Manalyze report for b5c44bb434196cc8241081fb3d1e6fa1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-06 11:39:38
Detected languages	English - United Kingdom English - United States
TLS Callbacks	2 callback(s) detected.
CompanyName	Hawk Eye Analysis LTD.
FileDescription	Defender Hardening Console
FileVersion	`1.0.0.1`
InternalName	AiDefend.exe
LegalCopyright	Copyright (C) 2025
OriginalFilename	AiDefend.exe
ProductName	Defender Hardening Console
ProductVersion	`1.0.0.1`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: control.exe msconfig.exe mshta.exe procexp.exe procmon.exe regedit.exe regsvr32.exe rundll32.exe sc.exe schtask` `Contains references to internet browsers: chrome.exe firefox.exe iexplore.exe` `Contains references to debugging or reversing tools: ida.exe ida64.exe idaq.exe idaq64.exe ollydbg.exe windbg.exe x32dbg.exe x64dbg.exe` `Contains references to security software: avastui.exe avgnt.exe avgui.exe avp.exe bundle.exe cleaner.exe cleanpc.exe fsgk32.exe msmpeng.exe rescue.exe rshell.exe sfc.exe smc.exe vsmon.exe` `Looks for VMWare presence: VMware vmware` `May have dropper capabilities: %temp% CurrentControlSet\Services CurrentVersion\Run` `Accesses the WMI: ROOT\CIMV2 ROOT\Microsoft ROOT\subscription` `Miscellaneous malware strings: Exploit Virus backdoor cmd.exe exploit virus` Contains domain names: .summary-card.info .vzj-1-o.ru Amazon.com api.telegram.org battle.net cdn.discordapp.com defenderctrl.hea-p.com discordapp.com docs.hea-p.com dpaste.com filecheck.hea-p.com fonts.googleapis.com githubusercontent.com googleapis.com hea-p.com http://www.w3.org http://www.w3.org/1998/Math/MathML http://www.w3.org/1999/xlink http://www.w3.org/2000/svg http://www.w3.org/XML/1998/namespace https://defenderctrl.hea-p.com https://docs.hea-p.com https://fonts.googleapis.com https://fonts.googleapis.com/css2?family https://hea-p.com https://pcontext.hea-p.com https://program-analyzer.YOUR_SUBDOMAIN.workers.dev https://react.dev https://support.hea-p.com https://www.virustotal.com https://www.virustotal.com/gui/domain/$ https://www.virustotal.com/gui/file/$ https://www.virustotal.com/gui/ip-address/$ ip-api.com microsoft.net pastebin.com pcontext.hea-p.com raw.githubusercontent.com summary-card.info support.hea-p.com telegram.org virustotal.com vzj-1-o.ru www.virustotal.com www.w3.org
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegDeleteKeyW RegDeleteKeyExW RegOpenKeyTransactedW RegCreateKeyExW RegSetValueExW RegDeleteValueW RegQueryInfoKeyW RegEnumKeyExW RegEnumValueW RegQueryValueExW RegCloseKey RegOpenKeyExW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptCreateHash CryptHashData CryptDestroyHash CryptGetHashParam CryptReleaseContext CryptQueryObject CryptMsgGetParam CryptMsgClose CryptCATAdminAcquireContext CryptCATAdminEnumCatalogFromHash CryptCATAdminCalcHashFromFileHandle CryptCATCatalogInfoFromContext CryptCATAdminReleaseContext CryptCATAdminReleaseCatalogContext` `Can create temporary files: CreateFileW GetTempPathW` `Has Internet access capabilities: WinHttpQueryHeaders WinHttpQueryDataAvailable WinHttpConnect WinHttpSendRequest WinHttpCloseHandle WinHttpCrackUrl WinHttpSetTimeouts WinHttpSetOption WinHttpOpen WinHttpAddRequestHeaders WinHttpOpenRequest WinHttpReceiveResponse WinHttpReadData` `Leverages the raw socket API to access the Internet: getnameinfo ntohl inet_pton htonl ntohs inet_ntop` `Functions related to the privilege level: OpenProcessToken` `Interacts with services: QueryServiceConfigW QueryServiceStatus DeleteService ControlService OpenSCManagerW EnumServicesStatusExW OpenServiceW` `Enumerates local disk drives: GetLogicalDriveStringsW` `Manipulates other processes: Process32FirstW Process32NextW OpenProcess`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`b5c44bb434196cc8241081fb3d1e6fa1`
SHA1	`f1c7d0420ed985e1b43754dd5c73e128aa5f267e`
SHA256	`913e4ce3907e70eb745ef0d67b441dc572ed208bd41e6f142fc7f9c521929b92`
SHA3	`241fa7e3441ab98d331fec7d16ab24280b1f7acf5be68dc43f40d023576d6f43`
SSDeep	`49152:Gx8eNJ/O+V3cjhooXQTyxu45gDq7x/ZtPycAOEuospaDVYEV6FcHR08kbYigAUM:G70Wue`
Imports Hash	`6a28fd501028e97a1117c74f370a73b2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Feb-06 11:39:38
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x198600`
SizeOfInitializedData	`0x1c0800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000017EEE0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x35d000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5d33332652335af45b56b7475dc78b58`
SHA1	`0801a1f6975d3193c9feb17b77127dd93fc39be5`
SHA256	`67762daf53de26ae21f70b39893a421eaea5c6cab8c4b6fd66b5a599b3a64938`
SHA3	`1efdf4a72b0aa72b56690a0cf5c81f6bb42a22f33eca2271683a373f77b630ea`
VirtualSize	`0x198507`
VirtualAddress	`0x1000`
SizeOfRawData	`0x198600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.29881`

.rdata

MD5	`8c6b1b8a9b66981f0dd5923bb9e1affc`
SHA1	`95b13e1fe4b3748a79eb22406c95ed4fec5d7c34`
SHA256	`db26d8fb52fd99575cd398581a6ff20e859e12891936b385d907bd2c3e6e0cf5`
SHA3	`8a5eaf7630963848f6c1bb481de8ec03a4738184f837c96e02cc954c91bcfb08`
VirtualSize	`0xaa4a0`
VirtualAddress	`0x19a000`
SizeOfRawData	`0xaa600`
PointerToRawData	`0x198a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.61553`

.data

MD5	`00753b92aa7dd6fbd731df34441478c1`
SHA1	`2e9241a77120e5cb06fc31627723f6fb01ef8959`
SHA256	`33362f154ee99841cb6d3b3809c12a861442b5744daacf6f2256805674e92041`
SHA3	`d95adc7b43dc903cb2244b4ede9f2302b7aa2b177202c602727061be465bd451`
VirtualSize	`0xfa20`
VirtualAddress	`0x245000`
SizeOfRawData	`0xea00`
PointerToRawData	`0x243000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.03402`

.pdata

MD5	`f93dab737620b12e05d042488f8a19d2`
SHA1	`fc82dc3ff9d6732ebeaa77af72c5ff3961e9e653`
SHA256	`36aa1838c74f77a45be90f481e1c6dd588e65b4a731b7f04cb498565989819e6`
SHA3	`0a59eea3d2f7d5c4def26bc81af374293273bc22809b0caa464c04854ebe9394`
VirtualSize	`0xb6ac`
VirtualAddress	`0x255000`
SizeOfRawData	`0xb800`
PointerToRawData	`0x251a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.11954`

.rsrc

MD5	`80324d787055b23e2cf85ca2ee0b9b1c`
SHA1	`021d48a38309bf24470814b93082b3ac49ea46b6`
SHA256	`1815cf10c6628fc9ebabebf945811d361ff4f452c308790cc5185db854dcb986`
SHA3	`7bdb590a47afb9f0d37057f9d8ff1c13665ef7c73b1d03d7cebfadf8fe76dd87`
VirtualSize	`0xf97c8`
VirtualAddress	`0x261000`
SizeOfRawData	`0xf9800`
PointerToRawData	`0x25d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.0876`

.reloc

MD5	`0ba132f3740a8cab6a9dd771104a1240`
SHA1	`3253cbef72c15858383fb09a9620334e82d98ab2`
SHA256	`8448e4c6a840b5375b6a263788d3c64c66364306cbb6c23046427fe9a5d96274`
SHA3	`5a702ae70a22ac0a274fd562cc7cfb8ca438b13d963755648100cc5c58408400`
VirtualSize	`0x15e8`
VirtualAddress	`0x35b000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x356a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42846`

Imports

KERNEL32.dll	`Sleep` `LockResource` `DeleteFileW` `LoadLibraryW` `LoadResource` `FindResourceW` `FreeLibrary` `GetExitCodeProcess` `GetWindowsDirectoryW` `TerminateProcess` `SetFileAttributesW` `MoveFileExW` `GetComputerNameW` `GetStartupInfoW` `GetLocaleInfoEx` `FindClose` `SetEnvironmentVariableW` `FindFirstFileExW` `FindNextFileW` `GetFullPathNameW` `GetFinalPathNameByHandleW` `SetFileInformationByHandle` `CreateFile2` `AreFileApisANSI` `GetFileInformationByHandleEx` `ReleaseSRWLockExclusive` `ReleaseSRWLockShared` `AcquireSRWLockExclusive` `AcquireSRWLockShared` `SleepConditionVariableSRW` `GetFileAttributesW` `GetFileTime` `GetModuleFileNameW` `SearchPathW` `Module32NextW` `GetLocalTime` `Module32FirstW` `GetSystemDirectoryW` `GetCurrentThreadId` `ExpandEnvironmentStringsW` `SizeofResource` `CreateDirectoryW` `GetLogicalDriveStringsW` `QueryDosDeviceW` `OutputDebugStringW` `GetSystemTime` `QueryFullProcessImageNameW` `GetModuleHandleW` `SystemTimeToFileTime` `GetProcAddress` `Process32FirstW` `Process32NextW` `GetFileAttributesExW` `CreateToolhelp32Snapshot` `OpenProcess` `CreateFileW` `OutputDebugStringA` `MulDiv` `WideCharToMultiByte` `CreateProcessW` `CloseHandle` `GetLastError` `MultiByteToWideChar` `WaitForSingleObject` `GetTempPathW` `CreatePipe` `GetCurrentProcess` `SetHandleInformation` `ReadFile` `FormatMessageA` `FindFirstFileW` `LocalFree` `InitOnceComplete` `InitOnceBeginInitialize` `WakeAllConditionVariable` `QueryPerformanceCounter` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `InitializeSListHead` `SetUnhandledExceptionFilter`
USER32.dll	`GetDpiForSystem` `GetCursorPos` `LoadImageW` `ReleaseCapture` `IsZoomed` `EnumWindows` `GetMessageW` `DefWindowProcW` `GetMonitorInfoW` `GetSystemMetrics` `SendMessageW` `SystemParametersInfoW` `PostQuitMessage` `GetClientRect` `LoadCursorW` `LoadIconW` `TranslateMessage` `UpdateWindow` `GetWindowThreadProcessId` `PostMessageW` `SetProcessDpiAwarenessContext` `DestroyWindow` `MessageBoxW` `MonitorFromWindow` `ScreenToClient` `DispatchMessageW` `ShowWindow` `RegisterClassExW` `SetWindowPos` `GetWindowLongPtrW` `CreateWindowExW` `SetWindowLongPtrW` `IsWindowVisible`
GDI32.dll	`CreateSolidBrush`
ADVAPI32.dll	`QueryServiceConfigW` `OpenProcessToken` `RegDeleteKeyW` `QueryServiceStatus` `DeleteService` `ControlService` `RegDeleteKeyExW` `RegOpenKeyTransactedW` `RegCreateKeyExW` `RegSetValueExW` `RegDeleteTreeW` `RegDeleteValueW` `RegQueryInfoKeyW` `CloseServiceHandle` `OpenSCManagerW` `RegEnumKeyExW` `EnumServicesStatusExW` `GetTokenInformation` `OpenServiceW` `RegEnumValueW` `RegQueryValueExW` `RegCloseKey` `CryptAcquireContextW` `CryptCreateHash` `CryptHashData` `CryptDestroyHash` `RegOpenKeyExW` `CryptGetHashParam` `GetUserNameW` `CryptReleaseContext`
SHELL32.dll	`SHGetFolderPathW` `SHOpenFolderAndSelectItems` `ShellExecuteW` `SHGetKnownFolderPath` `ExtractIconExW` `SHParseDisplayName`
ole32.dll	`CoUninitialize` `CoCreateGuid` `CoCreateInstance` `CoSetProxyBlanket` `CoInitializeSecurity` `CoTaskMemFree` `CoInitialize` `CoInitializeEx`
OLEAUT32.dll	`VariantClear` `SysAllocString` `SysFreeString` `SafeArrayPutElement` `SafeArrayCreate` `VariantInit`
MSVCP140.dll	`?eof@ios_base@std@@QEBA_NXZ` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z` `_Thrd_detach` `?_Xinvalid_argument@std@@YAXPEBD@Z` `??0task_continuation_context@Concurrency@@AEAA@XZ` `?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z` `?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ` `?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ` `?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?uncaught_exceptions@std@@YAHXZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?_Xbad_alloc@std@@YAXXZ` `?_Id_cnt@id@locale@std@@0HA` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Winerror_map@std@@YAHH@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Syserror_map@std@@YAPEBDH@Z` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z` `??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ` `?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z` `?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z` `?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z` `?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ` `?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z` `??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `?good@ios_base@std@@QEBA_NXZ` `??7ios_base@std@@QEBA_NXZ` `??Bios_base@std@@QEBA_NXZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ` `?_Throw_Cpp_error@std@@YAXH@Z` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `_Mtx_lock` `_Xtime_get_ticks` `_Mtx_unlock` `??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z` `?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z` `??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `_Query_perf_frequency` `?_Xbad_function_call@std@@YAXXZ` `?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A` `?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A` `_Cnd_do_broadcast_at_thread_exit` `_Thrd_id` `_Query_perf_counter` `_Thrd_join` `?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ` `?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ` `??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z` `?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z` `?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBUtm@@PEB_W4@Z` `??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z` `?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z` `_Mbrtowc` `?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z` `?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?id@?$numpunct@D@std@@2V0locale@2@A` `?id@?$numpunct@_W@std@@2V0locale@2@A` `??1facet@locale@std@@MEAA@XZ` `??0facet@locale@std@@IEAA@_K@Z` `?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ` `?_Incref@facet@locale@std@@UEAAXXZ` `?_Gettrue@_Locinfo@std@@QEBAPEBDXZ` `?_Getfalse@_Locinfo@std@@QEBAPEBDXZ` `?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ` `??1_Locinfo@std@@QEAA@XZ` `??0_Locinfo@std@@QEAA@PEBD@Z` `?__ExceptionPtrAssign@@YAXPEAXPEBX@Z` `_Thrd_hardware_concurrency` `_Cnd_unregister_at_thread_exit` `?__ExceptionPtrCreate@@YAXPEAX@Z` `?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z` `?__ExceptionPtrCopy@@YAXPEAXPEBX@Z` `?__ExceptionPtrToBool@@YA_NPEBX@Z` `?__ExceptionPtrDestroy@@YAXPEAX@Z` `?__ExceptionPtrCurrentException@@YAXPEAX@Z` `?__ExceptionPtrRethrow@@YAXPEBX@Z` `_Cnd_register_at_thread_exit` `_Cnd_wait` `?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `_Cnd_broadcast` `?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z` `?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ` `?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ` `?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ` `?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z` `_Cnd_signal` `?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ` `?_ReportUnobservedException@details@Concurrency@@YAXXZ` `?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z` `?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z`
MSVCP140_ATOMIC_WAIT.dll	`__std_atomic_notify_one_direct` `__std_atomic_notify_all_direct` `__std_atomic_wait_direct`
dwmapi.dll	`DwmSetWindowAttribute` `DwmExtendFrameIntoClientArea`
WS2_32.dll	`getnameinfo` `ntohl` `inet_pton` `htonl` `ntohs` `inet_ntop`
WINHTTP.dll	`WinHttpQueryHeaders` `WinHttpQueryDataAvailable` `WinHttpConnect` `WinHttpSendRequest` `WinHttpCloseHandle` `WinHttpCrackUrl` `WinHttpSetTimeouts` `WinHttpSetOption` `WinHttpOpen` `WinHttpAddRequestHeaders` `WinHttpOpenRequest` `WinHttpReceiveResponse` `WinHttpReadData`
CRYPT32.dll	`CertGetNameStringW` `CertFreeCertificateContext` `CryptQueryObject` `CertCloseStore` `CryptMsgGetParam` `CertFindCertificateInStore` `CryptMsgClose`
WINTRUST.dll	`CryptCATAdminAcquireContext` `CryptCATAdminEnumCatalogFromHash` `WinVerifyTrust` `WTHelperProvDataFromStateData` `WTHelperGetProvSignerFromChain` `CryptCATAdminCalcHashFromFileHandle` `CryptCATCatalogInfoFromContext` `CryptCATAdminReleaseContext` `CryptCATAdminReleaseCatalogContext`
IPHLPAPI.DLL	`GetExtendedTcpTable`
VERSION.dll	`GetFileVersionInfoSizeW` `VerQueryValueW` `GetFileVersionInfoW`
fwpuclnt.dll	`FwpmFilterDestroyEnumHandle0` `FwpmFreeMemory0` `FwpmFilterAdd0` `FwpmGetAppIdFromFileName0` `FwpmFilterCreateEnumHandle0` `FwpmEngineOpen0` `FwpmFilterDeleteById0` `FwpmSubLayerAdd0` `FwpmFilterEnum0` `FwpmEngineClose0` `FwpmProviderAdd0`
bcrypt.dll	`BCryptCloseAlgorithmProvider` `BCryptHashData` `BCryptOpenAlgorithmProvider` `BCryptGetProperty` `BCryptCreateHash` `BCryptFinishHash` `BCryptDestroyHash`
ktmw32.dll	`CommitTransaction` `CreateTransaction` `RollbackTransaction`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__current_exception_context` `__std_exception_destroy` `__std_exception_copy` `_purecall` `__std_terminate` `wcsstr` `memcmp` `memchr` `memcpy` `_CxxThrowException` `memmove` `memset` `__C_specific_handler` `__current_exception`
api-ms-win-crt-stdio-l1-1-0.dll	`_get_stream_buffer_pointers` `__stdio_common_vswprintf_s` `fsetpos` `fread` `_fseeki64` `__stdio_common_vsprintf` `fputwc` `ungetwc` `__stdio_common_vswprintf` `fclose` `fflush` `_set_fmode` `fgetwc` `fputc` `ungetc` `setvbuf` `__p__commode` `fgetpos` `fwrite` `fgetc`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `_aligned_free` `_aligned_malloc` `_callnewh` `free` `calloc` `malloc`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file`
api-ms-win-crt-string-l1-1-0.dll	`strlen` `towlower` `_wcsicmp` `wcslen` `towupper` `isalnum` `tolower` `_wcsnicmp` `iswalpha`
api-ms-win-crt-time-l1-1-0.dll	`_localtime64_s` `_time64` `wcsftime`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `_c_exit` `_exit` `exit` `_errno` `terminate` `_initterm_e` `_initterm` `_beginthreadex` `_get_wide_winmain_command_line` `_initialize_wide_environment` `_configure_wide_argv` `_set_app_type` `_seh_filter_exe` `abort` `_cexit` `_initialize_onexit_table` `_register_onexit_function` `_register_thread_local_exe_atexit_callback`
api-ms-win-crt-math-l1-1-0.dll	`_fdsign` `__setusermatherr` `log2` `_dsign` `_ldsign`
api-ms-win-crt-convert-l1-1-0.dll	`strtol` `strtoull`
api-ms-win-crt-utility-l1-1-0.dll	`rand`
api-ms-win-crt-locale-l1-1-0.dll	`___lc_codepage_func` `_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19228`
MD5	`18548b306ed5092c06df9e704b71c78d`
SHA1	`5672c15440b6654cdadfe14c7bf260356862e3a5`
SHA256	`da00d7ef6936168ef241c25545a5e806f257f9ade803a9acaadec175a5432ec9`
SHA3	`d70f69c73def66b9f4c958220bb8978157d41d8eb61464ed7394ca248b908414`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3139`
MD5	`dfa975950030ec8ad9216c9266864084`
SHA1	`3bdd76d58cd50c45b939393ddd7ed918fa82e103`
SHA256	`261355f2e3ac5c2a10112b52cf48e71db93dfeede6aa343fd440e11885cce145`
SHA3	`8cd6faa97030abe1e8cfb1f2b26d1bdfd821b8db9775424d60b11783fbbe6743`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39582`
MD5	`c8ee2bc6a7d98b9a58144f1a75ce6526`
SHA1	`8683e8e44e6a093d96fe9a8af7f6ea088d394dd4`
SHA256	`2e8881dafee1be85157e39131e6e3c482a8e8fc76d77be025ed47942c9567d37`
SHA3	`5aea87fa422e056e48262db13a29e0607e28143d443881e7ddd89f4b84d932ca`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.46301`
MD5	`3f92c7c6ff158b3ba2b559f586b24f76`
SHA1	`8dbe1ffa4c0fd94637755779eb4a115ae87b187a`
SHA256	`6d56fc97e7e712f613873d04ebf93c2083b5576b9e13c7b824fec79d93e52179`
SHA3	`6bdbba613baa1c9bcd528218244c19addc031e84a95bfa777ef0f3acdfa18380`

5

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.45873`
MD5	`6277214b54d0b2290fbc5568d33cc513`
SHA1	`c0b05ba956592149b8a8d7820fc4949fd2ab4ad2`
SHA256	`d246babedd7c9d0e890639bfaf3f53da67d0efee6b6273cd46fd1783a257deba`
SHA3	`28abb39f825bc67b6c183b9acb897c15863a15afacbebbafe5ea56b4f03248cf`

6

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.51361`
MD5	`240e1900509959a980d041952e220f7a`
SHA1	`7d393fc88c4f4f4b26e84bf4513a4898141bbbfb`
SHA256	`aedecec78771068c8da694850720b2cb7f73c48fa30d819ab8def0b8bc1235e6`
SHA3	`a28b9df94cb68d1f9934936b085735c9f44a1020c18096c6ca7e0e3e04f17843`

7

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.5842`
MD5	`54fa36804f7de0d3cce42be06d2d57db`
SHA1	`28f9c56a88b9169230a5b78b928bb93c0a1c9e27`
SHA256	`1521b8ad81bb29426280951980f916d4487014b88398e1fd9ee699a2e395bd0d`
SHA3	`bb885abc4fa4993496d0ffe7a0c84e59913e4156c00821fa12cb4b60d85b2858`

8

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.5941`
MD5	`c67e3a567785b6fdf6b175ddb73b2365`
SHA1	`99e2c6d99967dad8078703914ec71b4dabe9653e`
SHA256	`d3548b7d10d3241c9d8aad311a91cd77335c9fd3556e4b9bbc8ff2d4b60725a2`
SHA3	`a7b8ec842059db34819fd87eb71889fb61bdde9377f0f23745541b546255a9c4`

9

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.56116`
MD5	`3016ccdf0ceacc4c10ee417c828441ce`
SHA1	`d462c05ec3d0f7880244c1feba74f4bc720e6622`
SHA256	`784096336543ff95fc14161c43bc661d25ce5cb45ae0be9f039496df6bbba122`
SHA3	`0dc699b7589b8503c7955233065aa5b61e1708f6930ce208af973f5965e386a9`

10

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xf8a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.76175`
Detected Filetype	PNG graphic file
MD5	`b44668ca2b0113e8a7253bc2b071f901`
SHA1	`6dfe83a1b8322de730e6e4968622530832c12a2f`
SHA256	`36863ffd0404d453f226ca61eb856b061b66ba88ae53d55d0cb6690926960960`
SHA3	`9d3ed95c7ccffdc53ca375c1b626c185b9256e07d50a80464f363eb5eb305430`

11

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x211e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.6334`
Detected Filetype	PNG graphic file
MD5	`55b84f2551e18ee1a01f3e8e066d661a`
SHA1	`b3894524cf18a703648ed7adf03fb26298240600`
SHA256	`5a7d1f668773b04bfe2accd6a56acb15c813b80ebb355eff052702d9554749ab`
SHA3	`cde1125e7481fad05b6ac060d1430edcac33e8e3a557aa52eeecc66cfe437f46`

IDI_ICON1

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07272`
Detected Filetype	Icon file
MD5	`078fcc3c3b26e1d2712ac7ba61ee2e06`
SHA1	`31070bcd4c322e3776329d37133878fddbedc96f`
SHA256	`a817b5c3a39e3d4683a561b9524736b8c143994902b8c091ad842a94c267af27`
SHA3	`533bde032e8f8218457a6a9a6c86fed511a7b09ba2db926a57047c2586a23d24`

1 (#2)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x314`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35706`
MD5	`18bc6f99bdfd89f74ccd4831fe40e988`
SHA1	`e6974a6b1c23d1879579040a832e809b26f2198e`
SHA256	`a515b292c8ab328bbe75d8006694a827018adbdca231364cfe3bc01265bcb2ae`
SHA3	`806be9dae45bfb7b41a3f88d3d378caed264b8bafff65488c0f4162a64ff821c`

101

Type	`RT_HTML`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xd1a15`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.54199`
MD5	`b25f00fbade662e7cb5aad710a75b093`
SHA1	`98efbabc9950c8d0569ff47a4466a24bd72986a0`
SHA256	`78e09905ce42e894efba17ae34bd0b8a63d644ffefd0411d8e10eef057a37e37`
SHA3	`56de1c6f4d03f101d5e9c9c512315055a4094f0f679f0f069da35e838c205ab4`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United Kingdom
CompanyName	Hawk Eye Analysis LTD.
FileDescription	Defender Hardening Console
FileVersion (#2)	1.0.0.1
InternalName	AiDefend.exe
LegalCopyright	Copyright (C) 2025
OriginalFilename	AiDefend.exe
ProductName	Defender Hardening Console
ProductVersion (#2)	1.0.0.1

Resource LangID	English - United Kingdom

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-06 11:39:38
Version	`0.0`
SizeofData	`1064`
AddressOfRawData	`0x2237e4`
PointerToRawData	`0x2221e4`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2026-Feb-06 11:39:38
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x223c0c`
PointerToRawData	`0x22260c`

TLS Callbacks

StartAddressOfRawData	`0x140223c30`
EndAddressOfRawData	`0x140223dcc`
AddressOfIndex	`0x140253a54`
AddressOfCallbacks	`0x14019b188`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x000000014017E960` `0x000000014017EAF0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140245040`
GuardCFCheckFunctionPointer	`5370392408`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x8a343dce`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`20`
C objects (35403)	`10`
C++ objects (35403)	`53`
ASM objects (35403)	`6`
Imports (35403)	`8`
C objects (33145)	`4`
C objects (CVTCIL) (33145)	`2`
Imports (33145)	`34`
Unmarked objects (#2)	`3`
Total imports	`570`
C++ objects (LTCG) (35721)	`15`
Resource objects (35721)	`1`
151	`1`
Linker (35721)	`1`

b5c44bb434196cc8241081fb3d1e6fa1

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

IDI_ICON1

1 (#2)

101

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors