fear/fear-ss
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

alpha

Browse Source
This commit is contained in:
dutixlf
2026-04-28 07:11:50 +05:00
parent c717c8b8c7
commit 49d7efbe77
154 changed files with 17054 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7137
xml/functions.xml Normal file
View File

File diff suppressed because it is too large Load Diff

160
xml/indicators.xml Normal file
View File

@@ -0,0 +1,160 @@
<!--
This file is part of the pestudio solution (www.winitor.com).
Usage of this file outside of the context of pestudio (e.g. in third-party application, tools chain, etc...) must be explicitely authorized.
Please note that this file can be modified when running pestudio.
-->
<xml version="1.0" encoding="utf-8" detail="">
<indicators>
<item enable="1" severity="3" id="1000" type="00" ti="----" detail="size: %i bytes, entropy: %.03f">file > info</item>
<item enable="1" severity="3" id="1001" type="10" ti="----" detail="%s, %s, %s">file > type</item>
<item enable="1" severity="3" id="1002" type="08" ti="----" detail="%s">file > description</item>
<item enable="1" severity="3" id="1003" type="--" ti="----" detail="%s">file > first %s bytes (hex)</item>
<item enable="1" severity="3" id="1004" type="--" ti="----" detail="%s">file > first %s bytes (text)</item>
<item enable="1" severity="1" id="1005" type="10" ti="----" detail="%i bytes">optional-header > size</item>
<item enable="1" severity="1" id="1006" type="09" ti="----" detail="%i bytes">file-header > size</item>
<item enable="0" severity="3" id="1007" type="09" ti="----" detail="%i bytes">sections > alignment</item>
<item enable="1" severity="3" id="1008" type="01" ti="----" detail="%s">file</item>
<item enable="1" severity="3" id="1009" type="01" ti="----" detail="%s">file > version</item>
<item enable="0" severity="3" id="1010" type="09" ti="----" detail="%i bytes">file > alignment</item>
<item enable="1" severity="3" id="1011" type="17" ti="----" detail="size: %i bytes, offset: 0x%08X, file-ratio: %.02f%%">certificate > info</item>
<item enable="1" severity="1" id="1012" type="17" ti="----" detail="%s">stamp-compiler > stamp-certificate</item>
<item enable="1" severity="3" id="1013" type="08" ti="----" detail="%s">rich-header > footprint</item>
<item enable="0" severity="3" id="1014" type="09" ti="----" detail="0x%08X">file > image-base</item>
<item enable="1" severity="3" id="1015" type="26" ti="----" detail="%s">overlay > first %s bytes (hex)</item>
<item enable="1" severity="3" id="1016" type="26" ti="----" detail="%s">overlay > first %s bytes (text)</item>
<item enable="1" severity="1" id="1017" type="26" ti="----" detail="signature: %s, offset: 0x%08X, size: %i bytes, entropy: %.03f">overlay > info</item>
<item enable="0" severity="3" id="1018" type="12" ti="----" detail="%s"></item>
<item enable="1" severity="3" id="1019" type="08" ti="----" detail="checksum: 0x%08X, offset: 0x%08X">rich-header > checksum</item>
<item enable="1" severity="3" id="1020" type="21" ti="----" detail="%s">resource > first %s bytes (hex)</item>
<item enable="1" severity="3" id="1021" type="21" ti="----" detail="%s">resource > first %s bytes (text)</item>
<item enable="1" severity="3" id="1022" type="00" ti="----" detail="%s">file > name</item>
<item enable="0" severity="2" id="1023" type="13" ti="----" detail="%s">libraries > duplicate</item>
<item enable="1" severity="3" id="1024" type="12" ti="----" detail="%s">entry-point > first %s bytes (hex)</item>
<item enable="1" severity="1" id="1025" type="13" ti="----" detail="%s">injection > technique</item>
<item enable="1" severity="3" id="1026" type="13" ti="----" detail="%s">libraries > bound</item>
<item enable="1" severity="3" id="1027" type="09" ti="----" detail="%s">file > code-less</item>
<item enable="1" severity="1" id="1028" type="20" ti="----" detail="signature: %s, offset: 0x%08X, size: %i bytes">resource > file</item>
<item enable="1" severity="1" id="1029" type="20" ti="----" detail="signature: %s, offset: 0x%08X, size: %i bytes">section > file</item>
<item enable="1" severity="3" id="1033" type="19" ti="----" detail="%s">thread-local-storage > callback</item>
<item enable="1" severity="1" id="1034" type="12" ti="----" detail="0x%08X">entry-point > invalid</item>
<item enable="1" severity="2" id="1035" type="26" ti="----" detail="%.03f">overlay > entropy</item>
<item enable="0" severity="2" id="1036" type="10" ti="----" detail="0x%08X">file > checksum</item>
<item enable="1" severity="1" id="1037" type="17" ti="----" detail="%i bytes">certificate > tail</item>
<item enable="1" severity="3" id="1038" type="17" ti="----" detail="%s">certificate > serial-number</item>
<item enable="0" severity="3" id="1040" type="17" ti="----" detail="%s">certificate > type</item>
<item enable="1" severity="2" id="1042" type="17" ti="----" detail="%s">certificate > stamp > valid-from</item>
<item enable="1" severity="3" id="1043" type="17" ti="----" detail="%i bytes">certificate > PKCS7 > size</item>
<item enable="1" severity="3" id="1044" type="17" ti="----" detail="%i bytes">certificate > PKCS7 > size > NULL-padding</item>
<item enable="1" severity="2" id="1045" type="15" ti="----" detail="%s">entry-point > export</item>
<item enable="1" severity="1" id="1046" type="17" ti="----" detail="%s">certificate > signature-info</item>
<item enable="1" severity="3" id="1047" type="17" ti="----" detail="%s">certificate</item>
<item enable="0" severity="2" id="1048" type="17" ti="----" detail="%s">certificate > issued-to > error</item>
<item enable="1" severity="3" id="1049" type="17" ti="----" detail="%s">certificate > stamp > signing</item>
<item enable="1" severity="3" id="1050" type="17" ti="----" detail="%s">certificate > stamp > valid-to</item>
<item enable="1" severity="2" id="1051" type="09" ti="----" detail="%s">file > network</item>
<item enable="1" severity="2" id="1052" type="09" ti="----" detail="%s">file > removable</item>
<item enable="1" severity="2" id="1053" type="17" ti="----" detail="%s (expired)">certificate > stamp</item>
<item enable="1" severity="3" id="1054" type="17" ti="----" detail="%s">certificate > first %s bytes (hex)</item>
<item enable="1" severity="3" id="1055" type="17" ti="----" detail="%s">certificate</item>
<item enable="1" severity="3" id="1056" type="10" ti="----" detail="%s">security > protection</item>
<item enable="1" severity="3" id="1057" type="21" ti="----" detail="%s">version > first %s bytes (hex)</item>
<item enable="1" severity="3" id="1058" type="21" ti="----" detail="%s">version > first %s bytes (text)</item>
<item enable="1" severity="3" id="1059" type="23" ti="----" detail="%s">first %s bytes (hex)</item>
<item enable="1" severity="3" id="1060" type="23" ti="----" detail="%s">first %s bytes (text)</item>
<item enable="0" severity="3" id="1061" type="10" ti="----" detail="%i">Exception handler > count</item>
<item enable="1" severity="1" id="1062" type="06" ti="----" detail="0x%08X">dos-header > offset > unusual</item>
<item enable="1" severity="3" id="1063" type="05" ti="----" detail="%s">virustotal > score</item>
<item enable="1" severity="1" id="1064" type="05" ti="----" detail="%i/%i">virustotal > score</item>
<item enable="1" severity="3" id="1065" type="05" ti="----" detail="%s">virustotal > score</item>
<item enable="1" severity="3" id="1066" type="05" ti="----" detail="%s">virustotal > permalink</item>
<item enable="1" severity="3" id="1067" type="05" ti="----" detail="%s">virustotal > scan-date</item>
<item enable="1" severity="2" id="1068" type="04" ti="----" detail="%s">mitre > technique</item>
<item enable="1" severity="3" id="1069" type="04" ti="----" detail="%s">mitre > tactic</item>
<item enable="1" severity="3" id="1070" type="09" ti="----" detail="0x%08X">file-header > offset</item>
<item enable="1" severity="3" id="1071" type="23" ti="----" detail="%s">debug > file-name</item>
<item enable="1" severity="2" id="1072" type="12" ti="----" detail="name: %s">section > virtualized</item>
<item enable="1" severity="2" id="1073" type="23" ti="----" detail="%s">debug > GUID</item>
<item enable="1" severity="2" id="1074" type="23" ti="----" detail="%s">stamp > debug</item>
<item enable="1" severity="3" id="1075" type="23" ti="----" detail="%i">debug > age</item>
<item enable="1" severity="3" id="1076" type="23" ti="----" detail="type: %s, size: %i bytes, file-ratio: %.02f%%, stamp: %s">debug > stream</item>
<item enable="1" severity="3" id="1077" type="23" ti="----" detail="%s">first %s bytes (hex)</item>
<item enable="1" severity="3" id="1078" type="23" ti="----" detail="%s">first %s bytes (text)</item>
<item enable="1" severity="3" id="1079" type="26" ti="----" detail="%s">overlay</item>
<item enable="1" severity="3" id="1080" type="21" ti="----" detail="%s">resource</item>
<item enable="1" severity="2" id="1081" type="10" ti="----" detail="%i bytes">optional-header > size-of-code</item>
<item enable="0" severity="2" id="1082" type="09" ti="----" detail="0x%08X">base-of-code > suspicious</item>
<item enable="0" severity="2" id="1083" type="09" ti="----" detail="0x%08X">file-alignment > suspicious</item>
<item enable="0" severity="2" id="1084" type="09" ti="----" detail="0x%08X">size-of-image > suspicious</item>
<item enable="1" severity="2" id="1085" type="09" ti="----" detail="0x%08X">size-of-headers > suspicious</item>
<item enable="1" severity="3" id="1210" type="10" ti="----" detail="%i">directories > count</item>
<item enable="1" severity="2" id="1211" type="10" ti="----" detail="count: %i">optional-header > directories</item>
<item enable="0" severity="3" id="1215" type="11" ti="----" detail="%.02f%%">sections > file-ratio</item>
<item enable="1" severity="3" id="1221" type="21" ti="----" detail="count: %i, size: %i bytes, file-ratio: %.02f%%">resources > info</item>
<item enable="0" severity="1" id="1222" type="12" ti="----" detail="name: %s">sections > executable</item>
<item enable="1" severity="2" id="1223" type="12" ti="----" detail="name: %s">section > writable</item>
<item enable="1" severity="3" id="1224" type="12" ti="----" detail="0x%08X (section: %s)">entry-point > location</item>
<item enable="0" severity="3" id="1234" type="21" ti="----" detail="%i">resources > instances > dotnet</item>
<item enable="1" severity="3" id="1236" type="21" ti="----" detail="%s">languages > names</item>
<item enable="1" severity="2" id="1245" type="12" ti="----" detail="name: %s">sections > flag</item>
<item enable="1" severity="3" id="1250" type="15" ti="----" detail="%s">exports</item>
<item enable="1" severity="3" id="1251" type="15" ti="----" detail="%s">exports > names</item>
<item enable="1" severity="2" id="1252" type="15" ti="----" detail="count: %i">exports > duplicates</item>
<item enable="1" severity="3" id="1253" type="15" ti="----" detail="%i">exports > count</item>
<item enable="1" severity="2" id="1254" type="15" ti="1574" detail="count: %i">exports > forwarded</item>
<item enable="1" severity="2" id="1256" type="15" ti="----" detail="count: %i">exports > anonymous</item>
<item enable="1" severity="2" id="1257" type="15" ti="----" detail="count: %i">exports > gaps</item>
<item enable="1" severity="3" id="1259" type="00" ti="----" detail="%s">exports > file-name</item>
<item enable="1" severity="2" id="1260" type="06" ti="----" detail="%s">dos-stub > message</item>
<item enable="1" severity="1" id="1261" type="24" ti="----" detail="%s">symbols > flag</item>
<item enable="1" severity="3" id="1262" type="14" ti="----" detail="%i">imports > count</item>
<item enable="1" severity="3" id="1264" type="14" ti="----" detail="%i">imports > ordinal > count</item>
<item enable="1" severity="1" id="1266" type="14" ti="----" detail="%s">imports > flag</item>
<item enable="1" severity="2" id="1267" type="24" ti="----" detail="size: %i bytes">string > suspicious</item>
<item enable="1" severity="2" id="1268" type="14" ti="----" detail="count: %i">imports > spoofing</item>
<item enable="1" severity="2" id="1269" type="13" ti="----" detail="%s (%s)">libraries > flag</item>
<item enable="1" severity="1" id="1270" type="13" ti="----" detail="%s">libraries > spoofing</item>
<item enable="1" severity="3" id="1271" type="01" ti="----" detail="%s">imphash > md5</item>
<item enable="0" severity="2" id="1272" type="14" ti="----" detail="%i">imports > callback</item>
<item enable="1" severity="2" id="1273" type="14" ti="----" detail="%s">imports</item>
<item enable="1" severity="1" id="1274" type="05" ti="----" detail="%s">dos-stub > suspicious</item>
<item enable="1" severity="3" id="1288" type="20" ti="----" detail="%s">.NET > property > missing</item>
<item enable="1" severity="2" id="1290" type="20" ti="----" detail="stream[%i]">.NET > stream > suspicous</item>
<item enable="1" severity="1" id="1291" type="20" ti="----" detail="%s">.NET > stream > flag</item>
<item enable="1" severity="3" id="1292" type="20" ti="----" detail="%s">.NET > module > name</item>
<item enable="1" severity="3" id="1293" type="20" ti="----" detail="%s">.NET > file >strongly-named</item>
<item enable="0" severity="3" id="1294" type="20" ti="----" detail="%i">.NET > methods > managed</item>
<item enable="1" severity="3" id="1296" type="13" ti="----" detail="%s">libraries > p/invoke</item>
<item enable="1" severity="1" id="1297" type="20" ti="----" detail="%s">.NET > file > obfuscated</item>
<item enable="1" severity="1" id="1298" type="20" ti="----" detail="%s">.NET > namespace > flag</item>
<item enable="1" severity="3" id="1300" type="20" ti="----" detail="%s">.NET > stream</item>
<item enable="1" severity="1" id="1301" type="11" ti="----" detail="%s">directory > missing</item>
<item enable="0" severity="3" id="1302" type="11" ti="----" detail="%s">directory > invalid</item>
<item enable="1" severity="3" id="1304" type="20" ti="----" detail="%s">.NET > assemby > GUID</item>
<item enable="1" severity="1" id="1306" type="11" ti="----" detail="%i/%i">directories > empty > count</item>
<item enable="1" severity="2" id="1320" type="11" ti="----" detail="%s">stamp > directory</item>
<item enable="1" severity="3" id="1321" type="09" ti="----" detail="%s">stamp > compiler</item>
<item enable="1" severity="1" id="1400" type="25" ti="----" detail="%s">manifest > privilege</item>
<item enable="1" severity="2" id="1401" type="25" ti="----" detail="%s">manifest > privilege</item>
<item enable="1" severity="1" id="1402" type="25" ti="----" detail="%s">manifest > UAC</item>
<item enable="1" severity="3" id="1404" type="25" ti="----" detail="name: %s, description: %s, severity: %s">manifest > general</item>
<item enable="0" severity="3" id="1423" type="09" ti="----" detail="%s">file > target</item>
<item enable="1" severity="3" id="1424" type="23" ti="----" detail="%s">file > internal > name</item>
<item enable="0" severity="3" id="1429" type="24" ti="----" detail="%i">strings > ignore > count</item>
<item enable="0" severity="2" id="1430" type="24" ti="----" detail="%i">strings > flag > count</item>
<item enable="1" severity="3" id="1431" type="24" ti="----" detail="%s">strings > status</item>
<item enable="1" severity="2" id="1434" type="24" ti="----" detail="%s">string > url-pattern</item>
<item enable="1" severity="2" id="1484" type="13" ti="----" detail="%s">libraries</item>
<item enable="1" severity="1" id="1486" type="21" ti="----" detail="%i bytes">version > size</item>
<item enable="1" severity="3" id="1487" type="21" ti="----" detail="%s">file-name > version</item>
<item enable="1" severity="2" id="1488" type="06" ti="----" detail="%i bytes">dos-header > unusual</item>
<item enable="1" severity="2" id="1489" type="06" ti="----" detail="%i bytes">dos-stub > size > unusual</item>
<item enable="1" severity="3" id="1490" type="--" ti="----" detail="%s">file > signature</item>
<item enable="1" severity="2" id="1491" type="24" ti="----" detail="%s">label > %s</item>
<item enable="1" severity="3" id="1492" type="02" ti="----" detail="%s">group > types</item>
<item enable="2" severity="1" id="1494" type="12" ti="----" detail="name: %i">sections > unreadable</item>
<item enable="2" severity="2" id="1495" type="12" ti="----" detail="name: %s">sections > shared</item>
<item enable="1" severity="1" id="1496" type="12" ti="----" detail="name: %s">sections > self-modifying</item>
<item enable="2" severity="2" id="1497" type="12" ti="----" detail="count: %i">sections > nameless</item>
</indicators>
</xml>

370
xml/languages.xml Normal file
View File

@@ -0,0 +1,370 @@
<!--
This file is part of the pestudio solution (www.winitor.com).
Any usage of this file outside of the context of pestudio (e.g. in third-party application, tools chain, etc...) must be explicitely authorized.
Please note that this file could be modified when running pestudio.
-->
<xml version="1.0" encoding="utf-8">
<langs>
<lang id="0x0C00" flag="0">neutral</lang>
<lang id="0x1400" flag="0">neutral</lang>
<lang id="0x007F" flag="0">neutral</lang>
<lang id="0x0800" flag="0">neutral</lang>
<lang id="0x1000" flag="0">neutral</lang>
<lang id="0x080c" flag="0">french-Belgium</lang>
<lang id="0x0C0C" flag="1">french-Canada</lang>
<lang id="0x040c" flag="0">french-France</lang>
<lang id="0x140C" flag="0">french-Luxembourg</lang>
<lang id="0x180C" flag="0">french-Monaco</lang>
<lang id="0x100C" flag="0">french-Switzerland</lang>
<lang id="0x2801" flag="1">Syria</lang>
<lang id="0x0401" flag="0">Saudi Arabia</lang>
<lang id="0x0436" flag="0">afrikaans</lang>
<lang id="0x041C" flag="1">albanian</lang>
<lang id="0x0484" flag="0">alsatian</lang>
<lang id="0x045E" flag="0">amharic</lang>
<lang id="0x1401" flag="0">arabic</lang>
<lang id="0x3C01" flag="0">arabic-Bahrain</lang>
<lang id="0x0C01" flag="0">arabic-Egypt</lang>
<lang id="0x0801" flag="0">arabic-Iraq</lang>
<lang id="0x2C01" flag="0">arabic-Jordan</lang>
<lang id="0x3401" flag="0">arabic-Kuwait</lang>
<lang id="0x3001" flag="0">arabic-Lebanon</lang>
<lang id="0x1001" flag="0">arabic-Libya</lang>
<lang id="0x1801" flag="0">arabic-Morocco</lang>
<lang id="0x2001" flag="0">arabic-Oman</lang>
<lang id="0x4001" flag="0">arabic-Qatar</lang>
<lang id="0x0401" flag="0">arabic-Saudi</lang>
<lang id="0x2801" flag="0">arabic-Syria</lang>
<lang id="0x1C01" flag="0">arabic-Tunisia</lang>
<lang id="0x3801" flag="0">arabic-UAE</lang>
<lang id="0x042B" flag="0">Armenian</lang>
<lang id="0x044D" flag="0">Assamese</lang>
<lang id="0x082C" flag="0">Azeri</lang>
<lang id="0x0445" flag="0">Bangla</lang>
<lang id="0x046D" flag="0">Bashkir</lang>
<lang id="0x042D" flag="0">Basque</lang>
<lang id="0x0423" flag="0">Belarusian</lang>
<lang id="0x781A" flag="1">Bosnian</lang>
<lang id="0x201A" flag="1">Bosnian</lang>
<lang id="0x047E" flag="1">Breton</lang>
<lang id="0x0402" flag="0">Bulgarian</lang>
<lang id="0x0492" flag="0">Central Kurdish</lang>
<lang id="0x045C" flag="0">Cherokee</lang>
<lang id="0x0403" flag="0">Catalan</lang>
<lang id="0x0C04" flag="1">chinese-Hong Kong</lang>
<lang id="0x1404" flag="1">chinese-Macao SAR</lang>
<lang id="0x1004" flag="1">chinese-Singapore</lang>
<lang id="0x0804" flag="1">chinese-simplified</lang>
<lang id="0x0404" flag="1">chinese-traditional</lang>
<lang id="0x0483" flag="0">Corsican</lang>
<lang id="0x001A" flag="0">Croatian-neutral</lang>
<lang id="0x101A" flag="0">Croatian-Bosnia-Herzegovina</lang>
<lang id="0x041A" flag="0">Croatian-Croatia</lang>
<lang id="0x0405" flag="1">Czech</lang>
<lang id="0x0406" flag="0">Danish-Denmark</lang>
<lang id="0x048C" flag="0">Dari</lang>
<lang id="0x0465" flag="1">Divehi-Maldives </lang>
<lang id="0x0813" flag="0">Belgium-Dutch</lang>
<lang id="0x0413" flag="0">netherlands</lang>
<lang id="0x0409" flag="0">English-US</lang>
<lang id="0x0C09" flag="0">English-Australia</lang>
<lang id="0x2809" flag="0">English-Belize</lang>
<lang id="0x1009" flag="0">English-Canada</lang>
<lang id="0x2409" flag="0">English-Caribbean</lang>
<lang id="0x4009" flag="0">English-India</lang>
<lang id="0x1809" flag="0">English-Ireland</lang>
<lang id="0x1809" flag="0">English-Ireland</lang>
<lang id="0x2009" flag="0">English-Jamaica</lang>
<lang id="0x4409" flag="0">English-Malaysia</lang>
<lang id="0x1409" flag="0">English-new-Zealand</lang>
<lang id="0x3409" flag="0">English-Philippines</lang>
<lang id="0x4809" flag="0">English-Singapore</lang>
<lang id="0x1c09" flag="0">English-South-Africa</lang>
<lang id="0x2C09" flag="0">English-Trinidad-Tobago</lang>
<lang id="0x0809" flag="0">English-UK</lang>
<lang id="0x3009" flag="0">English-Zimbabwe</lang>
<lang id="0x0425" flag="0">Estonian</lang>
<lang id="0x0438" flag="0">Faroese</lang>
<lang id="0x0464" flag="0">Filipino</lang>
<lang id="0x040B" flag="0">Finnish</lang>
<lang id="0x0462" flag="0">Frisian</lang>
<lang id="0x0456" flag="0">Galician</lang>
<lang id="0x0437" flag="0">Georgian</lang>
<lang id="0x0400" flag="0">neutral</lang>
<lang id="0x0407" flag="0">German</lang>
<lang id="0x0C07" flag="0">German-Austria</lang>
<lang id="0x1407" flag="0">German-Lichtenstein</lang>
<lang id="0x1007" flag="0">German-Luxembourg</lang>
<lang id="0x0807" flag="0">German-Switzerland</lang>
<lang id="0x0408" flag="0">Greek</lang>
<lang id="0x046F" flag="0">Greenlandic</lang>
<lang id="0x0447" flag="0">Gujarati</lang>
<lang id="0x0468" flag="0">Hausa</lang>
<lang id="0x0475" flag="1">Hawiian</lang>
<lang id="0x040D" flag="0">Hebrew</lang>
<lang id="0x0439" flag="0">Hindi</lang>
<lang id="0x040E" flag="0">Hungarian</lang>
<lang id="0x040F" flag="0">Icelandic</lang>
<lang id="0x0470" flag="0">Igb</lang>
<lang id="0x0421" flag="0">Indonesian</lang>
<lang id="0x085D" flag="0">Inuktitut</lang>
<lang id="0x083C" flag="0">Irish</lang>
<lang id="0x0434" flag="0">isiXhosa</lang>
<lang id="0x0435" flag="0">isiZulu</lang>
<lang id="0x0410" flag="0">Italian</lang>
<lang id="0x0411" flag="0">Japanese</lang>
<lang id="0x044B" flag="0">Kannada</lang>
<lang id="0x043F" flag="0">Kazakh</lang>
<lang id="0x0453" flag="0">Khmer</lang>
<lang id="0x0486" flag="0">Kiche</lang>
<lang id="0x0487" flag="0">Kinyarwanda</lang>
<lang id="0x0457" flag="0">Konkani</lang>
<lang id="0x0412" flag="1">Korean</lang>
<lang id="0x0440" flag="0">Kyrgyz</lang>
<lang id="0x0454" flag="0">Lao</lang>
<lang id="0x0426" flag="0">Latvian</lang>
<lang id="0x0427" flag="0">Lithuanian</lang>
<lang id="0x082E" flag="0">Lower-Sorbian</lang>
<lang id="0x046E" flag="0">Luxembourgish</lang>
<lang id="0x042F" flag="0">Macedonian</lang>
<lang id="0x083E" flag="0">Malay</lang>
<lang id="0x044C" flag="0">Malayalam</lang>
<lang id="0x043A" flag="0">Maltese</lang>
<lang id="0x0481" flag="1">Maori</lang>
<lang id="0x047A" flag="0">Mapudungun</lang>
<lang id="0x044E" flag="0">Marathi</lang>
<lang id="0x047C" flag="0">Mohawk</lang>
<lang id="0x0450" flag="0">Mongolian</lang>
<lang id="0x0461" flag="0">nepali</lang>
<lang id="0x0414" flag="0">norwegian</lang>
<lang id="0x0482" flag="0">Occitan</lang>
<lang id="0x0448" flag="0">Oriya</lang>
<lang id="0x0463" flag="0">Pashto</lang>
<lang id="0x0429" flag="0">Persian</lang>
<lang id="0x0415" flag="0">Polish</lang>
<lang id="0x0416" flag="0">Portuguese</lang>
<lang id="0x0867" flag="0">Pular</lang>
<lang id="0x0446" flag="0">Punjabi</lang>
<lang id="0x046B" flag="0">Quechua</lang>
<lang id="0x0418" flag="1">Romanian</lang>
<lang id="0x0417" flag="0">Romansh</lang>
<lang id="0x0419" flag="1">Russian</lang>
<lang id="0x0485" flag="0">Sakha</lang>
<lang id="0x243B" flag="0">Sami</lang>
<lang id="0x103B" flag="0">Sami</lang>
<lang id="0x0C3B" flag="0">Sami</lang>
<lang id="0x203B" flag="0">Sami</lang>
<lang id="0x183B" flag="0">Sami</lang>
<lang id="0x044F" flag="0">Sanskrit</lang>
<lang id="0x7C1A" flag="0">Serbian</lang>
<lang id="0x046C" flag="0">Sesotho-Leboa</lang>
<lang id="0x0832" flag="0">Setswana-Tswana</lang>
<lang id="0x0859" flag="0">Sindhi</lang>
<lang id="0x045B" flag="0">Sinhala</lang>
<lang id="0x041B" flag="1">Slovak</lang>
<lang id="0x0424" flag="1">Slovenian</lang>
<lang id="0x2C0A" flag="0">Spanish</lang>
<lang id="0x400A" flag="0">Spanish-Bolivia</lang>
<lang id="0x340A" flag="0">Spanish-Chile</lang>
<lang id="0x240A" flag="0">Spanish-Colombia</lang>
<lang id="0x140A" flag="0">Spanish-Costa-Rica</lang>
<lang id="0x1C0A" flag="0">Spanish-Dominican-Republic</lang>
<lang id="0x300A" flag="0">Spanish-Ecuador</lang>
<lang id="0x440A" flag="0">Spanish-El-Salvador</lang>
<lang id="0x100A" flag="0">Spanish-Guatemala</lang>
<lang id="0x480A" flag="0">Spanish-Honduras</lang>
<lang id="0x080A" flag="0">Spanish-Mexico</lang>
<lang id="0x4C0A" flag="0">Spanish-nicaragua</lang>
<lang id="0x180A" flag="0">Spanish-Panama</lang>
<lang id="0x3C0A" flag="0">Spanish-Paraguay</lang>
<lang id="0x280A" flag="0">Spanish-Peru</lang>
<lang id="0x500A" flag="0">Spanish-Puerto-Rico</lang>
<lang id="0x0C0A" flag="0">Spanish-Spain</lang>
<lang id="0x040A" flag="0">Spanish-Traditional</lang>
<lang id="0x540A" flag="0">Spanish-United-States</lang>
<lang id="0x380A" flag="0">Spanish-Uruguay</lang>
<lang id="0x200A" flag="0">Spanish-Venezuela</lang>
<lang id="0x0441" flag="0">swahili</lang>
<lang id="0x081D" flag="0">swedish</lang>
<lang id="0x041D" flag="0">Swedish</lang>
<lang id="0x045A" flag="0">Syria</lang>
<lang id="0x0428" flag="0">Tajik</lang>
<lang id="0x085F" flag="0">Tamazight</lang>
<lang id="0x0449" flag="0">Tamil</lang>
<lang id="0x0444" flag="0">Tatar</lang>
<lang id="0x044A" flag="1">Telugu</lang>
<lang id="0x041E" flag="0">Thai</lang>
<lang id="0x0451" flag="0">Tibetan</lang>
<lang id="0x0873" flag="0">Tigrinya</lang>
<lang id="0x041F" flag="0">Turkish</lang>
<lang id="0x0442" flag="0">Turkmen</lang>
<lang id="0x0422" flag="0">Ukrainian</lang>
<lang id="0x042E" flag="0">Upper-Sorbian</lang>
<lang id="0x0820" flag="0">Urdu</lang>
<lang id="0x0480" flag="0">Uyghur</lang>
<lang id="0x0843" flag="0">Uzbek</lang>
<lang id="0x0803" flag="0">Valencian</lang>
<lang id="0x042A" flag="0">Vietnamese</lang>
<lang id="0x0452" flag="0">Welsh</lang>
<lang id="0x0488" flag="0">Wolof</lang>
<lang id="0x0478" flag="0">Yi</lang>
<lang id="0x046A" flag="0">Yoruba</lang>
</langs>
<cps>
<cp id="037">IBM EBCDIC US-Canada</cp>
<cp id="437">OEM United States</cp>
<cp id="500">IBM EBCDIC International</cp>
<cp id="708">arabic</cp>
<cp id="709">arabic</cp>
<cp id="710">arabic</cp>
<cp id="720">arabic</cp>
<cp id="737">OEM Greek)</cp>
<cp id="775">OEM Baltic</cp>
<cp id="850">OEM Multilingual Latin 1</cp>
<cp id="852">OEM Latin 2</cp>
<cp id="855">OEM Cyrillic (primarily Russian)</cp>
<cp id="857">OEM Turkish</cp>
<cp id="858">OEM Multilingual Latin 1 + Euro symbol</cp>
<cp id="860">OEM Portuguese</cp>
<cp id="861">OEM Icelandic</cp>
<cp id="862">OEM Hebrew</cp>
<cp id="863">OEM french Canadian</cp>
<cp id="864">OEM arabic</cp>
<cp id="865">OEM nordic</cp>
<cp id="866">OEM Russian</cp>
<cp id="869">OEM Modern Greek</cp>
<cp id="870">IBM EBCDIC Multilingual</cp>
<cp id="874">ANSI/OEM Thai</cp>
<cp id="875">EBCDIC Greek Modern</cp>
<cp id="932">ANSI/OEM Japanese</cp>
<cp id="936">ANSI/OEM Simplified chinese</cp>
<cp id="949">ANSI/OEM Korean</cp>
<cp id="950">ANSI/OEM Traditional chinese</cp>
<cp id="1026">IBM EBCDIC Turkish (Latin 5)</cp>
<cp id="1047">IBM EBCDIC Latin 1/Open System</cp>
<cp id="1140">IBM EBCDIC US-Canada</cp>
<cp id="1141">IBM EBCDIC Germany</cp>
<cp id="1142">IBM EBCDIC Denmark-Norway</cp>
<cp id="1143">IBM EBCDIC Finland-Sweden</cp>
<cp id="1144">IBM EBCDIC Italy</cp>
<cp id="1145">IBM EBCDIC Latin America-Spain</cp>
<cp id="1146">IBM EBCDIC United Kingdom</cp>
<cp id="1147">IBM EBCDIC France</cp>
<cp id="1148">IBM EBCDIC International</cp>
<cp id="1149">IBM EBCDIC Icelandic</cp>
<cp id="1200">Unicode UTF-16, little endian</cp>
<cp id="1201">Unicode UTF-16, big endian</cp>
<cp id="1250">ANSI Central European</cp>
<cp id="1251">ANSI Cyrillic</cp>
<cp id="1252">ANSI Latin 1</cp>
<cp id="1253">ANSI Greek</cp>
<cp id="1254">ANSI Turkish</cp>
<cp id="1255">ANSI Hebrew</cp>
<cp id="1256">ANSI arabic</cp>
<cp id="1257">ANSI Baltic</cp>
<cp id="1258">ANSI/OEM Vietnamese</cp>
<cp id="1361">Korean (Johab)</cp>
<cp id="10000">MAC Roman</cp>
<cp id="10001">Japanese (Mac)</cp>
<cp id="10002">MAC Traditional chinese (Big5)</cp>
<cp id="10003">Korean</cp>
<cp id="10004">arabic</cp>
<cp id="10005">Hebrew</cp>
<cp id="10006">Greek</cp>
<cp id="10007">Cyrillic</cp>
<cp id="10008">MAC Simplified chinese</cp>
<cp id="10010">Romanian</cp>
<cp id="10017">Ukrainian</cp>
<cp id="10021">Thai</cp>
<cp id="10029">MAC Latin 2</cp>
<cp id="10079">Icelandic</cp>
<cp id="10081">Turkish</cp>
<cp id="10082">Croatian</cp>
<cp id="12000">UTF-32, little endian</cp>
<cp id="12001">Unicode UTF-32, big endian</cp>
<cp id="20000">CNS Taiwan</cp>
<cp id="20001">TCA Taiwan</cp>
<cp id="20002">Eten Taiwan</cp>
<cp id="20003">IBM5550 Taiwan</cp>
<cp id="20004">TeleText Taiwan</cp>
<cp id="20005">Wang Taiwan</cp>
<cp id="20105">IRV International Alphabet</cp>
<cp id="20106">IA5 German</cp>
<cp id="20107">IA5 Swedish</cp>
<cp id="20108">IA5 norwegian</cp>
<cp id="20127">US-ASCII</cp>
<cp id="20261">T.61</cp>
<cp id="20269">ISO 6937 non-Spacing Accent</cp>
<cp id="20273">IBM EBCDIC Germany</cp>
<cp id="20277">IBM EBCDIC Denmark-norway</cp>
<cp id="20278">IBM EBCDIC Finland-Sweden</cp>
<cp id="20280">IBM EBCDIC Italy</cp>
<cp id="20284">IBM EBCDIC Latin America-Spain</cp>
<cp id="20285">IBM EBCDIC United Kingdom</cp>
<cp id="20290">IBM EBCDIC Japanese Katakana Extended</cp>
<cp id="20297">IBM EBCDIC France</cp>
<cp id="20420">IBM EBCDIC arabic</cp>
<cp id="20423">IBM EBCDIC Greek</cp>
<cp id="20424">IBM EBCDIC Hebrew</cp>
<cp id="20833">IBM EBCDIC Korean Extended</cp>
<cp id="20838">IBM EBCDIC Thai</cp>
<cp id="20866">Russian</cp>
<cp id="20871">IBM EBCDIC Icelandic</cp>
<cp id="20880">IBM EBCDIC Cyrillic Russian</cp>
<cp id="20905">IBM EBCDIC Turkish</cp>
<cp id="20924">IBM EBCDIC Latin</cp>
<cp id="20932">Japanese</cp>
<cp id="20936">Simplified chinese</cp>
<cp id="20949">Korean Wansung</cp>
<cp id="21025">IBM EBCDIC Cyrillic Serbian-Bulgarian</cp>
<cp id="21027">deprecated</cp>
<cp id="21866">Ukrainian (KOI8-U)</cp>
<cp id="28591">ISO 8859-1 Latin 1</cp>
<cp id="28592">ISO 8859-2 Central European</cp>
<cp id="28593">ISO 8859-3 Latin 3</cp>
<cp id="28594">ISO 8859-4 Baltic</cp>
<cp id="28595">ISO 8859-5 Cyrillic</cp>
<cp id="28596">ISO 8859-6 arabic</cp>
<cp id="28597">SO 8859-7 Greek</cp>
<cp id="28598">ISO 8859-8 Hebrew</cp>
<cp id="28599">ISO 8859-9 Turkish</cp>
<cp id="28603">ISO 8859-13 Estonian</cp>
<cp id="28605">ISO 8859-15 Latin 9</cp>
<cp id="29001">Europa 3</cp>
<cp id="38598">ISO 8859-8 Hebrew</cp>
<cp id="50220">ISO 2022 Japanese</cp>
<cp id="50221">ISO 2022 Japanese</cp>
<cp id="50222">ISO 2022 Japanese</cp>
<cp id="50225">ISO 2022 Korean</cp>
<cp id="50227">ISO 2022 Simplified chinese</cp>
<cp id="50229">ISO 2022 Traditional chinese</cp>
<cp id="50930">EBCDIC Japanese Extended</cp>
<cp id="50931">EBCDIC US-Canada and Japanese</cp>
<cp id="50933">EBCDIC Korean Extended and Korean</cp>
<cp id="50935">EBCDIC Simplified chinese Extended and Simplified chinese</cp>
<cp id="50936">EBCDIC Simplified chinese</cp>
<cp id="50937">EBCDIC US-Canada and Traditional chinese</cp>
<cp id="50939">EBCDIC Japanese (Latin) Extended and Japanese</cp>
<cp id="51932">EUC Japanese</cp>
<cp id="51936">EUC Simplified chinese</cp>
<cp id="51949">EUC Korean</cp>
<cp id="51950">EUC Traditional chinese</cp>
<cp id="52936">HZ-GB2312 Simplified chinese</cp>
<cp id="54936">GB18030 Simplified chinese</cp>
<cp id="57002">ISCII Devanagari</cp>
<cp id="57003">ISCII Bengali</cp>
<cp id="57004">ISCII Tamil</cp>
<cp id="57005">ISCII Telugu</cp>
<cp id="57006">ISCII Assamese</cp>
<cp id="57007">ISCII Oriya</cp>
<cp id="57008">ISCII Kannada</cp>
<cp id="57009">ISCII Malayalam</cp>
<cp id="57010">ISCII Gujarati</cp>
<cp id="57011">ISCII Punjabi</cp>
<cp id="65000">Unicode (UTF-7)</cp>
<cp id="65001">Unicode (UTF-8)</cp>
</cps>
</xml>

21
xml/mitre-test.xml Normal file
View File

@@ -0,0 +1,21 @@
<!--
This file is part of the pestudio solution (www.winitor.com).
Any usage of this file outside of the context of pestudio (e.g. in third-party application, tools chain, etc...) must be explicitely authorized.
Please note that this file will be modified when running pestudio.
-->
<xml version="1.0" encoding="utf-8" md5="">
<mitre url="https://attack.mitre.org">
<tactics url="tactics">
<!-- based on https://attack.mitre.org/tactics/ -->
<ta id="0007" de="The adversary is trying to figure out your environment.">Discovery</ta>
</tactics>
<techniques url="techniques">
<!-- based on https://attack.mitre.org/techniques/ -->
<ti id="1057" ta="0007" flag="1" level="2" enable="1">Process Discovery</ti>
</techniques>
</mitre>
</xml>

280
xml/mitre.xml Normal file
View File

@@ -0,0 +1,280 @@
<!--
This file is part of the pestudio solution (www.winitor.com).
Any usage of this file outside of the context of pestudio (e.g. in third-party application, tools chain, etc...) must be explicitely authorized.
Please note that this file will be modified when running pestudio.
-->
<xml version="1.0" encoding="utf-8" md5="">
<mitre url="https://attack.mitre.org">
<tactics url="tactics">
<!-- based on https://attack.mitre.org/tactics/ -->
<ta id="0001" de="The adversary is trying to get into your network.">Initial Access</ta>
<ta id="0002" de="The adversary is trying to run malicious code.">Execution</ta>
<ta id="0003" de="The adversary is trying to maintain their foothold.">Persistence</ta>
<ta id="0004" de="The adversary is trying to gain higher-level permissions.">Privilege Escalation</ta>
<ta id="0005" de="The adversary is trying to avoid being detected.">Defense Evasion</ta>
<ta id="0006" de="The adversary is trying to steal account names and passwords.">Credential Access</ta>
<ta id="0007" de="The adversary is trying to figure out your environment.">Discovery</ta>
<ta id="0008" de="The adversary is trying to move through your environment.">Lateral Movement</ta>
<ta id="0009" de="The adversary is trying to gather data of interest to their goal.">Collection</ta>
<ta id="0010" de="The adversary is trying to steal data.">Exfiltration</ta>
<ta id="0011" de="The adversary is trying to communicate with compromised systems to control them.">Command and Control</ta>
<ta id="0040" de="The adversary is trying to manipulate, interrupt, or destroy your systems and data.">Impact</ta>
</tactics>
<techniques url="techniques">
<!-- based on https://attack.mitre.org/techniques/ -->
<ti id="1001" ta="0011" flag="1" level="2" enable="1">Data Obfuscation</ti>
<ti id="1002" ta="0010" flag="0" level="2" enable="1">Data Compression</ti>
<ti id="1003" ta="0006" flag="0" level="2" enable="1">Credential Dumping</ti>
<ti id="1004" ta="0003" flag="0" level="2" enable="1">Winlogon Helper DLL</ti>
<ti id="1005" ta="0009" flag="0" level="2" enable="1">Data from Local System</ti>
<ti id="1006" ta="0005" flag="0" level="2" enable="1">File System Logical</ti>
<ti id="1007" ta="0007" flag="0" level="2" enable="1">System Service Discovery</ti>
<ti id="1008" ta="0011" flag="0" level="2" enable="1">Fallback Channels</ti>
<ti id="1009" ta="0005" flag="0" level="2" enable="1">Binary Padding</ti>
<ti id="1010" ta="0007" flag="0" level="2" enable="1">Window Discovery</ti>
<ti id="1011" ta="0010" flag="1" level="2" enable="1">Network Exfiltration</ti>
<ti id="1012" ta="0007" flag="0" level="2" enable="1">Query Registry</ti>
<ti id="1013" ta="0003" flag="0" level="2" enable="1">Port Monitors</ti>
<ti id="1014" ta="0005" flag="0" level="2" enable="1">Rootkit</ti>
<ti id="1015" ta="0003" flag="0" level="2" enable="1">Accessibility Features</ti>
<ti id="1016" ta="0007" flag="0" level="2" enable="1">System Network Configuration Discovery</ti>
<ti id="1017" ta="0008" flag="0" level="2" enable="1">Application Deployment Software</ti>
<ti id="1018" ta="0007" flag="0" level="2" enable="1">Remote System Discovery</ti>
<ti id="1019" ta="0003" flag="0" level="2" enable="1">System Firmware</ti>
<ti id="1020" ta="0010" flag="0" level="2" enable="1">Automated Exfiltration</ti>
<ti id="1021" ta="0008" flag="0" level="2" enable="1">Remote Services</ti>
<ti id="1022" ta="0010" flag="1" level="2" enable="1">Data Encrypted</ti>
<ti id="1023" ta="0003" flag="0" level="2" enable="1">Shortcut Modification</ti>
<ti id="1024" ta="0011" flag="0" level="2" enable="1">Custom Cryptographic</ti>
<ti id="1025" ta="0009" flag="0" level="2" enable="1">Data from Removable Media</ti>
<ti id="1026" ta="0009" flag="0" level="2" enable="1">Multiband Communication</ti>
<ti id="1027" ta="0005" flag="1" level="2" enable="1">Obfuscated Files or Information</ti>
<ti id="1028" ta="0002" flag="0" level="2" enable="1">Windows Remote Management</ti>
<ti id="1029" ta="0010" flag="1" level="2" enable="1">Scheduled Transfer</ti>
<ti id="1030" ta="0010" flag="0" level="2" enable="1">Data Transfer Size Limits</ti>
<ti id="1031" ta="0003" flag="1" level="2" enable="1">Modify Existing Service</ti>
<ti id="1032" ta="0011" flag="0" level="2" enable="1">Standard Cryptographic Protocol</ti>
<ti id="1033" ta="0007" flag="0" level="2" enable="1">System Owner/User Discovery</ti>
<ti id="1034" ta="0003" flag="0" level="2" enable="1">Path Interception</ti>
<ti id="1035" ta="0002" flag="1" level="2" enable="1">Service Execution</ti>
<ti id="1036" ta="0005" flag="1" level="2" enable="1">Masquerading</ti>
<ti id="1037" ta="0008" flag="0" level="2" enable="1">Logon Scripts</ti>
<ti id="1038" ta="0003" flag="1" level="2" enable="1">DLL Search Order Hijacking</ti>
<ti id="1039" ta="0009" flag="0" level="2" enable="1">Data from Network Shared Drive</ti>
<ti id="1040" ta="0006" flag="1" level="2" enable="1">Network Sniffing</ti>
<ti id="1041" ta="0010" flag="0" level="2" enable="1">Exfiltration Over C2C</ti>
<ti id="1042" ta="0003" flag="0" level="2" enable="1">Change Default File Association</ti>
<ti id="1043" ta="0011" flag="0" level="2" enable="1">Commonly Used Port</ti>
<ti id="1044" ta="0003" flag="0" level="2" enable="1">File System Permissions Weakness</ti>
<ti id="1045" ta="0005" flag="0" level="2" enable="1">Software Packing</ti>
<ti id="1046" ta="0007" flag="0" level="2" enable="1">Network Service Scanning</ti>
<ti id="1047" ta="0002" flag="0" level="2" enable="1">Windows Management Instrumentation</ti>
<ti id="1048" ta="0010" flag="0" level="2" enable="1">Exfiltration Over Alternative Protocol</ti>
<ti id="1049" ta="0007" flag="0" level="2" enable="1">System Network Connections Discovery</ti>
<ti id="1050" ta="0003" flag="0" level="2" enable="1">New Service</ti>
<ti id="1051" ta="0008" flag="0" level="2" enable="1">Shared Webroot</ti>
<ti id="1052" ta="0010" flag="1" level="2" enable="1">Exfiltration Over Physical Medium</ti>
<ti id="1053" ta="0002" flag="0" level="2" enable="1">Scheduled Task</ti>
<ti id="1054" ta="0005" flag="0" level="2" enable="1">Indicator Blocking</ti>
<ti id="1055" ta="0005" flag="1" level="2" enable="1">Process Injection</ti>
<ti id="1056" ta="0009" flag="1" level="2" enable="1">Input Capture</ti>
<ti id="1057" ta="0007" flag="1" level="2" enable="1">Process Discovery</ti>
<ti id="1058" ta="0003" flag="0" level="2" enable="1">Service Registry Permissions Weakness</ti>
<ti id="1059" ta="0002" flag="0" level="2" enable="1">Command-Line Interface</ti>
<ti id="1060" ta="0003" flag="1" level="2" enable="1">Registry Run Keys / Startup Folder</ti>
<ti id="1061" ta="0002" flag="0" level="2" enable="1">Graphical User Interface</ti>
<ti id="1062" ta="0003" flag="0" level="2" enable="1">Hypervisor</ti>
<ti id="1063" ta="0007" flag="0" level="2" enable="1">Security Software Discovery</ti>
<ti id="1064" ta="0005" flag="0" level="2" enable="1">Scripting</ti>
<ti id="1065" ta="0011" flag="0" level="2" enable="1">Uncommonly Used Port</ti>
<ti id="1066" ta="0005" flag="0" level="2" enable="1">Indicator Removal from Tools</ti>
<ti id="1067" ta="0003" flag="0" level="2" enable="1">Bootkit</ti>
<ti id="1068" ta="0004" flag="1" level="2" enable="1">Exploitation for Privilege Escalation</ti>
<ti id="1069" ta="0007" flag="1" level="2" enable="1">Permission Groups Discovery</ti>
<ti id="1070" ta="0005" flag="1" level="2" enable="1">Indicator Removal | File Deletion</ti>
<ti id="1071" ta="0011" flag="0" level="2" enable="1">Standard Application Layer Protocol</ti>
<ti id="1072" ta="0002" flag="0" level="2" enable="1">Third-party Software</ti>
<ti id="1073" ta="0005" flag="0" level="2" enable="1">DLL Side-Loading</ti>
<ti id="1074" ta="0009" flag="0" level="2" enable="1">Data Staged</ti>
<ti id="1075" ta="0008" flag="1" level="2" enable="1">Pass the Hash</ti>
<ti id="1076" ta="0008" flag="0" level="2" enable="1">Remote Desktop Protocol</ti>
<ti id="1077" ta="0008" flag="0" level="2" enable="1">Windows Admin Shares</ti>
<ti id="1078" ta="0005" flag="0" level="2" enable="1">Valid Accounts</ti>
<ti id="1079" ta="0011" flag="0" level="2" enable="1">Multilayer Encryption</ti>
<ti id="1080" ta="0008" flag="0" level="2" enable="1">Taint Shared Content</ti>
<ti id="1081" ta="0006" flag="0" level="2" enable="1">Credentials in Files</ti>
<ti id="1082" ta="0007" flag="0" level="2" enable="1">System Information Discovery</ti>
<ti id="1083" ta="0007" flag="1" level="2" enable="1">File and Directory Discovery</ti>
<ti id="1084" ta="0003" flag="1" level="2" enable="1">WMI Event Subscription</ti>
<ti id="1085" ta="0005" flag="1" level="2" enable="1">Rundll32</ti>
<ti id="1086" ta="0002" flag="1" level="2" enable="1">PowerShell</ti>
<ti id="1087" ta="0007" flag="1" level="2" enable="1">Account Discovery</ti>
<ti id="1088" ta="0005" flag="1" level="2" enable="1">Bypass User Account Control</ti>
<ti id="1089" ta="0005" flag="1" level="2" enable="1">Disabling Security Tools</ti>
<ti id="1090" ta="0011" flag="0" level="2" enable="1">Connection Proxy</ti>
<ti id="1091" ta="0001" flag="0" level="2" enable="1">Replication Through Removable Media</ti>
<ti id="1092" ta="0011" flag="0" level="2" enable="1">Communication Through Removable Media</ti>
<ti id="1093" ta="0005" flag="0" level="2" enable="1">Process Hollowing</ti>
<ti id="1094" ta="0011" flag="0" level="2" enable="1">Custom C2C Protocol</ti>
<ti id="1095" ta="0011" flag="0" level="2" enable="1">Standard Non-Application Layer Protocol</ti>
<ti id="1096" ta="0005" flag="0" level="2" enable="1">NTFS File Attributes</ti>
<ti id="1097" ta="0008" flag="0" level="2" enable="1">Pass the Ticket</ti>
<ti id="1098" ta="0006" flag="0" level="2" enable="1">Account Manipulation</ti>
<ti id="1099" ta="0005" flag="0" level="2" enable="1">Timestomp</ti>
<ti id="1100" ta="0003" flag="0" level="2" enable="1">Web Shell</ti>
<ti id="1101" ta="0003" flag="0" level="2" enable="1">Security Support Provider</ti>
<ti id="1102" ta="0011" flag="0" level="2" enable="1">Web Service</ti>
<ti id="1103" ta="0003" flag="0" level="2" enable="1">AppInit DLLs</ti>
<ti id="1104" ta="0011" flag="0" level="2" enable="1">Multi-Stage Channels</ti>
<ti id="1105" ta="0011" flag="0" level="2" enable="1">Remote File Copy</ti>
<ti id="1106" ta="0002" flag="1" level="1" enable="1">Execution through API</ti>
<ti id="1107" ta="0005" flag="1" level="2" enable="1">File Deletion</ti>
<ti id="1108" ta="0005" flag="0" level="2" enable="1">Redundant Access</ti>
<ti id="1109" ta="0005" flag="0" level="2" enable="1">Component Firmware</ti>
<ti id="1110" ta="0006" flag="0" level="2" enable="1">Brute Force</ti>
<ti id="1111" ta="0006" flag="0" level="2" enable="1">Two-Factor Authentication Interception</ti>
<ti id="1112" ta="0005" flag="1" level="2" enable="1">Modify Registry</ti>
<ti id="1113" ta="0009" flag="1" level="2" enable="1">Screen Capture</ti>
<ti id="1114" ta="0009" flag="0" level="2" enable="1">Email Collection</ti>
<ti id="1115" ta="0009" flag="0" level="2" enable="1">Clipboard Data</ti>
<ti id="1116" ta="0005" flag="0" level="2" enable="1">Code Signing</ti>
<ti id="1117" ta="0005" flag="0" level="2" enable="1">Regsvr32</ti>
<ti id="1118" ta="0005" flag="0" level="2" enable="1">InstallUtil</ti>
<ti id="1119" ta="0009" flag="0" level="2" enable="1">Automated Collection</ti>
<ti id="1120" ta="0007" flag="0" level="2" enable="1">Peripheral Device Discovery</ti>
<ti id="1121" ta="0005" flag="0" level="2" enable="1">Regsvcs/Regasm</ti>
<ti id="1122" ta="0005" flag="0" level="2" enable="1">Component Object Model Hijacking</ti>
<ti id="1123" ta="0009" flag="0" level="2" enable="1">Audio Capture</ti>
<ti id="1124" ta="0007" flag="0" level="2" enable="1">System Time Discovery</ti>
<ti id="1125" ta="0009" flag="0" level="2" enable="1">Video Capture</ti>
<ti id="1126" ta="0005" flag="0" level="2" enable="1">Network Share Connection Removal</ti>
<ti id="1127" ta="0005" flag="0" level="2" enable="1">Trusted Developer Utilities</ti>
<ti id="1128" ta="0003" flag="0" level="2" enable="1">Netsh Helper DLL</ti>
<ti id="1129" ta="0002" flag="0" level="2" enable="1">Execution through Module Load</ti>
<ti id="1130" ta="0005" flag="1" level="2" enable="1">Install Root Certificate</ti>
<ti id="1131" ta="0003" flag="0" level="2" enable="1">Authentication Package</ti>
<ti id="1132" ta="0011" flag="1" level="2" enable="1">Data Encoding</ti>
<ti id="1133" ta="0001" flag="0" level="2" enable="1">External Remote Services</ti>
<ti id="1134" ta="0005" flag="1" level="2" enable="1">Access Token Manipulation</ti>
<ti id="1135" ta="0007" flag="0" level="2" enable="1">Network Share Discovery</ti>
<ti id="1136" ta="0003" flag="1" level="2" enable="1">Create Account</ti>
<ti id="1137" ta="0003" flag="0" level="2" enable="1">Office Application Startup</ti>
<ti id="1138" ta="0003" flag="0" level="2" enable="1">Application Shimming</ti>
<ti id="1139" ta="0006" flag="0" level="2" enable="1">Bash History</ti>
<ti id="1140" ta="0005" flag="0" level="2" enable="1">Deobfuscate/Decode Files or Information</ti>
<ti id="1141" ta="0006" flag="0" level="2" enable="1">Input Prompt</ti>
<ti id="1142" ta="0006" flag="0" level="2" enable="1">Keychain</ti>
<ti id="1143" ta="0005" flag="0" level="2" enable="1">Hidden Window</ti>
<ti id="1144" ta="0005" flag="0" level="2" enable="1">Gatekeeper Bypass</ti>
<ti id="1145" ta="0006" flag="0" level="2" enable="1">Private Keys</ti>
<ti id="1146" ta="0005" flag="0" level="2" enable="1">Clear Command History</ti>
<ti id="1147" ta="0005" flag="0" level="2" enable="1">Hidden Users</ti>
<ti id="1148" ta="0005" flag="0" level="2" enable="1">HISTCONTROL</ti>
<ti id="1149" ta="0005" flag="0" level="2" enable="1">LC_MAIN Hijacking</ti>
<ti id="1150" ta="0005" flag="0" level="2" enable="1">Plist Modification</ti>
<ti id="1151" ta="0005" flag="0" level="2" enable="1">Space after Filename</ti>
<ti id="1152" ta="0005" flag="0" level="2" enable="1">Launchctl</ti>
<ti id="1153" ta="0002" flag="0" level="2" enable="1">Source</ti>
<ti id="1154" ta="0002" flag="0" level="2" enable="1">Trap</ti>
<ti id="1155" ta="0002" flag="0" level="2" enable="1">AppleScript</ti>
<ti id="1156" ta="0003" flag="0" level="2" enable="1">.bash_profile and .bashrc</ti>
<ti id="1157" ta="0003" flag="0" level="2" enable="1">Dylib Hijacking</ti>
<ti id="1158" ta="0005" flag="0" level="2" enable="1">Hidden Files and Directories</ti>
<ti id="1159" ta="0003" flag="0" level="2" enable="1">Launch Agent</ti>
<ti id="1160" ta="0003" flag="0" level="2" enable="1">Launch Daemon</ti>
<ti id="1161" ta="0003" flag="0" level="2" enable="1">LC_LOAD_DYLIB Addition</ti>
<ti id="1162" ta="0003" flag="0" level="2" enable="1">Login Item</ti>
<ti id="1168" ta="0003" flag="0" level="2" enable="1">Local Job Scheduling</ti>
<ti id="1169" ta="0004" flag="0" level="2" enable="1">Sudo</ti>
<ti id="1170" ta="0005" flag="0" level="2" enable="1">Mshta</ti>
<ti id="1171" ta="0006" flag="0" level="2" enable="1">LLMNR/NBT-NS Poisoning and Relay</ti>
<ti id="1172" ta="0011" flag="0" level="2" enable="1">Domain Fronting</ti>
<ti id="1173" ta="0002" flag="0" level="2" enable="1">Dynamic Data Exchange</ti>
<ti id="1174" ta="0006" flag="1" level="2" enable="1">Password Filter DLL</ti>
<ti id="1175" ta="0008" flag="0" level="2" enable="1">Distributed Component Object Model</ti>
<ti id="1176" ta="0003" flag="0" level="2" enable="1">Browser Extensions</ti>
<ti id="1177" ta="0002" flag="1" level="2" enable="1">LSASS Driver</ti>
<ti id="1178" ta="0001" flag="0" level="2" enable="1">SID-History Injection</ti>
<ti id="1179" ta="0003" flag="0" level="2" enable="1">Hooking</ti>
<ti id="1180" ta="0003" flag="0" level="2" enable="1">Screensaver</ti>
<ti id="1181" ta="0005" flag="0" level="2" enable="1">Extra Window Memory Injection</ti>
<ti id="1182" ta="0003" flag="0" level="2" enable="1">AppCert DLLs</ti>
<ti id="1183" ta="0004" flag="0" level="2" enable="1">Image File Execution Options Injection</ti>
<ti id="1184" ta="0008" flag="1" level="2" enable="1">SSH Hijacking</ti>
<ti id="1185" ta="0009" flag="0" level="2" enable="1">Man in the Browser</ti>
<ti id="1186" ta="0005" flag="1" level="2" enable="1">Process Doppelgaenging</ti>
<ti id="1187" ta="0006" flag="0" level="2" enable="1">Forced Authentication</ti>
<ti id="1188" ta="0011" flag="0" level="2" enable="1">Multi-hop Proxy</ti>
<ti id="1189" ta="0001" flag="0" level="2" enable="1">Drive-by Compromise</ti>
<ti id="1190" ta="0001" flag="0" level="2" enable="1">Exploit Public-Facing Application</ti>
<ti id="1191" ta="0005" flag="0" level="2" enable="1">CMSTP</ti>
<ti id="1192" ta="0001" flag="0" level="2" enable="1">Spearphishing Link</ti>
<ti id="1193" ta="0001" flag="0" level="2" enable="1">Spearphishing Attachment</ti>
<ti id="1194" ta="0001" flag="0" level="2" enable="1">Spearphishing via Service</ti>
<ti id="1195" ta="0001" flag="0" level="2" enable="1">Supply Chain Compromise</ti>
<ti id="1196" ta="0005" flag="0" level="2" enable="1">Control Panel Items</ti>
<ti id="1197" ta="0005" flag="0" level="2" enable="1">BITS Jobs</ti>
<ti id="1198" ta="0005" flag="0" level="2" enable="1">SIP and Trust Provider Hijacking</ti>
<ti id="1199" ta="0001" flag="0" level="2" enable="1">Trusted Relationship</ti>
<ti id="1200" ta="0001" flag="0" level="2" enable="1">Hardware Additions</ti>
<ti id="1201" ta="0007" flag="0" level="2" enable="1">Password Policy Discovery</ti>
<ti id="1202" ta="0005" flag="0" level="2" enable="1">Indirect Command Execution</ti>
<ti id="1203" ta="0002" flag="0" level="2" enable="1">Exploitation for Client Execution</ti>
<ti id="1204" ta="0002" flag="0" level="2" enable="1">User Execution</ti>
<ti id="1205" ta="0005" flag="0" level="2" enable="1">Port Knocking</ti>
<ti id="1206" ta="0004" flag="0" level="2" enable="1">Sudo Caching</ti>
<ti id="1207" ta="0005" flag="0" level="2" enable="1">DCShadow</ti>
<ti id="1208" ta="0006" flag="0" level="2" enable="1">Kerberoasting</ti>
<ti id="1209" ta="0003" flag="0" level="2" enable="1">Time Providers</ti>
<ti id="1210" ta="0008" flag="0" level="2" enable="1">Exploitation of Remote Services</ti>
<ti id="1211" ta="0005" flag="0" level="2" enable="1">Exploitation for Defense Evasion</ti>
<ti id="1212" ta="0006" flag="0" level="2" enable="1">Exploitation for Credential Access</ti>
<ti id="1213" ta="0009" flag="0" level="2" enable="1">Data from Information Repositories</ti>
<ti id="1214" ta="0006" flag="0" level="2" enable="1">Credentials in Registry</ti>
<ti id="1215" ta="0003" flag="0" level="2" enable="1">Kernel Modules and Extensions</ti>
<ti id="1216" ta="0005" flag="0" level="2" enable="1">Signed Script Proxy Execution</ti>
<ti id="1217" ta="0007" flag="0" level="2" enable="1">Browser Bookmark Discovery</ti>
<ti id="1218" ta="0005" flag="0" level="2" enable="1">Signed Binary Proxy Execution</ti>
<ti id="1219" ta="0011" flag="0" level="2" enable="1">Remote Access Tools</ti>
<ti id="1221" ta="0005" flag="0" level="2" enable="1">Template Injection</ti>
<ti id="1222" ta="0005" flag="0" level="2" enable="1">File Permissions Modification</ti>
<ti id="1223" ta="0005" flag="0" level="2" enable="1">Compiled HTML File</ti>
<ti id="1480" ta="0005" flag="0" level="2" enable="1">Execution Guardrails</ti>
<ti id="1482" ta="0007" flag="0" level="2" enable="1">Domain Trust Discovery</ti>
<ti id="1483" ta="0011" flag="0" level="2" enable="1">Domain Generation Algorithms</ti>
<ti id="1484" ta="0005" flag="0" level="2" enable="1">Group Policy Modification</ti>
<ti id="1485" ta="0040" flag="0" level="2" enable="1">Data Destruction</ti>
<ti id="1486" ta="0040" flag="0" level="2" enable="1">Data Encrypted for Impact</ti>
<ti id="1487" ta="0040" flag="0" level="2" enable="1">Disk Structure Wipe</ti>
<ti id="1488" ta="0040" flag="0" level="2" enable="1">Disk Content Wipe</ti>
<ti id="1489" ta="0040" flag="0" level="2" enable="1">Service Stop</ti>
<ti id="1490" ta="0040" flag="0" level="2" enable="1">Inhibit System Recovery</ti>
<ti id="1491" ta="0040" flag="0" level="2" enable="1">Defacement</ti>
<ti id="1492" ta="0040" flag="0" level="2" enable="1">Stored Data Manipulation</ti>
<ti id="1493" ta="0040" flag="0" level="2" enable="1">Transmitted Data Manipulation</ti>
<ti id="1494" ta="0040" flag="0" level="2" enable="1">Runtime Data Manipulation</ti>
<ti id="1495" ta="0040" flag="0" level="2" enable="1">Firmware Corruption</ti>
<ti id="1496" ta="0040" flag="0" level="2" enable="1">Resource Hijacking</ti>
<ti id="1497" ta="0005" flag="1" level="2" enable="1">Sandbox Evasion</ti>
<ti id="1498" ta="0040" flag="0" level="2" enable="1">Network Denial of Service</ti>
<ti id="1499" ta="0040" flag="0" level="2" enable="1">Endpoint Denial of Service</ti>
<ti id="1500" ta="0005" flag="0" level="2" enable="1">Compile After Delivery</ti>
<ti id="1501" ta="0003" flag="0" level="2" enable="1">System Service</ti>
<ti id="1529" ta="0003" flag="0" level="2" enable="1">System Shutdown/Reboot</ti>
<ti id="1533" ta="0009" flag="1" level="2" enable="1">Data from Local System</ti>
<ti id="1543" ta="0040" flag="1" level="2" enable="1">Create or Modify System Process</ti>
<ti id="1547" ta="0003" flag="0" level="2" enable="1">Startup Folder</ti>
<ti id="1553" ta="0005" flag="1" level="1" enable="1">Subvert Trust Controls</ti>
<ti id="1560" ta="0009" flag="0" level="2" enable="1">Archive Collected Data</ti>
<ti id="1569" ta="0009" flag="1" level="2" enable="1">System Services</ti>
<ti id="1570" ta="0008" flag="0" level="2" enable="1">Lateral Tool Transfer</ti>
<ti id="1574" ta="0008" flag="1" level="2" enable="1">Hijack Execution Flow</ti>
<ti id="1590" ta="0043" flag="0" level="2" enable="1">Reconnaissance</ti>
<ti id="1620" ta="0005" flag="1" level="1" enable="1">Reflective Code Loading</ti>
</techniques>
</mitre>
</xml>

133
xml/namespaces.xml Normal file
View File

@@ -0,0 +1,133 @@
<!--
This file is part of the pestudio solution (www.winitor.com).
Any usage of this file outside of the context of pestudio (e.g. in third-party application, tools chain, etc...) must be explicitely authorized.
Please note that:
- the format of this file can change in future version of pestudio
- this file can be modified when running pestudio
-->
<xml version="1.0" encoding="utf-8">
<nsp>
<!-- System namespaces -->
<nsp_system enable="1">
<item flag="0" gp="--" ti="----">Microsoft</item>
<item flag="1" gp="02" ti="1053">Microsoft.Win32.TaskScheduler</item>
<item flag="1" gp="03" ti="----">Microsoft.Exchange.WebServices</item>
<item flag="0" gp="--" ti="----">System</item>
<item flag="0" gp="--" ti="----">System.Collection</item>
<item flag="1" gp="30" ti="----">System.DirectoryServices</item>
<item flag="0" gp="16" ti="----">System.Diagnostics</item>
<item flag="1" gp="--" ti="1570">System.IO.Ports</item>
<item flag="1" gp="--" ti="1570">System.IO.Pipes</item>
<item flag="1" gp="13" ti="1140">System.IO.Compression</item>
<item flag="1" gp="02" ti="----">System.Management.Automation.PowerShell</item>
<item flag="1" gp="02" ti="----">System.Management.Automation.Runspaces</item>
<item flag="1" gp="03" ti="1011">System.Net</item>
<item flag="1" gp="03" ti="1011">System.Net.Http</item>
<item flag="0" gp="--" ti="----">System.Runtime</item>
<item flag="1" gp="--" ti="----">System.Runtime.Remoting</item>
<item flag="0" gp="11" ti="----">System.Resources</item>
<item flag="0" gp="02" ti="----">System.Reflection.Emit</item>
<item flag="0" gp="--" ti="----">System.Reflection</item>
<item flag="1" gp="09" ti="1543">System.ServiceProcess</item>
<item flag="1" gp="30" ti="----">System.Security</item>
<item flag="1" gp="04" ti="1001">System.Security.Cryptography</item>
<item flag="1" gp="10" ti="1001">System.Text.Encoding</item>
<item flag="0" gp="02" ti="----">System.Threading</item>
<item flag="0" gp="03" ti="1011">System.Web</item>
</nsp_system>
<!-- Custom namespaces -->
<nsp_custom enable="1">
<item flag="1" gp="30" ti="----">AceEnumerator</item>
<item flag="0" gp="--" ti="----">AForge</item>
<item flag="1" gp="06" ti="----">Alphaleonis</item>
<item flag="1" gp="--" ti="----">AntiAC</item>
<item flag="1" gp="--" ti="----">Antis</item>
<item flag="1" gp="--" ti="----">cam.DirectX</item>
<item flag="1" gp="13" ti="----">ComponentAce.Compression</item>
<item flag="1" gp="--" ti="----">Cleaver</item>
<item flag="1" gp="--" ti="----">ChatProto</item>
<item flag="1" gp="10" ti="1001">Confuser</item>
<item flag="1" gp="10" ti="1001" sig="501">Costura</item>
<item flag="0" gp="16" ti="----">ChangeDetector</item>
<item flag="1" gp="04" ti="----">CryptUtil</item>
<item flag="1" gp="03" ti="----">Discord.Webhook</item>
<item flag="1" gp="--" ti="----">DnsDig</item>
<item flag="1" gp="--" ti="----">dnlib.DotNet.Emit</item>
<item flag="1" gp="--" ti="----">dnlib.DotNet.Writer</item>
<item flag="1" gp="--" ti="----">dnlib.PE</item>
<item flag="1" gp="--" ti="----">Dropbox</item>
<item flag="1" gp="--" ti="----">FxResources.System.Security</item>
<item flag="1" gp="--" ti="----">Hacker.KeySpy</item>
<item flag="1" gp="10" ti="----">HarmonyLib</item>
<item flag="1" gp="03" ti="----">Heijden.DNS</item>
<item flag="1" gp="30" ti="----">EasyNetQ.Management.Client</item>
<item flag="1" gp="--" ti="----">ExcelDna</item>
<item flag="1" gp="14" ti="----">GlobalLowLevelHooks</item>
<item flag="1" gp="03" ti="----">IpInfo</item>
<item flag="1" gp="14" ti="----">InjectionLibrary</item>
<item flag="1" gp="13" ti="----">ICSharpCode.SharpZipLib</item>
<item flag="1" gp="--" ti="----">Ionic</item>
<item flag="1" gp="--" ti="----">IronPython</item>
<item flag="1" gp="02" ti="----">IWshRuntimeLibrary</item>
<item flag="1" gp="--" ti="----">JLibrary</item>
<item flag="1" gp="--" ti="----">ik.PowerShell</item>
<item flag="1" gp="--" ti="----">KoiVM</item>
<item flag="1" gp="--" ti="----">Kalignite</item>
<item flag="1" gp="30" ti="----">Kerberos</item>
<item flag="1" gp="14" ti="----">KeyLogger</item>
<item flag="1" gp="--" ti="----">KXCashDispenserLib</item>
<item flag="1" gp="03" ti="----">Leaf.xNet</item>
<item flag="1" gp="--" ti="----">Loamen</item>
<item flag="1" gp="--" ti="----">Loki</item>
<item flag="1" gp="04" ti="----">LoGiC.NET</item>
<item flag="1" gp="--" ti="----">log4net</item>
<item flag="1" gp="13" ti="----">LibZ</item>
<item flag="1" gp="13" ti="----">LZ4</item>
<item flag="1" gp="--" ti="----">Luci4</item>
<item flag="1" gp="--" ti="----">mimikatzWrapper</item>
<item flag="1" gp="13" ti="----">MessagePackLib</item>
<item flag="1" gp="14" ti="----">MouseKeyboardLibrary</item>
<item flag="1" gp="02" ti="----">Mono.Cecil.PE</item>
<item flag="1" gp="04" ti="----">Mono.Security.Cryptography</item>
<item flag="1" gp="--" ti="----">netz</item>
<item flag="1" gp="14" ti="----">NHotkey</item>
<item flag="1" gp="03" ti="----">NetworkAssassin</item>
<item flag="1" gp="10" ti="1001">NETGuard</item>
<item flag="1" gp="10" ti="1001">NineRays.Obfuscator</item>
<item flag="1" gp="--" ti="----">Povlsomware</item>
<item flag="1" gp="03" ti="----">RabbitMQ.Client</item>
<item flag="1" gp="--" ti="----">RathodFinalProject</item>
<item flag="1" gp="--" ti="----">RemoteClient</item>
<item flag="1" gp="--" ti="----">Renci</item>
<item flag="1" gp="--" ti="----">Ryuk</item>
<item flag="1" gp="--" ti="----">Run_A_exe</item>
<item flag="1" gp="--" ti="----">Rubeus</item>
<item flag="1" gp="--" ti="----">SadComputer</item>
<item flag="1" gp="10" ti="1001">SecureTeam</item>
<item flag="1" gp="03" ti="----">SharpPcap</item>
<item flag="1" gp="30" ti="----">Serilog</item>
<item flag="1" gp="13" ti="----">SevenZip</item>
<item flag="1" gp="--" ti="----">ScanEngine</item>
<item flag="1" gp="10" ti="1001">SharpCompress</item>
<item flag="1" gp="--" ti="----">Shell32</item>
<item flag="1" gp="--" ti="----">Stealer</item>
<item flag="1" gp="--" ti="----">Stealerium</item>
<item flag="1" gp="10" ti="1001" sig="507">SmartAssembly</item>
<item flag="1" gp="30" ti="----">Serilog</item>
<item flag="1" gp="19" ti="1001">SharpHound</item>
<item flag="1" gp="19" ti="1001">SharpHoundCommonLib</item>
<item flag="1" gp="--" ti="----">StackCrawlMark</item>
<item flag="1" gp="--" ti="----">svchost</item>
<item flag="1" gp="02" ti="1053">TaskScheduler</item>
<item flag="1" gp="--" ti="----">TinyZBot</item>
<item flag="1" gp="03" ti="----">Trinet.Networking</item>
<item flag="1" gp="--" ti="----">VisualSearch.Native</item>
<item flag="1" gp="--" ti="----">Umbral</item>
<item flag="1" gp="--" ti="----">wanna_cry</item>
<item flag="1" gp="--" ti="----">YanoAttribute</item>
</nsp_custom>
</nsp>
</xml>

772
xml/rich.xml Normal file
View File

@@ -0,0 +1,772 @@
<!--
This file is part of the pestudio solution (www.winitor.com).
Any usage of this file outside of the context of pestudio (e.g. in third-party application, tools chain, etc...) must be explicitely authorized.
Please note that this file will be modified when running pestudio.
-->
<xml version="1.0" encoding="utf-8">
<richheader>
<prodId>
<item id="0x00">Import (old)</item>
<item id="0x01">Import</item>
<item id="0x02">Linker510</item>
<item id="0x03">Cvtomf510</item>
<item id="0x04">Linker600</item>
<item id="0x05">Cvtomf600</item>
<item id="0x06">Cvtres500</item>
<item id="0x07">Utc11_Basic</item>
<item id="0x08">Utc11_C</item>
<item id="0x09">Utc12_Basic</item>
<item id="0x0A">Utc12_C</item>
<item id="0x0B">Utc12_CPP</item>
<item id="0x0C">AliasObj60</item>
<item id="0x0D">VisualBasic60</item>
<item id="0x0E">Masm613</item>
<item id="0x0F">Masm710</item>
<item id="0x10">Linker511</item>
<item id="0x11">Cvtomf511</item>
<item id="0x12">Masm614</item>
<item id="0x13">Linker512</item>
<item id="0x14">Cvtomf512</item>
<item id="0x15">Utc12_C_Std</item>
<item id="0x16">Utc12_CPP_Std</item>
<item id="0x17">Utc12_C_Book</item>
<item id="0x18">Utc12_CPP_Book</item>
<item id="0x19">Implib700</item>
<item id="0x1A">Cvtomf700</item>
<item id="0x1B">Utc13_Basic</item>
<item id="0x1C">Utc13_C</item>
<item id="0x1D">Utc13_CPP</item>
<item id="0x1E">Linker610</item>
<item id="0x1F">Cvtomf610</item>
<item id="0x20">Linker601</item>
<item id="0x21">Cvtomf601</item>
<item id="0x22">Utc12_1_Basic</item>
<item id="0x23">Utc12_1_C</item>
<item id="0x24">Utc12_1_CPP</item>
<item id="0x25">Linker620</item>
<item id="0x26">Cvtomf620</item>
<item id="0x27">AliasObj70</item>
<item id="0x28">Linker621</item>
<item id="0x29">Cvtomf621</item>
<item id="0x2A">Masm615</item>
<item id="0x2B">Utc13_LTCG_C</item>
<item id="0x2C">Utc13_LTCG_CPP</item>
<item id="0x2D">Masm620</item>
<item id="0x2E">ILAsm100</item>
<item id="0x2F">Utc12_2_Basic</item>
<item id="0x30">Utc12_2_C</item>
<item id="0x31">Utc12_2_CPP</item>
<item id="0x32">Utc12_2_C_Std</item>
<item id="0x33">Utc12_2_CPP_Std</item>
<item id="0x34">Utc12_2_C_Book</item>
<item id="0x35">Utc12_2_CPP_Book</item>
<item id="0x36">Implib622</item>
<item id="0x37">Cvtomf622</item>
<item id="0x38">Cvtres501</item>
<item id="0x39">Utc13_C_Std</item>
<item id="0x3A">Utc13_CPP_Std</item>
<item id="0x3B">Cvtpgd1300</item>
<item id="0x3C">Linker622 </item>
<item id="0x3D">Linker700 </item>
<item id="0x3E">Export622 </item>
<item id="0x3F">Export700 </item>
<item id="0x40">Masm700</item>
<item id="0x41">Utc13_POGO_I_C</item>
<item id="0x42">Utc13_POGO_I_CPP</item>
<item id="0x43">Utc13_POGO_O_C</item>
<item id="0x44">Utc13_POGO_O_CPP</item>
<item id="0x45">Cvtres700</item>
<item id="0x46">Cvtres710p</item>
<item id="0x47">Linker710p</item>
<item id="0x48">Cvtomf710p</item>
<item id="0x49">Export710p</item>
<item id="0x4A">Implib710p</item>
<item id="0x4B">Masm710p</item>
<item id="0x4C">Utc1310p_C</item>
<item id="0x4D">Utc1310p_CPP</item>
<item id="0x4E">Utc1310p_C_Std</item>
<item id="0x4F">Utc1310p_CPP_Std</item>
<item id="0x50">Utc1310p_LTCG_C</item>
<item id="0x51">Utc1310p_LTCG_CPP</item>
<item id="0x52">Utc1310p_POGO_I_C</item>
<item id="0x53">Utc1310p_POGO_I_CPP</item>
<item id="0x54">Utc1310p_POGO_O_C</item>
<item id="0x55">Utc1310p_POGO_O_CPP</item>
<item id="0x56">Linker624</item>
<item id="0x57">Cvtomf624</item>
<item id="0x58">Export624</item>
<item id="0x59">Implib624</item>
<item id="0x5A">Linker710</item>
<item id="0x5B">Cvtomf710</item>
<item id="0x5C">Export710</item>
<item id="0x5D">Implib710</item>
<item id="0x5E">Cvtres710</item>
<item id="0x5F">Utc1310_C</item>
<item id="0x60">Utc1310_CPP</item>
<item id="0x61">Utc1310_C_Std</item>
<item id="0x62">Utc1310_CPP_Std</item>
<item id="0x63">Utc1310_LTCG_C</item>
<item id="0x64">Utc1310_LTCG_CPP</item>
<item id="0x65">Utc1310_POGO_I_C</item>
<item id="0x66">Utc1310_POGO_I_CPP</item>
<item id="0x67">Utc1310_POGO_O_C</item>
<item id="0x68">Utc1310_POGO_O_CPP</item>
<item id="0x69">AliasObj710</item>
<item id="0x6A">AliasObj710p</item>
<item id="0x6B">Cvtpgd1310</item>
<item id="0x6C">Cvtpgd1310p</item>
<item id="0x6D">Utc1400_C</item>
<item id="0x6E">Utc1400_CPP</item>
<item id="0x6F">Utc1400_C_Std</item>
<item id="0x70">Utc1400_CPP_Std</item>
<item id="0x71">Utc1400_LTCG_C</item>
<item id="0x72">Utc1400_LTCG_CPP</item>
<item id="0x73">Utc1400_POGO_I_C</item>
<item id="0x74">Utc1400_POGO_I_CPP</item>
<item id="0x75">Utc1400_POGO_O_C</item>
<item id="0x76">Utc1400_POGO_O_CPP</item>
<item id="0x77">Cvtpgd1400</item>
<item id="0x78">Linker800</item>
<item id="0x79">Cvtomf800</item>
<item id="0x7A">Export800</item>
<item id="0x7B">Implib800</item>
<item id="0x7C">Cvtres800</item>
<item id="0x7D">Masm800</item>
<item id="0x7E">AliasObj800</item>
<item id="0x7F">PhoenixPrerelease</item>
<item id="0x80">Utc1400_CVTCIL_C</item>
<item id="0x81">Utc1400_CVTCIL_CPP</item>
<item id="0x82">Utc1400_LTCG_MSIL</item>
<item id="0x83">Utc1500_C</item>
<item id="0x84">Utc1500_CPP</item>
<item id="0x85">Utc1500_C_Std</item>
<item id="0x86">Utc1500_CPP_Std</item>
<item id="0x87">Utc1500_CVTCIL_C</item>
<item id="0x88">Utc1500_CVTCIL_CPP</item>
<item id="0x89">Utc1500_LTCG_C</item>
<item id="0x8A">Utc1500_LTCG_CPP</item>
<item id="0x8B">Utc1500_LTCG_MSIL</item>
<item id="0x8C">Utc1500_POGO_I_C</item>
<item id="0x8D">Utc1500_POGO_I_CPP</item>
<item id="0x8E">Utc1500_POGO_O_C</item>
<item id="0x8F">Utc1500_POGO_O_CPP</item>
<item id="0x90">Cvtpgd1500</item>
<item id="0x91">Linker900</item>
<item id="0x92">Export900</item>
<item id="0x93">Implib900</item>
<item id="0x94">Cvtres900</item>
<item id="0x95">Masm900</item>
<item id="0x96">AliasObj900</item>
<item id="0x97">Resource</item>
<item id="0x98">AliasObj1000</item>
<item id="0x99">Cvtpgd1600</item>
<item id="0x9A">Cvtres1000</item>
<item id="0x9B">Export1000</item>
<item id="0x9C">Implib1000</item>
<item id="0x9D">Linker1000</item>
<item id="0x9E">Masm1000</item>
<item id="0x9F">Phx1600_C</item>
<item id="0xA0">Phx1600_CPP</item>
<item id="0xA1">Phx1600_CVTCIL_C</item>
<item id="0xA2">Phx1600_CVTCIL_CPP</item>
<item id="0xA3">Phx1600_LTCG_C</item>
<item id="0xA4">Phx1600_LTCG_CPP</item>
<item id="0xA5">Phx1600_LTCG_MSIL</item>
<item id="0xA6">Phx1600_POGO_I_C</item>
<item id="0xA7">Phx1600_POGO_I_CPP</item>
<item id="0xA8">Phx1600_POGO_O_C</item>
<item id="0xA9">Phx1600_POGO_O_CPP</item>
<item id="0xAA">Utc1600_C</item>
<item id="0xAB">Utc1600_CPP</item>
<item id="0xAC">Utc1600_CVTCIL_C</item>
<item id="0xAD">Utc1600_CVTCIL_CPP</item>
<item id="0xAE">Utc1600_LTCG_C</item>
<item id="0xAF">Utc1600_LTCG_CPP</item>
<item id="0xB0">Utc1600_LTCG_MSIL</item>
<item id="0xB1">Utc1600_POGO_I_C</item>
<item id="0xB2">Utc1600_POGO_I_CPP</item>
<item id="0xB3">Utc1600_POGO_O_C</item>
<item id="0xB4">Utc1600_POGO_O_CPP</item>
<item id="0xB5">AliasObj1010</item>
<item id="0xB6">Cvtpgd1610</item>
<item id="0xB7">Cvtres1010</item>
<item id="0xB8">Export1010</item>
<item id="0xB9">Implib1010</item>
<item id="0xBA">Linker1010</item>
<item id="0xBB">Masm1010</item>
<item id="0xBC">Utc1610_C</item>
<item id="0xBD">Utc1610_CPP</item>
<item id="0xBE">Utc1610_CVTCIL_C</item>
<item id="0xBF">Utc1610_CVTCIL_CPP</item>
<item id="0xC0">Utc1610_LTCG_C</item>
<item id="0xC1">Utc1610_LTCG_CPP</item>
<item id="0xC2">Utc1610_LTCG_MSIL </item>
<item id="0xC3">Utc1610_POGO_I_C</item>
<item id="0xC4">Utc1610_POGO_I_CPP</item>
<item id="0xC5">Utc1610_POGO_O_C</item>
<item id="0xC6">Utc1610_POGO_O_CPP</item>
<item id="0xC7">AliasObj1100</item>
<item id="0xC8">Cvtpgd1700</item>
<item id="0xC9">Cvtres1100</item>
<item id="0xCA">Export1100</item>
<item id="0xCB">Implib1100</item>
<item id="0xCC">Linker1100</item>
<item id="0xCD">Masm1100</item>
<item id="0xCE">Utc1700_C</item>
<item id="0xCF">Utc1700_CPP</item>
<item id="0xD0">Utc1700_CVTCIL_C</item>
<item id="0xD1">Utc1700_CVTCIL_CPP</item>
<item id="0xD2">Utc1700_LTCG_C</item>
<item id="0xD3">Utc1700_LTCG_CPP</item>
<item id="0xD4">Utc1700_LTCG_MSIL</item>
<item id="0xD5">Utc1700_POGO_I_C</item>
<item id="0xD6">Utc1700_POGO_I_CPP</item>
<item id="0xD7">Utc1700_POGO_O_C</item>
<item id="0xD8">Utc1700_POGO_O_CPP</item>
<item id="0xD9">AliasObj1200</item>
<item id="0xDA">Cvtpgd1800</item>
<item id="0xDB">Cvtres1200</item>
<item id="0xDC">Export1200</item>
<item id="0xDD">Implib1200</item>
<item id="0xDE">Linker1200</item>
<item id="0xDF">Masm1200</item>
<item id="0xE0">Utc1800_C</item>
<item id="0xE1">Utc1800_CPP</item>
<item id="0xE2">Utc1800_CVTCIL_C</item>
<item id="0xE3">Utc1800_CVTCIL_CPP</item>
<item id="0xE4">Utc1800_LTCG_C</item>
<item id="0xE5">Utc1800_LTCG_CPP</item>
<item id="0xE6">Utc1800_LTCG_MSIL</item>
<item id="0xE7">Utc1800_POGO_I_C</item>
<item id="0xE8">Utc1800_POGO_I_CPP</item>
<item id="0xE9">Utc1800_POGO_O_C</item>
<item id="0xEA">Utc1800_POGO_O_CPP</item>
<item id="0xEB">AliasObj1210</item>
<item id="0xEC">Cvtpgd1810</item>
<item id="0xED">Cvtres1210</item>
<item id="0xEE">Export1210</item>
<item id="0xEF">Implib1210</item>
<item id="0xF0">Linker1210</item>
<item id="0xF1">Masm1210</item>
<item id="0xF2">Utc1810_C </item>
<item id="0xF3">Utc1810_CPP </item>
<item id="0xF4">Utc1810_CVTCIL_C</item>
<item id="0xF5">Utc1810_CVTCIL_CPP</item>
<item id="0xF6">Utc1810_LTCG_C</item>
<item id="0xF7">Utc1810_LTCG_CPP</item>
<item id="0xF8">Utc1810_LTCG_MSIL</item>
<item id="0xF9">Utc1810_POGO_I_C</item>
<item id="0xFA">Utc1810_POGO_I_CPP</item>
<item id="0xFB">Utc1810_POGO_O_C</item>
<item id="0xFC">Utc1810_POGO_O_CPP</item>
<item id="0xFD">AliasObj1400</item>
<item id="0xFE">Cvtpgd1900</item>
<item id="0xFF">Cvtres1400</item>
<item id="0x100">Export1400</item>
<item id="0x101">Implib1400</item>
<item id="0x102">Linker1400</item>
<item id="0x103">Masm1400</item>
<item id="0x104">Utc1900_C</item>
<item id="0x105">Utc1900_CPP</item>
<item id="0x106">Utc1900_CVTCIL_C</item>
<item id="0x107">Utc1900_CVTCIL_CPP</item>
<item id="0x108">Utc1900_LTCG_C</item>
<item id="0x109">Utc1900_LTCG_CPP</item>
<item id="0x10A">Utc1900_LTCG_MSIL</item>
<item id="0x10B">Utc1900_POGO_I_C</item>
<item id="0x10C">Utc1900_POGO_I_CPP</item>
<item id="0x10D">Utc1900_POGO_O_C</item>
<item id="0x10E">Utc1900_POGO_O_CPP</item>
</prodId>
<ide>
<item id="00">.NET Framework</item>
<item id="01">.NET Core</item>
<item id="02">Visual Studio 5.0 CvtRes.exe</item>
<item id="03">Visual Studio 5.0</item>
<item id="04">Visual Studio 6.0</item>
<item id="05">Visual Basic 6.0</item>
<item id="06">Visual Studio 6.0</item>
<item id="07">Visual Studio 6.0 MASM</item>
<item id="08">Visual Studio 2002</item>
<item id="09">Visual Studio 2003</item>
<item id="10">Visual Studio 2005</item>
<item id="11">Visual Studio 2008</item>
<item id="12">Visual Studio 2010</item>
<item id="13">Visual Studio 2012</item>
<item id="14">Visual Studio 2012 MASM</item>
<item id="15">Visual Studio 2013</item>
<item id="16">Visual Studio 2013</item>
<item id="17">Visual Studio 2015</item>
<item id="18">Visual Studio 2015</item>
<item id="19">Visual Studio 2017</item>
<item id="20">Visual Studio 2017</item>
<item id="21">Visual Studio 2019</item>
<item id="22">Visual Studio 2019</item>
<item id="23">Visual Studio</item>
</ide>
<version>
<item value="02914" ide="00">1.0 beta 2</item>
<item value="03512" ide="00">1.0 RC3</item>
<item value="03705" ide="00">1.0</item>
<item value="04322" ide="00">1.1</item>
<item value="21213" ide="00">1.2 pre-alpha</item>
<item value="30703" ide="00">1.2 alpha</item>
<item value="40301" ide="00">2.0</item>
<item value="40426" ide="00">2.0</item>
<item value="40607" ide="00">2.0</item>
<item value="40903" ide="00">2.0</item>
<item value="41115" ide="00">2.0</item>
<item value="50110" ide="00">2.0</item>
<item value="50215" ide="00">2.0</item>
<item value="50601" ide="00">2.0</item>
<item value="50710" ide="00">4.5</item>
<item value="50932" ide="00">4.5.1</item>
<item value="50938" ide="00">4.5.1</item>
<item value="51090" ide="00">4.5.2</item>
<item value="51209" ide="00">4.5.2</item>
<item value="51641" ide="00">4.5.1</item>
<item value="51651" ide="00">4.5.2</item>
<item value="01055" ide="00">4.6</item>
<item value="23902" ide="01">5.0</item>
<item value="01668" ide="02">5.0</item>
<item value="01720" ide="02">5.0</item>
<item value="01735" ide="02">5.0</item>
<item value="01803" ide="02">5.0</item>
<item value="02080" ide="02">5.0</item>
<item value="02090" ide="02">5.0</item>
<item value="07008" ide="03">5.0</item>
<item value="07022" ide="03">5.0 SP0</item>
<item value="07132" ide="03">5.2 SP1</item>
<item value="07274" ide="03">5.10 SP3</item>
<item value="07303" ide="03">5.10 SP3</item>
<item value="08022" ide="03">5.12</item>
<item value="08034" ide="03">5.12</item>
<item value="08078" ide="03">5.12</item>
<item value="08124" ide="03">5.12</item>
<item value="08152" ide="03">5.12</item>
<item value="09049" ide="03">5.12</item>
<item value="04456" ide="04">6.0</item>
<item value="06361" ide="04">6.0</item>
<item value="07291" ide="04">6.0</item>
<item value="08167" ide="04">6.0</item>
<item value="08877" ide="04">6.0 SP4</item>
<item value="08964" ide="04">6.0 SP5</item>
<item value="09738" ide="04">6.0 SP6</item>
<item value="09782" ide="04">6.0 SP6</item>
<item value="09783" ide="04">6.0 SP6</item>
<item value="08168" ide="04">6.0</item>
<item value="08169" ide="04">6.0</item>
<item value="08176" ide="04">6.0</item>
<item value="08495" ide="04">6.0 SP3</item>
<item value="08041" ide="05">5.0</item>
<item value="08783" ide="05">5.0</item>
<item value="52512" ide="06">5.0</item>
<item value="08047" ide="06">6.0</item>
<item value="08349" ide="06">6.0</item>
<item value="08350" ide="06">6.0</item>
<item value="08397" ide="06">6.0</item>
<item value="08447" ide="06">6.0 SP3</item>
<item value="08569" ide="06">6.0 SP3</item>
<item value="08755" ide="06">6.0 SP3</item>
<item value="08769" ide="06">6.0 SP3</item>
<item value="08797" ide="06">6.0 SP4</item>
<item value="08798" ide="06">6.0 SP4</item>
<item value="08799" ide="06">6.0 SP4</item>
<item value="08804" ide="06">6.0 SP4</item>
<item value="08943" ide="06">6.0 SP5 Processor Pack</item>
<item value="08966" ide="06">6.0 SP5</item>
<item value="09044" ide="06">6.0 SP5 Processor Pack</item>
<item value="07299" ide="07">6.13 SP1</item>
<item value="08444" ide="07">6.14 SP3</item>
<item value="08803" ide="07">6.15 SP4</item>
<item value="08905" ide="07">6.15 SP4</item>
<item value="08491" ide="08">7.0</item>
<item value="08800" ide="08">7.0</item>
<item value="08830" ide="08">7.0</item>
<item value="09030" ide="08">7.0 beta 1</item>
<item value="09037" ide="08">7.0</item>
<item value="09043" ide="08">7.0</item>
<item value="09111" ide="08">7.0</item>
<item value="09162" ide="08">7.0</item>
<item value="09177" ide="08">7.0</item>
<item value="06378" ide="08">7.0</item>
<item value="09178" ide="08">7.0</item>
<item value="08242" ide="08">7.0</item>
<item value="09210" ide="08">7.0 XP DDK</item>
<item value="09254" ide="08">7.0 beta 2</item>
<item value="09372" ide="08">7.0 RC1</item>
<item value="09466" ide="08">7.0</item>
<item value="07058" ide="08">7.0</item>
<item value="06704" ide="08">7.0</item>
<item value="09955" ide="08">7.0 SP1</item>
<item value="02035" ide="09">7.10 beta</item>
<item value="02067" ide="09">7.10 beta</item>
<item value="03538" ide="08">7.0</item>
<item value="51403" ide="08">7.0</item>
<item value="25767" ide="08">7.0</item>
<item value="28095" ide="08">7.0</item>
<item value="02179" ide="09">7.10</item>
<item value="02190" ide="09">7.10</item>
<item value="02197" ide="09">7.10</item>
<item value="02241" ide="09">7.10</item>
<item value="03052" ide="09">7.10</item>
<item value="03077" ide="09">7.10</item>
<item value="03088" ide="09">7.10</item>
<item value="03310" ide="09">7.10</item>
<item value="55849" ide="09">7.10</item>
<item value="04017" ide="09">7.10</item>
<item value="01071" ide="09">7.10</item>
<item value="04031" ide="09">7.10 SDK</item>
<item value="04035" ide="09">7.10 SDK</item>
<item value="06030" ide="09">7.10 SP1</item>
<item value="06101" ide="09">7.10 SP1</item>
<item value="02160" ide="09">7.10</item>
<item value="30120" ide="10">8.0</item>
<item value="30701" ide="10">8.0</item>
<item value="31008" ide="10">8.0</item>
<item value="40310" ide="10">8.0 SDK</item>
<item value="41204" ide="10">8.0</item>
<item value="50327" ide="10">8.0</item>
<item value="50608" ide="10">8.0</item>
<item value="09992" ide="10">8.0</item>
<item value="50706" ide="10">8.0</item>
<item value="60516" ide="10">8.0</item>
<item value="50727" ide="10">08.00</item>
<item value="02207" ide="10">08.00</item>
<item value="50214" ide="10">08.00</item>
<item value="02228" ide="10">08.00</item>
<item value="61001" ide="10">8.0 SP1 MFC Update</item>
<item value="20413" ide="11">9.0</item>
<item value="30411" ide="11">9.0</item>
<item value="21022" ide="11">9.0</item>
<item value="30718" ide="11">9.0</item>
<item value="01915" ide="11">9.0</item>
<item value="09269" ide="11">9.0</item>
<item value="30729" ide="11">9.0</item>
<item value="03343" ide="11">9.0</item>
<item value="20115" ide="12">10.0</item>
<item value="21202" ide="12">10.0</item>
<item value="30034" ide="17">14.0</item>
<item value="27051" ide="17">14.0</item>
<item value="30795" ide="17">14.0</item>
<item value="32533" ide="17">14.0</item>
<item value="32825" ide="17">14.0</item>
<item value="30038" ide="17">14.0</item>
<item value="30140" ide="17">14.0</item>
<item value="31328" ide="17">14.0</item>
<item value="31332" ide="17">14.0</item>
<item value="30136" ide="17">14.0</item>
<item value="30139" ide="17">14.0</item>
<item value="30311" ide="12">10.0</item>
<item value="30314" ide="12">10.0</item>
<item value="30319" ide="12">10.0</item>
<item value="30414" ide="12">10.0</item>
<item value="03199" ide="12">10.0</item>
<item value="03830" ide="12">10.0</item>
<item value="09993" ide="12">10.0</item>
<item value="30716" ide="12">10.10 SP1</item>
<item value="31118" ide="12">10.10 SP1</item>
<item value="40219" ide="12">10.10 SP1</item>
<item value="41118" ide="13">11.0</item>
<item value="50307" ide="13">11.0</item>
<item value="50323" ide="13">11.0</item>
<item value="50413" ide="13">11.0</item>
<item value="50522" ide="13">11.0</item>
<item value="50425" ide="13">11.0</item>
<item value="50503" ide="13">11.0</item>
<item value="50531" ide="13">11.0</item>
<item value="50612" ide="13">11.0</item>
<item value="50628" ide="13">11.0</item>
<item value="50709" ide="13">11.0</item>
<item value="50722" ide="13">11.0</item>
<item value="50929" ide="13">11.0</item>
<item value="51016" ide="13">11.0</item>
<item value="51020" ide="13">11.0.1</item>
<item value="51106" ide="13">11.0.1</item>
<item value="51114" ide="13">11.0.2</item>
<item value="51204" ide="13">11.0.2</item>
<item value="60610" ide="13">11.0.3</item>
<item value="60315" ide="13">11.0.2</item>
<item value="61030" ide="13">11.0.4</item>
<item value="61219" ide="13">11.0.5</item>
<item value="61232" ide="13">11.0</item>
<item value="65500" ide="13">11.0</item>
<item value="65501" ide="13">11.0</item>
<item value="60930" ide="14">11.0</item>
<item value="20322" ide="15">12.0</item>
<item value="20403" ide="15">12.0</item>
<item value="20501" ide="15">12.0</item>
<item value="20617" ide="15">12.0</item>
<item value="20806" ide="15">12.0</item>
<item value="21005" ide="15">12.0 RTM</item>
<item value="30102" ide="15">12.10</item>
<item value="40115" ide="15">12.10</item>
<item value="40116" ide="15">12.10</item>
<item value="40649" ide="15">12.0</item>
<item value="40660" ide="15">12.0</item>
<item value="40664" ide="15">12.0</item>
<item value="30110" ide="16">12.0.1</item>
<item value="30324" ide="16">12.0.2</item>
<item value="30501" ide="16">12.0.2</item>
<item value="30723" ide="16">12.0.3</item>
<item value="31101" ide="16">12.0.4</item>
<item value="40629" ide="16">12.0.5</item>
<item value="23007" ide="17">14.0</item>
<item value="23013" ide="17">14.0</item>
<item value="23026" ide="17">14.0</item>
<item value="23406" ide="17">14.0</item>
<item value="23524" ide="17">14.0</item>
<item value="23615" ide="17">14.0</item>
<item value="25834" ide="17">14.0</item>
<item value="25835" ide="17">14.0</item>
<item value="26428" ide="17">14.0</item>
<item value="26715" ide="17">14.0</item>
<item value="27412" ide="17">14.0</item>
<item value="28900" ide="17">14.0</item>
<item value="28920" ide="17">14.0</item>
<item value="28619" ide="17">14.0</item>
<item value="28805" ide="17">14.0</item>
<item value="28806" ide="17">14.0</item>
<item value="29112" ide="17">14.0</item>
<item value="29118" ide="17">14.0</item>
<item value="29335" ide="17">14.0</item>
<item value="29336" ide="17">14.0</item>
<item value="29804" ide="17">14.0</item>
<item value="29910" ide="17">14.0</item>
<item value="29395" ide="17">14.0</item>
<item value="31935" ide="17">14.0</item>
<item value="32216" ide="17">14.0</item>
<item value="33808" ide="17">14.0</item>
<item value="34123" ide="17">14.0</item>
<item value="23506" ide="17">14.0.1</item>
<item value="23907" ide="17">14.0.1</item>
<item value="23917" ide="17">14.0 preview 2</item>
<item value="23918" ide="17">14.0.2</item>
<item value="23927" ide="17">14.0.2</item>
<item value="24123" ide="17">14.0.3 RC</item>
<item value="24210" ide="17">14.0.3</item>
<item value="24212" ide="17">14.0.3.b </item>
<item value="24213" ide="17">14.0.3.d</item>
<item value="24215" ide="17">14.0.3.d</item>
<item value="24218" ide="17">14.0.3.d</item>
<item value="24225" ide="17">14.0.3.d</item>
<item value="24231" ide="17">14.0.3.d</item>
<item value="24233" ide="17">14.0.3.d</item>
<item value="24234" ide="17">14.0.3.d</item>
<item value="24237" ide="17">14.0</item>
<item value="24245" ide="17">14.0</item>
<item value="26433" ide="17">14.0</item>
<item value="31616" ide="17">14.0</item>
<item value="31630" ide="17">14.0</item>
<item value="31937" ide="17">14.0</item>
<item value="27316" ide="17">14.0</item>
<item value="27508" ide="17">14.0</item>
<item value="29913" ide="17">14.0</item>
<item value="29915" ide="17">14.0</item>
<item value="29924" ide="17">14.0</item>
<item value="30133" ide="17">14.0</item>
<item value="30037" ide="17">14.0</item>
<item value="31629" ide="17">14.0</item>
<item value="32420" ide="17">14.0</item>
<item value="32532" ide="17">14.0</item>
<item value="24406" ide="17">14.0 preview 4</item>
<item value="24425" ide="17">14.0 TFS Test VMs</item>
<item value="22823" ide="18">14.0 RC </item>
<item value="23107" ide="18">14.0</item>
<item value="24019" ide="18">14.0</item>
<item value="24116" ide="18">14.0</item>
<item value="24325" ide="18">14.0</item>
<item value="24610" ide="18">14.0</item>
<item value="24720" ide="18">14.0.1</item>
<item value="24723" ide="18">14.0.1.a</item>
<item value="24728" ide="18">14.0.1.b</item>
<item value="24730" ide="18">14.0.1.c</item>
<item value="25025" ide="18">14.0</item>
<item value="25123" ide="18">14.0.2</item>
<item value="25125" ide="18">14.0.2</item>
<item value="25126" ide="18">14.0.2.a</item>
<item value="25130" ide="18">14.0.2.b</item>
<item value="25131" ide="18">14.0.2.b</item>
<item value="25132" ide="18">14.0.2.c</item>
<item value="25203" ide="18">14.0</item>
<item value="26129" ide="18">14.0</item>
<item value="25224" ide="18">14.0</item>
<item value="30818" ide="18">14.0</item>
<item value="31329" ide="18">14.0</item>
<item value="25305" ide="18">14.0</item>
<item value="25930" ide="18">14.0</item>
<item value="25420" ide="18">14.0.3</item>
<item value="25421" ide="18">14.0.3</item>
<item value="25422" ide="18">14.0.3.a</item>
<item value="25424" ide="18">14.0.3.b</item>
<item value="25425" ide="18">14.0.3.c</item>
<item value="25431" ide="18">14.0.3.d</item>
<item value="28105" ide="18">14.0</item>
<item value="28315" ide="18">14.0</item>
<item value="24629" ide="19">14.10 RC</item>
<item value="25008" ide="19">14.10</item>
<item value="25017" ide="19">14.10</item>
<item value="25019" ide="19">14.10</item>
<item value="25508" ide="19">14.11</item>
<item value="25547" ide="19">14.11</item>
<item value="25711" ide="19">14.12</item>
<item value="26128" ide="19">14.12</item>
<item value="26131" ide="19">14.13</item>
<item value="26213" ide="19">14.13</item>
<item value="26706" ide="19">14.15</item>
<item value="27039" ide="19">14.15</item>
<item value="27043" ide="19">14.15</item>
<item value="26715" ide="19">14.15</item>
<item value="26726" ide="19">14.15</item>
<item value="28316" ide="19">14.15</item>
<item value="28427" ide="19">14.15</item>
<item value="27023" ide="19">14.16</item>
<item value="27024" ide="19">14.16</item>
<item value="27026" ide="19">14.16</item>
<item value="27027" ide="19">14.16</item>
<item value="27030" ide="19">14.16</item>
<item value="27031" ide="19">14.16</item>
<item value="27034" ide="19">14.16</item>
<item value="28614" ide="19">14.16</item>
<item value="28518" ide="10">14.0</item>
<item value="30141" ide="10">14.0</item>
<item value="26304" ide="20">15.0.0 preview 1</item>
<item value="26501" ide="20">15.0 Office tools</item>
<item value="26504" ide="20">15.0</item>
<item value="27051" ide="20">15.0</item>
<item value="26315" ide="20">15.0.0 preview 2</item>
<item value="26323" ide="20">15.0.0 preview 3</item>
<item value="26228" ide="20">15.0.x</item>
<item value="26403" ide="20">15.1.x</item>
<item value="26412" ide="20">15.2.0 preview 1</item>
<item value="26419" ide="20">15.2.0 preview 2</item>
<item value="26424" ide="20">15.2.0 preview 3</item>
<item value="26430" ide="20">15.2.x</item>
<item value="26507" ide="20">15.3.0 preview 1</item>
<item value="26510" ide="20">15.3.0 preview 1.1</item>
<item value="26606" ide="20">15.3.0 preview 2</item>
<item value="26608" ide="20">15.3.0 preview 2.1</item>
<item value="26621" ide="20">15.3.0 preview 3</item>
<item value="26711" ide="20">15.3.0 preview 4</item>
<item value="26720" ide="20">15.3.0 preview 5</item>
<item value="26724" ide="20">15.3.0 preview 6</item>
<item value="26730" ide="20">15.3.x</item>
<item value="26732" ide="20">15.3.x</item>
<item value="26823" ide="20">15.4.0 preview 1</item>
<item value="26906" ide="20">15.4.0 preview 2</item>
<item value="26923" ide="20">15.4.0 preview 3</item>
<item value="26929" ide="20">15.4.0 preview 4</item>
<item value="27004" ide="20">15.4.x</item>
<item value="27009" ide="20">15.5.0 preview 1</item>
<item value="27019" ide="20">15.5.0 preview 2</item>
<item value="27045" ide="20">15.5.0 preview 2</item>
<item value="27102" ide="20">15.5.0 preview 3</item>
<item value="27110" ide="20">15.5.0 preview 4</item>
<item value="27128" ide="20">15.5.0 preview 5</item>
<item value="27130" ide="20">15.5.x</item>
<item value="27205" ide="20">15.6.0 preview 1</item>
<item value="27207" ide="20">15.0 MSI tools</item>
<item value="27309" ide="20">15.6.0 preview 2</item>
<item value="27323" ide="20">15.6.0 preview 3</item>
<item value="27406" ide="20">15.6.0 preview 4</item>
<item value="27413" ide="20">15.6.0 preview 5</item>
<item value="27421" ide="20">15.6.0 preview 6</item>
<item value="27428" ide="20">15.6.x</item>
<item value="27512" ide="20">15.7.0 preview 1</item>
<item value="27520" ide="20">15.7.0 preview 2</item>
<item value="27521" ide="20">15.7.0 preview 2</item>
<item value="27604" ide="20">15.7.0 preview 3</item>
<item value="27617" ide="20">15.7.0 preview 4</item>
<item value="27625" ide="20">15.7.0 preview 5</item>
<item value="27701" ide="20">15.7.0 preview 6</item>
<item value="27702" ide="20">15.7.0 preview 6</item>
<item value="27703" ide="20">15.7.x</item>
<item value="27705" ide="20">15.8.0 preview 1</item>
<item value="27729" ide="20">15.8.0 preview 2</item>
<item value="27825" ide="20">15.8.0 preview 3</item>
<item value="27906" ide="20">15.8.0 preview 4</item>
<item value="27924" ide="20">15.8.0 preview 5</item>
<item value="28010" ide="20">15.8.x</item>
<item value="28016" ide="20">15.9.0 preview 1</item>
<item value="28107" ide="20">15.9.0 preview 2</item>
<item value="28128" ide="20">15.9.0 preview 3</item>
<item value="28219" ide="20">15.9.0 preview 4</item>
<item value="28302" ide="20">15.9.0 preview 5</item>
<item value="28307" ide="20">15.9.x</item>
<item value="27706" ide="21">14.22 </item>
<item value="27724" ide="21">14.22 </item>
<item value="27807" ide="21">14.22 </item>
<item value="27812" ide="21">14.22 </item>
<item value="27821" ide="21">14.22 </item>
<item value="27905" ide="21">14.22</item>
<item value="28117" ide="21">14.24</item>
<item value="28329" ide="22">16.0.0 preview 1</item>
<item value="28408" ide="22">16.0.0 preview 1.1</item>
<item value="28522" ide="22">16.0.0 preview 2</item>
<item value="28529" ide="22">16.0.0 preview 2.1</item>
<item value="28602" ide="22">16.0.0 preview 2.2</item>
<item value="28608" ide="22">16.0.0 preview 3</item>
<item value="28625" ide="22">16.0.0 preview 4</item>
<item value="28701" ide="22">16.0.0 preview 4.1</item>
<item value="28705" ide="22">16.0.0 preview 4.1.1</item>
<item value="28711" ide="22">16.0.0 preview 4.2</item>
<item value="28714" ide="22">16.0.0 preview 4.3</item>
<item value="28721" ide="22">16.0.0 preview 4.4</item>
<item value="28729" ide="22">16.0.0</item>
<item value="28803" ide="22">16.0.x</item>
<item value="28809" ide="22">16.1.0 preview 1</item>
<item value="28822" ide="22">16.1.0 preview 2</item>
<item value="28902" ide="22">16.1.0 preview 3</item>
<item value="28917" ide="22">16.1.0</item>
<item value="28922" ide="22">16.1.1</item>
<item value="29001" ide="22">16.1.2</item>
<item value="29009" ide="22">16.1.3</item>
<item value="29020" ide="22">16.1.4</item>
<item value="29025" ide="22">16.1.5</item>
<item value="29102" ide="22">16.1.6</item>
<item value="29006" ide="22">16.2.0 preview 2</item>
<item value="29021" ide="22">16.2.0 preview 3</item>
<item value="29111" ide="22">16.2.0 preview 4</item>
<item value="29123" ide="22">16.2.0</item>
<item value="29201" ide="22">16.2.1</item>
<item value="29209" ide="22">16.2.2</item>
<item value="29215" ide="22">16.2.3</item>
<item value="29230" ide="22">16.2.4</item>
<item value="29306" ide="22">16.2.5</item>
<item value="29311" ide="22">16.3.0 preview 4</item>
<item value="29318" ide="22">16.3.0</item>
<item value="29324" ide="22">16.3.1</item>
<item value="29326" ide="22">16.3.2</item>
<item value="29403" ide="22">16.3.3</item>
<item value="29409" ide="22">16.3.4</item>
<item value="29411" ide="22">16.3.5</item>
<item value="29418" ide="22">16.3.6</item>
<item value="29424" ide="22">16.3.7</item>
<item value="29503" ide="22">16.3.8</item>
<item value="29509" ide="22">16.3.9</item>
<item value="29319" ide="22">16.4.0 preview 1</item>
<item value="29430" ide="22">16.4.0 preview 3</item>
<item value="29505" ide="22">16.4.0 preview 4</item>
<item value="29512" ide="22">16.4.0 preview 5</item>
<item value="29519" ide="22">16.4.0</item>
<item value="29609" ide="22">16.4.1</item>
<item value="29521" ide="22">16.5.0 preview 1</item>
<item value="04397" ide="23"></item>
<item value="04407" ide="23"></item>
<item value="04416" ide="23"></item>
<item value="04426" ide="23"></item>
<item value="04436" ide="23"></item>
<item value="04446" ide="23"></item>
<item value="04465" ide="23"></item>
<item value="06312" ide="23"></item>
<item value="06321" ide="23"></item>
<item value="06331" ide="23"></item>
<item value="06341" ide="23"></item>
<item value="06351" ide="23"></item>
<item value="00000" ide="23"></item>
</version>
</richheader>
</xml>

202
xml/settings.xml Normal file
View File

@@ -0,0 +1,202 @@
<!--
This file is part of the pestudio solution (www.winitor.com).
Usage of this file outside of the context of pestudio (e.g. in third-party application, tools chain, etc...) must be explicitely authorized.
Please note that this file can be modified when running pestudio.
-->
<xml version="1.0" encoding="utf-8">
<files>
<fthresholds>thresholds.xml</fthresholds>
<findicators>indicators.xml</findicators>
<fstrings>strings.xml</fstrings>
<ffunctions>functions.xml</ffunctions>
<flanguages>languages.xml</flanguages>
<ftranslations>translations.xml</ftranslations>
<fsignatures>signatures.xml</fsignatures>
<frich>rich.xml</frich>
<fmitre>mitre.xml</fmitre>
<fnsp>namespaces.xml</fnsp>
</files>
<setting>
<file/>
<indicators sort="1" flag="1" sec="0" label="1" level="1" jump="1" rich="0" separator="|" bytes="32"/>
<score enable="1" flag="0" all="1" key=""/>
<footprints enable="1" type="2" dos-stub="1" dos-header="1" debug="1" version="1" manifest="1" st="0" menu="0" dlg="0" icon="0" cur="0" bmp="0" rich="1" acl="0"/>
<groups enable="1" color="1"/>
<mitre enable="0" ti="1" ta="0" dup="0"/>
<rich fn="1" count="0"/>
<directories invalid="1" missing="1" empty="1"/>
<sections characteristics="1" items="1" initial="0" uninitial="0" cache="0" page="0" read="0" jmp="16"/>
<libraries type="1" gp="1" dup="0" flag="1" bound="0" tip="01"/>
<imports gp="1" type="1" flag="1" od="1" nsp="1" ft="1" fto="1"/>
<exports gap="1" od="1" dup="1" decorate="1" flag="1" anonymous="1" loc="1" ep="1"/>
<resources sort="1" sig="1" type="1" loc="1" flag="1" hash="1" ent="1" ratio="1" lang="1" size="1" hex="1" txt="1"/>
<strings flag="1" offset="1" label="1" gp="1" utf8="1" utf16="1" sort="0" wl="1" type="3"/>
<exceptions enable="0"/>
<relocations enable="0"/>
<dotnet header="1" tables="0" streams="0"/>
<namespaces flag="1"/>
<certificate/>
<overlay flag="1" score="0"/>
<report enable="1" type="0"/>
<google enable="1"/>
<caption enable="1"/>
<read-only enable="1"/>
<thresholds enable="1"/>
<jumps color_ext="12" color_int="04"/>
<labels color_text="15" color_back="02"/>
<flags color_text="06" color_back="08"/>
<tooltips enable="1"/>
<stamps epoch="0"/>
</setting>
<colors enable="1">
<color id="01" r="000" g="000" b="000">black</color>
<color id="02" r="255" g="255" b="255">white</color>
<color id="03" r="088" g="088" b="088">gray_dark</color>
<color id="04" r="173" g="173" b="173">gray</color>
<color id="05" r="249" g="249" b="249">gray_light</color>
<color id="06" r="168" g="000" b="000">red_dark</color>
<color id="07" r="238" g="034" b="035">red</color>
<color id="08" r="255" g="245" b="250">red_ligth</color>
<color id="09" r="000" g="102" b="000">green_dark</color>
<color id="10" r="000" g="128" b="000">green</color>
<color id="11" r="240" g="245" b="240">green_light</color>
<color id="12" r="000" g="000" b="149">blue_dark</color>
<color id="13" r="000" g="138" b="213">blue</color>
<color id="14" r="174" g="226" b="255">blue_light</color>
<color id="15" r="204" g="102" b="000">yellow_dark</color>
<color id="16" r="204" g="102" b="000">yellow</color>
<color id="17" r="255" g="250" b="245">yellow_light</color>
<color id="18" r="255" g="187" b="000">gold_dark</color>
<color id="19" r="255" g="215" b="000">gold</color>
<color id="20" r="255" g="215" b="168">gold_light</color>
<color id="21" r="141" g="048" b="148">violet_dark</color>
<color id="22" r="141" g="048" b="148">violet</color>
<color id="23" r="231" g="189" b="234">violet_light</color>
</colors>
<sections>
<section>.apiset</section>
<section>bss</section>
<section>.bss</section>
<section>code</section>
<section>.code</section>
<section>.CRT</section>
<section>.data</section>
<section>data</section>
<section>.didata</section>
<section>.didat</section>
<section>.dynamic</section>
<section>.dynsym</section>
<section>.edata</section>
<section>.eh_fram</section>
<section>.INIT</section>
<section>.idata</section>
<section>.idata2</section>
<section>.itext</section>
<section>.gfids</section>
<section>GFIDS</section>
<section>.giats</section>
<section>.gljmp</section>
<section>mods</section>
<section>.ndata</section>
<section>.pdata</section>
<section>.relo</section>
<section>.reloc</section>
<section>.rsrc</section>
<section>.rdata</section>
<section>.sxdata</section>
<section>.sdata</section>
<section>.symtab</section>
<section>text</section>
<section>.text</section>
<section>.textbss</section>
<section>.tls</section>
<section>.xdata</section>
<section>PAGE</section>
<section>PAGEMSG</section>
<section>DATA</section>
<section>_RDATA</section>
<section>BSS</section>
<section>INIT</section>
<section>CODE</section>
</sections>
<streams flag="1">
<stream id="00" flag="0">#~</stream>
<stream id="01" flag="0">#-</stream>
<stream id="02" flag="0">#Strings</stream>
<stream id="03" flag="0">#US</stream>
<stream id="04" flag="0">#GUID</stream>
<stream id="05" flag="0">#Blob</stream>
<stream id="ff" flag="1">Unknown</stream>
</streams>
<tables flag="1" all="1">
<table id="00" enable="1" flag="0" desc="">Module</table>
<table id="01" enable="1" flag="0" desc="Imported Class(es)">TypeRef</table>
<table id="02" enable="1" flag="0" desc="Type(s) definition">TypeDef</table>
<table id="03" enable="1" flag="0" desc="n/a">FieldPtr</table>
<table id="04" enable="1" flag="0" desc="n/a">Field</table>
<table id="05" enable="1" flag="0" desc="n/a">MethodPtr</table>
<table id="06" enable="1" flag="0" desc="Method(s) definition">Method</table>
<table id="07" enable="1" flag="0" desc="n/a">ParamPtr</table>
<table id="08" enable="1" flag="0" desc="n/a">Param</table>
<table id="09" enable="1" flag="0" desc="n/a">InterfaceImpl</table>
<table id="10" enable="1" flag="0" desc="Imported Method(s)">MemberRef</table>
<table id="11" enable="1" flag="0" desc="n/a">Constant</table>
<table id="12" enable="1" flag="0" desc="n/a">CustomAttribute</table>
<table id="13" enable="1" flag="0" desc="n/a">FieldMarshal</table>
<table id="14" enable="1" flag="0" desc="n/a">DeclSecurity</table>
<table id="15" enable="1" flag="0" desc="n/a">ClassLayout</table>
<table id="16" enable="1" flag="0" desc="n/a">FieldLayout</table>
<table id="17" enable="1" flag="0" desc="n/a">StandAloneSig</table>
<table id="18" enable="1" flag="0" desc="n/a">EventMap</table>
<table id="19" enable="1" flag="0" desc="n/a">EventPtr</table>
<table id="20" enable="1" flag="0" desc="n/a">Event</table>
<table id="21" enable="1" flag="0" desc="n/a">PropertyMap</table>
<table id="22" enable="1" flag="0" desc="n/a">PropertyPtr</table>
<table id="23" enable="1" flag="0" desc="Method(s) associated with a Type">Property</table>
<table id="24" enable="1" flag="0" desc="n/a">MethodSemantics</table>
<table id="25" enable="1" flag="0" desc="n/a">MethodImpl</table>
<table id="26" enable="1" flag="0" desc="Name to external Module(s)">ModuleRef</table>
<table id="27" enable="1" flag="0" desc="n/a">TypeSpec</table>
<table id="28" enable="1" flag="0" desc="Unmanaged code reached with p/Invoke">p/Invoke</table>
<table id="29" enable="1" flag="0" desc="n/a">FieldRVA</table>
<table id="30" enable="1" flag="0" desc="n/a">ENCLog</table>
<table id="31" enable="1" flag="0" desc="n/a">ENCMap</table>
<table id="32" enable="1" flag="0" desc="n/a">Assembly</table>
<table id="33" enable="1" flag="0" desc="n/a">AssemblyProcessor</table>
<table id="34" enable="1" flag="0" desc="n/a">AssemblyOS</table>
<table id="35" enable="1" flag="0" desc="n/a">AssemblyRef</table>
<table id="36" enable="1" flag="0" desc="n/a">AssemblyRefProcessor</table>
<table id="37" enable="1" flag="0" desc="n/a">AssemblyRefOS</table>
<table id="38" enable="1" flag="0" desc="n/a">File</table>
<table id="39" enable="1" flag="0" desc="n/a">ExportedType</table>
<table id="40" enable="1" flag="0" desc="n/a">ManifestResource</table>
<table id="41" enable="1" flag="0" desc="n/a">NestedClass</table>
<table id="42" enable="1" flag="0" desc="n/a">GenericParam</table>
<table id="43" enable="1" flag="0" desc="n/a">MethodSpec</table>
<table id="44" enable="1" flag="0" desc="n/a">GenericParamConstraint</table>
<table id="99" enable="1" flag="0" desc="n/a">Unknown</table>
</tables>
<tips>
<tip id="00">flag</tip>
<tip id="01">group</tip>
<tip id="02">technique</tip>
<tip id="03">tactic</tip>
<tip id="04">namespace</tip>
<tip id="05">label</tip>
<tip id="06">size</tip>
<tip id="07">language</tip>
<tip id="08">file-ratio</tip>
<tip id="09">location</tip>
<tip id="10">signature</tip>
<tip id="11">url</tip>
<tip id="12">type</tip>
</tips>
</xml>

2659
xml/signatures.xml Normal file
View File

File diff suppressed because it is too large Load Diff

1437
xml/strings.xml Normal file
View File

File diff suppressed because it is too large Load Diff

29
xml/thresholds.xml Normal file
View File

@@ -0,0 +1,29 @@
<!--
This file is part of the pestudio solution (www.winitor.com).
Any usage of this file outside of the context of pestudio (e.g. in third-party application, tools chain, etc...) must be explicitely authorized.
This file can be modified when running pestudio.
-->
<xml version="1.0" encoding="utf-8">
<thresholds>
<item id="001" enable="1" level="2" min="64" max="64"></item>
<item id="002" enable="1" level="2" min="20" max="368"></item>
<item id="003" enable="1" level="2" min="20" max="20"></item>
<item id="005" enable="1" level="2" min="16" max="16"></item>
<item id="006" enable="1" level="2" min="3" max="1024"></item>
<item id="009" enable="1" level="2" min="256" max="-1"></item>
<item id="011" enable="1" level="2" min="-1" max="1024"></item>
<item id="012" enable="1" level="2" min="0" max="2048"></item>
<item id="015" enable="1" level="2" min="10" max="-1"></item>
<item id="017" enable="1" level="2" min="0" max="16"></item>
<item id="018" enable="1" level="2" min="0" max="4096"></item>
<item id="021" enable="1" level="2" min="0" max="512"></item>
<item id="022" enable="1" level="2" min="8192" max="-1"></item>
<item id="023" enable="1" level="2" min="2004" max="-1"></item>
<item id="024" enable="1" level="2" min="15" max="17"></item>
<item id="025" enable="1" level="2" min="2" max="-1"></item>
<item id="026" enable="1" level="2" min="1" max="100"></item>
<item id="027" enable="1" level="2" min="0" max="25"></item>
<item id="030" enable="1" level="2" min="-1" max="2025"></item>
</thresholds>
</xml>

1110
xml/translations.xml Normal file
View File

File diff suppressed because it is too large Load Diff