nprobert/windows_tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added static binary tools collection (originally in SVN archive)

Browse Source
This commit is contained in:
Neal Probert
2021-02-11 10:21:04 -05:00
parent cd42e4e051
commit eae7957d51
164 changed files with 53763 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
static/PeStudio/AddToExplorerMenu.reg Normal file
View File

Binary file not shown.

BIN
static/PeStudio/RemoveFromExplorerMenu.reg Normal file
View File

Binary file not shown.

136
static/PeStudio/changelog.txt Normal file
View File

@ -0,0 +1,136 @@
File: changelog.txt
Project: pestudio
Author: Marc Ochsenmeier
Email info@winitor.com
Web: www.winitor.com
Copyright (C) 2009-2015, Marc Ochsenmeier
Version 8.50
. Fixed a bug when handling exported functions of 54bit executables
Version 8.49
. Added detection of Windows builtin services
. Fixed a bug when handling strings
. Leveraged Indicators for embedded files
Version 8.48
. Extended Thresholds
. Extended Indicators
. Show virustotal score for Overlay (when available)
. Fixed an issue in the Debug detection
. Fixed an issue in imported symbols by ordinal for 64bit files
Version 8.47
. Added computation of Imports Hash (imphash)
. Added detection of strings embedded in non-PE files
. Extended detection of processor types
. Fixed a hangup
. Updated AV list
Version 8.46
. Added new thresholds
. Extended detection
. Fixed a crash with malformed files
. Corrected duplicates during collection of functions statistics
Version 8.00 to 8.45
. Added Virustotal aging and submission date
. Extended Languages detection and mapping
. Added PeID Signature detection of Executable embedded in Resources
. Added PeID Signature detection of Executable embedded in Overlay
. Added XML-based detection of PeID Signatures
. Added XML-based detection of OIDs
. Added XML-based detection of useragent
. Extented blacklists
. Added detection of references to Firefox API
. Added MD5 Blacklist for a file and its Resources
. Extended detection of Overlay
. Extended validation of Sections
. Resolve OpenSSL ordinals API to User friendly names
. Added Blacklist of MD5 dedicated to the Overlay
. Extended detection of files embedded in Resources
. Added detection of Regular Expressions and Threshold
. Cache Virustotal scores when Internet connection drops
. Fixed a bug when handling the imports of some images
. Added Functions Groups classification
. Resources with unknown Signature and containing only text are now tagged as Text
. Fixed a bug when handling the Characteristics of the FileHeader
. Added MD5, SHA1 and Virustotal Score for Overlay
. Fixed a bug when handling the <PreferedVirustotalEngine>
. Fixed a bug when handling the virustotal Engines
. Added Thresholds for DOS Stub and Header size
. Added Thresholds for Blacklisted Imported Libs and Blacklisted functions number
. Added Thresholds for Blacklisted Strings count
. Added Thresholds for Blacklisted Exported Functions count
Version 6.00 to 7.00
. Added Dump of Indicators
. Added Dump of Manifest
. Added Context menu for Certificates
. Added Dump of Certificates
. Raw discovery of fundamental characteristics of the Certificate(s) embedded in the Image
. Handle non-printable characters in XML report
. Added more Indicators specific to the location of the Entry Point
. Added more details (offset and size) for each file Cave detected
. Show the name of the section BaseOfCode is located in
. Fixed reporting of the Libraries in the XML report
. Simplified Indicators XML file
. Added Indicators specific for First and Last Sections
. Take virtual Section into account when pointing the overlay
. Fixed detection of MPRESS under 64bit
Version 6.00
. Fixed a bug by reading Symbols
. Extended Indicators for Embedded Resources
. Corrected missing Dependencies for some types of images
. Renamed *.XML files to PeStudio*.XML
. Interfaces to PeParser (PeParser.h and PeParser.lib) are now part of the Package.
. Added Indexing of String
. Added Detection of duplicated Section Names
. Allow Strings length choice for filtering at the UI
. Show Strings at the UI
. Added Strings count in output XML
. Detect Section-less images and added in Indicators.XML
. Correct Address Offset of reported Strings
Version 5.00
. The Strings contained in the file analysed can now be exported to the output XML file
. Added validation Check of AddressOfEntryPoint field
. Custom Resources are shown in orange colour
. Corrected handling of Certificate Directory
. Corrected colouring of Indicators
. When handling a resources only images, some validity checks are different
. Enhanced detection of device driver images
. renamed parameters for command prompt (see Prompt support description above)
. Added detection of CAB, PDF, RIFF, GIF, PNG files
. Added detection of "requireAdministrator" Execution Level from the Manifest
. Added Command Prompt support (see Prompt support description above)
. Added "The image exports XY Symbols" as new Indicator
. Added more obsolete functions in the WindowsFunctionsDeprecated.xml file (delivered with this project)
Version 1.0 to 4.0
. Now fully support 64bit Images on 32bit Platform
. Show Resources Languages
. Show Type of Debug information (NB09, NB10, NB11, RSDS )
. Show imported Functions of missing libraries
. Show total number of Bytes available in Caves
. Show Gaps in Exported Symbols collection
. Show Section Name the Base of Data belongs to
. Added OptionalHeader to XML report
. Added detection of duplicated Sections names
. Added detection of Code-less images
. Added detection of Section containing the Entry point
. Corrected filtering of Obsolete Imported Functions
. Corrected Imported Symbols for 64bit images
. Corrected Page-able Section Flag
. Corrected detection of msstyles "Resources Only" Images
. Corrected a crash that takes place when switching between Tree and list View in Resources Tab
. Added Detection of Image Obfuscation (encryption, compression) as Evidence
. Un-decorate function names
. Support Manifest dependentAssembly.
. support Side-by-Side libraries.
. Support Forwarded Functions
. Filtering Obsolete Functions
. Enumeration of Implicit dependencies and other general information

5556
static/PeStudio/features.xml Normal file
View File

File diff suppressed because it is too large Load Diff

5645
static/PeStudio/functions.xml Normal file
View File

File diff suppressed because it is too large Load Diff

375
static/PeStudio/indicators.xml Normal file
View File

@ -0,0 +1,375 @@
<xml version="1.0" encoding="utf-8">
<!--
This file is part of the pestudio solution (www.winitor.com)
It contains the Indicators shown at the GUI, CUI and XML report file.
-->
<EnableIndicators>1</EnableIndicators>
<ShowIndicators>1</ShowIndicators>
<ShowIndicatorsSuspicious>1</ShowIndicatorsSuspicious>
<ShowIndicatorsHints>1</ShowIndicatorsHints>
<ShowIndicatorsStandards>1</ShowIndicatorsStandards>
<ShowIndicatorsFeatures>1</ShowIndicatorsFeatures>
<ShowIndicatorsFunctionsGroups>1</ShowIndicatorsFunctionsGroups>
<indicators>
<!-- General -->
<indicator enable="0" severity="2" id="1000">The file is not Portable Executable (PE)</indicator>
<indicator enable="1" severity="2" id="1001">The MZ signature is missing</indicator>
<indicator enable="1" severity="2" id="1002">The size of the file has reached the minimum threshold provided (%i bytes)</indicator>
<indicator enable="1" severity="2" id="1003">The size of the file has reached the maximum threshold provided (%i bytes)</indicator>
<indicator enable="1" severity="1" id="1004">The size of the Optional Header is Suspicious (it should be %i)</indicator>
<indicator enable="1" severity="1" id="1005">The size of the File Header is Suspicious</indicator>
<indicator enable="1" severity="1" id="1007">The size of the digital Certificate has reached the minimum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1008">The size of the digital Certificate has reached the minimum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1009">The content of the Digital Certificate is unexpected</indicator>
<indicator enable="1" severity="9" id="1023">The file is managed (.NET)</indicator>
<indicator enable="0" severity="2" id="1024">The file references (%s) Debug symbols</indicator>
<indicator enable="1" severity="2" id="1025">The file is digitally signed with (%i) Certificate(s)</indicator>
<indicator enable="0" severity="9" id="1026">The file is bound to %i Libraries</indicator>
<indicator enable="1" severity="2" id="1027">The file is Code-less</indicator>
<indicator enable="1" severity="2" id="1034">The file uses static Thread Local Storage (TLS)</indicator>
<indicator enable="1" severity="2" id="1036">The file checksum is invalid</indicator>
<indicator enable="1" severity="1" id="1037">The Entry Point is outside the file</indicator>
<indicator enable="1" severity="1" id="1038">The Certificate issuer (%s) has expired (%s)</indicator>
<indicator enable="1" severity="1" id="1039">The Certificate subject (%s) has expired (%s)</indicator>
<indicator enable="1" severity="2" id="1040">The file is not signed with a Digital Certificate</indicator>
<indicator enable="0" severity="2" id="1043">The file has no Manifest</indicator>
<indicator enable="1" severity="1" id="1051">The file will be copied to the system swap file and will run from it if started from a Network Location</indicator>
<indicator enable="1" severity="1" id="1052">The file will be copied to the system swap file and will run from it if started from a Removable Media</indicator>
<indicator enable="1" severity="2" id="1055">The file runs in the Visual Basic Virtual Machine</indicator>
<indicator enable="1" severity="2" id="1056">The file is a Device Driver</indicator>
<indicator enable="0" severity="2" id="1057">The file is statically linked to the C Runtime Library</indicator>
<indicator enable="0" severity="2" id="1100">The file uses Data Execution Prevention (DEP) as Mitigation technique</indicator>
<indicator enable="1" severity="2" id="1101">The file ignores Data Execution Prevention (DEP) as Mitigation technique</indicator>
<indicator enable="1" severity="2" id="1102">The file uses Address Space Layout Randomization (ASLR) as Mitigation technique</indicator>
<indicator enable="1" severity="2" id="1103">The file ignores Address Space Layout Randomization (ASLR) as Mitigation technique</indicator>
<indicator enable="1" severity="2" id="1105">The file does not use Structured Exception Handling (SEH)</indicator>
<indicator enable="0" severity="2" id="1106">The file uses Cookies placed on the Stack (GS) as Mitigation technique</indicator>
<indicator enable="1" severity="2" id="1107">The file ignores Cookies placed on the Stack (GS) as Mitigation technique</indicator>
<indicator enable="0" severity="2" id="1109">The file ignores Code Integrity</indicator>
<indicator enable="1" severity="2" id="1111">The file is isolation aware but should not be isolated</indicator>
<indicator enable="0" severity="2" id="1112">The file uses Safe Structured Exception Handling (SafeSEH) as Mitigation technique</indicator>
<indicator enable="0" severity="2" id="1113">The file registers (%i) Exception Handlers</indicator>
<indicator enable="1" severity="1" id="1114">The Virustotal score (%i/%i) of the overlay has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1115">The Virustotal score (%i/%i) of the overlay has reached the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="2" id="1117">The Checksum (0x%08X) detected is different than the Checksum (0x%08X) computed</indicator>
<indicator enable="1" severity="1" id="1120">The Virustotal score (%i/%i) of the file has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1121">The Virustotal score (%i/%i) of the file has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="2" id="1122">The preferred Virustotal AV Engine (%s) has detected the file as Infected</indicator>
<indicator enable="1" severity="2" id="1123">The preferred Virustotal AV Engine (%s) has detected the file as Clean</indicator>
<indicator enable="1" severity="1" id="1150">The Debug data is invalid</indicator>
<indicator enable="1" severity="2" id="1152">The Debug file name is different than the file name (%s)</indicator>
<indicator enable="1" severity="1" id="1153">The Debug file name extension is suspicous</indicator>
<indicator enable="1" severity="1" id="1154">The debug file name contains %i unprintable characters</indicator>
<indicator enable="1" severity="1" id="1155">The Age of the Debug Symbol file has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1156">The Age of the Debug Symbol file has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1200">The PointerToSymbolTable (0x%08X) is invalid (should be zero)</indicator>
<indicator enable="1" severity="1" id="1201">The NumberOfSymbols (0x%08X) is invalid (should be zero)</indicator>
<indicator enable="1" severity="1" id="1203">The SizeOfCode (0x%08X) is suspicious</indicator>
<indicator enable="1" severity="1" id="1204">The BaseOfCode (0x%08X) is invalid</indicator>
<indicator enable="1" severity="1" id="1205">The BaseOfData (0x%08X) is invalid</indicator>
<indicator enable="1" severity="1" id="1206">The FileAlignment (0x%08X) is invalid</indicator>
<indicator enable="1" severity="1" id="1207">The SizeOfImage (0x%08X) is invalid</indicator>
<indicator enable="1" severity="2" id="1208">The size of initialized data has reached the maximum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1209">The SizeOfHeaders (0x%08X) is invalid</indicator>
<indicator enable="1" severity="1" id="1210">The NumberOfRvaAndSizes (0x%08X) is invalid (Maximum is %i)</indicator>
<indicator enable="1" severity="1" id="1211">The Entry point is suspicious</indicator>
<indicator enable="1" severity="1" id="1213">The count of shared section(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1214">The count of section(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1215">The count of writable and Executable section(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1217">The count of Nameless section(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1220">The file contains writable and Shared section which presents a vector attack</indicator>
<indicator enable="1" severity="1" id="1222">The last section is Executable</indicator>
<indicator enable="1" severity="1" id="1223">The first section (name:%s) is writable</indicator>
<indicator enable="1" severity="1" id="1225">The Entry point (0x%08X) is outside the first section</indicator>
<indicator enable="0" severity="2" id="1226">The Entry point (0x%08X) is in the first section (Name:%s)</indicator>
<indicator enable="1" severity="1" id="1227">The file size (%i bytes) of the section (name:%s) has reached the minimum threshold (%i bytes) provided</indicator>
<indicator enable="0" severity="9" id="1229">The file signature is '%s'</indicator>
<indicator enable="1" severity="2" id="1232">The file is resource-less</indicator>
<indicator enable="1" severity="1" id="1233">The count (%i) of Languages in the resources has reached the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="2" id="1234">The file contains %i custom resource Item(s)</indicator>
<indicator enable="0" severity="2" id="1235">The file contains %i Built-in resources Item(s)</indicator>
<indicator enable="1" severity="1" id="1236">The file contains %i resource(s) in a Language (%s) defined as blacklisted</indicator>
<indicator enable="1" severity="1" id="1237">The ico (%s) resource is invalid</indicator>
<indicator enable="1" severity="1" id="1238">The signature of the resource (%s:%s) is Unknown</indicator>
<indicator enable="1" severity="1" id="1239">The file contains a resource (%s:%s) which is not supported anymore</indicator>
<indicator enable="0" severity="2" id="1240">The Manifest does not contain Trust Information</indicator>
<indicator enable="1" severity="2" id="1241">The Manifest Identity name (%s) is different than the file name</indicator>
<indicator enable="1" severity="2" id="1242">The Manifest 'description' name (%s) is different than the file name</indicator>
<indicator enable="0" severity="1" id="1243">The size (%i bytes) of the resource (%s.%s) has reached the minimum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1244">The size (%i bytes) of the resource (%s.%s) is bigger than the maximum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1245">The section (name:%s) is blacklisted</indicator>
<indicator enable="1" severity="1" id="1246">The count of executable section(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1247">The file has no executable section</indicator>
<indicator enable="1" severity="1" id="1248">The count of blacklisted section(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1252">The file Exports %i Obsolete Symbols</indicator>
<indicator enable="1" severity="2" id="1253">The file Exports %i Anonymous Symbols</indicator>
<indicator enable="1" severity="2" id="1254">The file exports %i Forwarded Symbols</indicator>
<indicator enable="0" severity="2" id="1256">The file exports %i Decorated Symbols</indicator>
<indicator enable="1" severity="1" id="1259">The count of exported blacklisted functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1261">The count of deprecated imported functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="2" id="1262">The file imports %i anonymous Symbols</indicator>
<indicator enable="1" severity="2" id="1263">The file imports %i forwarded Symbols</indicator>
<indicator enable="1" severity="2" id="1264">The file imports %i decorated Symbols</indicator>
<indicator enable="1" severity="1" id="1265">The count of imported functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1266">The count of imported blacklisted functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="2" id="1267">The imported ordinal (%s) has been resolved to a Function Name (%s)</indicator>
<indicator enable="1" severity="1" id="1268">The Symbol (%s) is imported several (%i) times</indicator>
<indicator enable="0" severity="2" id="1269">The file imports %i Anonymous Symbol(s) that have been resolved</indicator>
<indicator enable="1" severity="1" id="1270">The count of Antidebug imported functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="3" id="1271">The count of Undocumented imported functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="3" id="1272">The count of Ordinal imported functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="3" id="1273">The count of Unsafe imported functions has reached the maximum threshold (%i) provided</indicator>
<!--<indicator enable="1" severity="1" id=""></indicator>-->
<!--<indicator enable="1" severity="1" id=""></indicator>-->
<!--<indicator enable="1" severity="1" id=""></indicator>-->
<indicator enable="0" severity="0" id="1282"></indicator>
<indicator enable="0" severity="0" id="1283"></indicator>
<indicator enable="1" severity="2" id="1285">The file is compressed (obfuscated)</indicator>
<!--<indicator enable="1" severity="2" id="1300"></indicator>-->
<indicator enable="1" severity="1" id="1301">The %s Directory is missing</indicator>
<indicator enable="1" severity="1" id="1302">The %s Directory is invalid</indicator>
<indicator enable="1" severity="1" id="1303">The %s Directory is outside the file</indicator>
<indicator enable="1" severity="1" id="1304">The Offset (0x%08X) of the %s Directory is outside a section</indicator>
<indicator enable="1" severity="1" id="1305">The Virtual Address (0x%08X) of the %s Directory is suspicious</indicator>
<indicator enable="1" severity="1" id="1306">The count (%i) of empty directories has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="2" id="1320">The time stamp of the File Header is empty</indicator>
<indicator enable="1" severity="1" id="1321">The time stamp of the File Header (Year:%i) has reached the maximum threshold (Year:%i) provided</indicator>
<indicator enable="1" severity="1" id="1322">The time stamp of the File Header (Year:%i) has reached the minimum threshold (Year:%i) provided</indicator>
<indicator enable="1" severity="1" id="1323">The time stamp of the Debug block (Year:%i) has reached the maximum threshold (Year:%i) provided</indicator>
<indicator enable="1" severity="1" id="1324">The time stamp of the Debug block (Year:%i) has reached the minimum threshold (Year:%i) provided</indicator>
<indicator enable="1" severity="1" id="1400">The Manifest requires Administrative permission</indicator>
<indicator enable="1" severity="1" id="1401">The file requests User Interface Privilege Isolation (UIPI)</indicator>
<indicator enable="0" severity="1" id="1423">The file has no Cave</indicator>
<indicator enable="1" severity="1" id="1424">The file original name is "%s"</indicator>
<indicator enable="0" severity="1" id="1431">The count of strings has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1432">The count of blacklisted strings has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1433">The file contains %i MIME64 Encoding string(s)</indicator>
<indicator enable="1" severity="1" id="1434">The file contains a hardcoded IP Address (%s)</indicator>
<indicator enable="1" severity="1" id="1435">The count of blacklisted strings has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1438">The file contains (%i) Function names mapped to another name</indicator>
<indicator enable="1" severity="1" id="1481">The file imports %i Library(s) with invalid Name</indicator>
<indicator enable="1" severity="1" id="1483">The file imports %i Library(s) with Suspicious Name</indicator>
<indicator enable="1" severity="1" id="1484">The count of imported Libraries has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1485">The count of blacklisted imported Library(s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="2" id="1501">The Version has no Translation data</indicator>
<indicator enable="1" severity="1" id="1502">The Version contains suspicious data</indicator>
<indicator enable="1" severity="1" id="1503">The size (%i bytes) of the Version resource is bigger than the maximum threshold (%i) provided</indicator>
<indicator enable="0" severity="2" id="1505">The Version '%s' is Empty </indicator>
<indicator enable="1" severity="2" id="1506">The Version '%s' is suspicious</indicator>
<indicator enable="1" severity="2" id="1507">The Version instance '%s' is suspicious</indicator>
<indicator enable="1" severity="2" id="1508">The Version does NOT contain the '%s' section</indicator>
<indicator enable="1" severity="1" id="1510">The Version translation block internal Name is Misspelled</indicator>
<indicator enable="1" severity="1" id="1511">The Version file OS (%s) is suspicious</indicator>
<indicator enable="1" severity="2" id="1512">The file supports OLE Self-Registration</indicator>
<indicator enable="1" severity="1" id="1513">The file is missing the Root structure that contains all other Version information</indicator>
<indicator enable="1" severity="1" id="1514">The file embeds a file (Type: %s, MD5: %s, Virustotal: %i/%i)</indicator>
<indicator enable="1" severity="1" id="1520">The file is target for % Machine</indicator>
<indicator enable="0" severity="1" id="1521">..</indicator>
<indicator enable="1" severity="1" id="1523">The count of functions with Elevated (Administrative) privilege has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1524">The count (%i) of Registered Exception Handlers has reached the maximum threshold provided (%i)</indicator>
<indicator enable="1" severity="1" id="1590">The size (%i bytes) of the MS-DOS Header has reached the minimum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1591">The size (%i bytes) of the MS-DOS Header is bigger than the maximum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1600">The file is a fake Microsoft executable</indicator>
<indicator enable="1" severity="1" id="1601">The size of the MS-DOS Stub has reached the minimum threshold (%i bytes) provided</indicator>
<indicator enable="1" severity="1" id="1602">The size of the MS-DOS Stub is bigger than the maximum threshold (%i bytes) provided</indicator>
<indicator enable="0" severity="2" id="1603">The resource (%s.%s) has been detected as '%s'</indicator>
<indicator enable="1" severity="2" id="1604">The OriginalFilename (%s) is different than the file name</indicator>
<indicator enable="1" severity="1" id="1605">The Entry Point is in the last section</indicator>
<indicator enable="1" severity="2" id="1606">The count of Sections has reached the minimum threshold (%i) provided</indicator>
<indicator enable="1" severity="2" id="1607">The count of Sections has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1610">The file embeds a file (Type: %s, MD5: %s)</indicator>
<indicator enable="1" severity="1" id="1611">The file references the '%s' Windows builtin Service</indicator>
<indicator enable="1" severity="2" id="1620">The file has no version information</indicator>
<indicator enable="1" severity="2" id="1621">The file is self-extractable with IEXPRESS</indicator>
<indicator enable="0" severity="1" id="1622">The count of strings (type: %s) has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1623">The size of code is bigger than the size (%i bytes) of the file</indicator>
<indicator enable="1" severity="1" id="1624">The count of regex items detected has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1625">The section (name: %s) is not Readable</indicator>
<indicator enable="1" severity="1" id="1626">The count of Windows built-in Privileges detected has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1627">The count of Object IDs (OID) items detected has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1628">The file signature (%s) is blacklisted</indicator>
<indicator enable="1" severity="1" id="1629">The file signature (%s) of the overlay is blacklisted</indicator>
<indicator enable="1" severity="1" id="1630">The file signature (%s) of the resource (%s.%s) is blacklisted</indicator>
<indicator enable="1" severity="1" id="1631">The file contains self-modifying code</indicator>
<indicator enable="1" severity="1" id="1632">The count of file extensions detected has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" severity="1" id="1633">The count of Keyboard Keys detected has reached the maximum threshold (%i) provided</indicator>
<!-- Features -->
<indicator enable="1" severity="2" id="3000">The file references a Smartcard</indicator>
<indicator enable="1" severity="2" id="3001">The file references virtual machine (VM)</indicator>
<indicator enable="1" severity="2" id="3002">The file references the Remote Desktop Session Host Server</indicator>
<indicator enable="1" severity="2" id="3003">The file references the Protected Storage</indicator>
<indicator enable="1" severity="2" id="3004">The file references the Active Directory (AD)</indicator>
<indicator enable="1" severity="2" id="3005">The file references the Windows Native API</indicator>
<indicator enable="1" severity="2" id="3006">The file references the Simple Network Management Protocol (SNMP)</indicator>
<indicator enable="1" severity="2" id="3007">The file references the Security Descriptor Definition Language (SDDL)</indicator>
<indicator enable="1" severity="2" id="3008">The file references the cabinet (CAB) interface</indicator>
<indicator enable="0" severity="1" id="3009">tbd</indicator>
<indicator enable="1" severity="2" id="3010">The file references the Lightweight Directory Access Protocol (LDAP)</indicator>
<indicator enable="1" severity="2" id="3011">The file modifies the registry</indicator>
<indicator enable="1" severity="2" id="3012">The file references the Security Account Manager (SAM)</indicator>
<indicator enable="1" severity="2" id="3013">The file references the Clipboard</indicator>
<indicator enable="1" severity="1" id="3014">The file references the installation of Hook(s) to change or control the behaviour of the system</indicator>
<indicator enable="1" severity="2" id="3015">The file references the Security Descriptor Definition Language (SDDL)</indicator>
<indicator enable="1" severity="2" id="3016">The file references the Service Control Manager (SCM)</indicator>
<indicator enable="0" severity="1" id="3017"></indicator>
<indicator enable="1" severity="2" id="3018">The file references the Windows Indexing engine</indicator>
<indicator enable="0" severity="2" id="3019"></indicator>
<indicator enable="1" severity="2" id="3020">The file references the Desktop window</indicator>
<indicator enable="1" severity="2" id="3021">The file references the Router Administration interface</indicator>
<indicator enable="1" severity="2" id="3022">The file references the Mail (MAPI) interface</indicator>
<indicator enable="1" severity="2" id="3023">The file references the Microsoft Identity Manager</indicator>
<indicator enable="1" severity="2" id="3024">The file references data from a Socket</indicator>
<indicator enable="1" severity="2" id="3025">The file references the Internet Protocol Helper to retrieve or modify network configuration settings</indicator>
<indicator enable="0" severity="2" id="3026">The file accesses libraries at runtime</indicator>
<indicator enable="1" severity="2" id="3027">The file starts child Processes</indicator>
<indicator enable="1" severity="2" id="3028">The file references the Microsoft Digest Access</indicator>
<indicator enable="1" severity="2" id="3029">The file references the Windows Cryptographic Primitives Library</indicator>
<indicator enable="1" severity="2" id="3030">The file references the Local Security Authority Server (LSASS)</indicator>
<indicator enable="1" severity="2" id="3031">The file references the Local Security Authority (LSA) process </indicator>
<indicator enable="1" severity="2" id="3032">The file references the Internet Explorer Zone Manager</indicator>
<indicator enable="1" severity="2" id="3033">The file references the Credential Manager User Interface</indicator>
<indicator enable="1" severity="2" id="3034">The file references the Windows Setup API</indicator>
<indicator enable="1" severity="2" id="3035">The file references the Windows Cryptographic interface</indicator>
<indicator enable="1" severity="2" id="3036">The file references the Windows Debug Helper</indicator>
<indicator enable="1" severity="2" id="3037">The file references the Windows IP Helper</indicator>
<indicator enable="1" severity="2" id="3038">The file references the Power Profile Helper</indicator>
<indicator enable="1" severity="2" id="3039">The file references the Multiple Provider Router</indicator>
<indicator enable="1" severity="1" id="3040">The file references the File Transfer Protocol (FTP)</indicator>
<indicator enable="1" severity="2" id="3041">The file references users credentials</indicator>
<indicator enable="1" severity="2" id="3042">The file references the resources of an executable</indicator>
<indicator enable="1" severity="1" id="3043">The file queries for files and streams</indicator>
<indicator enable="1" severity="2" id="3044">The file references the Backup API</indicator>
<indicator enable="0" severity="2" id="3045"></indicator>
<indicator enable="0" severity="5" id="3046">The file creates and or modifies file(s)</indicator>
<indicator enable="1" severity="2" id="3047">The file references the Remote Access Service (RAS)</indicator>
<indicator enable="1" severity="2" id="3048">The file references the Performance Counters</indicator>
<indicator enable="1" severity="2" id="3049">The file references the Event Log</indicator>
<indicator enable="0" severity="2" id="3050">The file references the system Power</indicator>
<indicator enable="1" severity="2" id="3051">The file references the HTML Help Control</indicator>
<indicator enable="1" severity="2" id="3052">The file queries for Processes and Modules</indicator>
<indicator enable="1" severity="2" id="3053">The file references Inter-Process Communication (IPC)</indicator>
<indicator enable="0" severity="2" id="3054">The file references the Console</indicator>
<indicator enable="1" severity="2" id="3055">The file references the Scheduler</indicator>
<indicator enable="1" severity="2" id="3056">The file references the Windows Management Instrumentation (WMI)</indicator>
<indicator enable="1" severity="2" id="3057">The file dynamically binds to the .NET runtime</indicator>
<indicator enable="1" severity="2" id="3058">The file references the Windows default safe DLL search path</indicator>
<indicator enable="1" severity="2" id="3059">The file references a Printer Driver</indicator>
<indicator enable="1" severity="2" id="3060">The file references Dynamic Data Exchange (DDE)</indicator>
<indicator enable="1" severity="2" id="3061">The file queries for visible/invisible window</indicator>
<indicator enable="1" severity="2" id="3062">The file references Function(s) callback executed when the program exits</indicator>
<indicator enable="1" severity="1" id="3063">The file transfers control to a Debugger</indicator>
<indicator enable="1" severity="2" id="3064">The file references the AutoIt scripting Engine</indicator>
<indicator enable="1" severity="2" id="3065">The file references Microsoft the Setup Interface (MSI)</indicator>
<indicator enable="1" severity="2" id="3066">The file references Microsoft Detour to trojanize other executable</indicator>
<indicator enable="1" severity="2" id="3067">The file references the Domain Name System (DNS) API</indicator>
<indicator enable="0" severity="2" id="3068">The file creates temporary file(s)</indicator>
<indicator enable="1" severity="2" id="3069">The file references the WLAN interface</indicator>
<indicator enable="0" severity="2" id="3070">The file references the environment variables</indicator>
<indicator enable="1" severity="2" id="3071">The file provides a Control Panel Application callback</indicator>
<indicator enable="1" severity="2" id="3072">The file monitors Registry operations</indicator>
<indicator enable="1" severity="2" id="3073">The file exposes the Password Secrets of Internet Explorer</indicator>
<indicator enable="1" severity="2" id="3074">The file references the DHCP Client Service</indicator>
<indicator enable="1" severity="2" id="3075">The file changes the NetBIOS or the DNS name of the local computer</indicator>
<indicator enable="1" severity="2" id="3076">The file scans the mounted folders on a volume</indicator>
<indicator enable="1" severity="2" id="3077">The file sends data on a Socket</indicator>
<indicator enable="1" severity="2" id="3078">The file references the Internet Explorer (IE) server</indicator>
<indicator enable="1" severity="2" id="3079">The file logs the Internet Explorer (IE) hits</indicator>
<indicator enable="1" severity="2" id="3080">The file synthesizes mouse motion and button clicks</indicator>
<indicator enable="1" severity="1" id="3081">The file changes the protection of the Virtual Address Space</indicator>
<indicator enable="1" severity="2" id="3082">The file references the RPC Network Data Representation (NDR) Engine</indicator>
<indicator enable="1" severity="2" id="3083">The file references the Windows Software Quality Metrics (SQM)</indicator>
<indicator enable="1" severity="2" id="3084">The file references the Event Tracing for Windows (ETW) framework</indicator>
<indicator enable="1" severity="2" id="3085">The file inserts itself in the chain of the Clipboard Listeners</indicator>
<indicator enable="1" severity="2" id="3086">The file references the Open Database Connectivity (ODBC) installer</indicator>
<indicator enable="1" severity="2" id="3087">The file references the Single-Instance Store (SIS) backup framework</indicator>
<indicator enable="1" severity="2" id="3088">The file installs a Device or a Driver</indicator>
<indicator enable="1" severity="2" id="3089">The file invokes the ODBC Driver Tracing mechanism</indicator>
<indicator enable="1" severity="2" id="3090">The file references Bitlocker</indicator>
<indicator enable="1" severity="2" id="3091">The file registers itself as a boot Driver</indicator>
<indicator enable="1" severity="2" id="3092">The file walks up and records the stack information</indicator>
<indicator enable="1" severity="2" id="3093">The file references the Windows Scripting Host engine</indicator>
<indicator enable="1" severity="2" id="3094">The file references the Console Based Script Host engine</indicator>
<indicator enable="1" severity="2" id="3095">The file references the HTML Application Host engine</indicator>
<indicator enable="1" severity="2" id="3096">The file references the VB Scripting Encoder/Decoder engine</indicator>
<indicator enable="1" severity="2" id="3097">The file references the Java Scripting Encoder/Decoder engine</indicator>
<indicator enable="1" severity="2" id="3098">The file references the Windows File Protection</indicator>
<indicator enable="1" severity="2" id="3099">The file simulates keyboard input</indicator>
<indicator enable="1" severity="2" id="3100">The file references the Multimedia Class Scheduler service (MMCSS)</indicator>
<indicator enable="1" severity="2" id="3101">The file references the Group Policy (GP)</indicator>
<indicator enable="1" severity="2" id="3102">The file references a communications device</indicator>
<indicator enable="1" severity="2" id="3103">The file monitors a communications device</indicator>
<indicator enable="1" severity="2" id="3104">The file references the local Running Object Table (ROT)</indicator>
<indicator enable="1" severity="2" id="3105">The file references the Human Interface Devices (HID) Protocol</indicator>
<indicator enable="1" severity="2" id="3106">The file references Simple Mail Transfer Protocol (SMTP)</indicator>
<indicator enable="1" severity="2" id="3107">The file references the Internet Control Message Protocol (ICMP)</indicator>
<indicator enable="1" severity="2" id="3108">The file fingerprints Antivirus (AV) or monitoring tools</indicator>
<indicator enable="1" severity="2" id="3109">The file references the Windows Capture Library</indicator>
<indicator enable="1" severity="1" id="3110">The file references Microsoft Office</indicator>
<indicator enable="1" severity="1" id="3111">The file enumerates Network resources or existing connections</indicator>
<indicator enable="1" severity="1" id="3112">The file references Alternate Data Stream (ADS)</indicator>
<indicator enable="1" severity="1" id="3113">The file fingerprints for Web browsers</indicator>
<indicator enable="1" severity="1" id="3114">The file fingerprints for Sandboxes</indicator>
<indicator enable="1" severity="1" id="3115">The file fingerprints for Email clients</indicator>
<indicator enable="1" severity="1" id="3116">The file references the Firefox API</indicator>
<indicator enable="1" severity="1" id="3117">The file references the Shim Engine</indicator>
<indicator enable="1" severity="1" id="3118">The file references the Windows Address Book</indicator>
<!-- Functions groups -->
<indicator enable="1" usermode="1" severity="1" id="4000">The count (%i) of Security Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4001">The count (%i) of Authorization Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="2" id="4002">The count (%i) of Registry Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4003">The count (%i) of Memory Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4004">The count (%i) of Tool Help Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4005">The count (%i) of Backup Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4006">The count (%i) of Event Logging Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4007">The count (%i) of Event Tracing Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4008">The count (%i) of Error Handling Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4009">The count (%i) of Directory Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4010">The count (%i) of Debugging Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4011">The count (%i) of Console Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4012">The count (%i) of ImageHlp Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4013">The count (%i) of Communication Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4014">The count (%i) of COM Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4015">The count (%i) of System Information Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4016">The count (%i) of Package Query Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4017">The count (%i) of Setup Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4018">The count (%i) of Structured Storage Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4019">The count (%i) of Dynamic Data Exchange Management Library (DDEML) Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4020">The count (%i) of Clipboard Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4021">The count (%i) of WinINet Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4022">The count (%i) of Dynamic-Link Library Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4023">The count (%i) of Process and Thread Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4024">The count (%i) of WinHttp Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4025">The count (%i) of Zw Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4026">The count (%i) of Rtl Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4027">The count (%i) of Native (Nt) Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4028">The count (%i) of DHCP Server Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4029">The count (%i) of Network Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4030">The count (%i) of DNS Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4031">The count (%i) of Mailslot Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4032">The count (%i) of RPC Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4033">The count (%i) of SEH Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4034">The count (%i) of Service Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4035">The count (%i) of File Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4036">The count (%i) of Video Capture Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4037">The count (%i) of Cabinet Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4038">The count (%i) of Single-Instance Store (SIS) Backup Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4039">The count (%i) of Performance Counters Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4040">The count (%i) of Atom Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4041">The count (%i) of Device Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4042">The count (%i) of Remote Access Service Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4043">The count (%i) of Remote Access Service Custom Scripting Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4044">The count (%i) of WinSNMP Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4045">The count (%i) of Router Information Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4046">The count (%i) of Network Data Representation (Ndr) Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4047">The count (%i) of Power Management Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4048">The count (%i) of Remote Desktop Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4049">The count (%i) of WLAN Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4050">The count (%i) of SNMP Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4051">The count (%i) of WinDbgExt Functions has reached the maximum threshold (%i) provided</indicator>
<indicator enable="1" usermode="1" severity="1" id="4052">The count (%i) of DDE Functions has reached the maximum threshold (%i) provided</indicator>
</indicators>
</xml>

385
static/PeStudio/languages.xml Normal file
View File

@ -0,0 +1,385 @@
<!--
This file is part of the pestudio solution (www.winitor.com)
It contains the list of Languages that will be detected as blackListed by this solution.
-->
<xml version="1.0" encoding="utf-8">
<settings>
<setting>
<!--
1: Enable the search for BlackListed Languages
0: Disable the search for BlackListed Languages
-->
<enable>1</enable>
</setting>
</settings>
<!--
You can edit this part using the id according to your needs
Please use following URL as Reference for the appropriate ids
http://msdn.microsoft.com/en-us/library/dd318693(v=vs.85).aspx
-->
<languages>
<language id="0x0C00" bl="0">Neutral</language>
<language id="0x1400" bl="0">Neutral</language>
<language id="0x007F" bl="0">Neutral</language>
<language id="0x0000" bl="0">Neutral</language>
<language id="0x0800" bl="0">Neutral</language>
<language id="0x1000" bl="0">Neutral</language>
<language id="0x080c" bl="1">French Belgium</language>
<language id="0x0C0C" bl="1">French Canada</language>
<language id="0x040c" bl="0">French France</language>
<language id="0x140C" bl="0">French Luxembourg</language>
<language id="0x180C" bl="0">French Monaco</language>
<language id="0x100C" bl="0">French Switzerland</language>
<language id="0x2801" bl="1">Syria</language>
<language id="0x0401" bl="1">Saudi Arabia</language>
<language id="0x0436" bl="0">Afrikaans</language>
<language id="0x041C" bl="1">Albanian</language>
<language id="0x0484" bl="0">Alsatian</language>
<language id="0x045E" bl="0">Amharic</language>
<language id="0x1401" bl="0">Arabic</language>
<language id="0x3C01" bl="0">Arabic Bahrain</language>
<language id="0x0C01" bl="0">Arabic Egypt</language>
<language id="0x0801" bl="0">Arabic Iraq</language>
<language id="0x2C01" bl="0">Arabic Jordan</language>
<language id="0x3401" bl="0">Arabic Kuwait</language>
<language id="0x3001" bl="0">Arabic Lebanon</language>
<language id="0x1001" bl="0">Arabic Libya</language>
<language id="0x1801" bl="0">Arabic Morocco</language>
<language id="0x2001" bl="0">Arabic Oman</language>
<language id="0x4001" bl="0">Arabic Qatar</language>
<language id="0x0401" bl="0">Arabic Saudi</language>
<language id="0x2801" bl="0">Arabic Syria</language>
<language id="0x1C01" bl="0">Arabic Tunisia</language>
<language id="0x3801" bl="0">Arabic U.A.E</language>
<language id="0x042B" bl="0">Armenian</language>
<language id="0x044D" bl="0">Assamese</language>
<language id="0x082C" bl="0">Azeri</language>
<language id="0x0445" bl="0">Bangla</language>
<language id="0x046D" bl="0">Bashkir</language>
<language id="0x042D" bl="0">Basque</language>
<language id="0x0423" bl="0">Belarusian</language>
<language id="0x781A" bl="1">Bosnian</language>
<language id="0x201A" bl="1">Bosnian</language>
<language id="0x047E" bl="1">Breton</language>
<language id="0x0402" bl="0">Bulgarian</language>
<language id="0x0492" bl="0">Central Kurdish</language>
<language id="0x045C" bl="0">Cherokee</language>
<language id="0x0403" bl="0">Catalan</language>
<language id="0x0C04" bl="0">Chinese Hong Kong</language>
<language id="0x1404" bl="0">Chinese Macao SAR</language>
<language id="0x1004" bl="0">Chinese Singapore</language>
<language id="0x0804" bl="0">Chinese Simplified</language>
<language id="0x0404" bl="0">Chinese Traditional</language>
<language id="0x0483" bl="0">Corsican</language>
<language id="0x001A" bl="0">Croatian Neutral</language>
<language id="0x101A" bl="0">Croatian Bosnia Herzegovina</language>
<language id="0x041A" bl="0">Croatian Croatia</language>
<language id="0x0405" bl="1">Czech</language>
<language id="0x0406" bl="0">Danish Denmark</language>
<language id="0x048C" bl="1">Dari</language>
<language id="0x0465" bl="1">Divehi Maldives </language>
<language id="0x0813" bl="0">Belgium Dutch</language>
<language id="0x0413" bl="0">Netherlands</language>
<language id="0x0409" bl="0">English United States</language>
<language id="0x0C09" bl="0">English Australia</language>
<language id="0x2809" bl="0">English Belize</language>
<language id="0x1009" bl="0">English Canada</language>
<language id="0x2409" bl="0">English Caribbean</language>
<language id="0x4009" bl="0">English India</language>
<language id="0x1809" bl="0">English Ireland</language>
<language id="0x1809" bl="0">English Ireland</language>
<language id="0x2009" bl="0">English Jamaica</language>
<language id="0x4409" bl="0">English Malaysia</language>
<language id="0x1409" bl="0">English New Zealand</language>
<language id="0x3409" bl="0">English Philippines</language>
<language id="0x4809" bl="0">English Singapore</language>
<language id="0x1c09" bl="0">English South Africa</language>
<language id="0x2C09" bl="0">English Trinidad and Tobago</language>
<language id="0x0809" bl="0">English United Kingdom</language>
<language id="0x3009" bl="0">English Zimbabwe</language>
<language id="0x0425" bl="0">Estonian</language>
<language id="0x0438" bl="0">Faroese</language>
<language id="0x0464" bl="0">Filipino</language>
<language id="0x040B" bl="0">Finnish</language>
<language id="0x0462" bl="0">Frisian</language>
<language id="0x0456" bl="0">Galician</language>
<language id="0x0437" bl="0">Georgian</language>
<language id="0x0400" bl="0">Neutral</language>
<language id="0x0407" bl="0">German</language>
<language id="0x0C07" bl="0">German Austria</language>
<language id="0x1407" bl="0">German Lichtenstein</language>
<language id="0x1007" bl="0">German Luxembourg</language>
<language id="0x0807" bl="0">German Switzerland</language>
<language id="0x0408" bl="0">Greek</language>
<language id="0x046F" bl="0">Greenlandic</language>
<language id="0x0447" bl="0">Gujarati</language>
<language id="0x0468" bl="0">Hausa</language>
<language id="0x0475" bl="1">Hawiian</language>
<language id="0x040D" bl="0">Hebrew</language>
<language id="0x0439" bl="0">Hindi</language>
<language id="0x040E" bl="0">Hungarian</language>
<language id="0x040F" bl="0">Icelandic</language>
<language id="0x0470" bl="0">Igb</language>
<language id="0x0421" bl="0">Indonesian</language>
<language id="0x085D" bl="0">Inuktitut</language>
<language id="0x083C" bl="0">Irish</language>
<language id="0x0434" bl="0">isiXhosa</language>
<language id="0x0435" bl="0">isiZulu</language>
<language id="0x0410" bl="0">Italian</language>
<language id="0x0411" bl="0">Japanese</language>
<language id="0x044B" bl="0">Kannada</language>
<language id="0x043F" bl="0">Kazakh</language>
<language id="0x0453" bl="0">Khmer</language>
<language id="0x0486" bl="0">Kiche</language>
<language id="0x0487" bl="0">Kinyarwanda</language>
<language id="0x0457" bl="0">Konkani</language>
<language id="0x0412" bl="1">Korean</language>
<language id="0x0440" bl="0">Kyrgyz</language>
<language id="0x0454" bl="0">Lao</language>
<language id="0x0426" bl="0">Latvian</language>
<language id="0x0427" bl="0">Lithuanian</language>
<language id="0x082E" bl="0">Lower Sorbian</language>
<language id="0x046E" bl="0">Luxembourgish</language>
<language id="0x042F" bl="0">Macedonian</language>
<language id="0x083E" bl="0">Malay</language>
<language id="0x044C" bl="0">Malayalam</language>
<language id="0x043A" bl="0">Maltese</language>
<language id="0x0481" bl="1">Maori</language>
<language id="0x047A" bl="0">Mapudungun</language>
<language id="0x044E" bl="0">Marathi</language>
<language id="0x047C" bl="0">Mohawk</language>
<language id="0x0450" bl="0">Mongolian</language>
<language id="0x0461" bl="0">Nepali</language>
<language id="0x0414" bl="0">Norwegian</language>
<language id="0x0482" bl="0">Occitan</language>
<language id="0x0448" bl="0">Oriya</language>
<language id="0x0463" bl="0">Pashto</language>
<language id="0x0429" bl="0">Persian</language>
<language id="0x0415" bl="0">Polish</language>
<language id="0x0416" bl="0">Portuguese</language>
<language id="0x0867" bl="0">Pular</language>
<language id="0x0446" bl="0">Punjabi</language>
<language id="0x046B" bl="0">Quechua</language>
<language id="0x0418" bl="1">Romanian</language>
<language id="0x0417" bl="0">Romansh</language>
<language id="0x0419" bl="0">Russian</language>
<language id="0x0485" bl="0">Sakha</language>
<language id="0x243B" bl="0">Sami</language>
<language id="0x103B" bl="0">Sami</language>
<language id="0x0C3B" bl="0">Sami</language>
<language id="0x203B" bl="0">Sami</language>
<language id="0x183B" bl="0">Sami</language>
<language id="0x044F" bl="0">Sanskrit</language>
<language id="0x7C1A" bl="0">Serbian</language>
<language id="0x046C" bl="0">Sesotho sa Leboa</language>
<language id="0x0832" bl="0">Setswana Tswana</language>
<language id="0x0859" bl="0">Sindhi</language>
<language id="0x045B" bl="0">Sinhala</language>
<language id="0x041B" bl="0">Slovak</language>
<language id="0x0424" bl="1">Slovenian</language>
<language id="0x2C0A" bl="0">Spanish</language>
<language id="0x400A" bl="0">Spanish Bolivia</language>
<language id="0x340A" bl="0">Spanish Chile</language>
<language id="0x240A" bl="0">Spanish Colombia</language>
<language id="0x140A" bl="0">Spanish Costa Rica</language>
<language id="0x1C0A" bl="0">Spanish Dominican Republic</language>
<language id="0x300A" bl="0">Spanish Ecuador</language>
<language id="0x440A" bl="0">Spanish El Salvador</language>
<language id="0x100A" bl="0">Spanish Guatemala</language>
<language id="0x480A" bl="0">Spanish Honduras</language>
<language id="0x080A" bl="0">Spanish Mexico</language>
<language id="0x4C0A" bl="0">Spanish Nicaragua</language>
<language id="0x180A" bl="0">Spanish Panama</language>
<language id="0x3C0A" bl="0">Spanish Paraguay</language>
<language id="0x280A" bl="0">Spanish Peru</language>
<language id="0x500A" bl="0">Spanish Puerto Rico</language>
<language id="0x0C0A" bl="0">Spanish Spain</language>
<language id="0x040A" bl="0">Spanish Spain Traditional</language>
<language id="0x540A" bl="0">Spanish United States</language>
<language id="0x380A" bl="0">Spanish Uruguay</language>
<language id="0x200A" bl="0">Spanish Venezuela</language>
<language id="0x0441" bl="0">Swahili</language>
<language id="0x081D" bl="0">Swedish</language>
<language id="0x041D" bl="0">Swedish</language>
<language id="0x045A" bl="0">Syria</language>
<language id="0x0428" bl="0">Tajik</language>
<language id="0x085F" bl="0">Tamazight</language>
<language id="0x0449" bl="0">Tamil</language>
<language id="0x0444" bl="0">Tatar</language>
<language id="0x044A" bl="1">Telugu</language>
<language id="0x041E" bl="0">Thai</language>
<language id="0x0451" bl="0">Tibetan</language>
<language id="0x0873" bl="0">Tigrinya</language>
<language id="0x041F" bl="0">Turkish</language>
<language id="0x0442" bl="0">Turkmen</language>
<language id="0x0422" bl="0">Ukrainian</language>
<language id="0x042E" bl="0">Upper Sorbian</language>
<language id="0x0820" bl="0">Urdu</language>
<language id="0x0480" bl="0">Uyghur</language>
<language id="0x0843" bl="0">Uzbek</language>
<language id="0x0803" bl="0">Valencian</language>
<language id="0x042A" bl="0">Vietnamese</language>
<language id="0x0452" bl="0">Welsh</language>
<language id="0x0488" bl="0">Wolof</language>
<language id="0x0478" bl="0">Yi</language>
<language id="0x046A" bl="0">Yoruba</language>
</languages>
<codepages>
<codepage id="037">IBM EBCDIC US-Canada</codepage>
<codepage id="437">OEM United States</codepage>
<codepage id="500">IBM EBCDIC International</codepage>
<codepage id="708">Arabic</codepage>
<codepage id="709">Arabic</codepage>
<codepage id="710">Arabic</codepage>
<codepage id="720">Arabic</codepage>
<codepage id="737">OEM Greek)</codepage>
<codepage id="775">OEM Baltic</codepage>
<codepage id="850">OEM Multilingual Latin 1</codepage>
<codepage id="852">OEM Latin 2</codepage>
<codepage id="855">OEM Cyrillic (primarily Russian)</codepage>
<codepage id="857">OEM Turkish</codepage>
<codepage id="858">OEM Multilingual Latin 1 + Euro symbol</codepage>
<codepage id="860">OEM Portuguese</codepage>
<codepage id="861">OEM Icelandic</codepage>
<codepage id="862">OEM Hebrew</codepage>
<codepage id="863">OEM French Canadian</codepage>
<codepage id="864">OEM Arabic</codepage>
<codepage id="865">OEM Nordic</codepage>
<codepage id="866">OEM Russian</codepage>
<codepage id="869">OEM Modern Greek</codepage>
<codepage id="870">IBM EBCDIC Multilingual</codepage>
<codepage id="874">ANSI/OEM Thai</codepage>
<codepage id="875">EBCDIC Greek Modern</codepage>
<codepage id="932">ANSI/OEM Japanese</codepage>
<codepage id="936">ANSI/OEM Simplified Chinese</codepage>
<codepage id="949">ANSI/OEM Korean</codepage>
<codepage id="950">ANSI/OEM Traditional Chinese</codepage>
<codepage id="1026">IBM EBCDIC Turkish (Latin 5)</codepage>
<codepage id="1047">IBM EBCDIC Latin 1/Open System</codepage>
<codepage id="1140">IBM EBCDIC US-Canada</codepage>
<codepage id="1141">IBM EBCDIC Germany</codepage>
<codepage id="1142">IBM EBCDIC Denmark-Norway</codepage>
<codepage id="1143">IBM EBCDIC Finland-Sweden</codepage>
<codepage id="1144">IBM EBCDIC Italy</codepage>
<codepage id="1145">IBM EBCDIC Latin America-Spain</codepage>
<codepage id="1146">IBM EBCDIC United Kingdom</codepage>
<codepage id="1147">IBM EBCDIC France</codepage>
<codepage id="1148">IBM EBCDIC International</codepage>
<codepage id="1149">IBM EBCDIC Icelandic</codepage>
<codepage id="1200">Unicode UTF-16, little endian byte order</codepage>
<codepage id="1201">Unicode UTF-16, big endian byte order</codepage>
<codepage id="1250">ANSI Central European</codepage>
<codepage id="1251">ANSI Cyrillic</codepage>
<codepage id="1252">ANSI Latin 1</codepage>
<codepage id="1253">ANSI Greek</codepage>
<codepage id="1254">ANSI Turkish</codepage>
<codepage id="1255">ANSI Hebrew</codepage>
<codepage id="1256">ANSI Arabic</codepage>
<codepage id="1257">ANSI Baltic</codepage>
<codepage id="1258">ANSI/OEM Vietnamese</codepage>
<codepage id="1361">Korean (Johab)</codepage>
<codepage id="10000">MAC Roman</codepage>
<codepage id="10001">Japanese (Mac)</codepage>
<codepage id="10002">MAC Traditional Chinese (Big5)</codepage>
<codepage id="10003">Korean</codepage>
<codepage id="10004">Arabic</codepage>
<codepage id="10005">Hebrew</codepage>
<codepage id="10006">Greek</codepage>
<codepage id="10007">Cyrillic</codepage>
<codepage id="10008">MAC Simplified Chinese</codepage>
<codepage id="10010">Romanian</codepage>
<codepage id="10017">Ukrainian</codepage>
<codepage id="10021">Thai</codepage>
<codepage id="10029">MAC Latin 2</codepage>
<codepage id="10079">Icelandic</codepage>
<codepage id="10081">Turkish</codepage>
<codepage id="10082">Croatian</codepage>
<codepage id="12000">UTF-32, little endian byte order</codepage>
<codepage id="12001">Unicode UTF-32, big endian byte order</codepage>
<codepage id="20000">CNS Taiwan</codepage>
<codepage id="20001">TCA Taiwan</codepage>
<codepage id="20002">Eten Taiwan</codepage>
<codepage id="20003">IBM5550 Taiwan</codepage>
<codepage id="20004">TeleText Taiwan</codepage>
<codepage id="20005">Wang Taiwan</codepage>
<codepage id="20105">IRV International Alphabet</codepage>
<codepage id="20106">IA5 German</codepage>
<codepage id="20107">IA5 Swedish)</codepage>
<codepage id="20108">IA5 Norwegian</codepage>
<codepage id="20127">US-ASCII</codepage>
<codepage id="20261">T.61</codepage>
<codepage id="20269">ISO 6937 Non-Spacing Accent</codepage>
<codepage id="20273">IBM EBCDIC Germany</codepage>
<codepage id="20277">IBM EBCDIC Denmark-Norway</codepage>
<codepage id="20278">IBM EBCDIC Finland-Sweden</codepage>
<codepage id="20280">IBM EBCDIC Italy</codepage>
<codepage id="20284">IBM EBCDIC Latin America-Spain</codepage>
<codepage id="20285">IBM EBCDIC United Kingdom</codepage>
<codepage id="20290">IBM EBCDIC Japanese Katakana Extended</codepage>
<codepage id="20297">IBM EBCDIC France</codepage>
<codepage id="20420">IBM EBCDIC Arabic</codepage>
<codepage id="20423">IBM EBCDIC Greek</codepage>
<codepage id="20424">IBM EBCDIC Hebrew</codepage>
<codepage id="20833">IBM EBCDIC Korean Extended</codepage>
<codepage id="20838">IBM EBCDIC Thai</codepage>
<codepage id="20866">Russian</codepage>
<codepage id="20871">IBM EBCDIC Icelandic</codepage>
<codepage id="20880">IBM EBCDIC Cyrillic Russian</codepage>
<codepage id="20905">IBM EBCDIC Turkish</codepage>
<codepage id="20924">IBM EBCDIC Latin</codepage>
<codepage id="20932">Japanese</codepage>
<codepage id="20936">Simplified Chinese</codepage>
<codepage id="20949">Korean Wansung</codepage>
<codepage id="21025">IBM EBCDIC Cyrillic Serbian-Bulgarian</codepage>
<codepage id="21027">(deprecated)</codepage>
<codepage id="21866">Ukrainian (KOI8-U)</codepage>
<codepage id="28591">ISO 8859-1 Latin 1</codepage>
<codepage id="28592">ISO 8859-2 Central European</codepage>
<codepage id="28593">ISO 8859-3 Latin 3</codepage>
<codepage id="28594">ISO 8859-4 Baltic</codepage>
<codepage id="28595">ISO 8859-5 Cyrillic</codepage>
<codepage id="28596">ISO 8859-6 Arabic</codepage>
<codepage id="28597">SO 8859-7 Greek</codepage>
<codepage id="28598">ISO 8859-8 Hebrew</codepage>
<codepage id="28599">ISO 8859-9 Turkish</codepage>
<codepage id="28603">ISO 8859-13 Estonian</codepage>
<codepage id="28605">ISO 8859-15 Latin 9</codepage>
<codepage id="29001">Europa 3</codepage>
<codepage id="38598">ISO 8859-8 Hebrew</codepage>
<codepage id="50220">ISO 2022 Japanese</codepage>
<codepage id="50221">ISO 2022 Japanese</codepage>
<codepage id="50222">ISO 2022 Japanese</codepage>
<codepage id="50225">ISO 2022 Korean</codepage>
<codepage id="50227">ISO 2022 Simplified Chinese</codepage>
<codepage id="50229">ISO 2022 Traditional Chinese</codepage>
<codepage id="50930">EBCDIC Japanese Extended</codepage>
<codepage id="50931">EBCDIC US-Canada and Japanese</codepage>
<codepage id="50933">EBCDIC Korean Extended and Korean</codepage>
<codepage id="50935">EBCDIC Simplified Chinese Extended and Simplified Chinese</codepage>
<codepage id="50936">EBCDIC Simplified Chinese</codepage>
<codepage id="50937">EBCDIC US-Canada and Traditional Chinese</codepage>
<codepage id="50939">EBCDIC Japanese (Latin) Extended and Japanese</codepage>
<codepage id="51932">EUC Japanese</codepage>
<codepage id="51936">EUC Simplified Chinese</codepage>
<codepage id="51949">EUC Korean</codepage>
<codepage id="51950">EUC Traditional Chinese</codepage>
<codepage id="52936">HZ-GB2312 Simplified Chinese</codepage>
<codepage id="54936">GB18030 Simplified Chinese</codepage>
<codepage id="57002">ISCII Devanagari</codepage>
<codepage id="57003">ISCII Bengali</codepage>
<codepage id="57004">ISCII Tamil</codepage>
<codepage id="57005">ISCII Telugu</codepage>
<codepage id="57006">ISCII Assamese</codepage>
<codepage id="57007">ISCII Oriya</codepage>
<codepage id="57008">ISCII Kannada</codepage>
<codepage id="57009">ISCII Malayalam</codepage>
<codepage id="57010">ISCII Gujarati</codepage>
<codepage id="57011">ISCII Punjabi</codepage>
<codepage id="65000">Unicode (UTF-7)</codepage>
<codepage id="65001">Unicode (UTF-8)</codepage>
</codepages>
</xml>

BIN
static/PeStudio/peparser.dll Normal file
View File

Binary file not shown.

BIN
static/PeStudio/pestudio.exe Normal file
View File

Binary file not shown.

BIN
static/PeStudio/pestudioprompt.exe Normal file
View File

Binary file not shown.

502
static/PeStudio/resources.xml Normal file
View File

@ -0,0 +1,502 @@
<!--
This file is part of the pestudio solution (www.winitor.com)
It contains the list of "Well-Known Resources" be detected as blackListed by this solution.
-->
<xml version="1.0" encoding="utf-8">
<settings>
<setting>
<enable>1</enable>
</setting>
</settings>
<resources>
<resource id="0" type="1" name="10">9169CFD16C29D67C272110C98D99FAA0</resource>
<resource id="0" type="1" name="10">E90C0F3F64201C4ABE053F03685227E6</resource>
<resource id="0" type="1" name="10">3F503C5B58D429020C13B8777C90A0A7</resource>
<resource id="0" type="1" name="10">BB8A97C30CCF21CEA5B65C1B3437A9CF</resource>
<resource id="0" type="1" name="10">18DEEB86648B4AD4CBB54CE7A0BAC23A</resource>
<resource id="0" type="1" name="10">D8614B4527F37ADD0DEA8A1EB6602D9A</resource>
<resource id="0" type="1" name="10">DC8828ACADF7FC1E3B5243E98F28BA2E</resource>
<resource id="0" type="1" name="10">F1F8DD2BE32FEE1DFEFA05931FF3F741</resource>
<resource id="0" type="1" name="10">1C9152CA4E98467F2222373A31895656</resource>
<resource id="0" type="1" name="10">E296BDC5D85FE5D9FC98A84E8CE20646</resource>
<resource id="0" type="1" name="10">4959293BE73FF9ED16CFA3DA2238E7EA</resource>
<resource id="0" type="1" name="10">6702B90C5864ADCDC8B47E5A6AD12F41</resource>
<resource id="0" type="1" name="10">C3394A1B82898C219C212D17996EFE8E</resource>
<resource id="0" type="1" name="10">4AA1872BD44D4C27324219547CEA292A</resource>
<resource id="0" type="1" name="10">3549F68D2766BBE560F0817CCFB10623</resource>
<resource id="0" type="1" name="10">444F0DDD1F84957AD323A5BA2AFBE5FA</resource>
<resource id="0" type="1" name="10">DE01111B81541B4B2A428B79B24045A0</resource>
<resource id="0" type="1" name="10">EB85FA5580E17004196AEEB718F4D5E1</resource>
<resource id="0" type="1" name="10">17BC0DF705FF9093929AEB5DE3ED569B</resource>
<resource id="0" type="1" name="10">E6B2E03204104703F2F52B5421D630D9</resource>
<resource id="0" type="1" name="10">9231C7349D760F77D38CB0901AF078B0</resource>
<resource id="0" type="1" name="10">B8FBBD3E478611354B749068A7EBEF70</resource>
<resource id="0" type="1" name="10">30834EC3CF0FA7F523DCBACFCB29F96B</resource>
<resource id="0" type="1" name="10">5EA49897E04010D41CA8BA23302FC4F3</resource>
<resource id="0" type="1" name="10">64580AF1E3B4739E5FB8EC58B79EE7F8</resource>
<resource id="0" type="1" name="10">137F549D5CA7B9FBE85D17C2CDE1947D</resource>
<resource id="0" type="1" name="10">C618C9640E539622E4A3789E801B1867</resource>
<resource id="0" type="1" name="10">A1FE17D347B1156212CDC11E9007B60C</resource>
<resource id="0" type="1" name="10">87296F8F8BE3838BD1578CC933115352</resource>
<resource id="0" type="1" name="10">1899BCC2D01CF773F8DE7D36D4CF71BE</resource>
<resource id="0" type="1" name="10">6A037D68D7AE1E10FB5177AE00A3E53F</resource>
<resource id="0" type="1" name="10">E4D0A554CCB5BC70AE04708BAE42290B</resource>
<resource id="0" type="1" name="10">1A214429314D7FBAB656C908BCD70FD2</resource>
<resource id="0" type="1" name="10">1193E37985638AE509758B0E30309D1B</resource>
<resource id="0" type="1" name="10">9E23E43D5B35D0AFF563F63A1FC9CB09</resource>
<resource id="0" type="1" name="10">57C5E491FD1F4766D507333A194A8F92</resource>
<resource id="0" type="1" name="10">6F8AF2B9EEC13BD7E3CC7CCD947BE9C7</resource>
<resource id="0" type="1" name="10">B6873B8CFD1CF8890AE2616CD92A48C2</resource>
<resource id="0" type="1" name="10">6F8AF2B9EEC13BD7E3CC7CCD947BE9C7</resource>
<resource id="0" type="1" name="10">B6873B8CFD1CF8890AE2616CD92A48C2</resource>
<resource id="0" type="1" name="10">6F8AF2B9EEC13BD7E3CC7CCD947BE9C7</resource>
<resource id="0" type="1" name="10">B6873B8CFD1CF8890AE2616CD92A48C2</resource>
<resource id="0" type="1" name="10">242FE4BAE927CF380507169339294131</resource>
<resource id="0" type="1" name="10">909D03DE4694F7A8EC4FFE5FA24A3152</resource>
<resource id="0" type="1" name="10">664BA9A824DCE9261944F773912B39C2</resource>
<resource id="0" type="1" name="10">E3382B6A21544C03B23552E84043A733</resource>
<resource id="0" type="1" name="10">02EF9E192F55B1B970B5A894C068C5DC</resource>
<resource id="0" type="1" name="10">6C17A1B99ACD02374AF61B396361B430</resource>
<resource id="0" type="1" name="10">D14591DA67A51E346B91E7600656AEA7</resource>
<resource id="0" type="1" name="10">011C6ED16ACB4DC46B4DF44005FB5EC3</resource>
<resource id="0" type="1" name="10">22643A9505A56B069EB4B371611EACD8</resource>
<resource id="0" type="1" name="10">D4742746CD02263535B0E1A250256B46</resource>
<resource id="0" type="1" name="10">BC4C88DCB309E3C4740E1E2488E94D93</resource>
<resource id="0" type="1" name="10">BE743AEB7A0B66DB50D4B4BCA06F25D3</resource>
<resource id="0" type="1" name="10">9B0D8E918F4D74B60D88F00F68565875</resource>
<resource id="0" type="1" name="10">FF9DA435637956C5E80B0845C9EA4D36</resource>
<resource id="0" type="1" name="10">154BC0506D993EDC97B2F5103C052009</resource>
<resource id="0" type="1" name="10">1B2A520AF7D2B911FA80AD122B5032F4</resource>
<resource id="0" type="1" name="10">399D1914A61AA0E1330757AE645DED7E</resource>
<resource id="0" type="1" name="10">FBC89C665E149B5CF1865EF48FB8D916</resource>
<resource id="0" type="1" name="10">79438F24B4D1B5FC1978FD55612E9B5B</resource>
<resource id="0" type="1" name="10">C7548B9FAE303DB9D12C921A9AE60FFA</resource>
<resource id="0" type="1" name="10">B00CB5CDFD5BE17756EF9ABC01198C07</resource>
<resource id="0" type="1" name="10">DBF94E02F2BE7BC54E4D68841C86700B</resource>
<resource id="0" type="1" name="10">A5C21062D577BE7E18F5C53596A1A509</resource>
<resource id="0" type="1" name="10">6B9EB151A1F11F98EF3A42B65DF4699B</resource>
<resource id="0" type="1" name="10">A2434F1408690B727C7643C77375F431</resource>
<resource id="0" type="1" name="10">479019C4B33CD047E7616BE11C259C88</resource>
<resource id="0" type="1" name="10">F20C08B113FC6ED06851D8B950904B05</resource>
<resource id="0" type="1" name="10">3C8EF3403E591C4DCA44D8FCE418C38E</resource>
<resource id="0" type="1" name="10">CBBD546133D0B02BA583C65413C6BC6F</resource>
<resource id="0" type="1" name="10">55EC6C603E56E6DB01A6F3894B402C73</resource>
<resource id="0" type="1" name="10">F22C1D8389B0377620FF1BBC10D3AE80</resource>
<resource id="0" type="1" name="10">6C442AE314625F3D64854A7C1CBA36F5</resource>
<resource id="0" type="1" name="10">1E3BD999F3727EDE7FEC53EE1FDA98A1</resource>
<resource id="0" type="1" name="10">B0BB1475C896C2AF080C296425694A90</resource>
<resource id="0" type="1" name="10">7EA944FF867D7A5F5E61ADCE6C8FC93F</resource>
<resource id="0" type="1" name="10">6129A042CACD74E0F0C81FBE14C3AE58</resource>
<resource id="0" type="1" name="10">D5F92E469B8C5167407304F2D8874BAB</resource>
<resource id="0" type="1" name="10">A2254D71F30DD4CD7E8DCDE0BE16C763</resource>
<resource id="0" type="1" name="10">358F214E250968CC031C55939688E620</resource>
<resource id="0" type="1" name="10">CEB01C8C564F22F5998FAF96B24C3EAE</resource>
<resource id="0" type="1" name="10">4CBFE99178EFDA38EBA3DF3CB048AF62</resource>
<resource id="0" type="1" name="10">1BA3F98E7C4AB9389DBF32009B4FC2E4</resource>
<resource id="0" type="1" name="10">81A51D91E4D5D2F3CAC667407DD0F10C</resource>
<resource id="0" type="1" name="10">572F311EA3C45509E5174758BEC84C67</resource>
<resource id="0" type="1" name="10">D217A9BB52ECA606D83E7A5D653C96F6</resource>
<resource id="0" type="1" name="10">03D5E7392D047800CDD3AA5695508BD9</resource>
<resource id="0" type="1" name="10">2448C3A71B68242B42E44F5A07933800</resource>
<resource id="0" type="1" name="10">1A973D5420B563AEC9730631842C3100</resource>
<resource id="0" type="1" name="10">B4AA26F1F89BEB4F11A6A3E226A1E056</resource>
<resource id="0" type="1" name="10">EDD239647A6FA9551AAA2DA58BE866C9</resource>
<resource id="0" type="1" name="10">D5E93D437E309149B11D2E82AB1E4F11</resource>
<resource id="0" type="1" name="10">E92159842313FB935BA3D4522F93E107</resource>
<resource id="0" type="1" name="10">D0FF39BB38F7D10B09EB154761CBF703</resource>
<resource id="0" type="1" name="10">97E6E94A014A210407000E326EEC7C52</resource>
<resource id="0" type="1" name="10">8A3E32532E6992D762B208FBF8AC750B</resource>
<resource id="0" type="1" name="10">EBE292D6C56A61E2CAB05756855F65BF</resource>
<resource id="0" type="1" name="10">35EF65177428564AC61813783F423CC6</resource>
<resource id="1" type="1" name="20">C931EB3CE69DD95FC1FCB47C3F73658B</resource>
<resource id="1" type="1" name="20">F3CB9D43BE7149A07EFDD32E72168B97</resource>
<resource id="1" type="1" name="20">A5DF136449E71051E787F7F2564B8158</resource>
<resource id="1" type="1" name="20">C3FEC2C43E7DFD935C90940D55BC274A</resource>
<resource id="1" type="1" name="20">58E1ED2B09B80CD6CEE38D26C90BFFEF</resource>
<resource id="1" type="1" name="20">6413D97BEE274B598C29084EE4C947AF</resource>
<resource id="1" type="1" name="20">726B2EA4D3A3C18FAB8B9A70A926FCBA</resource>
<resource id="1" type="1" name="20">A510252295828679049879AC3B32E26F</resource>
<resource id="1" type="1" name="20">344B352D9BFAB34DDFD5B9E3EBA40924</resource>
<resource id="1" type="1" name="20">94AE24A5A7CD8C7D665E21082C1F82BD</resource>
<resource id="1" type="1" name="20">5FF19ADD2BBFD24900C30590B723BCA2</resource>
<resource id="1" type="1" name="20">D453E2532C0E8AE4B2EC15E220B522D3</resource>
<resource id="1" type="1" name="20">3232EDF7C55B0C69281E8C14081F3005</resource>
<resource id="2" type="1" name="32">5E0424A037ED1CF4B86D9CAED970DFF9</resource>
<resource id="2" type="1" name="32">E90A939E1107E27E1D95C25E2EB0F65A</resource>
<resource id="2" type="1" name="32">44B38E737F03387A86DB70708B9C5C4A</resource>
<resource id="2" type="1" name="32">4C7576E8F541BB3E4915569E56509AE1</resource>
<resource id="2" type="1" name="32">7684234AAE030B0E361B77C545F619AD</resource>
<resource id="2" type="1" name="32">30678F5B06BC441A5BD8ED2848236144</resource>
<resource id="2" type="1" name="32">C50E91E6D59210580879F7BC5BD36D62</resource>
<resource id="2" type="1" name="32">011BDE7B9C82D9453B7222950F92B18B</resource>
<resource id="2" type="1" name="32">489350E7DBC2BD241EEEAF928C84198B</resource>
<resource id="2" type="1" name="32">A0873ADC85C929C39F54B1E889C20411</resource>
<resource id="2" type="1" name="32">02F5AA301D295FA4EE30646E84CCDC84</resource>
<resource id="2" type="1" name="32">619569EE7F33365F88C67E5792ED5545</resource>
<resource id="2" type="1" name="32">4AAC2B52C5AC1670EBDE434FD25A57E3</resource>
<resource id="3" type="1" name="40">A6A1FC387776122DA43D5D1FFC73AB14</resource>
<resource id="3" type="1" name="40">7537DC8AA212AE903A8CBA12E73C2819</resource>
<resource id="3" type="1" name="40">A26CAEE6F15E6536BC4DD217227D313D</resource>
<resource id="3" type="1" name="40">D9BBB1FC017CAF205D9A1092B05A8931</resource>
<resource id="3" type="1" name="40">5F8E7F65DDE26797265FF08C20E0F50E</resource>
<resource id="3" type="1" name="40">A20A4A65692AB511B9DC51AA02028B27</resource>
<resource id="3" type="1" name="40">2D8A3FDED4712D6AC221F9878E6A74FF</resource>
<resource id="3" type="1" name="40">5735C880F81FDECB98E3FB900933C3D5</resource>
<resource id="3" type="1" name="40">BB1FD2B9E0171148E824D98C02CC6E82</resource>
<resource id="3" type="1" name="40">FE0A80ADF462320DD46C4B02C7BD1041</resource>
<resource id="3" type="1" name="40">3CA321CD8113E0B8FEF6993E8E3B8759</resource>
<resource id="3" type="1" name="40">F33E761C82E8FCD44C5841ACF8EBDC81</resource>
<resource id="4" type="1" name="50">5F8E7F65DDE26797265FF08C20E0F50E</resource>
<resource id="4" type="1" name="50">A20A4A65692AB511B9DC51AA02028B27</resource>
<resource id="4" type="1" name="50">11D5D480A7B2C686AC2189DD34B9DB40</resource>
<resource id="4" type="1" name="50">ADDB99E27F9A3CAAD37DFA6D93824EFE</resource>
<resource id="4" type="1" name="50">39997C551CBD6B80C680353B064EFB23</resource>
<resource id="4" type="1" name="40">B2859863B159FCEFC043467ED11417D9</resource>
<resource id="5" type="1" name="60">2C67143AFC3909B3EACA8C11C187C904</resource>
<resource id="5" type="1" name="60">095C4AE7800A5BAF13B314129421C290</resource>
<resource id="5" type="1" name="60">4C367C5E16D12F80995F3B1CF127244E</resource>
<resource id="5" type="1" name="60">2F75B7DEFE46ACAC49BA80826711E295</resource>
<resource id="5" type="1" name="60">53EE7373CC8C75AC0B3E2651EE6C2397</resource>
<resource id="5" type="1" name="60">840AA4B2D92E1643D5A3368E83794D58</resource>
<resource id="6" type="1" name="70">24799CA590D42134E7103B06D46FD960</resource>
<resource id="6" type="1" name="70">E6C5053BA1C848D7E16701A2D08FB8C6</resource>
<resource id="7" type="1" name="100">A1ED7997BD50C296AAB05FCC8388A4E0</resource>
<resource id="7" type="1" name="100">8A992A1952774487BD0C0C6B7B1388F8</resource>
<resource id="7" type="1" name="100">60BF656112A8DA82519EF19AEB9F5E3B</resource>
<resource id="7" type="1" name="100">56860B98C85BB21038F01C1E194E6460</resource>
<resource id="7" type="1" name="100">2DBF9CC24FA6009561FAF807C21C0FBB</resource>
<resource id="7" type="1" name="100">8AE2737AE3E04FDF0082602BFDB29102</resource>
<resource id="7" type="1" name="100">06B51ACA3C7CE72714A04676359E72C3</resource>
<resource id="7" type="1" name="100">BC0D13EF4C056308DE3F06C5D45EDA52</resource>
<resource id="7" type="1" name="100">44C8C8006607D2BEFB077C0D606E00A9</resource>
<resource id="7" type="1" name="100">9CE845F74F9BCAE467F9437D7B05EF11</resource>
<resource id="7" type="1" name="100">E6E0262EF4FF2CAC9437DC0B1611C133</resource>
<resource id="7" type="1" name="100">4275F915E6034CDCB5F606B6DFDDAD7D</resource>
<resource id="7" type="1" name="100">03CA4863E2106A76D71E870B44E78D28</resource>
<resource id="7" type="1" name="100">ECEB823490EBCD43AE2B6FFF8C9F87ED</resource>
<resource id="7" type="1" name="100">467D35B1994FF99564D9C582BDA6BEDE</resource>
<resource id="7" type="1" name="100">A058DA3DFD64D65AC7395DA49AB9798B</resource>
<resource id="7" type="1" name="100">9C8CC2C612B616A435C747A92A4C3F2D</resource>
<resource id="7" type="1" name="100">7F1B5216B92533AF64D2649ED7A0C776</resource>
<resource id="7" type="1" name="100">7F1B5216B92533AF64D2649ED7A0C776</resource>
<resource id="7" type="1" name="100">EE62326BEE5D061EC1106369DC7FBBC0</resource>
<resource id="7" type="1" name="100">D0AA6B4D0CE81668F70DDCD94339F156</resource>
<resource id="7" type="1" name="100">F2797CB14A4023810217A1C77C5710C5</resource>
<resource id="7" type="1" name="100">8815C3B9C9BF1D41229ACAEC22728387</resource>
<resource id="7" type="1" name="100">1D6E85FDF0E89434EF4F5387F40693D6</resource>
<resource id="7" type="1" name="100">7B85CAEFFE313D9A1B1431E3ED805A5A</resource>
<resource id="7" type="1" name="100">B56D4711501D1B40EA415E105D9137A7</resource>
<resource id="7" type="1" name="100">B5F9D009156EBE07FB0F25C148E4A2A5</resource>
<resource id="7" type="1" name="100">FB983256140DD7C07A7957A5AB4DB997</resource>
<resource id="7" type="1" name="100">1DAFFB0D65AB793FAFCE375E6F8C93C4</resource>
<resource id="7" type="1" name="100">157E93F142DA0938BDFBEC079B473809</resource>
<resource id="7" type="1" name="100">B0681B3B4F35D66F842EC45712278844</resource>
<resource id="7" type="1" name="100">BA94CA63109CE80F7FF07F8B32F48BAD</resource>
<resource id="7" type="1" name="100">BACA0BD675B44B8DB1263E690E15ACBE</resource>
<resource id="7" type="1" name="100">BCA790B2BD380D03C12F6DB36844201B</resource>
<resource id="7" type="1" name="100">07719E9A1BFE3BDB00653C03C9646064</resource>
<resource id="7" type="1" name="100">DEE90234C613EA3A55C056BB02687B1C</resource>
<resource id="7" type="1" name="100">5AAC683855FE0EE3DBE9B1B2B36B5ECE</resource>
<resource id="7" type="1" name="100">29C7D5A955774F1B28CA51ED4538B931</resource>
<resource id="7" type="1" name="100">DB89345020D2E729450B05DF74BB2E99</resource>
<resource id="7" type="1" name="100">6E21109C959B09A054871214E7A2EB64</resource>
<resource id="7" type="1" name="100">29E12D9AB0E6DEDE8395C14600FAAA14</resource>
<resource id="7" type="1" name="100">D7A0796C0EB65BCE03FC7E9302132F50</resource>
<resource id="7" type="1" name="100">E05DADD071C308E892B2CDD494A92B4F</resource>
<resource id="7" type="1" name="100">3B1785B7485D77046F2BD14DD2D02D4E</resource>
<resource id="7" type="1" name="100">B80CBC64CB6E6ACF2BCEF757D3BE7B47</resource>
<resource id="7" type="1" name="100">35D0626505772B37FE3A883310D91D7A</resource>
<resource id="7" type="1" name="100">F918A9311FC55AA02733653E783EAF71</resource>
<resource id="7" type="1" name="100">E46C30C58F3CB44E236643F6EB6E85E5</resource>
<resource id="7" type="1" name="100">B796C796B3D8AC08799CBC5A4D104F9F</resource>
<resource id="7" type="1" name="100">846A77216562E12267837F95A0AD51C7</resource>
<resource id="7" type="1" name="100">99E5D6E15B7BA7337B6996D7FBE938EC</resource>
<resource id="7" type="1" name="100">A449F658F94FCAD046CD45CDC227F656</resource>
<resource id="7" type="1" name="100">282E7F4F550128BD16EAD0885EDA40C1</resource>
<resource id="7" type="1" name="100">C167923A143FCDC75DA6F69D71AA3937</resource>
<resource id="7" type="1" name="100">E3049F65F3ABC5632E8A18707645785F</resource>
<resource id="7" type="1" name="100">DC066CB931F579D516A1A37EF7D1A661</resource>
<resource id="7" type="1" name="100">D81A2466D8410C5ECC212F99BA3AFB7E</resource>
<resource id="7" type="1" name="100">BB1A64D7B7F2BB8D709978857A7BA08A</resource>
<resource id="7" type="1" name="100">00CFA6576E567CF775AD0567817685CA</resource>
<resource id="7" type="1" name="100">2BD1617E44BB44DB5F26DCEAC89C9B1E</resource>
<resource id="7" type="1" name="100">3F3A5A5B0D794E4B144C63C100CC57C2</resource>
<resource id="7" type="1" name="100">99419B12B8F7519179FCE2C8F083A092</resource>
<resource id="7" type="1" name="100">7E179152E2AE85BBAB0A0DDF1D4067CD</resource>
<resource id="7" type="1" name="100">4612876C7FDCFEC715337F0D167E6CAA</resource>
<resource id="7" type="1" name="100">8B8DE9C0798619DD7C151D951999FE57</resource>
<resource id="7" type="1" name="100">5101F6FB77200F2C4647607F8D807607</resource>
<resource id="7" type="1" name="100">39710FE2245A6211FC13C5DF75223B57</resource>
<resource id="7" type="1" name="100">D4C60781C5DF23D788C62B1FB2968CC2</resource>
<resource id="7" type="1" name="100">EB3A2CB47E8054B73D66E1D8E716009F</resource>
<resource id="7" type="1" name="100">2C2D5464A4233F4C255DE05F46701B33</resource>
<resource id="7" type="1" name="100">4A1546C9E094A221D6BA88BF4EAA3728</resource>
<resource id="7" type="1" name="100">08A537E9415A81733C1648B5F568D2F7</resource>
<resource id="7" type="1" name="100">75A0B1A202814178CB553CD89A739B0F</resource>
<resource id="7" type="1" name="100">8A2672BB14DEB958210FBC05C30145F4</resource>
<resource id="7" type="1" name="100">F7FE951D84798F911C72F1E0F871B56C</resource>
<resource id="7" type="1" name="100">B6C6FA376FA6DF020D146DF0A6763482</resource>
<resource id="7" type="1" name="100">6FC9EAE77EF4637E10DD3ABED06137D3</resource>
<resource id="7" type="1" name="100">9C96D4E394E3C1DE27E9CEC412D43F96</resource>
<resource id="7" type="1" name="100">2F56E8C9647325B52A2F40DE4D21EE0E</resource>
<resource id="7" type="1" name="100">17969F580FF0C708428DCA3E948405EC</resource>
<resource id="7" type="1" name="100">1E178242A43451F4E99A7D99A425C3EF</resource>
<resource id="7" type="1" name="100">1B18459A10D22AFC628779631DD377ED</resource>
<resource id="7" type="1" name="100">FAC5759F56FE23412DD8408882BDA5AD</resource>
<resource id="7" type="1" name="100">623599656EF92AB06FB114D5BD89FC80</resource>
<resource id="7" type="1" name="100">A39E2C6AB70ED5954F52FE31F7CB9647</resource>
<resource id="7" type="1" name="100">08674C0389647BCCE7A0C7B2A2385F86</resource>
<resource id="7" type="1" name="100">5CD093BE7B5B80F8F9BED61174E747DF</resource>
<resource id="7" type="1" name="100">AF072272EC49043084EAA03D85413C41</resource>
<resource id="7" type="1" name="100">19B41C0049693AD063140564A05A15D4</resource>
<resource id="7" type="1" name="100">583F03DF62CED4CE8FCE473E03A45AF8</resource>
<resource id="7" type="1" name="100">FA66DB1B92E0DF9EE1B2968AEFCD2BC7</resource>
<resource id="7" type="1" name="100">996969D9DD9B639D44504388D7B0128E</resource>
<resource id="7" type="1" name="100">CB89BB646689F03BBF0B69470DA1FEB6</resource>
<resource id="7" type="1" name="100">91E76CEA5EF0C6C4973CF6A025FB9AAA</resource>
<resource id="7" type="1" name="100">DAC5F0C754C4ED921E10792E6942FF23</resource>
<resource id="7" type="1" name="100">CF8B63BBBFE18A2B7266E74D8989F0B5</resource>
<resource id="7" type="1" name="100">F730C64DAAE0131A358FF51541E691CC</resource>
<resource id="7" type="1" name="100">B07E1536B478EA6B806C9263414BD9F7</resource>
<resource id="7" type="1" name="100">D522598072DC48BB6AEF6F0BB40B4CC2</resource>
<resource id="7" type="1" name="100">1BA76EAB257E68B286E564CBE07DCD26</resource>
<resource id="7" type="1" name="100">5BCA57194380C34002C0DD086A242EE7</resource>
<resource id="7" type="1" name="100">A0F1A9E664389E2FAE01C9519598ABBF</resource>
<resource id="7" type="1" name="100">AD4CDD3A5337E568D3F55E8F024B4526</resource>
<resource id="7" type="1" name="100">C219F66CFCCF208C3D9272B32C90A4EE</resource>
<resource id="7" type="1" name="100">17DE37ED86693CDA2140F01B194B5557</resource>
<resource id="7" type="1" name="100">A4FDE844456B29D6850DAF42A5807672</resource>
<resource id="7" type="1" name="100">D6312274160C34503BC625F9598F8E43</resource>
<resource id="7" type="1" name="100">380E8FA64D4DF8BA3F817E81C1087CBB</resource>
<resource id="7" type="1" name="100">7EE265D09E41EF3139D93B7050D10DBD</resource>
<resource id="7" type="1" name="100">53DF7815DD9AD3493275650237CB6BD8</resource>
<resource id="7" type="1" name="100">6CC3E2A7D3200766361CCE948CC2F693</resource>
<resource id="7" type="1" name="100">EDB68DFA3A0C4F34D1C2B24FE84CCE32</resource>
<resource id="7" type="1" name="100">80591A4642B92F1A9CBCD69A23111809</resource>
<resource id="7" type="1" name="100">D5AE730A7B7B2BB8E560FF844C93B49E</resource>
<resource id="7" type="1" name="100">69D95E2689633F96263753675856A576</resource>
<resource id="7" type="1" name="100">0DCE307B9A89BCF569E3AEF9FDA2DB7F</resource>
<resource id="7" type="1" name="100">77307C66ADA4BD02BFAD41A837011DEB</resource>
<resource id="7" type="1" name="100">6835F4C66937B5E1ACACF8839AFE6E52</resource>
<resource id="7" type="1" name="100">60B7EE275052309CFE13AC808ED31B51</resource>
<resource id="7" type="1" name="100">F227C2ABF18E255A547FCF87615B8E01</resource>
<resource id="7" type="1" name="100">BF163EDA3408D4EA99E1C49DE22BB4BF</resource>
<resource id="7" type="1" name="100">A75DBC888460875868739C709251BA83</resource>
<resource id="7" type="1" name="100">62C69EE86977F85A5883180553AADC18</resource>
<resource id="7" type="1" name="100">55189FF66957A034473AC7084B153CC1</resource>
<resource id="7" type="1" name="100">FB585460A906CF7229C078029C20E3E7</resource>
<resource id="7" type="1" name="100">12EC2FC8D86C65116BE55ADCD388DA88</resource>
<resource id="7" type="1" name="100">D7416167A3F1B4F5F2025F7E98D9C4DA</resource>
<resource id="7" type="1" name="100">057D1ED62042EF154B2430DFEC4D9A28</resource>
<resource id="7" type="1" name="100">75A9DD706983E639CE995713F0C8F81F</resource>
<resource id="7" type="1" name="100">AA9F1D12DA051B3C7E0677F15F7187B5</resource>
<resource id="7" type="1" name="100">2C5034D947E301BCAED257F1782281C4</resource>
<resource id="7" type="1" name="100">368D2E77FE3952DACCDCEF3BF254A9C8</resource>
<resource id="7" type="1" name="100">D4BA95484230181AF6BB70A658043FF3</resource>
<resource id="7" type="1" name="100">29D6C17E6CD15BFC90009AAA138D3864</resource>
<resource id="7" type="1" name="100">ABA82F41761F8A60CDE98838C6A552FC</resource>
<resource id="7" type="1" name="100">F2C0BDDEDFAC53630A528BC2FEEBF2DC</resource>
<resource id="7" type="1" name="100">A66AA3EA7848A5729A4D2EBEC5F9426D</resource>
<resource id="7" type="1" name="100">95F41B1D89E6AD15EC5012F74D49D7DE</resource>
<resource id="7" type="1" name="100">E8C2EA04B31E3E8E9E0EFB76E7E51615</resource>
<resource id="7" type="1" name="100">740B18E8E0D70DB3D0A5EC1D4B2883DF</resource>
<resource id="7" type="1" name="100">2A8F5C47916544CF12DF6F971D4BF804</resource>
<resource id="7" type="1" name="100">1075512898849EAF97D4E54B0FDE1E50</resource>
<resource id="7" type="1" name="100">00FB241D750DA51E810E5DF59E922900</resource>
<resource id="7" type="1" name="100">AB03342B57FAF4B4FC9244E3A9118E7A</resource>
<resource id="7" type="1" name="100">5E9E6BB6D9F5E46D32089F5A228C40F5</resource>
<resource id="7" type="1" name="100">CBF06ADD981DCA3588A1C8092DA52400</resource>
<resource id="7" type="1" name="100">885B5EACC906143F5A5FBC46FE8ADA47</resource>
<resource id="7" type="1" name="100">75CB594E565B7232DF391F8C06FB722F</resource>
<resource id="7" type="1" name="100">49CF37CE1395B81E15B3A9F162C4D34E</resource>
<resource id="7" type="1" name="100">D26FA664BC7A6B0F7DC53D4AA2468A71</resource>
<resource id="7" type="1" name="100">DD4092D5B47C9C2BE1DB2114E9F03557</resource>
<resource id="7" type="1" name="100">3C63650266399F0DD5DDC7481016D673</resource>
<resource id="7" type="1" name="100">F6E73653376433FDDD9AD55521BB6043</resource>
<resource id="7" type="1" name="100">5B697094E12F1CA8C053CEE1F534A826</resource>
<resource id="7" type="1" name="100">C91BAE1FC957C6B257B5D09057DFFB0C</resource>
<resource id="7" type="1" name="100">02B32306D0E4EBAD89F3FEB7D42B16E4</resource>
<resource id="7" type="1" name="100">FFB785FEBCC17D0E116D2EF6B4D4A2FC</resource>
<resource id="7" type="1" name="100">1C28E5FB4EED75FECD379EEA0BB86DBD</resource>
<resource id="7" type="1" name="100">714403D8593572CB9E2D5B610FFC6EB3</resource>
<resource id="8" type="1" name="110">C8AD15FFE7C53280184269F6FEC09504</resource>
<resource id="8" type="1" name="110">2E0885355CAC8A3390565C5DAFA6022B</resource>
<resource id="8" type="1" name="110">05BB37CC4531FE1654D1ABBDC646CEED</resource>
<resource id="8" type="1" name="110">32280A1FE2A95CB52E6D3F5996DFDB1C</resource>
<resource id="8" type="1" name="110">2E8B843FEEA3A5D376BDE41235300C99</resource>
<resource id="8" type="1" name="110">19B245C3B365A46ADD6C7E875CCA63B8</resource>
<resource id="8" type="1" name="110">D8D5BD5B0E73779900EE253E3CA73B40</resource>
<resource id="8" type="1" name="110">421607C11EFBCCB2ED2E18AFA3DA34A3</resource>
<resource id="8" type="1" name="110">E47F0BBBBAF6EC8A6BA89DE01F3340DD</resource>
<resource id="8" type="1" name="110">54F61D18E7F794580D5D821892B15C2A</resource>
<resource id="8" type="1" name="110">30DEC2B13BD7C0DD83D74A833AA650C7</resource>
<resource id="8" type="1" name="110">3CAC4EA2EEAE9680AB9004CB48FEB843</resource>
<resource id="8" type="1" name="110">29C19E1DE3090617C1F272B3FE4B956C</resource>
<resource id="8" type="1" name="110">44DEC974890AA54E1231F019810A5A7D</resource>
<resource id="8" type="1" name="110">5CBA59151FB1D307DB19D01113C7D644</resource>
<resource id="8" type="1" name="110">05F1A4100B82D174400D376E59EA4032</resource>
<resource id="8" type="1" name="110">44692635ADB994B18FD1BBE1B89EAE8A</resource>
<resource id="8" type="1" name="110">F2EFA3A7D7E1A0EA2222BC03326CE56B</resource>
<resource id="8" type="1" name="110">F0AD1B8815E933A2E34E770439574E68</resource>
<resource id="8" type="1" name="110">4402AAD7B76F97CD25A63556BD386F45</resource>
<resource id="8" type="1" name="110">94D2333F0ACE68BC98CE8B379445F469</resource>
<resource id="8" type="1" name="110">85477B0DAB461F62B51B79AF761BC042</resource>
<resource id="8" type="1" name="110">6F1D7A5156DA1D8D609C700D7F856C57</resource>
<resource id="9" type="1" name="200">063315629ADB9C84B22673219200D1F7</resource>
<resource id="9" type="1" name="200">93BA82BE92A45505EE061CCBA34E5ECF</resource>
<resource id="9" type="1" name="200">9D6C41957BE093DBD3F2E3FBF6E70609</resource>
<resource id="10" type="1" name="210">79789DC8EB29D34D2DC4CA4597678C96</resource>
<resource id="10" type="1" name="210">BD505B1D1A9C1E8B1FDB379637A2EB00</resource>
<resource id="10" type="1" name="210">472C9FAC5D5C06A7C524835FC8D5AB98</resource>
<resource id="10" type="1" name="210">875428C8A68F86911FD8D3B537BEDF87</resource>
<resource id="10" type="1" name="210">F780A82E83114AB86869E7AC81D68473</resource>
<resource id="10" type="1" name="210">8CFD33F4BFF0F19AAC8A8AF71B0CE30F</resource>
<resource id="11" type="1" name="300">5DDC94F3A935D7742D868238CB8EBCA8</resource>
<resource id="11" type="1" name="300">0EB4A39028CB3AE4D7E9CC62DAD71ACD</resource>
<resource id="11" type="1" name="300">32AFE38C0D0DC3FDF0C3C485887D3E43</resource>
<resource id="11" type="1" name="300">6748E3D22A0734B78EB691A3C360A767</resource>
<resource id="11" type="1" name="300">4A7CD59B1C3C1BAA90D7C6D3182990D0</resource>
<resource id="12" type="1" name="310">757E9E2E7CF80A929501A81F7CA1EB33</resource>
<resource id="12" type="1" name="310">CA16B16F5905D430078E613019FEAAB1</resource>
<resource id="12" type="1" name="310">C3B04343D9A1EBED8BE094B7D3DB2A9E</resource>
<resource id="12" type="1" name="310">C5AF786BFD9FD1C53C8FE9F0BD9CE38B</resource>
<resource id="12" type="1" name="310">0A451222F7037983439A58E3B44DB529</resource>
<resource id="12" type="1" name="310">90ED3AAC2A942E3067E6471B32860E77</resource>
<resource id="12" type="1" name="310">AF05DD5BD4C3B1FC94922C75ED4F9519</resource>
<resource id="13" type="1" name="320">77C64818523675C19429AEE1EC8A0544</resource>
<resource id="13" type="1" name="320">DE81BCCB6410C9E4ACB325F67F268BC5</resource>
<resource id="13" type="1" name="320">E9356775B7B8159CFAD335FA2C2B22D5</resource>
<resource id="13" type="1" name="320">41491A39D90ED5934E44C6A505F15EE5</resource>
<resource id="13" type="1" name="320">D7B0560BD281FF19FF0611E0D353E191</resource>
<resource id="13" type="1" name="320">F71DC11B5BA14E4E23B83041D878ADB3</resource>
<resource id="14" type="1" name="330">DAC970882C0B2BBF2BA730CDD029CC15</resource>
<resource id="14" type="1" name="330">7AF648367DBCFF7D2CEDB0129130831C</resource>
<resource id="14" type="1" name="330">3EB35BB107D7B980380FC299BCB78339</resource>
<resource id="14" type="1" name="330">541C3A8A0F459E81C477F257581D74B9</resource>
<resource id="14" type="1" name="330">5503D51A4796F866F06DB06D96B2B6F2</resource>
<resource id="14" type="1" name="330">B73040E84B34D849887B960439EE7B74</resource>
<resource id="14" type="1" name="330">D462755A29E7D78005E4F1E643BD3A23</resource>
<resource id="14" type="1" name="330">1470DD46FBC7A3CCF2ED443979BE87EF</resource>
<resource id="14" type="1" name="330">255247F964ABE807FCA929BE8D7636D1</resource>
<resource id="14" type="1" name="330">4174B6C6A8B32C89430A8B0142E55868</resource>
<resource id="14" type="1" name="330">B075E283F89FFF26DB1C1AACAF696EC1</resource>
<resource id="15" type="1" name="340">FE5312D721B8A2DA30D5C84E039651CB</resource>
<resource id="15" type="1" name="340">FFCA4B680C5BBC45B7218541811B2F23</resource>
<resource id="15" type="1" name="340">ACAB3C15838798165F41DEB1DD1B623E</resource>
<resource id="15" type="1" name="340">F6A9C501AAC7DCE9AC5CCF82BBDC404E</resource>
<resource id="15" type="1" name="340">3FAD76BA87D6EDE772739BE863C83B5A</resource>
<resource id="15" type="1" name="340">2E25811C524ABE0A72EA1240DA9E00FC</resource>
<resource id="15" type="1" name="340">2065035FBC5003C4369CCF7DCF3313A8</resource>
<resource id="15" type="1" name="340">C0B1A95D8E2191DE7DB362CC6405FE80</resource>
<resource id="15" type="1" name="340">C21C852B74B17597BE42E28D58739EFE</resource>
<resource id="15" type="1" name="340">29B291AD75C93524E2D6B72A2E77F183</resource>
<resource id="15" type="1" name="340">ADD1001134F11A0F1783F9719ECF0A34</resource>
<resource id="15" type="1" name="340">E7B4E12CE14DCBA2010746F8DDB16A58</resource>
<resource id="15" type="1" name="340">A160FBC7D6053ACACB1F0C1A413A4C45</resource>
<resource id="16" type="1" name="350">6295B471FE26A142E3F55CEA4A0AF053</resource>
<resource id="16" type="1" name="350">02BCEDCF1264C2D5217C8E741E94F037</resource>
<resource id="16" type="1" name="350">A7755A1FF142CD6A5A434E31C12BEE74</resource>
<resource id="16" type="1" name="350">5AA227AD281A94BDDA70072FFEEF26B7</resource>
<resource id="16" type="1" name="350">4E93012888E56D9DED57FDB88F7E76DA</resource>
<resource id="16" type="1" name="350">F4879D701A7E0C7E7000B8B306009F20</resource>
<resource id="17" type="1" name="360">D15F3AB6307B00B16A901CD1CDDB79E1</resource>
<resource id="17" type="1" name="360">73E41278C4BBBA3B306C7EB63CDEC358</resource>
<resource id="17" type="1" name="360">1E94BA78A024E8899C819B99B0D4CC2C</resource>
<resource id="17" type="1" name="360">65F2B0A5D69167E2E8EB76CDCFCC9BC9</resource>
<resource id="17" type="1" name="360">B65944552F5CA6302AB035DB1B24A771</resource>
<resource id="17" type="1" name="360">ADACC3DC9471484536AA1B262F72EFA0</resource>
<resource id="17" type="1" name="360">0A400870F302760354EB3EBEF58E9EB9</resource>
<resource id="17" type="1" name="360">F557CA256E937C9FD12E2F6C204F1A40</resource>
<resource id="17" type="1" name="360">CCC1BFCE314E6DD914F6C30502A30342</resource>
<resource id="17" type="1" name="360">05EF8D62DD1E5DF7DE6BA787B824ED44</resource>
<resource id="17" type="1" name="360">554CFE27588E9423F6E2C47A9640993B</resource>
<resource id="17" type="1" name="360">A8E18848F9EA6B3A299E1B6C805A7564</resource>
<resource id="18" type="1" name="370"></resource>
<resource id="19" type="1" name="380">0BA1831B7248135B589F5FDCD9B7CB9F</resource>
<resource id="19" type="1" name="380">DCC9157A17E21F817D3384818CEFDA0F</resource>
<resource id="19" type="1" name="380">D2D4506DB2896B8203998750A4010014</resource>
<resource id="19" type="1" name="380">C134274B538EE6DCEC8AF51297549355</resource>
<resource id="19" type="1" name="380">560F2FF1EDB5A5DD5CEA27A63C97A32B</resource>
<resource id="19" type="1" name="380">1BE7A9A07F9BEB7D9AA634EC9DCD7DE4</resource>
<resource id="19" type="1" name="380">E83070CA7104D41C9DBB4EB3956B94B5</resource>
<resource id="19" type="1" name="380">6CC98FDAB476552D89A6C810C9780248</resource>
<resource id="20" type="1" name="390">278767E0B269E408DC8AFFBE8EA44657</resource>
<resource id="20" type="1" name="390">BAB1CA8EFFB14E5C330B488965AB3050</resource>
<resource id="20" type="1" name="390">12D9198BAE7E3FF83A0A94F91191D73E</resource>
<resource id="20" type="1" name="390">75E2E64FBC4240B2F782A14A7D38FBF5</resource>
<resource id="22" type="1" name="">213F00823670FF279BCC72A79B0F00E3</resource>
<resource id="22" type="1" name="">F265AC589740F933A30F0AF7C4A048D6</resource>
<resource id="22" type="1" name="">D7ED7D03D3FE6F6505BEFA742304DBE6</resource>
<resource id="22" type="1" name="">5116A41F859EC654DD9BF609688CDCD1</resource>
<resource id="22" type="1" name="">8A407DC9759D8DD0C8B9B32E858CD63E</resource>
<resource id="22" type="1" name="">7D3CDB98C278F5E9E33389AC56BBA098</resource>
<resource id="22" type="1" name="">BE537B756D8E61AA684D75F46ED59685</resource>
<resource id="22" type="1" name="">43FB66072ADD8EB17ED080ACCCD6274F</resource>
<resource id="22" type="1" name="">11E050FA9184385D5D3EAEAD0028C659</resource>
<resource id="22" type="1" name="">BEF052A836721603944223065DF03278</resource>
<resource id="22" type="1" name="">DE6AD028F9014F7D62C3939EBA34C995</resource>
<resource id="22" type="1" name="">5EE01927605E4703CEE0F2E5D5812B90</resource>
<resource id="22" type="1" name="">86B067A58C669BF96610A854C15D2832</resource>
<resource id="22" type="1" name="">DE40ECFF2F08541E4A5A0D94470FFE86</resource>
<resource id="22" type="1" name="">C71D2B63FBE3F38BBA270A74853C64B4</resource>
<resource id="22" type="1" name="">7BD38937D4711B70B0B985F4F07FE8FD</resource>
<resource id="22" type="1" name="">6A13C17B50A406AFFF371A34E1B2C1AF</resource>
<resource id="23" type="1" name="">264EB6533830801B97488E747D891510</resource>
<resource id="23" type="1" name="">384A022AEBEFEC13B4218D882142DB1F</resource>
<resource id="23" type="1" name="">1016B022E1AB1094B4A0303761B8ED1F</resource>
<resource id="23" type="1" name="">C48F445A0E277DE95DF1014E61A75FCC</resource>
<resource id="23" type="1" name="">904C830A1260577B0780E72737777863</resource>
<resource id="23" type="1" name="">E663480F4094BF5C3CE27CD838EEBB0E</resource>
<resource id="24" type="1" name="">7CB87C9A0E0C15E8DA06336D44327D59</resource>
<resource id="25" type="1" name="">838D0D01192C393CD864CF8E7C391CD8</resource>
<resource id="25" type="1" name="">C1B6B44825A78BF2007808F813C4C25C</resource>
<resource id="25" type="1" name="">B4D9C8C7C549AEC53E5ED7D64349C783</resource>
<resource id="25" type="1" name="">63BDC75737FC8AAE202A5DBAFCF6CCF6</resource>
<resource id="25" type="1" name="">C8B08CDAF8B66217EC37DCEA2476C529</resource>
<resource id="25" type="1" name="">3872F93E6150BED21206FE2FE28618A5</resource>
<resource id="25" type="1" name="">0ED7649A7DE6DF5C640C9D6C7602A9DE</resource>
<resource id="26" type="1" name="">3B7DC7C94632D90387958DA410273467</resource>
<!-- manifests -->
<resource id="40" type="2" name="0">E16D70327CD8942745B3B399D8FAF30A</resource>
<resource id="40" type="2" name="0">4E541C7ED18BBD039CC07DAE957BFDAC</resource>
<resource id="40" type="2" name="0">56B9B0E1DB298119AD65CB5442791ED7</resource>
<resource id="40" type="2" name="0">B35DA7A899F8ECF7683B5FCE9A7F65F5</resource>
<resource id="40" type="2" name="0">EDEAFCF009FEEBA31F946506E1034CAF</resource>
<resource id="40" type="2" name="0">58F2BFCF0F3E0C1D62F5B7D72B5F40A1</resource>
<resource id="40" type="2" name="0">BD62B6F553A2D1D012CC53FC325221D2</resource>
<resource id="40" type="2" name="0">FF4C2C5BE3245F4C1BA2855987F1CDCF</resource>
<resource id="40" type="2" name="0">248EED9439A3553E10411A55D638B25F</resource>
</resources>
</xml>

282
static/PeStudio/settings.xml Normal file
View File

@ -0,0 +1,282 @@
<!-- This file is part of the pestudio solution (www.winitor.com)
This file contains general settings and the names of all XML files used by the solution.
Since pestudio does not write anything on the system it is running on, This file must be edited manually.-->
<xml version="1.0" encoding="utf-8">
<settings>
<setting>
<!-- 1: Enable, 0: Disable-->
<EnableDosStub>1</EnableDosStub>
<EnableDosHeader>1</EnableDosHeader>
<EnableFileHeader>1</EnableFileHeader>
<EnableOptionalHeader>1</EnableOptionalHeader>
<EnableDirectories>1</EnableDirectories>
<EnableSections>1</EnableSections>
<EnableImportedLibraries>1</EnableImportedLibraries>
<EnableImportedSymbols>1</EnableImportedSymbols>
<EnableExportedSymbols>1</EnableExportedSymbols>
<EnableExceptions>1</EnableExceptions>
<EnableRelocations>1</EnableRelocations>
<EnableThreadLocalStorage>1</EnableThreadLocalStorage>
<EnableCertificates>1</EnableCertificates>
<EnableResources>1</EnableResources>
<EnableStrings>1</EnableStrings>
<EnableDebug>1</EnableDebug>
<EnableManifest>1</EnableManifest>
<EnableVersion>1</EnableVersion>
<EnableFileSignature>1</EnableFileSignature>
<EnableOverview>1</EnableOverview>
<EnableOverlay>1</EnableOverlay>
<EnableOverlayScore>1</EnableOverlayScore>
<EnableXmlReport>1</EnableXmlReport>
<EnableOrdinalFunctionsMapping>1</EnableOrdinalFunctionsMapping>
<!-- 1: Show, 0: Hide -->
<ShowDosStub>1</ShowDosStub>
<ShowDosHeader>1</ShowDosHeader>
<ShowFileHeader>1</ShowFileHeader>
<ShowOptionalHeader>1</ShowOptionalHeader>
<ShowDirectories>1</ShowDirectories>
<ShowSections>1</ShowSections>
<ShowImportedLibraries>1</ShowImportedLibraries>
<ShowImportedSymbols>1</ShowImportedSymbols>
<ShowExportedSymbols>1</ShowExportedSymbols>
<ShowExceptions>1</ShowExceptions>
<ShowRelocations>1</ShowRelocations>
<ShowThreadLocalStorage>0</ShowThreadLocalStorage>
<ShowCertificates>1</ShowCertificates>
<ShowResources>1</ShowResources>
<ShowStrings>1</ShowStrings>
<ShowDebug>1</ShowDebug>
<ShowManifest>1</ShowManifest>
<ShowVersion>1</ShowVersion>
<ShowOverlay>1</ShowOverlay>
<ShowStringsOffset>0</ShowStringsOffset>
<!--
Set the default Item (in the left Tree) that should be shown when when an Image has loaded.
Possible values are:
0 (Image )
1 (Indicators )
2 (Virustotal )
3 (DOS Stub)
4 (DOS Header )
5 (File Header )
6 (Optional Header )
7 (Data Directories )
8 (Sections Headers )
9 (Imported Libraries )
10 (Imported Symbols )
11 (Exported Symbols)
12 (Resources)
13 (Strings)
14 (Version Information)
15 (Debug Information)
16 (Manifest)
17 (Exceptions)
18 (Thread Local Storage)
19 (Certificates)
20 (Relocations)
-->
<DefaultItem>7</DefaultItem>
<!--
1: Expand the Image when successfully opened
0: Compress the Image when successfully opened
-->
<ExpandImage>1</ExpandImage>
</setting>
</settings>
<!-- Settings related to VirusTotal functionality -->
<VirusTotal>
<!--
Set the "prefered" Virustotal Engine. Setting a "prefered" Engine will put the focus on it at the User Interface.
This features helps a fast identification of an Antivirus coverage of the malware analyzed.
Following (58) IDs will be used (Please do not modify theses IDs).
AVG = 1
AVware = 2
Ad-Aware = 3
AegisLab = 4
Agnitum = 5
AhnLab-V3 = 6
Aladdin
AntiVir = 7
Antiy-AVL = 8
Avast = 9
Baidu-International = 10
BitDefender = 11
Bkav = 12
Boost
BullGuard
ByteHero = 13
CAT-QuickHeal = 14
CMC = 15
ClamAV = 16
Commtouch = 17
Comodo = 18
DrWeb = 19
ESET-NOD32 = 20
Emsisoft = 21
eSafe = 22
F-Prot = 23
F-Secure = 24
Fortinet = 25
GData = 26
Ikarus = 27
Jiangmin = 28
K7AntiVirus = 29
K7GW = 30
Kaspersky = 31
KasperskyEndpoint
Kingsoft = 32
Malwarebytes = 33
McAfee = 34
McAfee-GW-Edition = 35
MicroWorld-eScan = 36
Microsoft = 37
Nano-Antivirus = 38
Norman = 39
nProtect = 40
Panda = 41
PcTools = 42
Qihoo-360 = 43
Rising = 44
SUPERAntiSpyware = 45
Sophos = 46
Symantec = 47
Tencent = 48
TheHacker = 49
TotalDefense = 50
TrendMicro = 51
TrendMicro-HouseCall= 52
VBA32 = 53
VIPRE = 54
ViRobot = 55
Zillya = 56
Zoner = 57
Cyren = 58
Avira = 59
ALYac = 60
Alibaba = 61
ReasonHeuristics
Outpost
QuickHeal
herdProtectFuzzy
BoostbyReason
Prevx
XVirus
Sunbelt
SafeCentral
WebWasherGateway
EmsisoftASquared
Filseclab
eTrustVet
STOPzilla
LavaSoft
MicrosoftSecurityEssentials
MicrosoftForefront
MicrosoftWindowsDefender
mSecure
Optenet
Prevention
Roboscan
SystemShield
Tencent
TrustPort
Twister
VexxGuard
ViRobot
VirusBokAda
VirusFighterPlus
ZoneAlarm
ZonerAntivirus
Zeobit
-->
<PreferedVirustotalEngine>0</PreferedVirustotalEngine>
<ShowVirusTotalLookup>1</ShowVirusTotalLookup>
<EnableVirusTotalLookup>1</EnableVirusTotalLookup>
</VirusTotal>
<Filters>
<!-- 0: Hide non-PE Images
1: Show non_PE Images -->
<Filter name="non_pe_image" id="0">0</Filter>
<!-- 0: Hide 32 bit Images
1: Show 32 bit Images -->
<Filter name="32bit" id="1">0</Filter>
<!-- 0: Hide 64 bit Images
1: Show 64 bit Images -->
<Filter name="64bit" id="2">0</Filter>
</Filters>
<WhiteSections>
<!--
1: Enable the detection WhiteList Sections
0: Disable the detection WhiteList Sections
-->
<Enable>1</Enable>
<sections>
<section>/4</section>
<section>/19</section>
<section>/35</section>
<section>/51</section>
<section>/63</section>
<section>/77</section>
<section>/89</section>
<section>/102</section>
<section>/113</section>
<section>/124</section>
<section>.textbss</section>
<section>.text</section>
<section>.bss</section>
<section>.rsrc</section>
<section>.rdata</section>
<section>.data</section>
<section>.idata</section>
<section>.idata2</section>
<section>.edata</section>
<section>.sdata</section>
<section>.reloc</section>
<section>.ndata</section>
<section>.sxdata</section>
<section>.tls</section>
<section>.pdata</section>
<section>.CRT</section>
<section>PAGE</section>
<section>DATA</section>
<section>BSS</section>
<section>INIT</section>
<section>CODE</section>
</sections>
</WhiteSections>
<XmlFiles>
<Thresholds>thresholds.xml</Thresholds>
<Features>features.xml</Features>
<Indicators>indicators.xml</Indicators>
<BlackListStrings>strings.xml</BlackListStrings>
<BlackListFunctions>functions.xml</BlackListFunctions>
<Languages>languages.xml</Languages>
<Translations>translations.xml</Translations>
<Signatures>signatures.xml</Signatures>
<KnownResources>resources.xml</KnownResources>
<WhiteListLibraries>whitelistlibraries.xml</WhiteListLibraries>
</XmlFiles>
</xml>

29105
static/PeStudio/signatures.xml Normal file
View File

File diff suppressed because it is too large Load Diff

3225
static/PeStudio/strings.xml Normal file
View File

File diff suppressed because it is too large Load Diff

302
static/PeStudio/thresholds.xml Normal file
View File

@ -0,0 +1,302 @@
<xml version="1.0" encoding="utf-8">
<!--
This file is part of the pestudio solution (www.winitor.com)
It contains the Thresholds used by the solution.-->
<settings>
<setting>
<enable>1</enable>
</setting>
</settings>
<thresholds>
<minimums>
<Image id="0">10240</Image>
<Header id="1">64</Header>
<DosStub id="2">20</DosStub>
<FileHeader id="3">20</FileHeader>
<OptionaHeader id="4">224</OptionaHeader>
<DataDirectory id="5">1</DataDirectory>
<String id="6">4</String>
<VersionInfo id="7">100</VersionInfo>
<BuiltinResource id="8">4</BuiltinResource>
<Code id="9">256</Code>
<Manifest id="10">80</Manifest>
<ResourceHtml id="11">128</ResourceHtml>
<CustomResource id="12">20</CustomResource>
<CustomDefault id="13">10</CustomDefault>
<DiskSection id="14">10</DiskSection>
<DigitalCertificate id="15">100</DigitalCertificate>
<InitializedData id="16">0</InitializedData>
<XY id="17"></XY>
<XY id="18"></XY>
<XY id="19"></XY>
<XY id="20"></XY>
<XY id="21"></XY>
<XY id="22"></XY>
<XY id="23"></XY>
<XY id="24"></XY>
<XY id="25"></XY>
<XY id="26"></XY>
<XY id="27"></XY>
<XY id="28"></XY>
<XY id="29"></XY>
<ImportedLibraries id="30">3</ImportedLibraries>
<ImportedSymbols id="31">10</ImportedSymbols>
<Sections id="32">1</Sections>
<ExportedSymbols id="33">0</ExportedSymbols>
<Strings id="34">100</Strings>
<Directories id="35">16</Directories>
<XXXXX id="36">2</XXXXX>
<EmptyDirectories id="37">15</EmptyDirectories>
<BlackListedStrings id="38">10</BlackListedStrings>
<VirustotalFileEnginesPositiv id="39">1</VirustotalFileEnginesPositiv>
<BlackListedImportedFunctions id="40">1</BlackListedImportedFunctions>
<BlackListedSectionNames id="41">1</BlackListedSectionNames>
<ObsolteteImportedFunctions id="42">1</ObsolteteImportedFunctions>
<HttpStrings id="43">0</HttpStrings>
<BlackListedExportedFunctions id="44">1</BlackListedExportedFunctions>
<UndocumentedFunctions id="45">1</UndocumentedFunctions>
<WritableAndExecutableSections id="46">0</WritableAndExecutableSections>
<ExecutableSections id="47">0</ExecutableSections>
<AntidebugFunctions id="48">0</AntidebugFunctions>
<OrdinalFunctions id="49">0</OrdinalFunctions>
<UnsafeFunctions id="50">0</UnsafeFunctions>
<ElevatedFunctions id="51">0</ElevatedFunctions>
<EmbeddedPeFiles id="52">0</EmbeddedPeFiles>
<RegisteredExceptionHandlers id="53">0</RegisteredExceptionHandlers>
<NamelessSections id="54">0</NamelessSections>
<SharedSections id="55">0</SharedSections>
<ResourceLanguages id="56">0</ResourceLanguages>
<SmtpStrings id="57">0</SmtpStrings>
<FtpStrings id="58">0</FtpStrings>
<RegexStrings id="59">0</RegexStrings>
<WindowsPrivilegesStrings id="60">0</WindowsPrivilegesStrings>
<OIDsStrings id="61">0</OIDsStrings>
<AntivirusStrings id="62">0</AntivirusStrings>
<VirustotalOverlayEnginesPositiv id="63">2</VirustotalOverlayEnginesPositiv>
<AvStrings id="64">0</AvStrings>
<PrivilegesStrings id="65">0</PrivilegesStrings>
<OidStrings id="66">0</OidStrings>
<AgentStrings id="67">0</AgentStrings>
<ExtensionStrings id="68">0</ExtensionStrings>
<SddlStrings id="69">0</SddlStrings>
<FolderStrings id="70">0</FolderStrings>
<GuidStrings id="71">0</GuidStrings>
<RegistryStrings id="72">0</RegistryStrings>
<OsStrings id="73">0</OsStrings>
<ProductsStrings id="74">0</ProductsStrings>
<SidStrings id="75">0</SidStrings>
<ProtocolStrings id="76">0</ProtocolStrings>
<FileExtensions id="77">0</FileExtensions>
<KeyboardKeys id="78">0</KeyboardKeys>
<DebugAge id="100">1</DebugAge>
<DebugTimeDateStampYear id="101">2009</DebugTimeDateStampYear>
<TimeDateStampYear id="102">2005</TimeDateStampYear>
<CertificateIssuerYear id="103">2009</CertificateIssuerYear>
<CertificateSubjectYear id="104">2009</CertificateSubjectYear>
<SecurityManagement id="150">0</SecurityManagement>
<Authorization id="151">0</Authorization>
<Registry id="152">0</Registry>
<MemoryManagement id="153">0</MemoryManagement>
<ToolHelp id="154">0</ToolHelp>
<Backup id="155">0</Backup>
<EventLogging id="156">0</EventLogging>
<EventTracing id="157">0</EventTracing>
<ErrorHandling id="158">0</ErrorHandling>
<DirectoryManagement id="159">0</DirectoryManagement>
<Debugging id="160">0</Debugging>
<Console id="161">0</Console>
<ImageHlp id="162">0</ImageHlp>
<Communication id="163">0</Communication>
<COM id="164">0</COM>
<SystemInformation id="165">0</SystemInformation>
<PackageQuery id="166">0</PackageQuery>
<Setup id="167">0</Setup>
<StructuredStorage id="168">0</StructuredStorage>
<Ddeml id="169">0</Ddeml>
<Clipboard id="170">0</Clipboard>
<WinINet id="171">0</WinINet>
<DynamicLibrary id="172">0</DynamicLibrary>
<ProcessAndThread id="173">1</ProcessAndThread>
<WinHttp id="174">1</WinHttp>
<Zw id="175">0</Zw>
<Rtl id="176">0</Rtl>
<Nt id="177">0</Nt>
<DhcpServerManagement id="178">0</DhcpServerManagement>
<NetworkManagement id="179">0</NetworkManagement>
<Dns id="180">0</Dns>
<MailSlot id="181">0</MailSlot>
<Rpc id="182">0</Rpc>
<Seh id="183">0</Seh>
<Service id="184">0</Service>
<FileManagement id="185">0</FileManagement>
<VideoCapture id="186">0</VideoCapture>
<Cabinet id="187">0</Cabinet>
<SingleInstanceStore id="188">0</SingleInstanceStore>
<PerformanceCounters id="189">0</PerformanceCounters>
<Atom id="190">0</Atom>
<DeviceManagement id="191">0</DeviceManagement>
<Ras id="192">0</Ras>
<RasScripting id="193">0</RasScripting>
<WinSnmp id="194">0</WinSnmp>
<RouterInformation id="195">0</RouterInformation>
<Ndr id="196">0</Ndr>
<PowerManagement id="197">0</PowerManagement>
<RemoteDesktop id="198">0</RemoteDesktop>
<Wlan id="199">0</Wlan>
<Snmp id="200">0</Snmp>
<WinDbgExt id="201">0</WinDbgExt>
<Dde id="202">0</Dde>
</minimums>
<maximums>
<Image id="0">10485760</Image>
<Header id="1">64</Header>
<DosStub id="2">2048</DosStub>
<FileHeader id="3">20</FileHeader>
<OptionaHeader id="4">260</OptionaHeader>
<DataDirectory id="5">16</DataDirectory>
<String id="6">256</String>
<VersionInfo id="7">6144</VersionInfo>
<BuiltinResource id="8">2000</BuiltinResource>
<Code id="9">-1</Code>
<Manifest id="10">3000</Manifest>
<ResourceHtml id="11">4096</ResourceHtml>
<CustomResource id="12">512000</CustomResource>
<CustomDefault id="13">512000</CustomDefault>
<DiskSection id="14">-1</DiskSection>
<DigitalCertificate id="15">8192</DigitalCertificate>
<InitializedData id="16">1048576</InitializedData>
<XY id="17"></XY>
<XY id="18"></XY>
<XY id="19"></XY>
<XY id="20"></XY>
<XY id="21"></XY>
<XY id="22"></XY>
<XY id="23"></XY>
<XY id="24"></XY>
<XY id="25"></XY>
<XY id="26"></XY>
<XY id="27"></XY>
<XY id="28"></XY>
<XY id="29"></XY>
<ImportedLibraries id="30">50</ImportedLibraries>
<ImportedSymbols id="31">500</ImportedSymbols>
<Sections id="32">15</Sections>
<ExportedSymbols id="33">3000</ExportedSymbols>
<Strings id="34">2000</Strings>
<Directories id="35">16</Directories>
<XXXXX id="36">24</XXXXX>
<EmptyDirectories id="37">15</EmptyDirectories>
<BlackListedStrings id="38">30</BlackListedStrings>
<VirustotalEnginesPositiv id="39">1</VirustotalEnginesPositiv>
<BlackListedImportedFunctions id="40">1</BlackListedImportedFunctions>
<BlackListedSectionNames id="41">1</BlackListedSectionNames>
<ObsolteteImportedFunctions id="42">5</ObsolteteImportedFunctions>
<HttpStrings id="43">5</HttpStrings>
<BlackListedExportedFunctions id="44">3</BlackListedExportedFunctions>
<UndocumentedFunctions id="45">3</UndocumentedFunctions>
<WritableAndExecutableSections id="46">0</WritableAndExecutableSections>
<ExecutableSections id="47">1</ExecutableSections>
<AntidebugFunctions id="48">1</AntidebugFunctions>
<OrdinalFunctions id="49">10</OrdinalFunctions>
<UnsafeFunctions id="50">5</UnsafeFunctions>
<ElevatedFunctions id="51">5</ElevatedFunctions>
<EmbeddedPeFiles id="52">1</EmbeddedPeFiles>
<RegisteredExceptionHandlers id="53">10</RegisteredExceptionHandlers>
<NamelessSections id="54">1</NamelessSections>
<SharedSections id="55">1</SharedSections>
<ResourceLanguages id="56">3</ResourceLanguages>
<SmtpStrings id="57">1</SmtpStrings>
<FtpStrings id="58">1</FtpStrings>
<RegexStrings id="59">1</RegexStrings>
<WindowsPrivilegesStrings id="60">1</WindowsPrivilegesStrings>
<OIDsStrings id="61">1</OIDsStrings>
<AntivirusStrings id="62">1</AntivirusStrings>
<VirustotalOverlayEnginesPositiv id="63">1</VirustotalOverlayEnginesPositiv>
<AvStrings id="64">1</AvStrings>
<PrivilegesStrings id="65">1</PrivilegesStrings>
<OidStrings id="66">1</OidStrings>
<AgentStrings id="67">1</AgentStrings>
<ExtensionStrings id="68">1</ExtensionStrings>
<SddlStrings id="69">1</SddlStrings>
<FolderStrings id="70">1</FolderStrings>
<GuidStrings id="71">1</GuidStrings>
<RegistryStrings id="72">1</RegistryStrings>
<OsStrings id="73">1</OsStrings>
<ProductsStrings id="74">1</ProductsStrings>
<SidStrings id="75">1</SidStrings>
<ProtocolStrings id="76">1</ProtocolStrings>
<FileExtensions id="77">5</FileExtensions>
<KeyboardKeys id="78">2</KeyboardKeys>
<DebugAge id="100">30</DebugAge>
<DebugTimeDateStampYear id="101">2015</DebugTimeDateStampYear>
<TimeDateStampYear id="102">2015</TimeDateStampYear>
<CertificateIssuerYear id="103">2013</CertificateIssuerYear>
<CertificateSubjectYear id="104">2013</CertificateSubjectYear>
<SecurityManagement id="150">1</SecurityManagement>
<Authorization id="151">1</Authorization>
<Registry id="152">1</Registry>
<MemoryManagement id="153">1</MemoryManagement>
<ToolHelp id="154">1</ToolHelp>
<Backup id="155">1</Backup>
<EventLogging id="156">1</EventLogging>
<EventTracing id="157">0</EventTracing>
<ErrorHandling id="158">1</ErrorHandling>
<DirectoryManagement id="159">1</DirectoryManagement>
<Debugging id="160">1</Debugging>
<Console id="161">1</Console>
<ImageHlp id="162">1</ImageHlp>
<Communication id="163">1</Communication>
<COM id="164">10</COM>
<SystemInformation id="165">5</SystemInformation>
<PackageQuery id="166">2</PackageQuery>
<Setup id="167">1</Setup>
<StructuredStorage id="168">3</StructuredStorage>
<Ddeml id="169">3</Ddeml>
<Clipboard id="170">3</Clipboard>
<WinINet id="171">3</WinINet>
<DynamicLibrary id="172">1</DynamicLibrary>
<ProcessAndThread id="173">1</ProcessAndThread>
<WinHttp id="174">1</WinHttp>
<Zw id="175">1</Zw>
<Rtl id="176">1</Rtl>
<Nt id="177">1</Nt>
<DhcpServerManagement id="178">1</DhcpServerManagement>
<NetworkManagement id="179">1</NetworkManagement>
<Dns id="180">1</Dns>
<MailSlot id="181">1</MailSlot>
<Rpc id="182">1</Rpc>
<Seh id="183">1</Seh>
<Service id="184">1</Service>
<FileManagement id="185">1</FileManagement>
<VideoCapture id="186">1</VideoCapture>
<Cabinet id="187">1</Cabinet>
<SingleInstanceStore id="188">1</SingleInstanceStore>
<PerformanceCounters id="189">1</PerformanceCounters>
<Atom id="190">1</Atom>
<DeviceManagement id="191">1</DeviceManagement>
<Ras id="192">1</Ras>
<RasScripting id="193">1</RasScripting>
<WinSnmp id="194">1</WinSnmp>
<RouterInformation id="195">1</RouterInformation>
<Ndr id="196">1</Ndr>
<PowerManagement id="197">1</PowerManagement>
<RemoteDesktop id="198">1</RemoteDesktop>
<Wlan id="199">1</Wlan>
<Snmp id="200">1</Snmp>
<WinDbgExt id="201">1</WinDbgExt>
<Dde id="202">1</Dde>
</maximums>
</thresholds>
</xml>

1397
static/PeStudio/translations.xml Normal file
View File

File diff suppressed because it is too large Load Diff

150
static/PeStudio/whitelistlibraries.xml Normal file
View File

@ -0,0 +1,150 @@
<!--
This file is part of the pestudio solution (www.winitor.com)
It contains the list of Images that will be detected as whitelisted by this solution.
-->
<xml version="1.0" encoding="utf-8">
<settings>
<setting>
<!--
1: Enable Whitelisting
0: Disable Whitelisting
-->
<enable>1</enable>
</setting>
</settings>
<libs>
<lib md5="">pestudio.exe</lib>
<lib md5="">pestudioprompt.exe</lib>
<lib md5="">peparser.dll</lib>
<lib md5="">sysmon.exe</lib>
<lib md5="">regjump.exe</lib>
<lib md5="">wget.exe</lib>
<lib md5="">write.exe</lib>
<lib md5="">procexp.exe</lib>
<lib md5="">autorunsc.exe</lib>
<lib md5="">autoruns.exe</lib>
<lib md5="">sigcheck.exe</lib>
<lib md5="3A582BF6FD39DC6A52AAF316126B40BA"></lib>
<lib md5="3B8A306B76EDEBB1897148A626B01B18"></lib>
<lib md5="AE4F49A47E42959D5E62E86653860A55"></lib>
<lib md5="827C0D36B22BFDBC8AB95B891687B19C"></lib>
<lib md5="42D58C5FA3AAA90B1E4D37E60E3B4414"></lib>
<lib md5="1685f978149d7ba8e039af9a4d5803c7"></lib>
<lib md5="CF8358CD12567B179AC8C2D2705CEFB7"></lib>
<lib md5="4099AA11ECDF111AEAAC5D0913C04C33"></lib>
<lib md5="CA93F62F8914379E34F5E2C0D412D5C7"></lib>
<lib md5="98C413E1A2FB6E5A4C101C25B3D0B275"></lib>
<lib md5="EE738FE9BCDD605821002CEC8C7206DB"></lib>
<lib md5="F7CC4EF1340AD8DF5959C056DF077C2F"></lib>
<lib md5="3C925CF43ADBC1C90E4F5DFD230111FD"></lib>
<lib md5="B3FDF6E7B0AECD48CA7E4921773FB606"></lib>
<lib md5="D5E37313F68ED509483286DAC8BDE28C"></lib>
<lib md5="6173C16AFC0DACD8DDD68913AC66DEEB"></lib>
<lib md5="15680D7B39C85A5F5D1AF1AD036BD7B3"></lib>
<lib md5="CB12CDFBC038C0A5756F0CD2244069E0"></lib>
<lib md5="371E896D818784934BD1456296B99CBE"></lib>
<lib md5="D081D5532D4DE8432B584D9E74B6E70B"></lib>
<lib md5="CD4EF5837EA80A902C5BBB357A666770"></lib>
<lib md5="5F2122888583347C9B81724CF169EFC6"></lib>
<lib md5="C191C746CD975CE2DD5F8B5E009F8385"></lib>
<lib md5="0222ABCC607EC3FFF3B5CA1E3EC06860"></lib>
<lib md5="A43B937C580F5DFC43EF63EF72992FE9"></lib>
<lib md5="DA24EDFC1D6C1B67C010D34652B7052F"></lib>
<lib md5="6098BA465FDF34F41E6DE0BAAC24F084"></lib>
<lib md5="2E4FDCAA39CE06CF8A4681A32C4A8D41"></lib>
<lib md5="FE2E5F179BD84F7F74D74F0982D603FA"></lib>
<lib md5="29120094728D4FCD7C13B0E0CC83E27C"></lib>
<lib md5="2EBBBFC120593C683796092F2DDA0EFC"></lib>
<lib md5="FE0E4CB610E10ED9BD4BD00F789D3F39"></lib>
<lib md5="1F6C145CDE15AED0DF45E0BB27E8AF4F"></lib>
<lib md5="1BCE2C02487972FF0D5E6702D79E7A75"></lib>
<lib md5="A51D90F2F9394F5EA0A3ACAE3BD2B219"></lib>
<lib md5="130F7190FA9C17F6C88B103A9B93D930"></lib>
<lib md5="970B99F2A41DD92E771806EE9A22217D"></lib>
<lib md5="60D4712EB290E5818B84AB51DD8D7B5E"></lib>
<lib md5="EC44C778A64DCD18BC98A7316E4664F0"></lib>
<lib md5="3539A6D037A61F395BDE4BE99AC8759E"></lib>
<lib md5="7E1CF52C347D8755E5CA5ED0E99B401E"></lib>
<lib md5="28BA63403FF070AFF7FABCA51ED7E606"></lib>
<lib md5="DC6612A9EE015A36BA2A27BC9CC12537"></lib>
<lib md5="2B9C29DE5729E5872CFAD16A69CCB5F7"></lib>
<lib md5="114E51EDCEEE385EDC6499E02A4307AA"></lib>
<lib md5="A09533A0395A06F47143CAFB6DCED04A"></lib>
<lib md5="A24743B58E597C95F71E22C8114D47A5"></lib>
<lib md5="5EEFF69B73FAFDA869268FDFDB8EC868"></lib>
<lib md5="0E3A80E445B6B68938E1BCBDFCE6FAD9"></lib>
<lib md5="AB11CEFE591909A85E98E27A230807C7"></lib>
<lib md5="713AD4CCD878ADF5C32938DB27BB632A"></lib>
<lib md5="FF89AC4A986B1B60EEA28CE8250AA726"></lib>
<lib md5="EBAE5AD60603BA61CADFDADA4B1AD295"></lib>
<lib md5="8873CADF101E4552E913F02A46ABE47A"></lib>
<lib md5="F5F647C9D26434FE2960A807FE65AE40"></lib>
<lib md5="2309E09B6B5668E9219C85E33B970FB7"></lib>
<lib md5="9E43D1A02DB51CEAD74B691EDE7327F4"></lib>
<lib md5="790616CF7854D0F8E0773B894262AA00"></lib>
<lib md5="CE8272F2C211F9FD407929CDDE8D1158"></lib>
<lib md5="15CF9B9C8FE7D7DD8EC835156AE3C52A"></lib>
<lib md5="6BD4D7F68924301051C22E8A951AECBA"></lib>
<lib md5="F157D08FD3EA1CAE564325F09C602FD1"></lib>
<lib md5="506708142BC63DABA64F2D3AD1DCD5BF"></lib>
<lib md5="BE19B603DFBAA829EE5B7749B3BA97DB"></lib>
<lib md5="EB1BAFF8F350C9297B284AFF6DFE22E0"></lib>
<lib md5="685824CAFB264AEED32A0D2126A019CB"></lib>
<lib md5="E2BB7AE580B4E6322289B11910E0E947"></lib>
<lib md5="3E5223A6AC897D866ACBD2D9DB6DB688"></lib>
<lib md5="64E56206F4E7124D8120D1B8F3F9160E"></lib>
<lib md5="7771F2D9DC83ED055D78424003B01DC4"></lib>
<lib md5="A1BEDC839FDC2E388A7F40B42F67A8AB"></lib>
<lib md5="FA65486D908171A7B9430A755300C028"></lib>
<lib md5="F400669EA3A973DC17C47AEC332A7D52"></lib>
<lib md5="1D8732BE4EB5DC5FBFA81C1289E7D6CB"></lib>
<lib md5="9B183AC0B0C513529D1E42EFD785106A"></lib>
<lib md5="E4DA42310D5D50867E98B6F2D8615CF0"></lib>
<lib md5="37BF71F8BBB696CB0FF0DB9002E31696"></lib>
<lib md5="C95086DFD00FFC4760C53E77BA0A8FB0"></lib>
<lib md5="9085758A20D78FFC737DB9FDA4CF2ECA"></lib>
<lib md5="F0F08D038581E91CA896F3B43E4516BD"></lib>
<lib md5="8D4AEC178A5C121D42AF14A59772577E"></lib>
<lib md5="86316BE34481C1ED5B792169312673FD"></lib>
<lib md5="A5DAD332DDD9326AE54448409089A189"></lib>
<lib md5="1AF01465AE9B8874D76B3B90A74DB698"></lib>
<lib md5="DBE287EB8D58E6322E9FB67110ED7122"></lib>
<lib md5="4BB95452EBB8080A794EE35341DD8DF6"></lib>
<lib md5="76043D9C27E08083AE3C2B5C5EA42E10"></lib>
<lib md5="EE738FE9BCDD605821002CEC8C7206DB"></lib>
<lib md5="0A8E209F3C1D1FB6889465D1019CC5BF"></lib>
<lib md5="8CC3C111D653E96F3EA1590891491D71"></lib>
<lib md5="B6051FDAB7DC811A2D6BE64A1579C735"></lib>
<lib md5="E72EFF1B793FE064F068E715EFB1B5CD"></lib>
<lib md5="0D50C42B88C74468D05EC4E228A5DAD3"></lib>
<lib md5="FC9015FC4596D90BFE0547AB96CB21B3"></lib>
<lib md5="76F3F6E03493DD045882AB730DDFF01D"></lib>
<lib md5="0A2039089376CED5A837E9969BC8E8C5"></lib>
<lib md5="D867517D8D6F4552FDFAA6934CAB969A"></lib>
<lib md5="9E9542A6DDF96AD1BF5070A27012D8D5"></lib>
<lib md5="105AC81F0A96544EB91CE67357DFC1BD"></lib>
<lib md5="A75BBFE51F2495BCE794BB5A943B4838"></lib>
<lib md5="6F850E6A06193716EFDA5104A36C3559"></lib>
<lib md5="079C6220DF781658844CC779F266BE77"></lib>
<lib md5="7A0DFC5353FF6DE7DE0208A29FA2FFC9"></lib>
<lib md5="EAD0CA54B72489FFD5D591DA606D3D43"></lib>
<lib md5="7F0F927BA0C05CEC33611819D8D1C34F"></lib>
<lib md5="8C10B48AA8FD9B56208D945B4E1EA028"></lib>
<lib md5="ABDDE302FBCED922DBE4E7294FAFEE06"></lib>
<lib md5="D2C97F9FECF037C69B37E5C289136A47"></lib>
<lib md5="98C46778FE9B96B73E1B0ECFF17E0DB5"></lib>
<lib md5="F5A342E2A5173FCB363ECEF75812EB5C"></lib>
<lib md5="B1D332585A6AAD3EF3D8A10A48FF8A3B"></lib>
<lib md5="7043AB955770A79916E0BE2E298C21DA"></lib>
<lib md5="C74259CD6EE524E3833CCE1291A7BF81"></lib>
<lib md5="2D55C5E512B6AC22FE9999B91BABEC38"></lib>
<lib md5="AC0A46FE6CF7A7A894EAF278E25FDF97"></lib>
<lib md5="F78A34C2E5A57A4B2667CF3FD5253ABB"></lib>
<lib md5="CC9605F35F87E1CB0D6F4321D390F73A"></lib>
<lib md5="08F489B5A7B1D6966B36D7C126B96B53"></lib>
<lib md5="E6CE0287A0715A518716092F309915F3"></lib>
</libs>
</xml>