Manalyze report for 07a4a6794088a36d6db72ac8a32d8d18

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Oct-04 05:00:00
Detected languages	English - United States
TLS Callbacks	3 callback(s) detected.
Debug artifacts	nw.exe.pdb
CompanyName	The NW.js Community
FileDescription	nwjs
FileVersion	`0.69.1`
InternalName	nw_exe
LegalCopyright	Copyright 2020, The NW.js community and The Chromium Authors. All rights reserved.
OriginalFilename	nw.exe
ProductName	nwjs
ProductVersion	`0.69.1`
CompanyShortName	nwjs.io
ProductShortName	nwjs
LastChange	62f83a7521ae1f32e563795732dff0c9da1b660d-refs/heads/master@{#812354}

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe` `Contains domain names: blink.net chromium.org crashpad.chromium.org crbug.com https://crashpad.chromium.org https://crashpad.chromium.org/ https://crashpad.chromium.org/bug/new openssl.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to RC5 or RC6`
Suspicious	The PE is possibly packed.	`Unusual section name found: .gxfg` `Unusual section name found: .retplne` `Unusual section name found: .voltbl` `Unusual section name found: CPADinfo` `Unusual section name found: malloc_h`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA LoadLibraryExW LoadLibraryW` `Code injection capabilities: CreateRemoteThread OpenProcess VirtualAlloc VirtualAllocEx WriteProcessMemory` `Code injection capabilities (mapping injection): CreateFileMappingW CreateRemoteThread MapViewOfFile` `Can access the registry: RegCloseKey RegCreateKeyExW RegDeleteValueW RegOpenKeyExW RegQueryValueExA RegQueryValueExW RegSetValueExW` `Possibly launches other programs: CreateProcessW CreateProcessAsUserW` `Can create temporary files: CreateFileW GetTempPathW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualAllocEx VirtualProtect VirtualProtectEx` `Functions related to the privilege level: AdjustTokenPrivileges DuplicateToken DuplicateTokenEx OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess ReadProcessMemory WriteProcessMemory` `Changes object ACLs: SetKernelObjectSecurity SetSecurityInfo`
Safe	VirusTotal score: 0/70 (Scanned on 2026-02-04 16:38:59)	`All the AVs think this file is safe.`

Hashes

MD5	`07a4a6794088a36d6db72ac8a32d8d18`
SHA1	`b425eae9960176272875ef6a5758f9226a5bea2b`
SHA256	`dcdcc4b66a9488cbd26b0b5885ae4ccfed12cf2dcbf4603dbecc03617c771a5b`
SHA3	`91d58dcb8b00ea61befe215ec67c4400956a0ff41a04043af3356b046092bed0`
SSDeep	`49152:HGSDTL/CLedOQuINPkkgorNMhGGuEpZrI7s1Ky7:gnrIG7`
Imports Hash	`0c1f9c775b987966d16b5e3a02758a9f`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`14`
TimeDateStamp	2020-Oct-04 05:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x188a00`
SizeOfInitializedData	`0xc7200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000150210 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x264000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x800000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1e82083421fe7d5b351f7b202eaad97f`
SHA1	`9a6f81a1c821c64be071c985ae8a0c8b76a07f39`
SHA256	`6018504fbb42667bc5652646b65a22b17c6b7dcc9fc0e59c7e743d62720acc93`
SHA3	`d838eb48751ac19aa0cf25d98bae30a00e7c1ecc7d1ab9e0e2a7e11eeb914fbb`
VirtualSize	`0x18886c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x188a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.57919`

.rdata

MD5	`02b44ec5bf8ceaa89584dcd0e88f8091`
SHA1	`17562a9178f3a5e983934c811f60eca70cb47229`
SHA256	`d0913f2c2d2013a68a42cb3253ab105c830290be3b159ba9c839794f1e9634be`
SHA3	`647464115775acf64e304720521fcc7e12a2418c363e38c8106e477cc8a37f8a`
VirtualSize	`0x52914`
VirtualAddress	`0x18a000`
SizeOfRawData	`0x52a00`
PointerToRawData	`0x188e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.60301`

.data

MD5	`dff72d700234a2713e98ffd2229a6619`
SHA1	`ae043db8600f13c79bbdaf2b440454487ad1fb43`
SHA256	`2ecb3560ed5b2a3ea4fc7fad4da4a9148fa2f2e0d9f2f5246b4dd935dd60bc36`
SHA3	`a065123f2fe7c0fd6341ec25664a51167b675b7f159c16529721f1ab611d10ab`
VirtualSize	`0xda90`
VirtualAddress	`0x1dd000`
SizeOfRawData	`0x4400`
PointerToRawData	`0x1db800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.15923`

.pdata

MD5	`42b871c79b6a0d559d393983fbde5524`
SHA1	`a0acdfa8fb8d5e2f6b14855c389b01fe7536bb95`
SHA256	`60aef28d4eadda7e30e61fbf35a215644b39de6780ffe5d3f19cc74e99a63b6b`
SHA3	`ef531b51254624b6491566e28c2f8e24485865a0dc1152d34237ceac81385c6f`
VirtualSize	`0xe0b8`
VirtualAddress	`0x1eb000`
SizeOfRawData	`0xe200`
PointerToRawData	`0x1dfc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.00192`

.00cfg

MD5	`05411cf39616d3a44664a245aa7b6e59`
SHA1	`a3bc76d814dce4f495ff615510f9bebdc4d4034d`
SHA256	`9bcbe3f6b3c82a1c771d0deae4ad74562551dd3a9304dd5f1f00b53698061f13`
SHA3	`911a4de57d1335fdbfaacf005a1928ed566c78a24aa7eb9afd3a7e17d9f5c3c5`
VirtualSize	`0x28`
VirtualAddress	`0x1fa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1ede00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.4286`

.gxfg

MD5	`c97d788e458f9ade7f221906741447da`
SHA1	`d3cfb5fd28868ec81c6e97d6c99ffb6e210f4e5e`
SHA256	`40e9622cf8d1e76a8be940caac87479bd740f0bbc9fa64501b720f883268f562`
SHA3	`5db4b798a678319f9a90006fe685383edbe76edad250c61ef58153a6d8c7d11d`
VirtualSize	`0x2ce0`
VirtualAddress	`0x1fb000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x1ee000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.15799`

.retplne

MD5	`d0c1c42539cd3883e9204a2468f4817c`
SHA1	`fc8af9765518ed3341d02bcb35a19cde71a4087b`
SHA256	`845a881cc0b6c7691bdbdc025f2383a329414583d1fe7c279838276340f1bf27`
SHA3	`5850648fd5622879f7d089f3c7e236d80f933d3e555bb433af4b1bf8780e0bc2`
VirtualSize	`0x80`
VirtualAddress	`0x1fe000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1f0e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`(EMPTY)`
Entropy	`1.24349`

.tls

MD5	`279b7014011437ed8f1293c2bc83ba37`
SHA1	`efbe946a6643a2c694a6f1fbf98944b575e48633`
SHA256	`8c8a52463e40552fddc98c32b39b4c3e3d46ee74063f7dfbe3a186ea36730acd`
SHA3	`ed36160f9548a1c58b63c1e5093fa3f4e91960d5308856303efc3f168f4986c6`
VirtualSize	`0x181`
VirtualAddress	`0x1ff000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1f1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.136464`

.voltbl

MD5	`a596ace00344a4353f556bc517a7e489`
SHA1	`78ae36e33c1a9fa4ab55b9485f82ed34ca372e4d`
SHA256	`bf9b7a4f151a055ac9a12154086e3856cb3fe299d3def1d626feed9d28f23c49`
SHA3	`2da65f1521b84df15f4bfd9bc59ab4505a48d1c5a9e94de2582900c2812c2504`
VirtualSize	`0x44`
VirtualAddress	`0x200000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1f1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`(EMPTY)`
Entropy	`1.14233`

CPADinfo

MD5	`60d3ea61d541c9be2e845d2787fb9574`
SHA1	`a314e912df98dd680cdb9679390177a970ee9ac8`
SHA256	`911d1a12eca8935990172cfcd6768f9c6351ed94b700833b2cf0cf457a1d752d`
SHA3	`44f366ded1e40e29d2543686d5e4f2fc6daf379b056e4f94af32c16e9f6b2205`
VirtualSize	`0x38`
VirtualAddress	`0x201000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1f1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.122276`

_RDATA

MD5	`bb6d2350596e4be5c471537a7805e61a`
SHA1	`0de699db3727c8f21de380a791cd0a4f66ac8945`
SHA256	`e38d2529fc67bbe0b158f29c5d909b565be81222d7685ee46b266669e2e359c8`
SHA3	`bfabbd909aaac20da980aa89c18ef6eb8d1edc5d72d5cbfa1cd4ae046389b2b8`
VirtualSize	`0xf4`
VirtualAddress	`0x202000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1f1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.44783`

malloc_h

MD5	`cba4269e3534a5d53d0f06b59218f25c`
SHA1	`34cdacea97ccd48bd4e3f5de5d35fe12c0ea93c7`
SHA256	`efcee75642102e4584c11dba7e5e5d61fae5cbd3765b2892d1164e30348b0966`
SHA3	`594f4658530e3f542c98164b53dcc810f452b605ff5339667a6ae359389df91c`
VirtualSize	`0x146`
VirtualAddress	`0x203000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1f1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.68114`

.rsrc

MD5	`aebee2d7f6d08b12348cf20f23ce2b1f`
SHA1	`992a6e3702b156f6b223f9bcce279a0fe4a50c84`
SHA256	`ba31bc136224a0f52e2ff2351e9b832b82bf21f70bdc05b9ccb7524fdf7d1453`
SHA3	`9aaf1f2e89f6622e84dd41f1ceb2e8dcad010afa1926a4769965b18783c482fe`
VirtualSize	`0x5ca00`
VirtualAddress	`0x204000`
SizeOfRawData	`0x5ca00`
PointerToRawData	`0x1f1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71268`

.reloc

MD5	`e09e36a03b4149c3b3da43ce5e1d5488`
SHA1	`1579db829cb13e66ed981dac67e0bbfaa5b10a90`
SHA256	`11152a3b00e8c79d291c13014ed49f0b7d4f1cb0f382d97fa69557b6b6163a36`
SHA3	`e321b8d9d50aa2a691eb570e6e2c27f57b9dce285c584f87417c9a2635609350`
VirtualSize	`0x21b0`
VirtualAddress	`0x261000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x24e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43991`

Imports

nw_elf.dll	`GetInstallDetailsPayload` `IsBrowserProcess` `SignalChromeElf`
KERNEL32.dll	`AcquireSRWLockExclusive` `AssignProcessToJobObject` `CloseHandle` `CompareStringW` `ConnectNamedPipe` `CreateDirectoryW` `CreateEventW` `CreateFileMappingW` `CreateFileW` `CreateIoCompletionPort` `CreateJobObjectW` `CreateMutexW` `CreateNamedPipeW` `CreateProcessW` `CreateRemoteThread` `CreateSemaphoreW` `CreateThread` `DebugBreak` `DeleteCriticalSection` `DeleteFileW` `DeleteProcThreadAttributeList` `DisconnectNamedPipe` `DuplicateHandle` `EncodePointer` `EnterCriticalSection` `EnumSystemLocalesEx` `EnumSystemLocalesW` `ExitProcess` `ExpandEnvironmentStringsW` `FileTimeToSystemTime` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlsAlloc` `FlsFree` `FlsGetValue` `FlsSetValue` `FlushFileBuffers` `FlushViewOfFile` `FormatMessageA` `FreeEnvironmentStringsW` `FreeLibrary` `GetACP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentProcessorNumber` `GetCurrentThread` `GetCurrentThreadId` `GetDateFormatW` `GetDriveTypeW` `GetEnvironmentStringsW` `GetExitCodeProcess` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSizeEx` `GetFileTime` `GetFileType` `GetFullPathNameW` `GetLastError` `GetLocalTime` `GetLocaleInfoW` `GetLogicalProcessorInformation` `GetLongPathNameW` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleExW` `GetModuleHandleW` `GetNativeSystemInfo` `GetOEMCP` `GetProcAddress` `GetProcessHandleCount` `GetProcessHeap` `GetProcessHeaps` `GetProcessId` `GetProcessTimes` `GetProductInfo` `GetQueuedCompletionStatus` `GetStartupInfoW` `GetStdHandle` `GetStringTypeW` `GetSystemDefaultLCID` `GetSystemDirectoryW` `GetSystemInfo` `GetSystemTimeAsFileTime` `GetTempPathW` `GetThreadContext` `GetThreadId` `GetThreadLocale` `GetThreadPriority` `GetTickCount` `GetTimeFormatW` `GetTimeZoneInformation` `GetUserDefaultLCID` `GetUserDefaultLangID` `GetUserDefaultLocaleName` `GetVersionExW` `GetWindowsDirectoryW` `HeapAlloc` `HeapDestroy` `HeapFree` `HeapReAlloc` `HeapSetInformation` `HeapSize` `InitOnceExecuteOnce` `InitializeCriticalSection` `InitializeCriticalSectionAndSpinCount` `InitializeProcThreadAttributeList` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent` `IsValidCodePage` `IsValidLocale` `IsWow64Process` `K32GetPerformanceInfo` `K32GetProcessMemoryInfo` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryExA` `LoadLibraryExW` `LoadLibraryW` `LocalFree` `LockFileEx` `MapViewOfFile` `MoveFileW` `MultiByteToWideChar` `OpenProcess` `OutputDebugStringA` `PeekNamedPipe` `PostQueuedCompletionStatus` `QueryDosDeviceW` `QueryInformationJobObject` `QueryPerformanceCounter` `QueryPerformanceFrequency` `QueryThreadCycleTime` `RaiseException` `ReadConsoleW` `ReadFile` `ReadProcessMemory` `RegisterWaitForSingleObject` `ReleaseSRWLockExclusive` `ReleaseSemaphore` `RemoveDirectoryW` `ReplaceFileW` `ResetEvent` `ResumeThread` `RtlCaptureContext` `RtlCaptureStackBackTrace` `RtlLookupFunctionEntry` `RtlPcToFileHeader` `RtlUnwind` `RtlUnwindEx` `RtlVirtualUnwind` `SetConsoleCtrlHandler` `SetCurrentDirectoryW` `SetEndOfFile` `SetEnvironmentVariableW` `SetEvent` `SetFileAttributesW` `SetFilePointerEx` `SetHandleInformation` `SetInformationJobObject` `SetLastError` `SetNamedPipeHandleState` `SetProcessShutdownParameters` `SetStdHandle` `SetThreadAffinityMask` `SetThreadPriority` `SetUnhandledExceptionFilter` `Sleep` `SleepConditionVariableSRW` `SleepEx` `SuspendThread` `SystemTimeToTzSpecificLocalTime` `TerminateJobObject` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `TransactNamedPipe` `TryAcquireSRWLockExclusive` `UnhandledExceptionFilter` `UnlockFileEx` `UnmapViewOfFile` `UnregisterWait` `UnregisterWaitEx` `UpdateProcThreadAttribute` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualAlloc` `VirtualAllocEx` `VirtualFree` `VirtualFreeEx` `VirtualProtect` `VirtualProtectEx` `VirtualQuery` `VirtualQueryEx` `WaitForMultipleObjects` `WaitForSingleObject` `WaitForSingleObjectEx` `WaitNamedPipeW` `WakeAllConditionVariable` `WideCharToMultiByte` `Wow64GetThreadContext` `WriteConsoleW` `WriteFile` `WriteProcessMemory` `lstrlenW`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueW`
ADVAPI32.dll (delay-loaded)	`AccessCheck` `AddMandatoryAce` `AdjustTokenPrivileges` `BuildExplicitAccessWithNameW` `BuildSecurityDescriptorW` `BuildTrusteeWithSidW` `ConvertSidToStringSidW` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `ConvertStringSidToSidW` `CreateProcessAsUserW` `CreateRestrictedToken` `CreateWellKnownSid` `DuplicateToken` `DuplicateTokenEx` `EqualSid` `EventRegister` `EventUnregister` `EventWrite` `FreeSid` `GetAce` `GetKernelObjectSecurity` `GetLengthSid` `GetNamedSecurityInfoW` `GetSecurityDescriptorDacl` `GetSecurityDescriptorSacl` `GetSecurityInfo` `GetSidSubAuthority` `GetTokenInformation` `ImpersonateLoggedOnUser` `ImpersonateNamedPipeClient` `InitializeAcl` `InitializeSid` `IsValidSid` `LookupPrivilegeValueW` `MapGenericMask` `OpenProcessToken` `RegCloseKey` `RegCreateKeyExW` `RegDeleteValueW` `RegDisablePredefinedCache` `RegOpenKeyExW` `RegQueryValueExA` `RegQueryValueExW` `RegSetValueExW` `RevertToSelf` `SetEntriesInAclW` `SetKernelObjectSecurity` `SetSecurityInfo` `SetThreadToken` `SetTokenInformation` `SystemFunction036`

Delayed Imports

Attributes	`0x1`
Name	`ADVAPI32.dll`
ModuleHandle	`0x1e0fa8`
DelayImportAddressTable	`0x1e0ff8`
DelayImportNameTable	`0x1cff98`
BoundDelayImportTable	`0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

GetHandleVerifier

Ordinal	`1`
Address	`0x75460`

GetMainTargetServices

Ordinal	`2`
Address	`0x63c90`

GetPakFileHashes

Ordinal	`3`
Address	`0x1000`

IsSandboxedProcess

Ordinal	`4`
Address	`0x63cb0`

1

Type	`GOOGLEUPDATEAPPLICATIONCOMMANDS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.811278`
MD5	`4352d88a78aa39750bf70cd6f27bcaa5`
SHA1	`3c585604e87f855973731fea83e21fab9392d2fc`
SHA256	`67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450`
SHA3	`295cd1698c6ac5bd804a09e50f19f8549475e52db1c6ebd441ed0c7b256e1ddf`

1 (#2)

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72812`
MD5	`d4ff4e9e724f25f5265a3b0cd07d03d4`
SHA1	`9777e4e59ce089e4c8727910586b325f1cbfe12d`
SHA256	`8c5a126b0e59e2927158fe5008c375aeef5396adb797c682e07578d13c283a3f`
SHA3	`c75e4c8d4280cd1e4d3a7d59a7d7993be648ff029d47900a843807031484d03d`

2

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05033`
MD5	`717434e636786d3d0fb3f571f6109660`
SHA1	`2ed8ddea1a94e39f624dd752c1843648e5ad2aa6`
SHA256	`06db3222f267c74b72573a349de6a24bcfbb4bba9656d3dd6b50f4f64326e156`
SHA3	`11bf1f65e167fb701bcd216f1c0dfafb324c6d5c883989c59fcfcd08d93072a3`

3

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.80214`
MD5	`97f6acbd9fba8933adafe9cef8193ff7`
SHA1	`3fcce71b59dd9806e573170748858cc02c00c260`
SHA256	`91baaad720c63aaff01b902deda14e2c8b355c31159b71c481dc6fb67bcbb4cf`
SHA3	`d5b9de20cb7ea1c27b6a8500de4b0e2b8b436804b1d70a4ddbd8d77ce60ef340`

4

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63098`
MD5	`14a8d213994c484121f0f0d63746601d`
SHA1	`3ad42569021b69060eb157875531fa0310b48e86`
SHA256	`2d2aea139c8f41675322a459ce75295ac168eb0e925ed5a75c0981b3693069aa`
SHA3	`e684a3170b7471ffd03ac8607f9d5d56a3892db7d3d21bc5d4ab9383fbebcb92`

5

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55212`
MD5	`04a6442470e12c4f6931ecd090862ef9`
SHA1	`11704afd9e26ca32f68ede4e0c043405722ffba3`
SHA256	`a4319fd1d9a81d7a6dc9ef1818d85dc68ded85342754d2f5768e01d0edf46780`
SHA3	`37952f4114576bfe8616ef61541c8f81eddef30236d455ce5f74a30d98a8539f`

6

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.29146`
MD5	`db2dc0ce6ad8b8cdc5be830bf79a761b`
SHA1	`c9345712f79eed69677a5f165d115624da3de4cf`
SHA256	`ff8ccb25e747ead631922be99ebc2004a97295b0b606f40e83f15c2dc2bbbc81`
SHA3	`c0f08c34bfb83c0aebe052470d5b51b2367a2bb61bb911259c200931f6b0d42b`

7

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.17845`
MD5	`35fffe5c3ef617079a0237e67ada2472`
SHA1	`70900b1268464c03c8c5f7192456b7e6efceb1da`
SHA256	`860a680c92db087b12dd6bf2ef581979c08ac13ed9657403dab974f387420555`
SHA3	`dd8b7568bca263f759c9dffa79fc19cf647abcbfdc473b14d2ac11a86fd45e70`

8

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.995644`
MD5	`1b905e5ca2a21da398c9c73124428505`
SHA1	`6f922d03bc5d6ec61789deb9731141893edf55a0`
SHA256	`5edad8d3d744070cb51e4dfdb02053a15101c8c954f952e4dfe57a4d7659e5b2`
SHA3	`f07b653197b1cf5483179f834c56415c8e7f11f3e59af3a35753df6cd0a94520`

9

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.666526`
MD5	`75bec5efc67babcf530d51321d95ed7e`
SHA1	`38eb531d42adfab051bc81ef0590d60a21d77498`
SHA256	`3bd84b82f6e6a2cb156d881bdc1f29567d5712ad81d2da33b0ff9cd8a5a9981f`
SHA3	`665bc39673c1b61060b16e7572c6520c7d50080a166343540e56f4dd9e233502`

10

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84104`
MD5	`acd42b137b48d1f19ee65a10fc90814e`
SHA1	`d1f9068dee688563ae870c437900709795cc6dbe`
SHA256	`d87015c12fb89d2c54c2b1ea0b5f0feaf50bba50cddcf546668c62316597bf2f`
SHA3	`eafa118068102c848c31a6c914e40e8de8a682f2c36091294cb30b518fc5e6e5`

11

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.82478`
MD5	`3a50f5b7c71bbdc5512fbc3873192dcf`
SHA1	`bcedef446ec1d6f465f15aef66474e7adab95a48`
SHA256	`c7988ba08e9df9a1eee74d2ed9ecda968a384dd1ac105125b95dee98cc663c19`
SHA3	`6f3a01136cfd17eae5a4d0d5c60b8652742debf4ef5c0874d40fe007b4ed3432`

12

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.82478`
MD5	`68e0f3426f82d799afe0f96427beec21`
SHA1	`4ea992afa212b04e07fea303ecb328ff54e061cc`
SHA256	`744c1f78a1a9d3ec04ad6358c2bdbd89b8a1cfa9d850c1ee4ecfa4b3f256ff26`
SHA3	`745e989aef3ea85a98abbf63a7b4afe3fb525c099bc5dce78aa7f5af17b5f70e`

13

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.670417`
MD5	`6d9a8875e9bc6d3e9eae95b2b03257ce`
SHA1	`b7c15c9636773a47be134736c68bdd339922aeb9`
SHA256	`cbb310244272c36ea589f9257476e6c19b1eb6be0cd5193cd5901efd4d184c35`
SHA3	`744ffb0101cc0d94ee909ff8cdc163f79773c26af417370d25faffc4bc936155`

14

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.659108`
MD5	`fe9cc0eafbb8e74285bf641fb8e73244`
SHA1	`5ab52f22cb2de40638a657785c87df0ae3729fa7`
SHA256	`302d274cf49db7ebc8f97dd4320489781da8a44447cbb2a7346ccff84b1b944b`
SHA3	`2803d7cd35174ade40efc9c9f338db79b345777a589353be85b7c744e7a3a4fc`

15

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.65993`
MD5	`53fb50fe6ce1aa6722afa878db7289a8`
SHA1	`a31cf91b8df398a12b84c5fbd10494b2ff6b749d`
SHA256	`bc19a3937fe7fb79cf877d2bea8d1ab4ea30d1a05f4c60d42cf57142c81290e9`
SHA3	`6a4d76c847f3ef198074c93c4e25056a081fc8131151daa0473cd2a9394db239`

16

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.670417`
MD5	`12a2030014722c91cddfed04b83be533`
SHA1	`c462f3e4e6bc388726ba3d488506d366ea0c6999`
SHA256	`9534fac9229e10c53a85e5a6deb4224d12a7a3024b7ff9ccc1cb8717ffd7acaa`
SHA3	`11e87ce0be315125dcceaf8d8136b0ec09a3ed22b2fbc4724501aeaf38077e1c`

17

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.659108`
MD5	`94ea73b19eada640886c96389652ec8f`
SHA1	`aaaf2828cb9aed84f203efec44e302e5af20bafe`
SHA256	`faf155f58e17b8e1a98cc26aaa92597c62dc87ff98555cd708f6684eb8243d4c`
SHA3	`cb12ab171e7bf02f1c82573cf89cac99f83e304a66f3c4137bf54d4b742f4e7c`

18

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.65993`
MD5	`2dc824995511736d22408fb4dba702ba`
SHA1	`9aac0c12e6f517872128083df0f5b1105d6d8e7c`
SHA256	`f4bcc6750981e15e3fc8c751997156f4df9055cece8d16944e4dea2ce4bc911b`
SHA3	`56d609cc52f073b584c7138bb6349751b24e07fe66ba60fb56ea997b8bb1f078`

19

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.799151`
MD5	`6505e57c301902618e8f1d070667db1a`
SHA1	`c8a96d9801db8e9550741da0e8f4a55655253281`
SHA256	`787dc2d9d3f4034a91bd222034d01eafb01e1053ac3579a0fd033f141dcccb69`
SHA3	`92104dc773f9195f1795235be40b81774a87b52603a7e3089d48780829cf7bae`

20

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.65872`
MD5	`ea82e850caed8b7eda4b753fb9d8c03a`
SHA1	`699e1bb7f568456fcc41c9ed9ecc9089d640d6a1`
SHA256	`236462dd2d629d67ff18c41f41cfa739549aff2933f7df2bd51630790b4d424e`
SHA3	`7cc9d637e593f742566b68ce8dd23201f2097429a4f48d55993f87da0d726754`

21

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.46615`
MD5	`ff49a9a5c7e188634136611a03c441ed`
SHA1	`756344327134a9f9c1404185baaad435bf0a53fc`
SHA256	`3eba69eaec7cef56d2c964dee1f9c0226a365b3ae869a402690d548c82c16ba3`
SHA3	`a5bebb0afb2d86976c02d4f2befc5fa28d496be24ad98a8611055f9d67683c27`

22

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.08719`
MD5	`b490b06239b76334192a94969717671b`
SHA1	`3f19007fbd45bebdd6fe4235fb95517bf67911c1`
SHA256	`2a53b434f3ab8d37381a5461163027d2a256f0bda3ea8f65795ed6d2c66b4e30`
SHA3	`5217b671e39ef4e252e5fa4e6b4f1a05d89627e53702a0842d0c9504b7aa3ee6`

23

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.07143`
MD5	`aac863f48e2b416af0febc82cd648345`
SHA1	`f4bec546c4c140e4436ca28d82148997a56f1ac0`
SHA256	`5b4c85e7d881d8c74760c07f9e4fe3d7427a72bed0e379aed6a78f7cbeca3199`
SHA3	`3c0698cb59f54d170bb85287b6fc265cf78e0a7a8b2502718f0c7899fdc95685`

1 (#3)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02794`
MD5	`a29215c2d08412d0a09089bece74a8d8`
SHA1	`7f427a32af62958ee729a48113126b0034f8338d`
SHA256	`cbef4b9a98a6118f2665822d7a2868b8a4645f36c517627e3f4fe361f128ee32`
SHA3	`598f9ada42b2c0ec13af2bb0acd86650df2f7bf0860cfbfb85931352f08f76e6`

2 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.05163`
MD5	`1d631f6d8fa19398d2df5863be341a2c`
SHA1	`97243c848ad1a29da52855996d88fbdb092ef48f`
SHA256	`7abae35099733d994c7168b58edf433d9a87096ffacdbee04cacc5a05dd84909`
SHA3	`d6fbfd69d2f15297c09308bc2fc122cb08b379927f53cbf30c5974c6f62067a9`

3 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.36687`
MD5	`f5a0e41bc60f9722f17d2eec66a72996`
SHA1	`db94b2c361fd617c8ef978dc1e4e5f71e0538d7c`
SHA256	`110d31262fc1d5c2a33c27059c94469b6fb4f7e4e16a91572c0492795c3f21b7`
SHA3	`2c2652334d23ef6e09283055ceb3997751854a44b3907deca030491f4fd46f59`

4 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32943`
MD5	`faaa6b184f0de776b3694d7333bb7dd3`
SHA1	`821091dda1f7b14e9d84a2114021773366aead18`
SHA256	`a8589c4aab8ed377a9602ef5bf3b6565e45a3357911efd6048f38a56b0a102c7`
SHA3	`3f0f8f6b4531727f1e8196654de4352ba230b90a335a6b5f621bbca551d72e9d`

5 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.26175`
Detected Filetype	PNG graphic file
MD5	`44ecf3fd91cf33cfb4535bb2ea59e27a`
SHA1	`3090f24b36ec71739d9820d550aa3f4eed8e52e9`
SHA256	`977990ecb2a3a7bf7ef2edea2c484b538b73476eb46722791fb8591d19bcda4a`
SHA3	`b339de91d44a8b0b0dddcc8b659a82533fc85134b67ad2e7a6c70e9a13577924`

6 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32779`
MD5	`d790cb9b9086f45ea53fec385891355d`
SHA1	`20e3548d16dbba68b8f322a1c4f7086e38110d10`
SHA256	`18621604c0b5f4229416994b569e2afda775a608e1759d5ba7082a31458e1169`
SHA3	`b14e2bb5e8953ae807c2ec3b726942eb2ead7890772fdf6a410a8c9a71e81915`

7 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21995`
MD5	`7ab8c3240114b0f7ebc42c5c489060f6`
SHA1	`0de249b988a94d3374bbf9eb3585f00ace2e5499`
SHA256	`f5feb3ba96da36d90fb879e6f1af274a1c5f6fd4ba68332b1c25d97c6508d062`
SHA3	`def1c08500690c2ea7b272685c0a594f8ca5bf9865055bfb9c488d12a6955dfe`

8 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65783`
MD5	`d720ab3b897affd8516a5c73e9020b19`
SHA1	`36e5ac25f4b4f4b869d109c0072da7f6f1fd03c2`
SHA256	`f269848277f345c8fc62634f14c012bc8ee1afa4887e8819228e99c6915bbdf3`
SHA3	`c946f83fcb2547d27caf0a1adff84c375349fd416f64281d3fb2653a224affa0`

9 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70621`
MD5	`7a8fd82c16489f1ed6e5cdc5dc38c815`
SHA1	`595b39dc0c92b6e3943ea918a213cec58503daf4`
SHA256	`9260d8b6f0fd7fc00e9a960db1b1283180efd59049be2c8867a4e660b1ff0123`
SHA3	`2eec2ac06df13fa72c5317fe2f7e049cddea95363b53620674c73c866a7f8d52`

10 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1234`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.90997`
MD5	`11921cfff61b5877c53bb37c86b6d09c`
SHA1	`3800127e39a03ea9b2a9f79538d40227ef4d0c89`
SHA256	`c714566bd8b7f0be360e68950a5615a2fb365d53b14ea7c2812f23c458497799`
SHA3	`0e2df531413bcc400f2f42179d34b093d3229754f3ee9d7c982faacd2f766e18`

11 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.72497`
MD5	`0e559d7f5897727c98dfdd1e6c3631e7`
SHA1	`fcd9803592250e14d186e9c8fd0f094e7debfdf0`
SHA256	`6e6dd7cc3df380721e4678fb1825b982df22a4dc058091634e733c33f3543b1f`
SHA3	`54cc4d475eb6e3066dda379e7ce197dad0d994522cc58d68673a5707d4aa46cf`

12 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x184b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91162`
Detected Filetype	PNG graphic file
MD5	`e3e595605f7ba7a83a424e5698b342b4`
SHA1	`b7cf89a883818649ffeab77f323b07808b1b717e`
SHA256	`05de73b49e62f848770d877a92a4a920e2ef6812538b84ab3a3255ee89bf3666`
SHA3	`0a0834c7fc8c9270e4ef414eb9095219a154fefc631b38f811eb7639a46a3aec`

37810

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83876`
Detected Filetype	Cursor file
MD5	`a2baa01ccdea3190e4998a54dbc202a4`
SHA1	`e8217df98038141ab4e449cb979b1c3bbea12da3`
SHA256	`c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710`
SHA3	`8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc`
Preview

37811

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Cursor file
MD5	`aff0f5e372bd49ceb9f615b9a04c97df`
SHA1	`e3205724d7ee695f027ab5ea8d8e1a453aaad0dd`
SHA256	`b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c`
SHA3	`9cb042121a5269b80d18c3c5a94c0e453890686aedade960097752377dfa9712`
Preview

37812

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`48e064acaba0088aa097b52394887587`
SHA1	`310b283d52aa218e77c0c08db694c970378b481d`
SHA256	`43f40dd5140804309a4c901ec3c85b54481316e67a6fe18beb9d5c0ce3a42c3a`
SHA3	`38753084b0ada40269914e80dbacf7656dc94764048bd5dff649b08b700f3ed5`
Preview

37813

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`1ae28d964ba1a2b1b73cd813a32d4b40`
SHA1	`8883cd93b8ef7c15928177de37711f95f9e4cd22`
SHA256	`ff47a48c11c234903a7d625cb8b62101909f735ad84266c98dd4834549452c39`
SHA3	`a85dadd416ce2d22aa291c0794c45766a0613b853c6e3b884a2b05fc791427b8`
Preview

37814

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.46809`
Detected Filetype	Cursor file
MD5	`d66ede131a0b66bc73b797f3ab01cae6`
SHA1	`049144cedcabc8443ba9b9d16c4a5f8fa6c2cbac`
SHA256	`f75e551324504a3c9caa453a4b0fd424884291acdb82f0549e7bb0b48ce01647`
SHA3	`bea99994e7901c76649ed73e68b2bf22bcf6c427b7665d2bbd09f70b80490229`
Preview

37815

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.46809`
Detected Filetype	Cursor file
MD5	`2933c67a462bd6238b86a9d44634158f`
SHA1	`7a818b5a1da0dbf5c9d3ec227eb5944a779f016a`
SHA256	`770a19a2be0c18daf7fb714c6f78e5fecde900b9fda29a6c4691c369253f6f0f`
SHA3	`3e59433bb9c9ef6b3f3dd6d6723238d79b0831e52aa016113d25b89e2085dac1`
Preview

37816

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`9edadd9eb5da2bb6aad56c666862c9c5`
SHA1	`3901ac1f5112ebee7a931141c73e76b60c984cf8`
SHA256	`7662c77c89bc776c64acfbc6ac7f22f56a631304205ac1a00d1d6c876ff1574d`
SHA3	`24753677cf5443d63f8406407477e81b9c98c7d2ee1ef92dca85d23fdd6e3e43`
Preview

37817

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`cc34525879592b62945fa5102955e7af`
SHA1	`1c1f341f0ff952d168ec070d95809224631c5f59`
SHA256	`c7f15e3e69f8bad21f5f9c9546b129828d66e90b38a8fe9cf33cf23846e62700`
SHA3	`1af1bcbf18cfdeb5e3d81c46ab15ef59bc0b1de5f5ff9dc32f491120f405f5c6`
Preview

37818

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`cb8d29dff5278e39030b2ad47022cf49`
SHA1	`a48b5853b494a9095f0899e23414db872433d366`
SHA256	`fd27224dee56e50f926e0c003d1bdb8c31db4d1f0a089280d0f55b79ff45c1e7`
SHA3	`3eca032eb883d63cd63778223e4ed5d3982bcbc58eed6534f0a70d84a7a624e5`
Preview

37819

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`874e41c97e9c38232490d3bea15ae8b3`
SHA1	`ae70b2c25c1566c2e13ac44e0057ef4f6daf8d91`
SHA256	`2c57fbd554735f2b8ff46f26b3d2d58a5a5e4152a02043e7fd6c552a43a3ceee`
SHA3	`b13a2c1efb8dad10ad85e8b4ce0067cbbea82053146cd5a81b0fecef2a15bf15`
Preview

37820

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`24d6779f223eda66e958315d638d0b62`
SHA1	`12525fd20006775a0366d61620ae851ae090dbfb`
SHA256	`1133ff27d25ac052e4a0570865c18ce0e07a3afbb89577bc52af61435a91b8cc`
SHA3	`feab5af24df559fd8b9b078058f0cd7af2d943e88736af167b57482cff6597bc`
Preview

37821

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`63e88d11b8e4a0868f5c2dcb5c944b1e`
SHA1	`19e86d2e68c188e8f8101e3c053bfa02ca714b97`
SHA256	`5907a1ab79be2dae328a84248db9750607aeb7b802af582f974a5ae59fb3c37c`
SHA3	`fe8a1640613ab39314806298ace08aae1c0f1d9f89c9aa23e7a270562db0dd0e`
Preview

37822

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`08ffff653a54f5518c6bbcbd1c4e82f4`
SHA1	`4a8832e7ebf39d3e0398d4332748b00d5964e6e0`
SHA256	`d19508d8742527d523aa3ef78e1091ce417bec079e9632181cdc8ff245c53ce9`
SHA3	`7650fb4c907b38dfe5785926961a8e754ad52af5bd6eef810c761e1cd02a1fb6`
Preview

37823

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.11924`
Detected Filetype	Cursor file
MD5	`384df7c4869187442684d2fb5292ac78`
SHA1	`ffa445392454d9a208a18fc2520b7ad60e5936df`
SHA256	`1dac0833fe30898ce2c1df2c70b09d62d51f8f765ae0ffd90b811067e875ae98`
SHA3	`1fbbe841170dac2994db17d7b74b60a56ffe6ab959f8e1bb6c5605c6bcf2c705`
Preview

37824

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`4e14da9e6db8978ffd0c5eb4b3e9e80a`
SHA1	`2a4d2df5f07e3a096a27db0f2297f46e7f8df507`
SHA256	`5fa51d73b8ea1316fb0c8f11c3740c6f755a8499a135e4e18ef6b823aad3ad70`
SHA3	`ea3bf238714cb012824de6f84f91faf385180340f7563976e327c4fef3750f5e`
Preview

37825

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`015d385990b99272d167c51c508f427e`
SHA1	`f4591544894c9e23e281d023fb2210a1274d1628`
SHA256	`7794cf070f4c99cd9ec27a43faa84daab8d19e765f0489c981a9ef28468a3899`
SHA3	`514c273141a62c18cd8fc7252db9af2dcfd0226ea3c3efe8ef3ed5ad3b16be99`
Preview

37826

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`9ee83aa87f2c8ba446b991fb305805f0`
SHA1	`c5b3271c02fd48848692cc701618ec1badc359e6`
SHA256	`4c9fe467bd0250366713a2a43f5162e5ec2e7cd566ea218f7a6545e0ad878184`
SHA3	`c5065128f9b38fcc3692787e5e4d29bcd359689a3fd3cda0bdc6e41ae32f4fd2`
Preview

37827

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`79bc23c45190436b2c51ff2941fa8720`
SHA1	`0a8234176fad8831709703a0a34337a08987a983`
SHA256	`b328fe22a904a2e7e1341a95dbf00e2fdffc9ab350bc64c5ee348d3007c2b479`
SHA3	`b897f30ec85dad865a74be84cd616e0066da486befd0983d87e2b6f5d66a6c6b`
Preview

37828

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`1e219dd609ce399df95ba7af59ef113f`
SHA1	`436a16dd20d5e3ec42342a4d005a664cd227f517`
SHA256	`8f51832638675f16ec5f251ab59251b3f85d84e5129025d44c45b3191b331c58`
SHA3	`9e44adcf523bb484f416a99197d947211027feae6b6665b457883e548218befd`
Preview

37829

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`690a20e696fc4e33ffb377a8ef54fb97`
SHA1	`972159605fa069921dbdee9b7a35879e6f1928a6`
SHA256	`6c2ef97bca5cdc6aa6de65b1f1ae8328bcb3494a16025eee870231d991e2cd56`
SHA3	`fd9d56519b5bf976a4ae748fe0c51dcd47ac27ce6a7c271fa2bbb3e00f473b22`
Preview

37830

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`459379b9418ad5b62b1bf409300acb32`
SHA1	`5363fc84172d6b624542a0b52edbbfe21e2443ae`
SHA256	`1085b7390dbd2b2006f85619521047c6ca58a8b274196eeed48e74ad8a1b746a`
SHA3	`2b8f3218d3da7e4ee463a712c6c3b8f5b58cc6799a84f5e582b6a40da38a2bfc`
Preview

IDR_MAINFRAME

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.67095`
Detected Filetype	Icon file
MD5	`464cb94db3a2622922a9562865009ae8`
SHA1	`dbe17c767d942f219df59f9eae77b213c15eab70`
SHA256	`8affd1fa69a6c5a5b54e504d72d4e9a0eba9b7d702a445ea1399a5978794719a`
SHA3	`3e0e32110c6c0f3323eeeb5e4a6cbb7a8db52ab14e0f065384fb4eedac4fbcda`

IDR_X001_APP_LIST

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70093`
Detected Filetype	Icon file
MD5	`ebd01df5e0c227d025c744fd77d18949`
SHA1	`ea41a91bc08e43f974a395bd993654f707491c30`
SHA256	`d55b27d2272c74fda2acb571fbf89a7b7416798a5d992de502021440011b54bd`
SHA3	`9628813598141ed97d425f1e69c5bedcf64a7dc509ccf0e111fb9cdfd2daed83`

IDR_X003_INCOGNITO

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7835`
Detected Filetype	Icon file
MD5	`2b1a0aabe335e382aa150d72d082139f`
SHA1	`9ca0531e01d97b7f40fa2e4880ed08ed568598d4`
SHA256	`534a7ac5f2ef0bdb2a11ebaa0ed4f0af49ee8ed81baedfce70f4e548d677a045`
SHA3	`b84443d0dc73e05278a110f8a2746d8587c5c94099cf870c32ed820995704514`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x430`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49519`
MD5	`a7114ea35771f750eba7d167205b486f`
SHA1	`87cab156459f1239fb5fd6a51cc8b30bbbd22aa3`
SHA256	`270dbae32024e16a0934ca453fa73c44a3d404051029e98dffd7a6a56102bda8`
SHA3	`710aa89e8d10dec65994c27f85a19c1fa657791419e2fce93384edf1d17476db`

1 (#5)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3d2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.34927`
MD5	`c11d3315937534fcaa0d0942f10f306c`
SHA1	`02cec6f3942270158a7183db75f958d3a68e5ede`
SHA256	`b18903edcf69b3c6002596c4cff5e9d436233a77efd5849e560dffcd22bda2cb`
SHA3	`550c0b05ee117db28f9fdebb81cbeb6463a4855c75d7883e184791ef912acf35`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.69.1.0
ProductVersion	0.69.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	The NW.js Community
FileDescription	nwjs
FileVersion (#2)	0.69.1
InternalName	nw_exe
LegalCopyright	Copyright 2020, The NW.js community and The Chromium Authors. All rights reserved.
OriginalFilename	nw.exe
ProductName	nwjs
ProductVersion (#2)	0.69.1
CompanyShortName	nwjs.io
ProductShortName	nwjs
LastChange	62f83a7521ae1f32e563795732dff0c9da1b660d-refs/heads/master@{#812354}

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Oct-04 05:00:00
Version	`0.0`
SizeofData	`35`
AddressOfRawData	`0x1ce2f4`
PointerToRawData	`0x1cd0f4`
Referenced File	nw.exe.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	2020-Oct-04 05:00:00
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x1ce318`
PointerToRawData	`0x1cd118`

TLS Callbacks

StartAddressOfRawData	`0x1401ff000`
EndAddressOfRawData	`0x1401ff180`
AddressOfIndex	`0x1401e4f20`
AddressOfCallbacks	`0x1401cfde0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_64BYTES`
Callbacks	`0x0000000140073D10` `0x0000000140086420` `0x000000014014ED50`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1401df948`
GuardCFCheckFunctionPointer	`5370781696`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

Errors

[*] Warning: 1 invalid export(s) not shown.