" type="1" name="10">FBC89C665E149B5CF1865EF48FB8D916</resource>
<resource id="0" type="1" name="10">79438F24B4D1B5FC1978FD55612E9B5B</resource>
<resource id="0" type="1" name="10">C7548B9FAE303DB9D12C921A9AE60FFA</resource>
<resource id="0" type="1" name="10">B00CB5CDFD5BE17756EF9ABC01198C07</resource>
<resource id="0" type="1" name="10">DBF94E02F2BE7BC54E4D68841C86700B</resource>
<resource id="0" type="1" name="10">A5C21062D577BE7E18F5C53596A1A509</resource>
<resource id="0" type="1" name="10">6B9EB151A1F11F98EF3A42B65DF4699B</resource>
<resource id="0" type="1" name="10">A2434F1408690B727C7643C77375F431</resource>
<resource id="0" type="1" name="10">479019C4B33CD047E7616BE11C259C88</resource>
<resource id="0" type="1" name="10">F20C08B113FC6ED06851D8B950904B05</resource>
<resource id="0" type="1" name="10">3C8EF3403E591C4DCA44D8FCE418C38E</resource>
<resource id="0" type="1" name="10">CBBD546133D0B02BA583C65413C6BC6F</resource>
<resource id="0" type="1" name="10">55EC6C603E56E6DB01A6F3894B402C73</resource>
<resource id="0" type="1" name="10">F22C1D8389B0377620FF1BBC10D3AE80</resource>
<resource id="0" type="1" name="10">6C442AE314625F3D64854A7C1CBA36F5</resource>
<resource id="0" type="1" name="10">1E3BD999F3727EDE7FEC53EE1FDA98A1</resource>
<resource id="0" type="1" name="10">B0BB1475C896C2AF080C296425694A90</resource>
<resource id="0" type="1" name="10">7EA944FF867D7A5F5E61ADCE6C8FC93F</resource>
<resource id="0" type="1" name="10">6129A042CACD74E0F0C81FBE14C3AE58</resource>
<resource id="0" type="1" name="10">D5F92E469B8C5167407304F2D8874BAB</resource>
<resource id="0" type="1" name="10">A2254D71F30DD4CD7E8DCDE0BE16C763</resource>
<resource id="0" type="1" name="10">358F214E250968CC031C55939688E620</resource>
<resource id="0" type="1" name="10">CEB01C8C564F22F5998FAF96B24C3EAE</resource>
<resource id="0" type="1" name="10">4CBFE99178EFDA38EBA3DF3CB048AF62</resource>
<resource id="0" type="1" name="10">1BA3F98E7C4AB9389DBF32009B4FC2E4</resource>
<resource id="0" type="1" name="10">81A51D91E4D5D2F3CAC667407DD0F10C</resource>
<resource id="0" type="1" name="10">572F311EA3C45509E5174758BEC84C67</resource>
<resource id="0" type="1" name="10">D217A9BB52ECA606D83E7A5D653C96F6</resource>
<resource id="0" type="1" name="10">03D5E7392D047800CDD3AA5695508BD9</resource>
<resource id="0" type="1" name="10">2448C3A71B68242B42E44F5A07933800</resource>
<resource id="0" type="1" name="10">1A973D5420B563AEC9730631842C3100</resource>
<resource id="0" type="1" name="10">B4AA26F1F89BEB4F11A6A3E226A1E056</resource>
<resource id="0" type="1" name="10">EDD239647A6FA9551AAA2DA58BE866C9</resource>
<resource id="0" type="1" name="10">D5E93D437E309149B11D2E82AB1E4F11</resource>
<resource id="0" type="1" name="10">E92159842313FB935BA3D4522F93E107</resource>
<resource id="0" type="1" name="10">D0FF39BB38F7D10B09EB154761CBF703</resource>
<resource id="0" type="1" name="10">97E6E94A014A210407000E326EEC7C52</resource>
<resource id="0" type="1" name="10">8A3E32532E6992D762B208FBF8AC750B</resource>
<resource id="0" type="1" name="10">EBE292D6C56A61E2CAB05756855F65BF</resource>
<resource id="0" type="1" name="10">35EF65177428564AC61813783F423CC6</resource>
<resource id="1" type="1" name="20">C931EB3CE69DD95FC1FCB47C3F73658B</resource>
<resource id="1" type="1" name="20">F3CB9D43BE7149A07EFDD32E72168B97</resource>
<resource id="1" type="1" name="20">A5DF136449E71051E787F7F2564B8158</resource>
<resource id="1" type="1" name="20">C3FEC2C43E7DFD935C90940D55BC274A</resource>
<resource id="1" type="1" name="20">58E1ED2B09B80CD6CEE38D26C90BFFEF</resource>
<resource id="1" type="1" name="20">6413D97BEE274B598C29084EE4C947AF</resource>
<resource id="1" type="1" name="20">726B2EA4D3A3C18FAB8B9A70A926FCBA</resource>
<resource id="1" type="1" name="20">A510252295828679049879AC3B32E26F</resource>
<resource id="1" type="1" name="20">344B352D9BFAB34DDFD5B9E3EBA40924</resource>
<resource id="1" type="1" name="20">94AE24A5A7CD8C7D665E21082C1F82BD</resource>
<resource id="1" type="1" name="20">5FF19ADD2BBFD24900C30590B723BCA2</resource>
<resource id="1" type="1" name="20">D453E2532C0E8AE4B2EC15E220B522D3</resource>
<resource id="1" type="1" name="20">3232EDF7C55B0C69281E8C14081F3005</resource>
<resource id="2" type="1" name="32">5E0424A037ED1CF4B86D9CAED970DFF9</resource>
<resource id="2" type="1" name="32">E90A939E1107E27E1D95C25E2EB0F65A</resource>
<resource id="2" type="1" name="32">44B38E737F03387A86DB70708B9C5C4A</resource>
<resource id="2" type="1" name="32">4C7576E8F541BB3E4915569E56509AE1</resource>
<resource id="2" type="1" name="32">7684234AAE030B0E361B77C545F619AD</resource>
<resource id="2" type="1" name="32">30678F5B06BC441A5BD8ED2848236144</resource>
<resource id="2" type="1" name="32">C50E91E6D59210580879F7BC5BD36D62</resource>
<resource id="2" type="1" name="32">011BDE7B9C82D9453B7222950F92B18B</resource>
<resource id="2" type="1" name="32">489350E7DBC2BD241EEEAF928C84198B</resource>
<resource id="2" type="1" name="32">A0873ADC85C929C39F54B1E889C20411</resource>
<resource id="2" type="1" name="32">02F5AA301D295FA4EE30646E84CCDC84</resource>
<resource id="2" type="1" name="32">619569EE7F33365F88C67E5792ED5545</resource>
<resource id="2" type="1" name="32">4AAC2B52C5AC1670EBDE434FD25A57E3</resource>
<resource id="3" type="1" name="40">A6A1FC387776122DA43D5D1FFC73AB14</resource>
<resource id="3" type="1" name="40">7537DC8AA212AE903A8CBA12E73C2819</resource>
<resource id="3" type="1" name="40">A26CAEE6F15E6536BC4DD217227D313D</resource>
<resource id="3" type="1" name="40">D9BBB1FC017CAF205D9A1092B05A8931</resource>
<resource id="3" type="1" name="40">5F8E7F65DDE26797265FF08C20E0F50E</resource>
<resource id="3" type="1" name="40">A20A4A65692AB511B9DC51AA02028B27</resource>
<resource id="3" type="1" name="40">2D8A3FDED4712D6AC221F9878E6A74FF</resource>
<resource id="3" type="1" name="40">5735C880F81FDECB98E3FB900933C3D5</resource>
<resource id="3" type="1" name="40">BB1FD2B9E0171148E824D98C02CC6E82</resource>
<resource id="3" type="1" name="40">FE0A80ADF462320DD46C4B02C7BD1041</resource>
<resource id="3" type="1" name="40">3CA321CD8113E0B8FEF6993E8E3B8759</resource>
<resource id="3" type="1" name="40">F33E761C82E8FCD44C5841ACF8EBDC81</resource>
<resource id="4" type="1" name="50">5F8E7F65DDE26797265FF08C20E0F50E</resource>
<resource id="4" type="1" name="50">A20A4A65692AB511B9DC51AA02028B27</resource>
<resource id="4" type="1" name="50">11D5D480A7B2C686AC2189DD34B9DB40</resource>
<resource id="4" type="1" name="50">ADDB99E27F9A3CAAD37DFA6D93824EFE</resource>
<resource id="4" type="1" name="50">39997C551CBD6B80C680353B064EFB23</resource>
<resource id="4" type="1" name="40">B2859863B159FCEFC043467ED11417D9</resource>
<resource id="5" type="1" name="60">2C67143AFC3909B3EACA8C11C187C904</resource>
<resource id="5" type="1" name="60">095C4AE7800A5BAF13B314129421C290</resource>
<resource id="5" type="1" name="60">4C367C5E16D12F80995F3B1CF127244E</resource>
<resource id="5" type="1" name="60">2F75B7DEFE46ACAC49BA80826711E295</resource>
<resource id="5" type="1" name="60">53EE7373CC8C75AC0B3E2651EE6C2397</resource>
<resource id="5" type="1" name="60">840AA4B2D92E1643D5A3368E83794D58</resource>
<resource id="6" type="1" name="70">24799CA590D42134E7103B06D46FD960</resource>
<resource id="6" type="1" name="70">E6C5053BA1C848D7E16701A2D08FB8C6</resource>
<resource id="7" type="1" name="100">A1ED7997BD50C296AAB05FCC8388A4E0</resource>
<resource id="7" type="1" name="100">8A992A1952774487BD0C0C6B7B1388F8</resource>
<resource id="7" type="1" name="100">60BF656112A8DA82519EF19AEB9F5E3B</resource>
<resource id="7" type="1" name="100">56860B98C85BB21038F01C1E194E6460</resource>
<resource id="7" type="1" name="100">2DBF9CC24FA6009561FAF807C21C0FBB</resource>
<resource id="7" type="1" name="100">8AE2737AE3E04FDF0082602BFDB29102</resource>
<resource id="7" type="1" name="100">06B51ACA3C7CE72714A04676359E72C3</resource>
<resource id="7" type="1" name="100">BC0D13EF4C056308DE3F06C5D45EDA52</resource>
<resource id="7" type="1" name="100">44C8C8006607D2BEFB077C0D606E00A9</resource>
<resource id="7" type="1" name="100">9CE845F74F9BCAE467F9437D7B05EF11</resource>
<resource id="7" type="1" name="100">E6E0262EF4FF2CAC9437DC0B1611C133</resource>
<resource id="7" type="1" name="100">4275F915E6034CDCB5F606B6DFDDAD7D</resource>
<resource id="7" type="1" name="100">03CA4863E2106A76D71E870B44E78D28</resource>
<resource id="7" type="1" name="100">ECEB823490EBCD43AE2B6FFF8C9F87ED</resource>
<resource id="7" type="1" name="100">467D35B1994FF99564D9C582BDA6BEDE</resource>
<resource id="7" type="1" name="100">A058DA3DFD64D65AC7395DA49AB9798B</resource>
<resource id="7" type="1" name="100">9C8CC2C612B616A435C747A92A4C3F2D</resource>
<resource id="7" type="1" name="100">7F1B5216B92533AF64D2649ED7A0C776</resource>
<resource id="7" type="1" name="100">7F1B5216B92533AF64D2649ED7A0C776</resource>
<resource id="7" type="1" name="100">EE62326BEE5D061EC1106369DC7FBBC0</resource>
<resource id="7" type="1" name="100">D0AA6B4D0CE81668F70DDCD94339F156</resource>
<resource id="7" type="1" name="100">F2797CB14A4023810217A1C77C5710C5</resource>
<resource id="7" type="1" name="100">8815C3B9C9BF1D41229ACAEC22728387</resource>
<resource id="7" type="1" name="100">1D6E85FDF0E89434EF4F5387F40693D6</resource>
<resource id="7" type="1" name="100">7B85CAEFFE313D9A1B1431E3ED805A5A</resource>
<resource id="7" type="1" name="100">B56D4711501D1B40EA415E105D9137A7</resource>
<resource id="7" type="1" name="100">B5F9D009156EBE07FB0F25C148E4A2A5</resource>
<resource id="7" type="1" name="100">FB983256140DD7C07A7957A5AB4DB997</resource>
<resource id="7" type="1" name="100">1DAFFB0D65AB793FAFCE375E6F8C93C4</resource>
<resource id="7" type="1" name="100">157E93F142DA0938BDFBEC079B473809</resource>
<resource id="7" type="1" name="100">B0681B3B4F35D66F842EC45712278844</resource>
<resource id="7" type="1" name="100">BA94CA63109CE80F7FF07F8B32F48BAD</resource>
<resource id="7" type="1" name="100">BACA0BD675B44B8DB1263E690E15ACBE</resource>
<resource id="7" type="1" name="100">BCA790B2BD380D03C12F6DB36844201B</resource>
<resource id="7" type="1" name="100">07719E9A1BFE3BDB00653C03C9646064</resource>
<resource id="7" type="1" name="100">DEE90234C613EA3A55C056BB02687B1C</resource>
<resource id="7" type="1" name="100">5AAC683855FE0EE3DBE9B1B2B36B5ECE</resource>
<resource id="7" type="1" name="100">29C7D5A955774F1B28CA51ED4538B931</resource>
<resource id="7" type="1" name="100">DB89345020D2E729450B05DF74BB2E99</resource>
<resource id="7" type="1" name="100">6E21109C959B09A054871214E7A2EB64</resource>
<resource id="7" type="1" name="100">29E12D9AB0E6DEDE8395C14600FAAA14</resource>
<resource id="7" type="1" name="100">D7A0796C0EB65BCE03FC7E9302132F50</resource>
<resource id="7" type="1" name="100">E05DADD071C308E892B2CDD494A92B4F</resource>
<resource id="7" type="1" name="100">3B1785B7485D77046F2BD14DD2D02D4E</resource>
<resource id="7" type="1" name="100">B80CBC64CB6E6ACF2BCEF757D3BE7B47</resource>
<resource id="7" type="1" name="100">35D0626505772B37FE3A883310D91D7A</resource>
<resource id="7" type="1" name="100">F918A9311FC55AA02733653E783EAF71</resource>
<resource id="7" type="1" name="100">E46C30C58F3CB44E236643F6EB6E85E5</resource>
<resource id="7" type="1" name="100">B796C796B3D8AC08799CBC5A4D104F9F</resource>
<resource id="7" type="1" name="100">846A77216562E12267837F95A0AD51C7</resource>
<resource id="7" type="1" name="100">99E5D6E15B7BA7337B6996D7FBE938EC</resource>
<resource id="7" type="1" name="100">A449F658F94FCAD046CD45CDC227F656</resource>
<resource id="7" type="1" name="100">282E7F4F550128BD16EAD0885EDA40C1</resource>
<resource id="7" type="1" name="100">C167923A143FCDC75DA6F69D71AA3937</resource>
<resource id="7" type="1" name="100">E3049F65F3ABC5632E8A18707645785F</resource>
<resource id="7" type="1" name="100">DC066CB931F579D516A1A37EF7D1A661</resource>
<resource id="7" type="1" name="100">D81A2466D8410C5ECC212F99BA3AFB7E</resource>
<resource id="7" type="1" name="100">BB1A64D7B7F2BB8D709978857A7BA08A</resource>
<resource id="7" type="1" name="100">00CFA6576E567CF775AD0567817685CA</resource>
<resource id="7" type="1" name="100">2BD1617E44BB44DB5F26DCEAC89C9B1E</resource>
<resource id="7" type="1" name="100">3F3A5A5B0D794E4B144C63C100CC57C2</resource>
<resource id="7" type="1" name="100">99419B12B8F7519179FCE2C8F083A092</resource>
<resource id="7" type="1" name="100">7E179152E2AE85BBAB0A0DDF1D4067CD</resource>
<resource id="7" type="1" name="100">4612876C7FDCFEC715337F0D167E6CAA</resource>
<resource id="7" type="1" name="100">8B8DE9C0798619DD7C151D951999FE57</resource>
<resource id="7" type="1" name="100">5101F6FB77200F2C4647607F8D807607</resource>
<resource id="7" type="1" name="100">39710FE2245A6211FC13C5DF75223B57</resource>
<resource id="7" type="1" name="100">D4C60781C5DF23D788C62B1FB2968CC2</resource>
<resource id="7" type="1" name="100">EB3A2CB47E8054B73D66E1D8E716009F</resource>
<resource id="7" type="1" name="100">2C2D5464A4233F4C255DE05F46701B33</resource>
<resource id="7" type="1" name="100">4A1546C9E094A221D6BA88BF4EAA3728</resource>
<resource id="7" type="1" name="100">08A537E9415A81733C1648B5F568D2F7</resource>
<resource id="7" type="1" name="100">75A0B1A202814178CB553CD89A739B0F</resource>
<resource id="7" type="1" name="100">8A2672BB14DEB958210FBC05C30145F4</resource>
<resource id="7" type="1" name="100">F7FE951D84798F911C72F1E0F871B56C</resource>
<resource id="7" type="1" name="100">B6C6FA376FA6DF020D146DF0A6763482</resource>
<resource id="7" type="1" name="100">6FC9EAE77EF4637E10DD3ABED06137D3</resource>
<resource id="7" type="1" name="100">9C96D4E394E3C1DE27E9CEC412D43F96</resource>
<resource id="7" type="1" name="100">2F56E8C9647325B52A2F40DE4D21EE0E</resource>
<resource id="7" type="1" name="100">17969F580FF0C708428DCA3E948405EC</resource>
<resource id="7" type="1" name="100">1E178242A43451F4E99A7D99A425C3EF</resource>
<resource id="7" type="1" name="100">1B18459A10D22AFC628779631DD377ED</resource>
<resource id="7" type="1" name="100">FAC5759F56FE23412DD8408882BDA5AD</resource>
<resource id="7" type="1" name="100">623599656EF92AB06FB114D5BD89FC80</resource>
<resource id="7" type="1" name="100">A39E2C6AB70ED5954F52FE31F7CB9647</resource>
<resource id="7" type="1" name="100">08674C0389647BCCE7A0C7B2A2385F86</resource>
<resource id="7" type="1" name="100">5CD093BE7B5B80F8F9BED61174E747DF</resource>
<resource id="7" type="1" name="100">AF072272EC49043084EAA03D85413C41</resource>
<resource id="7" type="1" name="100">19B41C0049693AD063140564A05A15D4</resource>
<resource id="7" type="1" name="100">583F03DF62CED4CE8FCE473E03A45AF8</resource>
<resource id="7" type="1" name="100">FA66DB1B92E0DF9EE1B2968AEFCD2BC7</resource>
<resource id="7" type="1" name="100">996969D9DD9B639D44504388D7B0128E</resource>
<resource id="7" type="1" name="100">CB89BB646689F03BBF0B69470DA1FEB6</resource>
<resource id="7" type="1" name="100">91E76CEA5EF0C6C4973CF6A025FB9AAA</resource>
<resource id="7" type="1" name="100">DAC5F0C754C4ED921E10792E6942FF23</resource>
<resource id="7" type="1" name="100">CF8B63BBBFE18A2B7266E74D8989F0B5</resource>
<resource id="7" type="1" name="100">F730C64DAAE0131A358FF51541E691CC</resource>
<resource id="7" type="1" name="100">B07E1536B478EA6B806C9263414BD9F7</resource>
<resource id="7" type="1" name="100">D522598072DC48BB6AEF6F0BB40B4CC2</resource>
<resource id="7" type="1" name="100">1BA76EAB257E68B286E564CBE07DCD26</resource>
<resource id="7" type="1" name="100">5BCA57194380C34002C0DD086A242EE7</resource>
<resource id="7" type="1" name="100">A0F1A9E664389E2FAE01C9519598ABBF</resource>
<resource id="7" type="1" name="100">AD4CDD3A5337E568D3F55E8F024B4526</resource>
<resource id="7" type="1" name="100">C219F66CFCCF208C3D9272B32C90A4EE</resource>
<resource id="7" type="1" name="100">17DE37ED86693CDA2140F01B194B5557</resource>
<resource id="7" type="1" name="100">A4FDE844456B29D6850DAF42A5807672</resource>
<resource id="7" type="1" name="100">D6312274160C34503BC625F9598F8E43</resource>
<resource id="7" type="1" name="100">380E8FA64D4DF8BA3F817E81C1087CBB</resource>
<resource id="7" type="1" name="100">7EE265D09E41EF3139D93B7050D10DBD</resource>
<resource id="7" type="1" name="100">53DF7815DD9AD3493275650237CB6BD8</resource>
<resource id="7" type="1" name="100">6CC3E2A7D3200766361CCE948CC2F693</resource>
<resource id="7" type="1" name="100">EDB68DFA3A0C4F34D1C2B24FE84CCE32</resource>
<resource id="7" type="1" name="100">80591A4642B92F1A9CBCD69A23111809</resource>
<resource id="7" type="1" name="100">D5AE730A7B7B2BB8E560FF844C93B49E</resource>
<resource id="7" type="1" name="100">69D95E2689633F96263753675856A576</resource>
<resource id="7" type="1" name="100">0DCE307B9A89BCF569E3AEF9FDA2DB7F</resource>
<resource id="7" type="1" name="100">77307C66ADA4BD02BFAD41A837011DEB</resource>
<resource id="7" type="1" name="100">6835F4C66937B5E1ACACF8839AFE6E52</resource>
<resource id="7" type="1" name="100">60B7EE275052309CFE13AC808ED31B51</resource>
<resource id="7" type="1" name="100">F227C2ABF18E255A547FCF87615B8E01</resource>
<resource id="7" type="1" name="100">BF163EDA3408D4EA99E1C49DE22BB4BF</resource>
<resource id="7" type="1" name="100">A75DBC888460875868739C709251BA83</resource>
<resource id="7" type="1" name="100">62C69EE86977F85A5883180553AADC18</resource>
<resource id="7" type="1" name="100">55189FF66957A034473AC7084B153CC1</resource>
<resource id="7" type="1" name="100">FB585460A906CF7229C078029C20E3E7</resource>
<resource id="7" type="1" name="100">12EC2FC8D86C65116BE55ADCD388DA88</resource>
<resource id="7" type="1" name="100">D7416167A3F1B4F5F2025F7E98D9C4DA</resource>
<resource id="7" type="1" name="100">057D1ED62042EF154B2430DFEC4D9A28</resource>
<resource id="7" type="1" name="100">75A9DD706983E639CE995713F0C8F81F</resource>
<resource id="7" type="1" name="100">AA9F1D12DA051B3C7E0677F15F7187B5</resource>
<resource id="7" type="1" name="100">2C5034D947E301BCAED257F1782281C4</resource>
<resource id="7" type="1" name="100">368D2E77FE3952DACCDCEF3BF254A9C8</resource>
<resource id="7" type="1" name="100">D4BA95484230181AF6BB70A658043FF3</resource>
<resource id="7" type="1" name="100">29D6C17E6CD15BFC90009AAA138D3864</resource>
<resource id="7" type="1" name="100">ABA82F41761F8A60CDE98838C6A552FC</resource>
<resource id="7" type="1" name="100">F2C0BDDEDFAC53630A528BC2FEEBF2DC</resource>
<resource id="7" type="1" name="100">A66AA3EA7848A5729A4D2EBEC5F9426D</resource>
<resource id="7" type="1" name="100">95F41B1D89E6AD15EC5012F74D49D7DE</resource>
<resource id="7" type="1" name="100">E8C2EA04B31E3E8E9E0EFB76E7E51615</resource>
<resource id="7" type="1" name="100">740B18E8E0D70DB3D0A5EC1D4B2883DF</resource>
<resource id="7" type="1" name="100">2A8F5C47916544CF12DF6F971D4BF804</resource>
<resource id="7" type="1" name="100">1075512898849EAF97D4E54B0FDE1E50</resource>
<resource id="7" type="1" name="100">00FB241D750DA51E810E5DF59E922900</resource>
<resource id="7" type="1" name="100">AB03342B57FAF4B4FC9244E3A9118E7A</resource>
<resource id="7" type="1" name="100">5E9E6BB6D9F5E46D32089F5A228C40F5</resource>
<resource id="7" type="1" name="100">CBF06ADD981DCA3588A1C8092DA52400</resource>
<resource id="7" type="1" name="100">885B5EACC906143F5A5FBC46FE8ADA47</resource>
<resource id="7" type="1" name="100">75CB594E565B7232DF391F8C06FB722F</resource>
<resource id="7" type="1" name="100">49CF37CE1395B81E15B3A9F162C4D34E</resource>
<resource id="7" type="1" name="100">D26FA664BC7A6B0F7DC53D4AA2468A71</resource>
<resource id="7" type="1" name="100">DD4092D5B47C9C2BE1DB2114E9F03557</resource>
<resource id="7" type="1" name="100">3C63650266399F0DD5DDC7481016D673</resource>
<resource id="7" type="1" name="100">F6E73653376433FDDD9AD55521BB6043</resource>
<resource id="7" type="1" name="100">5B697094E12F1CA8C053CEE1F534A826</resource>
<resource id="7" type="1" name="100">C91BAE1FC957C6B257B5D09057DFFB0C</resource>
<resource id="7" type="1" name="100">02B32306D0E4EBAD89F3FEB7D42B16E4</resource>
<resource id="7" type="1" name="100">FFB785FEBCC17D0E116D2EF6B4D4A2FC</resource>
<resource id="7" type="1" name="100">1C28E5FB4EED75FECD379EEA0BB86DBD</resource>
<resource id="7" type="1" name="100">714403D8593572CB9E2D5B610FFC6EB3</resource>
<resource id="8" type="1" name="110">C8AD15FFE7C53280184269F6FEC09504</resource>
<resource id="8" type="1" name="110">2E0885355CAC8A3390565C5DAFA6022B</resource>
<resource id="8" type="1" name="110">05BB37CC4531FE1654D1ABBDC646CEED</resource>
<resource id="8" type="1" name="110">32280A1FE2A95CB52E6D3F5996DFDB1C</resource>
<resource id="8" type="1" name="110">2E8B843FEEA3A5D376BDE41235300C99</resource>
<resource id="8" type="1" name="110">19B245C3B365A46ADD6C7E875CCA63B8</resource>
<resource id="8" type="1" name="110">D8D5BD5B0E73779900EE253E3CA73B40</resource>
<resource id="8" type="1" name="110">421607C11EFBCCB2ED2E18AFA3DA34A3</resource>
<resource id="8" type="1" name="110">E47F0BBBBAF6EC8A6BA89DE01F3340DD</resource>
<resource id="8" type="1" name="110">54F61D18E7F794580D5D821892B15C2A</resource>
<resource id="8" type="1" name="110">30DEC2B13BD7C0DD83D74A833AA650C7</resource>
<resource id="8" type="1" name="110">3CAC4EA2EEAE9680AB9004CB48FEB843</resource>
<resource id="8" type="1" name="110">29C19E1DE3090617C1F272B3FE4B956C</resource>
<resource id="8" type="1" name="110">44DEC974890AA54E1231F019810A5A7D</resource>
<resource id="8" type="1" name="110">5CBA59151FB1D307DB19D01113C7D644</resource>
<resource id="8" type="1" name="110">05F1A4100B82D174400D376E59EA4032</resource>
<resource id="8" type="1" name="110">44692635ADB994B18FD1BBE1B89EAE8A</resource>
<resource id="8" type="1" name="110">F2EFA3A7D7E1A0EA2222BC03326CE56B</resource>
<resource id="8" type="1" name="110">F0AD1B8815E933A2E34E770439574E68</resource>
<resource id="8" type="1" name="110">4402AAD7B76F97CD25A63556BD386F45</resource>
<resource id="8" type="1" name="110">94D2333F0ACE68BC98CE8B379445F469</resource>
<resource id="8" type="1" name="110">85477B0DAB461F62B51B79AF761BC042</resource>
<resource id="8" type="1" name="110">6F1D7A5156DA1D8D609C700D7F856C57</resource>
<resource id="9" type="1" name="200">063315629ADB9C84B22673219200D1F7</resource>
<resource id="9" type="1" name="200">93BA82BE92A45505EE061CCBA34E5ECF</resource>
<resource id="9" type="1" name="200">9D6C41957BE093DBD3F2E3FBF6E70609</resource>
<resource id="10" type="1" name="210">79789DC8EB29D34D2DC4CA4597678C96</resource>
<resource id="10" type="1" name="210">BD505B1D1A9C1E8B1FDB379637A2EB00</resource>
<resource id="10" type="1" name="210">472C9FAC5D5C06A7C524835FC8D5AB98</resource>
<resource id="10" type="1" name="210">875428C8A68F86911FD8D3B537BEDF87</resource>
<resource id="10" type="1" name="210">F780A82E83114AB86869E7AC81D68473</resource>
<resource id="10" type="1" name="210">8CFD33F4BFF0F19AAC8A8AF71B0CE30F</resource>
<resource id="11" type="1" name="300">5DDC94F3A935D7742D868238CB8EBCA8</resource>
<resource id="11" type="1" name="300">0EB4A39028CB3AE4D7E9CC62DAD71ACD</resource>
<resource id="11" type="1" name="300">32AFE38C0D0DC3FDF0C3C485887D3E43</resource>
<resource id="11" type="1" name="300">6748E3D22A0734B78EB691A3C360A767</resource>
<resource id="11" type="1" name="300">4A7CD59B1C3C1BAA90D7C6D3182990D0</resource>
<resource id="12" type="1" name="310">757E9E2E7CF80A929501A81F7CA1EB33</resource>
<resource id="12" type="1" name="310">CA16B16F5905D430078E613019FEAAB1</resource>
<resource id="12" type="1" name="310">C3B04343D9A1EBED8BE094B7D3DB2A9E</resource>
<resource id="12" type="1" name="310">C5AF786BFD9FD1C53C8FE9F0BD9CE38B</resource>
<resource id="12" type="1" name="310">0A451222F7037983439A58E3B44DB529</resource>
<resource id="12" type="1" name="310">90ED3AAC2A942E3067E6471B32860E77</resource>
<resource id="12" type="1" name="310">AF05DD5BD4C3B1FC94922C75ED4F9519</resource>
<resource id="13" type="1" name="320">77C64818523675C19429AEE1EC8A0544</resource>
<resource id="13" type="1" name="320">DE81BCCB6410C9E4ACB325F67F268BC5</resource>
<resource id="13" type="1" name="320">E9356775B7B8159CFAD335FA2C2B22D5</resource>
<resource id="13" type="1" name="320">41491A39D90ED5934E44C6A505F15EE5</resource>
<resource id="13" type="1" name="320">D7B0560BD281FF19FF0611E0D353E191</resource>
<resource id="13" type="1" name="320">F71DC11B5BA14E4E23B83041D878ADB3</resource>
<resource id="14" type="1" name="330">DAC970882C0B2BBF2BA730CDD029CC15</resource>
<resource id="14" type="1" name="330">7AF648367DBCFF7D2CEDB0129130831C</resource>
<resource id="14" type="1" name="330">3EB35BB107D7B980380FC299BCB78339</resource>
<resource id="14" type="1" name="330">541C3A8A0F459E81C477F257581D74B9</resource>
<resource id="14" type="1" name="330">5503D51A4796F866F06DB06D96B2B6F2</resource>
<resource id="14" type="1" name="330">B73040E84B34D849887B960439EE7B74</resource>
<resource id="14" type="1" name="330">D462755A29E7D78005E4F1E643BD3A23</resource>
<resource id="14" type="1" name="330">1470DD46FBC7A3CCF2ED443979BE87EF</resource>
<resource id="14" type="1" name="330">255247F964ABE807FCA929BE8D7636D1</resource>
<resource id="14" type="1" name="330">4174B6C6A8B32C89430A8B0142E55868</resource>
<resource id="14" type="1" name="330">B075E283F89FFF26DB1C1AACAF696EC1</resource>
<resource id="15" type="1" name="340">FE5312D721B8A2DA30D5C84E039651CB</resource>
<resource id="15" type="1" name="340">FFCA4B680C5BBC45B7218541811B2F23</resource>
<resource id="15" type="1" name="340">ACAB3C15838798165F41DEB1DD1B623E</resource>
<resource id="15" type="1" name="340">F6A9C501AAC7DCE9AC5CCF82BBDC404E</resource>
<resource id="15" type="1" name="340">3FAD76BA87D6EDE772739BE863C83B5A</resource>
<resource id="15" type="1" name="340">2E25811C524ABE0A72EA1240DA9E00FC</resource>
<resource id="15" type="1" name="340">2065035FBC5003C4369CCF7DCF3313A8</resource>
<resource id="15" type="1" name="340">C0B1A95D8E2191DE7DB362CC6405FE80</resource>
<resource id="15" type="1" name="340">C21C852B74B17597BE42E28D58739EFE</resource>
<resource id="15" type="1" name="340">29B291AD75C93524E2D6B72A2E77F183</resource>
<resource id="15" type="1" name="340">ADD1001134F11A0F1783F9719ECF0A34</resource>
<resource id="15" type="1" name="340">E7B4E12CE14DCBA2010746F8DDB16A58</resource>
<resource id="15" type="1" name="340">A160FBC7D6053ACACB1F0C1A413A4C45</resource>
<resource id="16" type="1" name="350">6295B471FE26A142E3F55CEA4A0AF053</resource>
<resource id="16" type="1" name="350">02BCEDCF1264C2D5217C8E741E94F037</resource>
<resource id="16" type="1" name="350">A7755A1FF142CD6A5A434E31C12BEE74</resource>
<resource id="16" type="1" name="350">5AA227AD281A94BDDA70072FFEEF26B7</resource>
<resource id="16" type="1" name="350">4E93012888E56D9DED57FDB88F7E76DA</resource>
<resource id="16" type="1" name="350">F4879D701A7E0C7E7000B8B306009F20</resource>
<resource id="17" type="1" name="360">D15F3AB6307B00B16A901CD1CDDB79E1</resource>
<resource id="17" type="1" name="360">73E41278C4BBBA3B306C7EB63CDEC358</resource>
<resource id="17" type="1" name="360">1E94BA78A024E8899C819B99B0D4CC2C</resource>
<resource id="17" type="1" name="360">65F2B0A5D69167E2E8EB76CDCFCC9BC9</resource>
<resource id="17" type="1" name="360">B65944552F5CA6302AB035DB1B24A771</resource>
<resource id="17" type="1" name="360">ADACC3DC9471484536AA1B262F72EFA0</resource>
<resource id="17" type="1" name="360">0A400870F302760354EB3EBEF58E9EB9</resource>
<resource id="17" type="1" name="360">F557CA256E937C9FD12E2F6C204F1A40</resource>
<resource id="17" type="1" name="360">CCC1BFCE314E6DD914F6C30502A30342</resource>
<resource id="17" type="1" name="360">05EF8D62DD1E5DF7DE6BA787B824ED44</resource>
<resource id="17" type="1" name="360">554CFE27588E9423F6E2C47A9640993B</resource>
<resource id="17" type="1" name="360">A8E18848F9EA6B3A299E1B6C805A7564</resource>
<resource id="18" type="1" name="370"></resource>
<resource id="19" type="1" name="380">0BA1831B7248135B589F5FDCD9B7CB9F</resource>
<resource id="19" type="1" name="380">DCC9157A17E21F817D3384818CEFDA0F</resource>
<resource id="19" type="1" name="380">D2D4506DB2896B8203998750A4010014</resource>
<resource id="19" type="1" name="380">C134274B538EE6DCEC8AF51297549355</resource>
<resource id="19" type="1" name="380">560F2FF1EDB5A5DD5CEA27A63C97A32B</resource>
<resource id="19" type="1" name="380">1BE7A9A07F9BEB7D9AA634EC9DCD7DE4</resource>
<resource id="19" type="1" name="380">E83070CA7104D41C9DBB4EB3956B94B5</resource>
<resource id="19" type="1" name="380">6CC98FDAB476552D89A6C810C9780248</resource>
<resource id="20" type="1" name="390">278767E0B269E408DC8AFFBE8EA44657</resource>
<resource id="20" type="1" name="390">BAB1CA8EFFB14E5C330B488965AB3050</resource>
<resource id="20" type="1" name="390">12D9198BAE7E3FF83A0A94F91191D73E</resource>
<resource id="20" type="1" name="390">75E2E64FBC4240B2F782A14A7D38FBF5</resource>
<resource id="22" type="1" name="">213F00823670FF279BCC72A79B0F00E3</resource>
<resource id="22" type="1" name="">F265AC589740F933A30F0AF7C4A048D6</resource>
<resource id="22" type="1" name="">D7ED7D03D3FE6F6505BEFA742304DBE6</resource>
<resource id="22" type="1" name="">5116A41F859EC654DD9BF609688CDCD1</resource>
<resource id="22" type="1" name="">8A407DC9759D8DD0C8B9B32E858CD63E</resource>
<resource id="22" type="1" name="">7D3CDB98C278F5E9E33389AC56BBA098</resource>
<resource id="22" type="1" name="">BE537B756D8E61AA684D75F46ED59685</resource>
<resource id="22" type="1" name="">43FB66072ADD8EB17ED080ACCCD6274F</resource>
<resource id="22" type="1" name="">11E050FA9184385D5D3EAEAD0028C659</resource>
<resource id="22" type="1" name="">BEF052A836721603944223065DF03278</resource>
<resource id="22" type="1" name="">DE6AD028F9014F7D62C3939EBA34C995</resource>
<resource id="22" type="1" name="">5EE01927605E4703CEE0F2E5D5812B90</resource>
<resource id="22" type="1" name="">86B067A58C669BF96610A854C15D2832</resource>
<resource id="22" type="1" name="">DE40ECFF2F08541E4A5A0D94470FFE86</resource>
<resource id="22" type="1" name="">C71D2B63FBE3F38BBA270A74853C64B4</resource>
<resource id="22" type="1" name="">7BD38937D4711B70B0B985F4F07FE8FD</resource>
<resource id="22" type="1" name="">6A13C17B50A406AFFF371A34E1B2C1AF</resource>
<resource id="23" type="1" name="">264EB6533830801B97488E747D891510</resource>
<resource id="23" type="1" name="">384A022AEBEFEC13B4218D882142DB1F</resource>
<resource id="23" type="1" name="">1016B022E1AB1094B4A0303761B8ED1F</resource>
<resource id="23" type="1" name="">C48F445A0E277DE95DF1014E61A75FCC</resource>
<resource id="23" type="1" name="">904C830A1260577B0780E72737777863</resource>
<resource id="23" type="1" name="">E663480F4094BF5C3CE27CD838EEBB0E</resource>
<resource id="24" type="1" name="">7CB87C9A0E0C15E8DA06336D44327D59</resource>
<resource id="25" type="1" name="">838D0D01192C393CD864CF8E7C391CD8</resource>
<resource id="25" type="1" name="">C1B6B44825A78BF2007808F813C4C25C</resource>
<resource id="25" type="1" name="">B4D9C8C7C549AEC53E5ED7D64349C783</resource>
<resource id="25" type="1" name="">63BDC75737FC8AAE202A5DBAFCF6CCF6</resource>
<resource id="25" type="1" name="">C8B08CDAF8B66217EC37DCEA2476C529</resource>
<resource id="25" type="1" name="">3872F93E6150BED21206FE2FE28618A5</resource>
<resource id="25" type="1" name="">0ED7649A7DE6DF5C640C9D6C7602A9DE</resource>
<resource id="26" type="1" name="">3B7DC7C94632D90387958DA410273467</resource>
<!-- manifests -->
<resource id="40" type="2" name="0">E16D70327CD8942745B3B399D8FAF30A</resource>
<resource id="40" type="2" name="0">4E541C7ED18BBD039CC07DAE957BFDAC</resource>
<resource id="40" type="2" name="0">56B9B0E1DB298119AD65CB5442791ED7</resource>
<resource id="40" type="2" name="0">B35DA7A899F8ECF7683B5FCE9A7F65F5</resource>
<resource id="40" type="2" name="0">EDEAFCF009FEEBA31F946506E1034CAF</resource>
<resource id="40" type="2" name="0">58F2BFCF0F3E0C1D62F5B7D72B5F40A1</resource>
<resource id="40" type="2" name="0">BD62B6F553A2D1D012CC53FC325221D2</resource>
<resource id="40" type="2" name="0">FF4C2C5BE3245F4C1BA2855987F1CDCF</resource>
<resource id="40" type="2" name="0">248EED9439A3553E10411A55D638B25F</resource>
</resources>
</xml>

282
static/PeStudio/settings.xml Normal file
View File

@ -0,0 +1,282 @@
<!-- This file is part of the pestudio solution (www.winitor.com)
This file contains general settings and the names of all XML files used by the solution.
Since pestudio does not write anything on the system it is running on, This file must be edited manually.-->
<xml version="1.0" encoding="utf-8">
<settings>
<setting>
<!-- 1: Enable, 0: Disable-->
<EnableDosStub>1</EnableDosStub>
<EnableDosHeader>1</EnableDosHeader>
<EnableFileHeader>1</EnableFileHeader>
<EnableOptionalHeader>1</EnableOptionalHeader>
<EnableDirectories>1</EnableDirectories>
<EnableSections>1</EnableSections>
<EnableImportedLibraries>1</EnableImportedLibraries>
<EnableImportedSymbols>1</EnableImportedSymbols>
<EnableExportedSymbols>1</EnableExportedSymbols>
<EnableExceptions>1</EnableExceptions>
<EnableRelocations>1</EnableRelocations>
<EnableThreadLocalStorage>1</EnableThreadLocalStorage>
<EnableCertificates>1</EnableCertificates>
<EnableResources>1</EnableResources>
<EnableStrings>1</EnableStrings>
<EnableDebug>1</EnableDebug>
<EnableManifest>1</EnableManifest>
<EnableVersion>1</EnableVersion>
<EnableFileSignature>1</EnableFileSignature>
<EnableOverview>1</EnableOverview>
<EnableOverlay>1</EnableOverlay>
<EnableOverlayScore>1</EnableOverlayScore>
<EnableXmlReport>1</EnableXmlReport>
<EnableOrdinalFunctionsMapping>1</EnableOrdinalFunctionsMapping>
<!-- 1: Show, 0: Hide -->
<ShowDosStub>1</ShowDosStub>
<ShowDosHeader>1</ShowDosHeader>
<ShowFileHeader>1</ShowFileHeader>
<ShowOptionalHeader>1</ShowOptionalHeader>
<ShowDirectories>1</ShowDirectories>
<ShowSections>1</ShowSections>
<ShowImportedLibraries>1</ShowImportedLibraries>
<ShowImportedSymbols>1</ShowImportedSymbols>
<ShowExportedSymbols>1</ShowExportedSymbols>
<ShowExceptions>1</ShowExceptions>
<ShowRelocations>1</ShowRelocations>
<ShowThreadLocalStorage>0</ShowThreadLocalStorage>
<ShowCertificates>1</ShowCertificates>
<ShowResources>1</ShowResources>
<ShowStrings>1</ShowStrings>
<ShowDebug>1</ShowDebug>
<ShowManifest>1</ShowManifest>
<ShowVersion>1</ShowVersion>
<ShowOverlay>1</ShowOverlay>
<ShowStringsOffset>0</ShowStringsOffset>
<!--
Set the default Item (in the left Tree) that should be shown when when an Image has loaded.
Possible values are:
0 (Image )
1 (Indicators )
2 (Virustotal )
3 (DOS Stub)
4 (DOS Header )
5 (File Header )
6 (Optional Header )
7 (Data Directories )
8 (Sections Headers )
9 (Imported Libraries )
10 (Imported Symbols )
11 (Exported Symbols)
12 (Resources)
13 (Strings)
14 (Version Information)
15 (Debug Information)
16 (Manifest)
17 (Exceptions)
18 (Thread Local Storage)
19 (Certificates)
20 (Relocations)
-->
<DefaultItem>7</DefaultItem>
<!--
1: Expand the Image when successfully opened
0: Compress the Image when successfully opened
-->
<ExpandImage>1</ExpandImage>
</setting>
</settings>
<!-- Settings related to VirusTotal functionality -->
<VirusTotal>
<!--
Set the "prefered" Virustotal Engine. Setting a "prefered" Engine will put the focus on it at the User Interface.
This features helps a fast identification of an Antivirus coverage of the malware analyzed.
Following (58) IDs will be used (Please do not modify theses IDs).
AVG = 1
AVware = 2
Ad-Aware = 3
AegisLab = 4
Agnitum = 5
AhnLab-V3 = 6
Aladdin
AntiVir = 7
Antiy-AVL = 8
Avast = 9
Baidu-International = 10
BitDefender = 11
Bkav = 12
Boost
BullGuard
ByteHero = 13
CAT-QuickHeal = 14
CMC = 15
ClamAV = 16
Commtouch = 17
Comodo = 18
DrWeb = 19
ESET-NOD32 = 20
Emsisoft = 21
eSafe = 22
F-Prot = 23
F-Secure = 24
Fortinet = 25
GData = 26
Ikarus = 27
Jiangmin = 28
K7AntiVirus = 29
K7GW = 30
Kaspersky = 31
KasperskyEndpoint
Kingsoft = 32
Malwarebytes = 33
McAfee = 34
McAfee-GW-Edition = 35
MicroWorld-eScan = 36
Microsoft = 37
Nano-Antivirus = 38
Norman = 39
nProtect = 40
Panda = 41
PcTools = 42
Qihoo-360 = 43
Rising = 44
SUPERAntiSpyware = 45
Sophos = 46
Symantec = 47
Tencent = 48
TheHacker = 49
TotalDefense = 50
TrendMicro = 51
TrendMicro-HouseCall= 52
VBA32 = 53
VIPRE = 54
ViRobot = 55
Zillya = 56
Zoner = 57
Cyren = 58
Avira = 59
ALYac = 60
Alibaba = 61
ReasonHeuristics
Outpost
QuickHeal
herdProtectFuzzy
BoostbyReason
Prevx
XVirus
Sunbelt
SafeCentral
WebWasherGateway
EmsisoftASquared
Filseclab
eTrustVet
STOPzilla
LavaSoft
MicrosoftSecurityEssentials
MicrosoftForefront
MicrosoftWindowsDefender
mSecure
Optenet
Prevention
Roboscan
SystemShield
Tencent
TrustPort
Twister
VexxGuard
ViRobot
VirusBokAda
VirusFighterPlus
ZoneAlarm
ZonerAntivirus
Zeobit
-->
<PreferedVirustotalEngine>0</PreferedVirustotalEngine>
<ShowVirusTotalLookup>1</ShowVirusTotalLookup>
<EnableVirusTotalLookup>1</EnableVirusTotalLookup>
</VirusTotal>
<Filters>
<!-- 0: Hide non-PE Images
1: Show non_PE Images -->
<Filter name="non_pe_image" id="0">0</Filter>
<!-- 0: Hide 32 bit Images
1: Show 32 bit Images -->
<Filter name="32bit" id="1">0</Filter>
<!-- 0: Hide 64 bit Images
1: Show 64 bit Images -->
<Filter name="64bit" id="2">0</Filter>
</Filters>
<WhiteSections>
<!--
1: Enable the detection WhiteList Sections
0: Disable the detection WhiteList Sections
-->
<Enable>1</Enable>
<sections>
<section>/4</section>
<section>/19</section>
<section>/35</section>
<section>/51</section>
<section>/63</section>
<section>/77</section>
<section>/89</section>
<section>/102</section>
<section>/113</section>
<section>/124</section>
<section>.textbss</section>
<section>.text</section>
<section>.bss</section>
<section>.rsrc</section>
<section>.rdata</section>
<section>.data</section>
<section>.idata</section>
<section>.idata2</section>
<section>.edata</section>
<section>.sdata</section>
<section>.reloc</section>
<section>.ndata</section>
<section>.sxdata</section>
<section>.tls</section>
<section>.pdata</section>
<section>.CRT</section>
<section>PAGE</section>
<section>DATA</section>
<section>BSS</section>
<section>INIT</section>
<section>CODE</section>
</sections>
</WhiteSections>
<XmlFiles>
<Thresholds>thresholds.xml</Thresholds>
<Features>features.xml</Features>
<Indicators>indicators.xml</Indicators>
<BlackListStrings>strings.xml</BlackListStrings>
<BlackListFunctions>functions.xml</BlackListFunctions>
<Languages>languages.xml</Languages>
<Translations>translations.xml</Translations>
<Signatures>signatures.xml</Signatures>
<KnownResources>resources.xml</KnownResources>
<WhiteListLibraries>whitelistlibraries.xml</WhiteListLibraries>
</XmlFiles>
</xml>

29105
static/PeStudio/signatures.xml Normal file
View File

File diff suppressed because it is too large Load Diff

3225
static/PeStudio/strings.xml Normal file
View File

File diff suppressed because it is too large Load Diff

302
static/PeStudio/thresholds.xml Normal file
View File

@ -0,0 +1,302 @@
<xml version="1.0" encoding="utf-8">
<!--
This file is part of the pestudio solution (www.winitor.com)
It contains the Thresholds used by the solution.-->
<settings>
<setting>
<enable>1</enable>
</setting>
</settings>
<thresholds>
<minimums>
<Image id="0">10240</Image>
<Header id="1">64</Header>
<DosStub id="2">20</DosStub>
<FileHeader id="3">20</FileHeader>
<OptionaHeader id="4">224</OptionaHeader>
<DataDirectory id="5">1</DataDirectory>
<String id="6">4</String>
<VersionInfo id="7">100</VersionInfo>
<BuiltinResource id="8">4</BuiltinResource>
<Code id="9">256</Code>
<Manifest id="10">80</Manifest>
<ResourceHtml id="11">128</ResourceHtml>
<CustomResource id="12">20</CustomResource>
<CustomDefault id="13">10</CustomDefault>
<DiskSection id="14">10</DiskSection>
<DigitalCertificate id="15">100</DigitalCertificate>
<InitializedData id="16">0</InitializedData>
<XY id="17"></XY>
<XY id="18"></XY>
<XY id="19"></XY>
<XY id="20"></XY>
<XY id="21"></XY>
<XY id="22"></XY>
<XY id="23"></XY>
<XY id="24"></XY>
<XY id="25"></XY>
<XY id="26"></XY>
<XY id="27"></XY>
<XY id="28"></XY>
<XY id="29"></XY>
<ImportedLibraries id="30">3</ImportedLibraries>
<ImportedSymbols id="31">10</ImportedSymbols>
<Sections id="32">1</Sections>
<ExportedSymbols id="33">0</ExportedSymbols>
<Strings id="34">100</Strings>
<Directories id="35">16</Directories>
<XXXXX id="36">2</XXXXX>
<EmptyDirectories id="37">15</EmptyDirectories>
<BlackListedStrings id="38">10</BlackListedStrings>
<VirustotalFileEnginesPositiv id="39">1</VirustotalFileEnginesPositiv>
<BlackListedImportedFunctions id="40">1</BlackListedImportedFunctions>
<BlackListedSectionNames id="41">1</BlackListedSectionNames>
<ObsolteteImportedFunctions id="42">1</ObsolteteImportedFunctions>
<HttpStrings id="43">0</HttpStrings>
<BlackListedExportedFunctions id="44">1</BlackListedExportedFunctions>
<UndocumentedFunctions id="45">1</UndocumentedFunctions>
<WritableAndExecutableSections id="46">0</WritableAndExecutableSections>
<ExecutableSections id="47">0</ExecutableSections>
<AntidebugFunctions id="48">0</AntidebugFunctions>
<OrdinalFunctions id="49">0</OrdinalFunctions>
<UnsafeFunctions id="50">0</UnsafeFunctions>
<ElevatedFunctions id="51">0</ElevatedFunctions>
<EmbeddedPeFiles id="52">0</EmbeddedPeFiles>
<RegisteredExceptionHandlers id="53">0</RegisteredExceptionHandlers>
<NamelessSections id="54">0</NamelessSections>
<SharedSections id="55">0</SharedSections>
<ResourceLanguages id="56">0</ResourceLanguages>
<SmtpStrings id="57">0</SmtpStrings>
<FtpStrings id="58">0</FtpStrings>
<RegexStrings id="59">0</RegexStrings>
<WindowsPrivilegesStrings id="60">0</WindowsPrivilegesStrings>
<OIDsStrings id="61">0</OIDsStrings>
<AntivirusStrings id="62">0</AntivirusStrings>
<VirustotalOverlayEnginesPositiv id="63">2</VirustotalOverlayEnginesPositiv>
<AvStrings id="64">0</AvStrings>
<PrivilegesStrings id="65">0</PrivilegesStrings>
<OidStrings id="66">0</OidStrings>
<AgentStrings id="67">0</AgentStrings>
<ExtensionStrings id="68">0</ExtensionStrings>
<SddlStrings id="69">0</SddlStrings>
<FolderStrings id="70">0</FolderStrings>
<GuidStrings id="71">0</GuidStrings>
<RegistryStrings id="72">0</RegistryStrings>
<OsStrings id="73">0</OsStrings>
<ProductsStrings id="74">0</ProductsStrings>
<SidStrings id="75">0</SidStrings>
<ProtocolStrings id="76">0</ProtocolStrings>
<FileExtensions id="77">0</FileExtensions>
<KeyboardKeys id="78">0</KeyboardKeys>
<DebugAge id="100">1</DebugAge>
<DebugTimeDateStampYear id="101">2009</DebugTimeDateStampYear>
<TimeDateStampYear id="102">2005</TimeDateStampYear>
<CertificateIssuerYear id="103">2009</CertificateIssuerYear>
<CertificateSubjectYear id="104">2009</CertificateSubjectYear>
<SecurityManagement id="150">0</SecurityManagement>
<Authorization id="151">0</Authorization>
<Registry id="152">0</Registry>
<MemoryManagement id="153">0</MemoryManagement>
<ToolHelp id="154">0</ToolHelp>
<Backup id="155">0</Backup>
<EventLogging id="156">0</EventLogging>
<EventTracing id="157">0</EventTracing>
<ErrorHandling id="158">0</ErrorHandling>
<DirectoryManagement id="159">0</DirectoryManagement>
<Debugging id="160">0</Debugging>
<Console id="161">0</Console>
<ImageHlp id="162">0</ImageHlp>
<Communication id="163">0</Communication>
<COM id="164">0</COM>
<SystemInformation id="165">0</SystemInformation>
<PackageQuery id="166">0</PackageQuery>
<Setup id="167">0</Setup>
<StructuredStorage id="168">0</StructuredStorage>
<Ddeml id="169">0</Ddeml>
<Clipboard id="170">0</Clipboard>
<WinINet id="171">0</WinINet>
<DynamicLibrary id="172">0</DynamicLibrary>
<ProcessAndThread id="173">1</ProcessAndThread>
<WinHttp id="174">1</WinHttp>
<Zw id="175">0</Zw>
<Rtl id="176">0</Rtl>
<Nt id="177">0</Nt>
<DhcpServerManagement id="178">0</DhcpServerManagement>
<NetworkManagement id="179">0</NetworkManagement>
<Dns id="180">0</Dns>
<MailSlot id="181">0</MailSlot>
<Rpc id="182">0</Rpc>
<Seh id="183">0</Seh>
<Service id="184">0</Service>
<FileManagement id="185">0</FileManagement>
<VideoCapture id="186">0</VideoCapture>
<Cabinet id="187">0</Cabinet>
<SingleInstanceStore id="188">0</SingleInstanceStore>
<PerformanceCounters id="189">0</PerformanceCounters>
<Atom id="190">0</Atom>
<DeviceManagement id="191">0</DeviceManagement>
<Ras id="192">0</Ras>
<RasScripting id="193">0</RasScripting>
<WinSnmp id="194">0</WinSnmp>
<RouterInformation id="195">0</RouterInformation>
<Ndr id="196">0</Ndr>
<PowerManagement id="197">0</PowerManagement>
<RemoteDesktop id="198">0</RemoteDesktop>
<Wlan id="199">0</Wlan>
<Snmp id="200">0</Snmp>
<WinDbgExt id="201">0</WinDbgExt>
<Dde id="202">0</Dde>
</minimums>
<maximums>
<Image id="0">10485760</Image>
<Header id="1">64</Header>
<DosStub id="2">2048</DosStub>
<FileHeader id="3">20</FileHeader>
<OptionaHeader id="4">260</OptionaHeader>
<DataDirectory id="5">16</DataDirectory>
<String id="6">256</String>
<VersionInfo id="7">6144</VersionInfo>
<BuiltinResource id="8">2000</BuiltinResource>
<Code id="9">-1</Code>
<Manifest id="10">3000</Manifest>
<ResourceHtml id="11">4096</ResourceHtml>
<CustomResource id="12">512000</CustomResource>
<CustomDefault id="13">512000</CustomDefault>
<DiskSection id="14">-1</DiskSection>
<DigitalCertificate id="15">8192</DigitalCertificate>
<InitializedData id="16">1048576</InitializedData>
<XY id="17"></XY>
<XY id="18"></XY>
<XY id="19"></XY>
<XY id="20"></XY>
<XY id="21"></XY>
<XY id="22"></XY>
<XY id="23"></XY>
<XY id="24"></XY>
<XY id="25"></XY>
<XY id="26"></XY>
<XY id="27"></XY>
<XY id="28"></XY>
<XY id="29"></XY>
<ImportedLibraries id="30">50</ImportedLibraries>
<ImportedSymbols id="31">500</ImportedSymbols>
<Sections id="32">15</Sections>
<ExportedSymbols id="33">3000</ExportedSymbols>
<Strings id="34">2000</Strings>
<Directories id="35">16</Directories>
<XXXXX id="36">24</XXXXX>
<EmptyDirectories id="37">15</EmptyDirectories>
<BlackListedStrings id="38">30</BlackListedStrings>
<VirustotalEnginesPositiv id="39">1</VirustotalEnginesPositiv>
<BlackListedImportedFunctions id="40">1</BlackListedImportedFunctions>
<BlackListedSectionNames id="41">1</BlackListedSectionNames>
<ObsolteteImportedFunctions id="42">5</ObsolteteImportedFunctions>
<HttpStrings id="43">5</HttpStrings>
<BlackListedExportedFunctions id="44">3</BlackListedExportedFunctions>
<UndocumentedFunctions id="45">3</UndocumentedFunctions>
<WritableAndExecutableSections id="46">0</WritableAndExecutableSections>
<ExecutableSections id="47">1</ExecutableSections>
<AntidebugFunctions id="48">1</AntidebugFunctions>
<OrdinalFunctions id="49">10</OrdinalFunctions>
<UnsafeFunctions id="50">5</UnsafeFunctions>
<ElevatedFunctions id="51">5</ElevatedFunctions>
<EmbeddedPeFiles id="52">1</EmbeddedPeFiles>
<RegisteredExceptionHandlers id="53">10</RegisteredExceptionHandlers>
<NamelessSections id="54">1</NamelessSections>
<SharedSections id="55">1</SharedSections>
<ResourceLanguages id="56">3</ResourceLanguages>
<SmtpStrings id="57">1</SmtpStrings>
<FtpStrings id="58">1</FtpStrings>
<RegexStrings id="59">1</RegexStrings>
<WindowsPrivilegesStrings id="60">1</WindowsPrivilegesStrings>
<OIDsStrings id="61">1</OIDsStrings>
<AntivirusStrings id="62">1</AntivirusStrings>
<VirustotalOverlayEnginesPositiv id="63">1</VirustotalOverlayEnginesPositiv>
<AvStrings id="64">1</AvStrings>
<PrivilegesStrings id="65">1</PrivilegesStrings>
<OidStrings id="66">1</OidStrings>
<AgentStrings id="67">1</AgentStrings>
<ExtensionStrings id="68">1</ExtensionStrings>
<SddlStrings id="69">1</SddlStrings>
<FolderStrings id="70">1</FolderStrings>
<GuidStrings id="71">1</GuidStrings>
<RegistryStrings id="72">1</RegistryStrings>
<OsStrings id="73">1</OsStrings>
<ProductsStrings id="74">1</ProductsStrings>
<SidStrings id="75">1</SidStrings>
<ProtocolStrings id="76">1</ProtocolStrings>
<FileExtensions id="77">5</FileExtensions>
<KeyboardKeys id="78">2</KeyboardKeys>
<DebugAge id="100">30</DebugAge>
<DebugTimeDateStampYear id="101">2015</DebugTimeDateStampYear>
<TimeDateStampYear id="102">2015</TimeDateStampYear>
<CertificateIssuerYear id="103">2013</CertificateIssuerYear>
<CertificateSubjectYear id="104">2013</CertificateSubjectYear>
<SecurityManagement id="150">1</SecurityManagement>
<Authorization id="151">1</Authorization>
<Registry id="152">1</Registry>
<MemoryManagement id="153">1</MemoryManagement>
<ToolHelp id="154">1</ToolHelp>
<Backup id="155">1</Backup>
<EventLogging id="156">1</EventLogging>
<EventTracing id="157">0</EventTracing>
<ErrorHandling id="158">1</ErrorHandling>
<DirectoryManagement id="159">1</DirectoryManagement>
<Debugging id="160">1</Debugging>
<Console id="161">1</Console>
<ImageHlp id="162">1</ImageHlp>
<Communication id="163">1</Communication>
<COM id="164">10</COM>
<SystemInformation id="165">5</SystemInformation>
<PackageQuery id="166">2</PackageQuery>
<Setup id="167">1</Setup>
<StructuredStorage id="168">3</StructuredStorage>
<Ddeml id="169">3</Ddeml>
<Clipboard id="170">3</Clipboard>
<WinINet id="171">3</WinINet>
<DynamicLibrary id="172">1</DynamicLibrary>
<ProcessAndThread id="173">1</ProcessAndThread>
<WinHttp id="174">1</WinHttp>
<Zw id="175">1</Zw>
<Rtl id="176">1</Rtl>
<Nt id="177">1</Nt>
<DhcpServerManagement id="178">1</DhcpServerManagement>
<NetworkManagement id="179">1</NetworkManagement>
<Dns id="180">1</Dns>
<MailSlot id="181">1</MailSlot>
<Rpc id="182">1</Rpc>
<Seh id="183">1</Seh>
<Service id="184">1</Service>
<FileManagement id="185">1</FileManagement>
<VideoCapture id="186">1</VideoCapture>
<Cabinet id="187">1</Cabinet>
<SingleInstanceStore id="188">1</SingleInstanceStore>
<PerformanceCounters id="189">1</PerformanceCounters>
<Atom id="190">1</Atom>
<DeviceManagement id="191">1</DeviceManagement>
<Ras id="192">1</Ras>
<RasScripting id="193">1</RasScripting>
<WinSnmp id="194">1</WinSnmp>
<RouterInformation id="195">1</RouterInformation>
<Ndr id="196">1</Ndr>
<PowerManagement id="197">1</PowerManagement>
<RemoteDesktop id="198">1</RemoteDesktop>
<Wlan id="199">1</Wlan>
<Snmp id="200">1</Snmp>
<WinDbgExt id="201">1</WinDbgExt>
<Dde id="202">1</Dde>
</maximums>
</thresholds>
</xml>

1397
static/PeStudio/translations.xml Normal file
View File

File diff suppressed because it is too large Load Diff

150
static/PeStudio/whitelistlibraries.xml Normal file
View File

@ -0,0 +1,150 @@
<!--
This file is part of the pestudio solution (www.winitor.com)
It contains the list of Images that will be detected as whitelisted by this solution.
-->
<xml version="1.0" encoding="utf-8">
<settings>
<setting>
<!--
1: Enable Whitelisting
0: Disable Whitelisting
-->
<enable>1</enable>
</setting>
</settings>
<libs>
<lib md5="">pestudio.exe</lib>
<lib md5="">pestudioprompt.exe</lib>
<lib md5="">peparser.dll</lib>
<lib md5="">sysmon.exe</lib>
<lib md5="">regjump.exe</lib>
<lib md5="">wget.exe</lib>
<lib md5="">write.exe</lib>
<lib md5="">procexp.exe</lib>
<lib md5="">autorunsc.exe</lib>
<lib md5="">autoruns.exe</lib>
<lib md5="">sigcheck.exe</lib>
<lib md5="3A582BF6FD39DC6A52AAF316126B40BA"></lib>
<lib md5="3B8A306B76EDEBB1897148A626B01B18"></lib>
<lib md5="AE4F49A47E42959D5E62E86653860A55"></lib>
<lib md5="827C0D36B22BFDBC8AB95B891687B19C"></lib>
<lib md5="42D58C5FA3AAA90B1E4D37E60E3B4414"></lib>
<lib md5="1685f978149d7ba8e039af9a4d5803c7"></lib>
<lib md5="CF8358CD12567B179AC8C2D2705CEFB7"></lib>
<lib md5="4099AA11ECDF111AEAAC5D0913C04C33"></lib>
<lib md5="CA93F62F8914379E34F5E2C0D412D5C7"></lib>
<lib md5="98C413E1A2FB6E5A4C101C25B3D0B275"></lib>
<lib md5="EE738FE9BCDD605821002CEC8C7206DB"></lib>
<lib md5="F7CC4EF1340AD8DF5959C056DF077C2F"></lib>
<lib md5="3C925CF43ADBC1C90E4F5DFD230111FD"></lib>
<lib md5="B3FDF6E7B0AECD48CA7E4921773FB606"></lib>
<lib md5="D5E37313F68ED509483286DAC8BDE28C"></lib>
<lib md5="6173C16AFC0DACD8DDD68913AC66DEEB"></lib>
<lib md5="15680D7B39C85A5F5D1AF1AD036BD7B3"></lib>
<lib md5="CB12CDFBC038C0A5756F0CD2244069E0"></lib>
<lib md5="371E896D818784934BD1456296B99CBE"></lib>
<lib md5="D081D5532D4DE8432B584D9E74B6E70B"></lib>
<lib md5="CD4EF5837EA80A902C5BBB357A666770"></lib>
<lib md5="5F2122888583347C9B81724CF169EFC6"></lib>
<lib md5="C191C746CD975CE2DD5F8B5E009F8385"></lib>
<lib md5="0222ABCC607EC3FFF3B5CA1E3EC06860"></lib>
<lib md5="A43B937C580F5DFC43EF63EF72992FE9"></lib>
<lib md5="DA24EDFC1D6C1B67C010D34652B7052F"></lib>
<lib md5="6098BA465FDF34F41E6DE0BAAC24F084"></lib>
<lib md5="2E4FDCAA39CE06CF8A4681A32C4A8D41"></lib>
<lib md5="FE2E5F179BD84F7F74D74F0982D603FA"></lib>
<lib md5="29120094728D4FCD7C13B0E0CC83E27C"></lib>
<lib md5="2EBBBFC120593C683796092F2DDA0EFC"></lib>
<lib md5="FE0E4CB610E10ED9BD4BD00F789D3F39"></lib>
<lib md5="1F6C145CDE15AED0DF45E0BB27E8AF4F"></lib>
<lib md5="1BCE2C02487972FF0D5E6702D79E7A75"></lib>
<lib md5="A51D90F2F9394F5EA0A3ACAE3BD2B219"></lib>
<lib md5="130F7190FA9C17F6C88B103A9B93D930"></lib>
<lib md5="970B99F2A41DD92E771806EE9A22217D"></lib>
<lib md5="60D4712EB290E5818B84AB51DD8D7B5E"></lib>
<lib md5="EC44C778A64DCD18BC98A7316E4664F0"></lib>
<lib md5="3539A6D037A61F395BDE4BE99AC8759E"></lib>
<lib md5="7E1CF52C347D8755E5CA5ED0E99B401E"></lib>
<lib md5="28BA63403FF070AFF7FABCA51ED7E606"></lib>
<lib md5="DC6612A9EE015A36BA2A27BC9CC12537"></lib>
<lib md5="2B9C29DE5729E5872CFAD16A69CCB5F7"></lib>
<lib md5="114E51EDCEEE385EDC6499E02A4307AA"></lib>
<lib md5="A09533A0395A06F47143CAFB6DCED04A"></lib>
<lib md5="A24743B58E597C95F71E22C8114D47A5"></lib>
<lib md5="5EEFF69B73FAFDA869268FDFDB8EC868"></lib>
<lib md5="0E3A80E445B6B68938E1BCBDFCE6FAD9"></lib>
<lib md5="AB11CEFE591909A85E98E27A230807C7"></lib>
<lib md5="713AD4CCD878ADF5C32938DB27BB632A"></lib>
<lib md5="FF89AC4A986B1B60EEA28CE8250AA726"></lib>
<lib md5="EBAE5AD60603BA61CADFDADA4B1AD295"></lib>
<lib md5="8873CADF101E4552E913F02A46ABE47A"></lib>
<lib md5="F5F647C9D26434FE2960A807FE65AE40"></lib>
<lib md5="2309E09B6B5668E9219C85E33B970FB7"></lib>
<lib md5="9E43D1A02DB51CEAD74B691EDE7327F4"></lib>
<lib md5="790616CF7854D0F8E0773B894262AA00"></lib>
<lib md5="CE8272F2C211F9FD407929CDDE8D1158"></lib>
<lib md5="15CF9B9C8FE7D7DD8EC835156AE3C52A"></lib>
<lib md5="6BD4D7F68924301051C22E8A951AECBA"></lib>
<lib md5="F157D08FD3EA1CAE564325F09C602FD1"></lib>
<lib md5="506708142BC63DABA64F2D3AD1DCD5BF"></lib>
<lib md5="BE19B603DFBAA829EE5B7749B3BA97DB"></lib>
<lib md5="EB1BAFF8F350C9297B284AFF6DFE22E0"></lib>
<lib md5="685824CAFB264AEED32A0D2126A019CB"></lib>
<lib md5="E2BB7AE580B4E6322289B11910E0E947"></lib>
<lib md5="3E5223A6AC897D866ACBD2D9DB6DB688"></lib>
<lib md5="64E56206F4E7124D8120D1B8F3F9160E"></lib>
<lib md5="7771F2D9DC83ED055D78424003B01DC4"></lib>
<lib md5="A1BEDC839FDC2E388A7F40B42F67A8AB"></lib>
<lib md5="FA65486D908171A7B9430A755300C028"></lib>
<lib md5="F400669EA3A973DC17C47AEC332A7D52"></lib>
<lib md5="1D8732BE4EB5DC5FBFA81C1289E7D6CB"></lib>
<lib md5="9B183AC0B0C513529D1E42EFD785106A"></lib>
<lib md5="E4DA42310D5D50867E98B6F2D8615CF0"></lib>
<lib md5="37BF71F8BBB696CB0FF0DB9002E31696"></lib>
<lib md5="C95086DFD00FFC4760C53E77BA0A8FB0"></lib>
<lib md5="9085758A20D78FFC737DB9FDA4CF2ECA"></lib>
<lib md5="F0F08D038581E91CA896F3B43E4516BD"></lib>
<lib md5="8D4AEC178A5C121D42AF14A59772577E"></lib>
<lib md5="86316BE34481C1ED5B792169312673FD"></lib>
<lib md5="A5DAD332DDD9326AE54448409089A189"></lib>
<lib md5="1AF01465AE9B8874D76B3B90A74DB698"></lib>
<lib md5="DBE287EB8D58E6322E9FB67110ED7122"></lib>
<lib md5="4BB95452EBB8080A794EE35341DD8DF6"></lib>
<lib md5="76043D9C27E08083AE3C2B5C5EA42E10"></lib>
<lib md5="EE738FE9BCDD605821002CEC8C7206DB"></lib>
<lib md5="0A8E209F3C1D1FB6889465D1019CC5BF"></lib>
<lib md5="8CC3C111D653E96F3EA1590891491D71"></lib>
<lib md5="B6051FDAB7DC811A2D6BE64A1579C735"></lib>
<lib md5="E72EFF1B793FE064F068E715EFB1B5CD"></lib>
<lib md5="0D50C42B88C74468D05EC4E228A5DAD3"></lib>
<lib md5="FC9015FC4596D90BFE0547AB96CB21B3"></lib>
<lib md5="76F3F6E03493DD045882AB730DDFF01D"></lib>
<lib md5="0A2039089376CED5A837E9969BC8E8C5"></lib>
<lib md5="D867517D8D6F4552FDFAA6934CAB969A"></lib>
<lib md5="9E9542A6DDF96AD1BF5070A27012D8D5"></lib>
<lib md5="105AC81F0A96544EB91CE67357DFC1BD"></lib>
<lib md5="A75BBFE51F2495BCE794BB5A943B4838"></lib>
<lib md5="6F850E6A06193716EFDA5104A36C3559"></lib>
<lib md5="079C6220DF781658844CC779F266BE77"></lib>
<lib md5="7A0DFC5353FF6DE7DE0208A29FA2FFC9"></lib>
<lib md5="EAD0CA54B72489FFD5D591DA606D3D43"></lib>
<lib md5="7F0F927BA0C05CEC33611819D8D1C34F"></lib>
<lib md5="8C10B48AA8FD9B56208D945B4E1EA028"></lib>
<lib md5="ABDDE302FBCED922DBE4E7294FAFEE06"></lib>
<lib md5="D2C97F9FECF037C69B37E5C289136A47"></lib>
<lib md5="98C46778FE9B96B73E1B0ECFF17E0DB5"></lib>
<lib md5="F5A342E2A5173FCB363ECEF75812EB5C"></lib>
<lib md5="B1D332585A6AAD3EF3D8A10A48FF8A3B"></lib>
<lib md5="7043AB955770A79916E0BE2E298C21DA"></lib>
<lib md5="C74259CD6EE524E3833CCE1291A7BF81"></lib>
<lib md5="2D55C5E512B6AC22FE9999B91BABEC38"></lib>
<lib md5="AC0A46FE6CF7A7A894EAF278E25FDF97"></lib>
<lib md5="F78A34C2E5A57A4B2667CF3FD5253ABB"></lib>
<lib md5="CC9605F35F87E1CB0D6F4321D390F73A"></lib>
<lib md5="08F489B5A7B1D6966B36D7C126B96B53"></lib>
<lib md5="E6CE0287A0715A518716092F309915F3"></lib>
</libs>
</xml>

BIN
static/Ping4Life/Ping for life.exe Normal file
View File

Binary file not shown.

79
static/Ping4Life/Ping_For_Life.config Normal file
View File

@ -0,0 +1,79 @@
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup">
<section name="Ping_For_Life.Properties.Settings" type="System.Configuration.ClientSettingsSection" />
</sectionGroup>
</configSections>
<userSettings>
<Ping_For_Life.Properties.Settings>
<setting name="s_maxlogrows" serializeAs="String">
<value>1000</value>
</setting>
<setting name="s_tabla" serializeAs="String">
<value>192.168.1.1,Started,75,0 (0%),75 (100%),3/18/2014 2:17:26 PM,0 Days 00:05:10,0,0,0,Never,0 Days 00:05:07,;192.168.1.2,Started,126,105 (83%),21 (17%),3/18/2014 2:17:35 PM,0 Days 00:05:01,0,845,8.05,3/18/2014 2:22:34 PM,0 Days 00:01:25,845;192.168.1.3,Started,72,0 (0%),72 (100%),3/18/2014 2:17:39 PM,0 Days 00:04:57,0,0,0,Never,0 Days 00:04:54,;192.168.1.4,Started,71,0 (0%),71 (100%),3/18/2014 2:17:43 PM,0 Days 00:04:53,0,0,0,Never,0 Days 00:04:50,;192.168.1.11,Started,62,49 (79%),13 (21%),3/18/2014 2:17:54 PM,0 Days 00:04:42,0,0,0,3/18/2014 2:22:34 PM,0 Days 00:00:52,0;192.168.1.12,Started,120,105 (88%),15 (12%),3/18/2014 2:18:00 PM,0 Days 00:04:36,0,0,0,3/18/2014 2:22:34 PM,0 Days 00:01:00,0;192.168.1.13,Started,116,98 (84%),18 (16%),3/18/2014 2:18:02 PM,0 Days 00:04:34,0,757,7.72,3/18/2014 2:22:34 PM,0 Days 00:01:12,757;</value>
</setting>
<setting name="s_sendmailuser" serializeAs="String">
<value>
</value>
</setting>
<setting name="s_taskbaricon" serializeAs="String">
<value>Unchecked</value>
</setting>
<setting name="s_buffer" serializeAs="String">
<value>32</value>
</setting>
<setting name="s_bookmarks" serializeAs="String">
<value>
</value>
</setting>
<setting name="s_sendmail" serializeAs="String">
<value>Unchecked</value>
</setting>
<setting name="s_timeout" serializeAs="String">
<value>10000</value>
</setting>
<setting name="s_sound" serializeAs="String">
<value>Unchecked</value>
</setting>
<setting name="s_sendmailpass" serializeAs="String">
<value>0nEhVUzzd60=</value>
</setting>
<setting name="s_ttl" serializeAs="String">
<value>64</value>
</setting>
<setting name="s_soundpath" serializeAs="String">
<value>
</value>
</setting>
<setting name="s_windowseventlog" serializeAs="String">
<value>Unchecked</value>
</setting>
<setting name="s_interval" serializeAs="String">
<value>2000</value>
</setting>
<setting name="s_toast" serializeAs="String">
<value>Unchecked</value>
</setting>
<setting name="s_sendmailsmtp" serializeAs="String">
<value>
</value>
</setting>
<setting name="s_sendmailfrom" serializeAs="String">
<value>
</value>
</setting>
<setting name="s_prealertlost" serializeAs="String">
<value>3</value>
</setting>
<setting name="s_lang" serializeAs="String">
<value>
</value>
</setting>
<setting name="s_sendmailto" serializeAs="String">
<value>
</value>
</setting>
</Ping_For_Life.Properties.Settings>
</userSettings>
</configuration>

2
static/Ping4Life/Readme.txt Normal file
View File

@ -0,0 +1,2 @@
Requirements:
.Net Framework 3.5 SP1

BIN
static/Ping4Life/es/Ping for life.resources.dll Normal file
View File

Binary file not shown.

66
static/ProcMon/Eula.txt Normal file
View File

@ -0,0 +1,66 @@
SYSINTERNALS SOFTWARE LICENSE TERMS
These license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you. Please read them. They apply to the software you are downloading from Systinternals.com, which includes the media on which you received it, if any. The terms also apply to any Sysinternals
* updates,
* supplements,
* Internet-based services, and
* support services
for this software, unless other terms accompany those items. If so, those terms apply.
BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE.
If you comply with these license terms, you have the rights below.
1. INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.
2. SCOPE OF LICENSE. The software is licensed, not sold. This agreement only gives you some rights to use the software. Sysinternals reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways.
You may not:
* work around any technical limitations in the binary versions of the software;
* reverse engineer, decompile or disassemble the binary versions of the software, except and only to the extent that
applicable law expressly permits, despite this limitation;
* make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;
* publish the software for others to copy;
* rent, lease or lend the software;
* transfer the software or this agreement to any third party; or
* use the software for commercial software hosting services.
3. DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal, reference purposes.
4. EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting.
5. SUPPORT SERVICES. Because this software is <20>as is,<2C> we may not provide support services for it.
6. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.
7. APPLICABLE LAW.
a. United States. If you acquired the software in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.
b. Outside the United States. If you acquired the software in any other country, the laws of that country apply.
8. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the software. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.
9. DISCLAIMER OF WARRANTY. THE SOFTWARE IS LICENSED <20>AS-IS.<2E> YOU BEAR THE RISK OF USING IT. SYSINTERNALS GIVES NO EXPRESS WARRANTIES, GUARANTEES OR CONDITIONS. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, SYSINTERNALS EXCLUDES THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
10. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM SYSINTERNALS AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to
* anything related to the software, services, content (including code) on third party Internet sites, or third party programs; and
* claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.
It also applies even if Sysinternals knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.
Please note: As this software is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French.
Remarque : Ce logiciel <20>tant distribu<62> au Qu<51>bec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en fran<61>ais.
EXON<EFBFBD>RATION DE GARANTIE. Le logiciel vis<69> par une licence est offert <20> tel quel <20>. Toute utilisation de ce logiciel est <20> votre seule risque et p<>ril. Sysinternals n<>accorde aucune autre garantie expresse. Vous pouvez b<>n<EFBFBD>ficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualit<69> marchande, d<>ad<61>quation <20> un usage particulier et d<>absence de contrefa<66>on sont exclues.
LIMITATION DES DOMMAGES-INT<4E>R<EFBFBD>TS ET EXCLUSION DE RESPONSABILIT<49> POUR LES DOMMAGES. Vous pouvez obtenir de Sysinternals et de ses fournisseurs une indemnisation en cas de dommages directs uniquement <20> hauteur de 5,00 $ US. Vous ne pouvez pr<70>tendre <20> aucune indemnisation pour les autres dommages, y compris les dommages sp<73>ciaux, indirects ou accessoires et pertes de b<>n<EFBFBD>fices.
Cette limitation concerne :
* tout ce qui est reli<6C> au logiciel, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers ; et
* les r<>clamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit<69> stricte, de n<>gligence ou d<>une autre faute dans la limite autoris<69>e par la loi en vigueur.
Elle s<>applique <20>galement, m<>me si Sysinternals connaissait ou devrait conna<6E>tre l<><6C>ventualit<69> d<>un tel dommage. Si votre pays n<>autorise pas l<>exclusion ou la limitation de responsabilit<69> pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l<>exclusion ci-dessus ne s<>appliquera pas <20> votre <20>gard.
EFFET JURIDIQUE. Le pr<70>sent contrat d<>crit certains droits juridiques. Vous pourriez avoir d<>autres droits pr<70>vus par les lois de votre pays. Le pr<70>sent contrat ne modifie pas les droits que vous conf<6E>rent les lois de votre pays si celles-ci ne le permettent pas.

BIN
static/ProcMon/Procmon.exe Normal file
View File

Binary file not shown.

BIN
static/ProcMon/procmon.chm Normal file
View File

Binary file not shown.

BIN
static/Psiphon/psiphon3.exe Normal file
View File

Binary file not shown.

BIN
static/QtRadio/D3DCompiler_43.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/Qt5Core.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/Qt5Gui.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/Qt5Multimedia.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/Qt5Network.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/Qt5Widgets.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/QtRadio.exe Normal file
View File

Binary file not shown.

BIN
static/QtRadio/icudt49.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/icuin49.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/icuuc49.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/libEGL.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/libGLESv2.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/libgcc_s_sjlj-1.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/libortp-8.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/libsamplerate-0.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/libstdc++-6.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/libwinpthread-1.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/platforms/qminimal.dll Normal file
View File

Binary file not shown.

BIN
static/QtRadio/platforms/qwindows.dll Normal file
View File

Binary file not shown.

BIN
static/SatGenNMEAFree/SatGenNMEA.exe Normal file
View File

Binary file not shown.

12
static/SatGenNMEAFree/SatGenNMEA.ini Normal file
View File

@ -0,0 +1,12 @@
[Alamanc]
filename=\gpstools\179.alm
[Output update rate]
Hz=20
[Com port]
port=1
[Include VTG]
VTG=0
[HDT only]
HDT=0
[Baud rate]
Baud=7

BIN
static/Universal-USB-Installer/Universal-USB-Installer-1.9.7.8.exe Normal file
View File

Binary file not shown.

BIN
static/WinFlashTool.exe Normal file
View File

Binary file not shown.

30
static/bluetoothview/BluetoothView.cfg Normal file
View File

@ -0,0 +1,30 @@
[General]
MarkOddEvenRows=0
ShowGridLines=0
SaveFilterIndex=0
ShowInfoTip=1
TrayIcon=1
SortOnEveryUpdate=1
DisplayBalloonOnNewDevice=0
OpenWindowOnNewDevice=0
BeepOnNewDevice=1
MarkNewDevices=1
DevicesAlertOnlyWithDesc=0
AutoSetDeviceDescription=1
UpdateRate=1
NewDeviceExecute=
UseNewDeviceExecute=0
NewDeviceSpeak=%device_desc% is here
UseNewDeviceSpeak=0
UseCustomTimeoutValue=0
CustomTimeoutValue=5
AddExportHeaderLine=1
UseLogFile=0
LogFilename=bluetooth_log.txt
StartAsHidden=0
CustomNewDeviceSound=0
CustomNewDeviceSoundFile=
HidePairedDevices=0
WinPos=2C 00 00 00 00 00 00 00 01 00 00 00 00 83 FF FF 00 83 FF FF FF FF FF FF FF FF FF FF 72 00 00 00 1F 00 00 00 10 05 00 00 CE 03 00 00
Columns=82 00 00 00 82 00 01 00 82 00 02 00 64 00 03 00 64 00 04 00 78 00 05 00 78 00 06 00 64 00 07 00 64 00 08 00 64 00 09 00 50 00 0A 00 50 00 0B 00 50 00 0C 00 B4 00 0D 00 96 00 0E 00
Sort=0

BIN
static/bluetoothview/BluetoothView.chm Normal file
View File

Binary file not shown.

BIN
static/bluetoothview/BluetoothView.exe Normal file
View File

Binary file not shown.

44
static/bluetoothview/BluetoothView_Desc.ini Normal file
View File

@ -0,0 +1,44 @@
[Descriptions]
00:03:7a:c8:0c:bb=NML-43644D41AE2
04:76:6e:6e:f3:28=NISSAN-PC
30:52:cb:8a:83:d5=USLH253809
30:52:cb:8a:7b:3b=USLH253564
30:52:cb:8a:84:1f=USLH253633
80:00:0b:f7:03:4a=3-PC
30:52:cb:8a:84:32=USLH253707
00:22:43:a8:33:68=NETBOOK-SPALT
00:22:43:a8:3f:9f=NETBOOK1
8c:85:90:4e:b1:66=Chad MacBook Pro
74:df:bf:d4:3a:d4=USLH006065
00:1a:7d:da:71:13=ale6-0
30:52:cb:8a:83:d3=USLH253694
30:52:cb:8a:6e:2a=USLH253675
30:52:cb:8a:6e:26=USLH253681
74:df:bf:d4:fb:b5=USLH006205
f0:d5:bf:64:1f:5d=PC-4
30:52:cb:8a:7b:32=USLH253572
30:52:cb:8a:6b:6b=USLH253487
60:64:05:c0:70:60=SP90m_405378
30:52:cb:8a:83:d7=USLH253693
74:df:bf:d4:3f:0b=USLH005746
5c:93:a2:87:fc:60=CKNB43080
74:df:bf:d4:57:68=JPUH014787
30:52:cb:e4:db:50=USLH255001
30:52:cb:8a:83:a2=USLH253801
d0:8a:55:9b:5f:a7=JIB Wireless
30:52:cb:8a:7b:68=USLH253589
f0:d5:bf:78:d0:ec=PLY8F793A
92:3d:5e:d6:08:b2=MyMe H11 Plus
88:bd:45:1b:78:6c=Galaxy S9+
60:72:0b:e4:a6:d5=James G9
98:09:cf:20:2e:3d=OnePlus 6T
b8:41:a4:68:5e:24=Captain
fc:2a:9c:a7:ed:e7=iPhone
08:ae:d6:c9:3a:a6=Galaxy Note9
d4:3b:04:dd:68:a4=USUH101450
f0:7b:cb:9d:44:04=NETBOOK
28:c2:dd:f4:c3:c2=TEST-PC
64:a2:f9:12:1b:d1=OnePlus 6
98:ca:33:5b:e5:e1=iPhone
d8:8f:76:a8:bd:98=Joshua<EFBFBD>s iPhone
00:80:98:26:ba:ad=WindowsCE

310
static/bluetoothview/readme.txt Normal file
View File

@ -0,0 +1,310 @@
BluetoothView v1.66
Copyright (c) 2008 - 2013 Nir Sofer
Web site: http://www.nirsoft.net
Description
===========
BluetoothView is a small utility that runs in the background, and monitor
the activity of Bluetooth devices around you. For each detected Bluetooth
device, it displays the following information: Device Name, Bluetooth
Address, Major Device Type, Minor Device Type, First Detection Time, Last
Detection Time, and more.
BluetoothView can also notify you when a new Bluetooth device is
detected, by displaying a balloon in your taskbar or by playing a small
beep sound.
Versions History
================
* Version 1.66:
o Added 'Mark Odd/Even Rows' option, under the View menu. When it's
turned on, the odd and even rows are displayed in different color, to
make it easier to read a single line.
o Added 'Auto Size Columns+Headers' option, which allows you to
automatically resize the columns according to the row values and
column headers.
* Version 1.65:
o Added 'Hide Paired Devices' option. Paired deviced are usually
detected even when they are not active, so this option allows you to
hide them.
* Version 1.61:
o Fixed the problem with invalid % character on the .xml file.
* Version 1.60:
o Added option to choose audio file to play when a new bluetooth
device is detected (In Advanced Options), instead of using the
default beep sound of Windows.
* Version 1.55:
o Added 'Start As Hidden' option. When this option and 'Put Icon On
Tray' option are turned on, the main window of BluetoothView will be
invisible on start.
* Version 1.50:
o Added 2 new columns: 'No Detection Counter' and '% Detection'
o Added support for saving the Bluetooth activity into a log file.
A new log line is added when a device is detected for at least 5
Bluetooth scans (Device Arrival) and when a device is not detected
anymore, for 5 Bluetooth scans ('Device Left' lines). You can
activate the log file feature in the 'Advanced Options' window (F9).
* Version 1.41 - Added /try_to_connect command-line option for testing
the ability to connect to specific bluetooth device.
* Version 1.40 - Added 'Add Header Line To CSV/Tab-Delimited File'
option. When this option is turned on, the column names are added as
the first line when you export to csv or tab-delimited file.
* Version 1.37 - Fixed issue: Removed the wrong encoding from the xml
string, which caused problems to some xml viewers.
* Version 1.36 - Fixed bug: BluetoothView didn't loaded the oui.txt
filename when using it from command-line.
* Version 1.35 - Added custom timeout value (In 'Advanced Options').
* Version 1.31 - Added command-line option for sorting (/sort).
* Version 1.30 - Added command-line support for saving Bluetooth
devices list to a file.
* Version 1.25 - Added 'Speak the following text when a new bluetooth
device is detected' in advanced options. When this option is enabled,
BluetoothView will speak the desired text by using Windows SAPI when a
new device is detected.
* Version 1.20 - Added 'Try To Connect' option. (See below)
* Version 1.15 - New Option: Execute a command when a new Bluetooth
device is detected. (In 'Advanced Options')
* Version 1.11 - Added update rate (low/medium/high)
* Version 1.10 - Added 'Company Name' column (see below)
* Version 1.06 - Added new option: Select Another Font.
* Version 1.05 - Fixed bug: The main window lost the focus when the
user switched to another application and then returned back to
BluetoothView.
* Version 1.04 - Fixed bug in saving as comma-delimited file when
description or name fields contained comma character.
* Version 1.03 - Added support for saving as comma-delimited file.
* Version 1.02 - Added 'Automatically Set Device Description' option.
* Version 1.01 - Added 'Remove Selected Items' option. (The removed
items will be considered as new in the next time that BluetoothView
detect them)
* Version 1.00 - First release.
What can you do with BluetoothView ?
====================================
If you have neighbors or family members that use a cellular phone with
Bluetooth turned on:
* You can easily know when they come home and when they leave, by using
the 'First Detected On' and 'Last Detected On' fields.
* Each time that a new device is detected, BluetoothView automatically
displays an alert as a balloon in your taskbar. This means that you can
detect when your neighbors/friends/family members are coming even
before they knock on your door...
System Requirements
===================
* Bluetooth Dongle and device driver that works with the standard
Bluetooth module of Windows XP/Vista/Windows 7.
* Windows XP/SP2, Windows Vista, or Windows 7. Other versions of
Windows don't provide a build-in support for Bluetooth, and thus
BluetoothView cannot work with them.
Start Using BluetoothView
=========================
BluetoothView doesn't require any installation process or additional DLL
files. In order to start using it, simply copy the executable file
(BluetoothView.exe) to any folder you like, and run it.
A few seconds after you run it, BluetoothView will start to gradually
display all detected Bluetooth around you.
The 'Company Name' Column
=========================
Starting from version 1.10, BluetoothView allows you to view the company
name of each BluetoothView device. The company name is determined
according to the Bluetooth address. However, in order to get this
feature, you must download the following external file, and put in the
same folder of BluetoothView.exe:
http://standards.ieee.org/develop/regauth/oui/oui.txt
Be aware that you must save it as 'oui.txt'
The Description Column
======================
In addition to the name of Bluetooth device, you can set your own short
description to allow you to easily detect the device in the future. The
description that you set will also be displayed in the taskbar balloon,
when the device is detected as a new one.
In order to set a description, double-click the desired item, and in the
'Description' field, simply type the description text and click 'OK'.
Custom Timeout Value
====================
In 'Advanced Options' window, you can set a custom timeout value for the
bluetooth scanning. The timeout value is defined in units of 1.28
seconds. If you set a low timeout value (around 5), the scanning process
will be relatively fast, but there is a risk that some bluetooth devices
won't be detected, esepcially if they are located in a greater distance.
If you set a relatively high timeout value (15 or more), the scanning
process will be slow, but the device detection will work a little better.
Connecting To Bluetooth Device
==============================
Starting from version 1.20, BluetoothView allows you to connect the
desired Bluetooth devices. BluetoothView doesn't send any information to
the device, it only tries to connect the device for testing purposes, and
then closes the connection.
When you choose the 'Try To Connect' option, BluetoothView automatically
send a connection request to the selected devices. On the device, you
should get a qesution like "Do you want to accept data from xyz". If you
choose yes, the connection will be succeeded. Otherwise it'll be failed.
The connection result is displayed in the 'Connection Result' column
More Tips For Using BluetoothView
=================================
You can use the 'Hide Main Window' option for hiding the main window of
BluetoothView. When you want to show back the main window, simply
double-click the tray icon. While the main window is hidden,
BluetoothView will display a balloon alert on each time that a new
Bluetooth device is detected. If you want to clear all current Bluetooth
devices that are currently displayed and start the Bluetooth detection
from the beginning, simply use the 'Reset' option.
Command-Line Options
====================
You can use the following command-line options for saving Bluetooth
information to a file, without displaying any user interface. Be aware
that you have to wait around 15 - 20 seconds until the file is saved. You
can also use the /try_to_connect parameter for testing a connection to
your Bluetooth device.
/try_to_connect <MAC Address>
Try to connect to a specific Bluetooth device. If the connect process was
successful, the .exe returns 0. Otherwise, it returns error code.
Example:
BluetoothView.exe /try_to_connect 00:23:05:a1:22:f1
/stext <Filename>
Save the list of Bluetooth devices into a regular text file.
/stab <Filename>
Save the list of Bluetooth devices into a tab-delimited text file.
/scomma <Filename>
Save the list of Bluetooth devices into a comma-delimited text file (csv).
/stabular <Filename>
Save the list of Bluetooth devices into a tabular text file.
/shtml <Filename>
Save the list of Bluetooth devices into HTML file (Horizontal).
/sverhtml <Filename>
Save the list of Bluetooth devices into HTML file (Vertical).
/sxml <Filename>
Save the list of Bluetooth devices into XML file.
/sort <column>
This command-line option can be used with other save options for sorting
by the desired column. If you don't specify this option, the list is
sorted according to the last sort that you made from the user interface.
The <column> parameter can specify the column index (0 for the first
column, 1 for the second column, and so on) or the name of the column,
like "Address" and "Description". You can specify the '~' prefix
character (e.g: "~Major Device Type") if you want to sort in descending
order. You can put multiple /sort in the command-line if you want to sort
by multiple columns.
Examples:
BluetoothView.exe /shtml "f:\temp\bt.html" /sort 2 /sort ~1
BluetoothView.exe /shtml "f:\temp\bt.html" /sort "Major Device Type"
/sort "Minor Device Type"
/nosort
When you specify this command-line option, the list will be saved without
any sorting.
Translating BluetoothView to other languages
============================================
In order to translate BluetoothView to other language, follow the
instructions below:
1. Run BluetoothView with /savelangfile parameter:
BluetoothView.exe /savelangfile
A file named BluetoothView_lng.ini will be created in the folder of
BluetoothView utility.
2. Open the created language file in Notepad or in any other text
editor.
3. Translate all string entries to the desired language. Optionally,
you can also add your name and/or a link to your Web site.
(TranslatorName and TranslatorURL values) If you add this information,
it'll be used in the 'About' window.
4. After you finish the translation, Run BluetoothView, and all
translated strings will be loaded from the language file.
If you want to run BluetoothView without the translation, simply
rename the language file, or move it to another folder.
License
=======
This utility is released as freeware. You are allowed to freely
distribute this utility via floppy disk, CD-ROM, Internet, or in any
other way, as long as you don't charge anything for this. If you
distribute this utility, you must include all files in the distribution
package, without any modification !
Disclaimer
==========
The software is provided "AS IS" without any warranty, either expressed
or implied, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. The author will not
be liable for any special, incidental, consequential or indirect damages
due to loss of data or any other reason.
Feedback
========
If you have any problem, suggestion, comment, or you found a bug in my
utility, you can send a message to nirsofer@yahoo.com

BIN
static/dasmx140/Checksum.exe Normal file
View File

Binary file not shown.

4687
static/dasmx140/DASMx.htm Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
static/dasmx140/DASMx.pdf Normal file
View File

Binary file not shown.

BIN
static/dasmx140/Dasmx.exe Normal file
View File

Binary file not shown.

167
static/dasmx140/examples/ebcgame.sym Normal file
View File

@ -0,0 +1,167 @@
;
; Symbol file for Bally Game CPU
; ==============================
;
; Eight Ball Champ game ROM (U3)
; ==============================
;
; Peter J.C.Clare, 9th January 2000
;
;=============================================================================
;
; Symbol file syntax
; ~~~~~~~~~~~~~~~~~~
;
; A symbol file may contain the following commands:
;
; Define the CPU type
; cpu 6800 | 6801 | 6802 | 6803 | 6808 | 6809
;
; Define a symbol corresponding to a value (usually an address)
; symbol <value> <name>
;
; Define a location that contains a word pointing to a code entry
; (for example, the reset entry point)
; vector <address> <vector name> [<destination name>]
;
; Define a table of vectors (i.e. a jump table) of length <count>
; Each vector will be used as a code entry point if threading is used.
; vectab <address> <name> [<count>]
;
; Define a code entry point (for code threading)
; code <address> [<name>]
;
; Define a single data byte, or <count> length array of bytes
; byte <address> <name> [<count>]
;
; Define a single data word, or <count> length array of words
; word <address> <name> [<count>]
;
; Define a table of addresses, which point to data, of length <count>
; addrtab <address> <name> [<count>]
;
; Define a single data character, or <count> length string of chars
; string <address> <name> [<count>]
;
;
; All commands must occupy a single line. Blank lines are ignored.
; The ';' character starts a comment - all remaining characters on a
; a line are ignored. Number values may be given in decimal (default),
; octal or hex using standard C conventions (e.g. 0x prefix for hex).
;
; The rest of this file serves as a practical example of how these
; commands may be used.
;
;=============================================================================
;
; General 6803 definitions
;
cpu 6803
symbol 0x0000 ioPort1ddr
symbol 0x0001 ioPort2ddr
symbol 0x0002 ioPort1data
symbol 0x0003 ioPort2data
symbol 0x0008 timerCSR
symbol 0x0009 timerHigh
symbol 0x000A timerLow
symbol 0x000B ocrHigh
symbol 0x000C ocrLow
symbol 0x000D icrHigh
symbol 0x000E icrLow
symbol 0x0010 sciModeControl
symbol 0x0011 sciTRCS
symbol 0x0012 sciRxData
symbol 0x0013 sciTxData
symbol 0x0014 ramControl
vector 0xFFF0 sci_vector sci_entry
vector 0xFFF2 tof_vector tof_entry
vector 0xFFF4 ocf_vector ocf_entry
vector 0xFFF6 icf_vector icf_entry
vector 0xFFF8 irq_vector int_entry
vector 0xFFFA swi_vector swi_entry
vector 0xFFFC nmi_vector nmi_entry
vector 0xFFFE res_vector reset
;=============================================================================
;
; General Bally Game CPU hardware definitions
;
; RAM and ROM start addresses
symbol 0x0000 u4ram
symbol 0x8000 u2rom ;jumpered for 27128
symbol 0xC000 u3rom ;jumpered for 27128
;=============================================================================
;
; Eight Ball Champ specific definitions
;
; Note: this is by no means a complete set of definitions for
; all the code and data areas - just a selection.
;
symbol 0x1017 jumpVector
string 0xC001 msgGameId 13
byte 0xC12F byteTable1 28
byte 0xCC26 byteTable2 12
byte 0xF19C byteTable3 395
byte 0xEAD5 byteTable4 206
vectab 0xC011 jumpTable1 13
vectab 0xC02B jumpTable2 35
vectab 0xC073 jumpTable3 2
vectab 0xC077 jumpTable4 4
vectab 0xC2C5 jumpTable5 12
vectab 0xCC32 jumpTable6 11
vectab 0xCDCE jumpTable7 5
vectab 0xE002 jumpTable8 16
vectab 0xC07F vector3
vectab 0xC081 vector4
vectab 0xC085 vector5
vectab 0xC089 vector6
vectab 0xC090 vector7
vectab 0xC094 vector8
vectab 0xC096 vector9
vectab 0xC098 vector10
vectab 0xC09A vector11
vectab 0xC09C vector12
vectab 0xC09E vector13
vectab 0xC0A0 vector14
;these are vectors in byteTable4 (5 bytes per entry)
vectab 0xEB71 vector15
vectab 0xEB76 vector16
vectab 0xEB7B vector17
vectab 0xEB80 vector18
vectab 0xEB85 vector19
vectab 0xEB8A vector20
vectab 0xEB8F vector21
vectab 0xEB94 vector22
vectab 0xEB99 vector23
vectab 0xEB9E vector24
;target addresses for index jumps
code 0xECF0
code 0xED1F
code 0xED40
code 0xEEA8
code 0xEF26
;skip unused bytes at end of ROM just prior to interrupt vectors
skip 0xFA56 0x059A

118
static/dasmx140/examples/gameboy.sym Normal file
View File

@ -0,0 +1,118 @@
;
; g a m e b o y . s y m
; ~~~~~~~~~~~~~~~~~~~~~
;
; Generic GameBoy DASMx symbol file
;
; Last edited: 14th February 1999
;
message Using generic GameBoy definitions
;=============================================================================
;
; General LR35902 definitions
;
cpu LR35902
;memory mapped registers
symbol 0xFF00 p1
symbol 0xFF01 sb
symbol 0xFF02 sc
symbol 0xFF04 div
symbol 0xFF05 tima
symbol 0xFF06 tma
symbol 0xFF07 tac
symbol 0xFF0F if
symbol 0xFF10 nr10
symbol 0xFF11 nr11
symbol 0xFF12 nr12
symbol 0xFF13 nr13
symbol 0xFF14 nr14
symbol 0xFF16 nr21
symbol 0xFF17 nr22
symbol 0xFF18 nr23
symbol 0xFF19 nr24
symbol 0xFF1A nr30
symbol 0xFF1B nr31
symbol 0xFF1C nr32
symbol 0xFF1D nr33
symbol 0xFF1E nr34
symbol 0xFF20 nr41
symbol 0xFF21 nr42
symbol 0xFF22 nr43
symbol 0xFF23 nr44
symbol 0xFF24 nr50
symbol 0xFF25 nr51
symbol 0xFF26 nr52
;?? 16 bytes sound sample RAM ??
;symbol 0xFF3F aud3waveram
symbol 0xFF40 lcdc
symbol 0xFF41 stat
symbol 0xFF42 scy
symbol 0xFF43 scx
symbol 0xFF44 ly
symbol 0xFF45 lyc
symbol 0xFF46 dma
symbol 0xFF47 bgp
symbol 0xFF48 obp0
symbol 0xFF49 obp1
symbol 0xFF4A wy
symbol 0xFF4B wx
;GameBoy Color only...
symbol 0xFF4D key1
symbol 0xFF4F vbk
symbol 0xFF51 hdma1
symbol 0xFF52 hdma2
symbol 0xFF53 hdma3
symbol 0xFF54 hdma4
symbol 0xFF55 hdma5
symbol 0xFF56 rp
symbol 0xFF68 bcps
symbol 0xFF69 bcpd
symbol 0xFF6A ocps
symbol 0xFF6B ocpd
symbol 0xFF70 svbk
;end of GBC only defs
symbol 0xFFFF ie
;=============================================================================
;
; General GameBoy cartridge definitions
;
org 0x0000
code 0x0100 cartEntry
byte 0x0104 nintendoGraphic 0x0030
string 0x0134 cartTitle 0x000F
byte 0x0143 colorFlag
byte 0x0144 licenseeNewHi
byte 0x0145 licenseeNewLow
byte 0x0146 gbIndicator
byte 0x0147 cartType
byte 0x0148 romSize
byte 0x0149 ramSize
byte 0x014A destCode
byte 0x014B licenseeOld
byte 0x014C maskRomVersion
byte 0x014D complementCheck
byte 0x014E checksumHi
byte 0x014F checksumLow

42
static/dasmx140/examples/tetris.sym Normal file
View File

@ -0,0 +1,42 @@
;
; Symbol file for GameBoy Tetris cartridge
; ========================================
;
; Last edited: 6th October 1999
;
include gameboy.sym
;=============================================================================
;
; Tetris specific definitions
;
; Note: this is by no means a complete set of definitions for
; all the code and data areas - just a selection.
;
;reset and interrupt vectors
code 0x0000 reset
code 0x0040 vbiInterrupt
code 0x0048 lcdcInterrupt
code 0x0050 timerInterrupt
code 0x0058 serialInterrupt
;code 0x0060 pioInterrupt
;jump table subroutine
code 0x0028 doIndexJump
;jump table vectors following rst 28h instructions
vectab 0x006E jumpTable1 5
vectab 0x02FB jumpTable2 55
;other jump tables
vectab 0x6480 jumpTable3 8
vectab 0x6490 jumpTable4 8
vectab 0x64A0 jumpTable5 4
vectab 0x64A8 jumpTable6 4

19
static/dasmx140/readme.txt Normal file
View File

@ -0,0 +1,19 @@
DASMx - A microprocessor opcode disassembler
(c) Copyright 1996-2003 Conquest Consultants
Version 1.40, 18th October 2003
This distribution contains the following files:
readme.txt This file
DASMx.exe Executable (a Win32 console application)
DASMx.htm Documentation in HTML format
DASMx.pdf Documentation in Adobe Acrobat format
checksum.exe Checksum utility
examples\*.sym Example symbol files
*** Please read the distribution, copyright and disclaimer notices
in the documentation. ***

BIN
static/gpsfeed+.exe Normal file
View File

Binary file not shown.

BIN
static/iperf-3.1.3-win64/cygwin1.dll Normal file
View File

Binary file not shown.

BIN
static/iperf-3.1.3-win64/iperf3.exe Normal file
View File

Binary file not shown.

43
static/md5/MD5 ReadMe.txt Normal file
View File

@ -0,0 +1,43 @@
First, place the given MD5 checksum on the Clipboard (Ctrl C or Edit...Copy)
Run the MD5 Check Utility (MD5.Exe) and this should automatically place the contents of the Clipboard in for you (Paste option). If not, please ensure that you have correctly copied the checksum to the Clipboard, and then click on the Paste button. You can also use the Paste facility for checking more than one MD5 checksum without the need to re-run MD5.Exe (simply copy the next desired checksum to the Clipboard and take the Paste option to refresh the box...then the Browse option).
<EFBFBD>
Browse to where your download is and select it by either double left-mouse clicking on it or by highlighting it and taking the 'Open' option.
You may also create your own MD5 checksum(s) if required (for example, to check that a backup file is identical to the original etc.)...just click on the 'Create an MD5 checksum' option (Radio button), and Browse to the required file (and again, select it as per the instructions above) . The result will be automatically placed on the Clipboard for you and an offer to run Windows Notepad is made so that, if you want to, you can Paste (Ctrl+V) the MD5 Code into Notepad and save the result.
MD5 Checker is a completely 'standalone' program that requires no other files (.NET, dll's etc.) to clutter-up your system.
Also, no installation is required - just unzip md5.exe and run it!
Some random thoughts on our new FREE MD5 Checker utility....
It's FREE
No attempt has been made to make this thing pretty (eye candy)
Has been tested on a 2GB+ file with success
It is a simple utility to provide a simple answer: What is/will be the MD5 checksum
Yes, we know it's limitations, and we may attempt a full-blown version with 'full-on' capabilities (unlikely though)
It does not contain the level of sophistication of our Flagship program MidWavi Pro
It's FREE (not to mention it's a tiny full Windows program)
It's FREE!!!
MD5 checksum for MD5.Exe: E5A1A4A431C25A1D8B2428066487FC45
(Tip: To select all of the above checksum, just place your mouse anywhere within the checksum and double left mouse click - then use Ctrl C to copy to the Clipboard)
MD5 Checker 2.30 was written in Emergence Basic from Ionic Wind Software see :
http://www.ionicwind.com
Our web sites:
www.midwavi.com - www.midwavi.co.uk

BIN
static/md5/md5.exe Normal file
View File

Binary file not shown.

BIN
static/sdrsharp-x86/ADSBSpy.exe Normal file
View File

Binary file not shown.

BIN
static/sdrsharp-x86/AirspyCalibrate.exe Normal file
View File

Binary file not shown.

7
static/sdrsharp-x86/AirspyCalibrate.exe.config Normal file
View File

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings file="">
<clear />
<add key="frequency" value="1222000000" />
</appSettings>
</configuration>

BIN
static/sdrsharp-x86/AstroSpy.exe Normal file
View File

Binary file not shown.

13
static/sdrsharp-x86/AstroSpy.exe.config Normal file
View File

@ -0,0 +1,13 @@
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="waterfall.useUtcTimeStamp" value="False" />
<add key="waterfall.gradient" value="4A0000,750000,9F0000,C60000,FF0000,FE6D16,FFFF00,FFFFFF,1E90FF,000091,000050,000030,000020" />
<add key="spectrumAnalyzer.gradient" value="FFFFFF,ADD8E6,1E90FF,000050,000000" />
<add key="spectrumAnalyzer.envelopeColor" value="CCCCCC" />
<add key="core.centerFrequency" value="1420000000" />
<add key="core.usableBandwidthRatio" value="0.8" />
<add key="core.useBiasTee" value="False" />
<add key="core.usePacking" value="False" />
</appSettings>
</configuration>

Some files were not shown because too many files have changed in this diff Show More