Manalyze report for 0eaf9e5b4b3ddc5958a31517776c8006

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Feb-26 07:57:52
Detected languages	English - United States
Debug artifacts	E:\workspace\MetaTrader5\Build\Installers\Distributive Core\Release64\core.pdb
Comments	https://www.metaquotes.net
CompanyName	MetaQuotes Ltd.
FileDescription	Setup
FileVersion	`5.0.0.4490`
InternalName	Setup
LegalCopyright	© 2000-2024, MetaQuotes Ltd.
LegalTrademarks	MetaTrader
OriginalFilename	Setup
ProductName	Setup
ProductVersion	`5.0.0.4490`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: https://www.metaquotes.net metaquotes.net www.metaquotes.net`
Malicious	The file headers were tampered with.	`Unusual section name found: .fptable` `Unusual section name found: .cod0` `Unusual section name found: .cod1` `Unusual section name found: .cod2` `The RICH header checksum is invalid.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA LoadLibraryExW GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: OpenProcess VirtualAlloc WriteProcessMemory` `Can access the registry: RegDeleteValueW RegEnumKeyExW RegQueryInfoKeyW RegDeleteKeyW RegSetValueExW RegCreateKeyExW RegOpenKeyExW RegQueryValueExW RegCloseKey RegDeleteKeyExW RegEnumKeyW RegQueryValueW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: GetTempPathW CreateFileW CreateFileA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Leverages the raw socket API to access the Internet: WSASend WSARecv select ioctlsocket WSAGetLastError shutdown bind WSASocketW htons WSAStartup WSACleanup GetAddrInfoW FreeAddrInfoW InetPtonW setsockopt recv send WSAConnect closesocket` `Functions related to the privilege level: OpenProcessToken` `Interacts with services: OpenSCManagerW EnumServicesStatusW OpenServiceW QueryServiceStatus ControlService QueryServiceConfigW` `Enumerates local disk drives: GetVolumeInformationW` `Manipulates other processes: ReadProcessMemory OpenProcess Process32FirstW Process32NextW WriteProcessMemory` `Changes object ACLs: SetNamedSecurityInfoW` `Can take screenshots: GetDC CreateCompatibleDC BitBlt`
Info	The PE's resources present abnormal characteristics.	`Resource 131 is possibly compressed or encrypted.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`0eaf9e5b4b3ddc5958a31517776c8006`
SHA1	`8e9d21df05f810ca3fdcf72dbe232937b2c1c59c`
SHA256	`f02c09173e6262cda41e9151cae4fb7b94d1d5a64bc6fddbd24319d1ab28c1bc`
SHA3	`379d4b559a130ce22a56321fd312fdbfbdf6d8831f2361deba38124a96c103c0`
SSDeep	`98304:xtJRVUec2HUbZ1cRS6YZhDgWehJ0xTQJ0d6KIs17QAsTtwvXeq9wwOGawk:xtRUp2H8Z1cRa2WehJ0x0J865sRQAsTh`
Imports Hash	`7e8ad9998fcbde8f8150eabad4462de4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0xbfcc`
e_oeminfo	`0x4a`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	1970-Feb-26 07:57:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x167600`
SizeOfInitializedData	`0x263200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000041CCB82 (Section: .cod2)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x47c3000`
SizeOfHeaders	`0x400`
Checksum	`0x4c0cbf`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x167540`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb49f2`
VirtualAddress	`0x169000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3d9ac6c`
VirtualAddress	`0x21e000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xe97c`
VirtualAddress	`0x3fb9000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.fptable

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x100`
VirtualAddress	`0x3fc8000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.cod0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1de80b`
VirtualAddress	`0x3fc9000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.cod1

MD5	`c4c6752677367186f4976ac5300dc527`
SHA1	`efc0e82891ff8c2a9056f0a2fe105fe70c9637d4`
SHA256	`19656dc168a12a83b2ffda6ec8e5d97bea42a04cded7f8206faeb1bba0391c49`
SHA3	`3bb6282922d4088c60574b6ade683600c74f09a80ce4cf41f26df083720b5552`
VirtualSize	`0x1318`
VirtualAddress	`0x41a8000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.2457`

.cod2

MD5	`63436bf8a59ecf6ad2946572b83c00ad`
SHA1	`954256c3e241309f4307cc0162f2a4c9b65ff196`
SHA256	`902bd4e128f3dfe64218fdcad3e04c774535de53bbafd79037a4a3b8e09be62e`
SHA3	`d0fa7150a585e7d06ed5c668e48eb89c7c6c55aa2ed6a524a5760dbf738838fb`
VirtualSize	`0x47bd04`
VirtualAddress	`0x41aa000`
SizeOfRawData	`0x47be00`
PointerToRawData	`0x1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.91653`

.reloc

MD5	`9bdc13b8bed4d1ffc6cdd699822d7407`
SHA1	`f094140bad15273e67e5c01b71cc9ad1319890ad`
SHA256	`3099d26dd6cd801e24e9ebe3bd22ac4b19aed6b7c89d96e4b6632ab21f74cc08`
SHA3	`2423a19d50bb53da1acbbb48f599faa86547f72ca1c620a0a4ccf2e6ba3a231a`
VirtualSize	`0x50`
VirtualAddress	`0x4626000`
SizeOfRawData	`0x200`
PointerToRawData	`0x47d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.98879`

.rsrc

MD5	`3912c9229b07590576008d6c6ed775cc`
SHA1	`bdfb6cd99f21b462f6ff68ef09834307091cd1a4`
SHA256	`e2691208819f124afd1cf2f925e70311a7cefb3cddf379ae871e81e89429e682`
SHA3	`df173207dc0b7e54ebcb797d1fda8a7970a16f744077b6391573459722c620ed`
VirtualSize	`0x19ba2e`
VirtualAddress	`0x4627000`
SizeOfRawData	`0x26c00`
PointerToRawData	`0x47d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.71332`

Imports

WS2_32.dll	`WSASend` `WSARecv` `select` `ioctlsocket` `WSAGetLastError` `shutdown` `bind` `WSASocketW` `htons` `WSAStartup` `WSACleanup` `GetAddrInfoW` `FreeAddrInfoW` `InetPtonW` `setsockopt` `recv` `send` `WSAConnect` `closesocket`
CRYPT32.dll	`CertGetNameStringW`
KERNEL32.dll	`FindFirstFileW` `FindClose` `FindNextFileW` `GetTimeZoneInformation` `SystemTimeToTzSpecificLocalTime` `FileTimeToDosDateTime` `GetModuleHandleW` `lstrcmpiW` `SizeofResource` `LoadResource` `FindResourceW` `InitializeCriticalSectionEx` `RaiseException` `GetCurrentProcess` `GetCurrentProcessId` `Thread32Next` `ReadProcessMemory` `ResumeThread` `GetThreadContext` `SuspendThread` `OpenThread` `Thread32First` `CreateToolhelp32Snapshot` `GetCurrentThread` `Module32NextW` `LockResource` `FindResourceExW` `Module32FirstW` `GetProcessHandleCount` `GetLogicalProcessorInformationEx` `GetLocalTime` `K32GetProcessMemoryInfo` `GetEnvironmentVariableW` `AddVectoredExceptionHandler` `SetUnhandledExceptionFilter` `LocalFree` `DecodePointer` `OpenProcess` `HeapSize` `GetProcessHeap` `CompareStringW` `lstrlenW` `VerifyVersionInfoW` `VerSetConditionMask` `GlobalFree` `GlobalUnlock` `GlobalLock` `GlobalAlloc` `IsValidCodePage` `FreeResource` `EnumResourceNamesW` `CreateProcessW` `MoveFileExW` `GetFileSize` `CopyFileW` `SetLastError` `EnterCriticalSection` `RemoveDirectoryW` `GetTempPathW` `TerminateThread` `Process32FirstW` `K32GetProcessImageFileNameW` `Process32NextW` `VirtualQuery` `LoadLibraryExA` `FlushInstructionCache` `InterlockedPushEntrySList` `InterlockedPopEntrySList` `InitializeSListHead` `EncodePointer` `OutputDebugStringW` `IsDebuggerPresent` `GetStartupInfoW` `IsProcessorFeaturePresent` `TerminateProcess` `RtlUnwindEx` `RtlPcToFileHeader` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `ExitProcess` `GetFileType` `GetStdHandle` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `VirtualProtect` `FileTimeToSystemTime` `DosDateTimeToFileTime` `HeapReAlloc` `HeapFree` `HeapAlloc` `UnhandledExceptionFilter` `DeviceIoControl` `LoadLibraryExW` `GetProcAddress` `FreeLibrary` `GetSystemDirectoryW` `GetVolumeInformationW` `GetSystemInfo` `LCMapStringW` `GetCPInfo` `GetStringTypeW` `GetACP` `GetOEMCP` `SetFilePointerEx` `GetConsoleMode` `ReadConsoleW` `GetVersionExW` `GetUserDefaultUILanguage` `GlobalMemoryStatusEx` `GetModuleFileNameW` `WaitForSingleObject` `CloseHandle` `DeleteCriticalSection` `InitializeCriticalSection` `MultiByteToWideChar` `ReleaseSRWLockExclusive` `GetActiveProcessorCount` `GetTickCount64` `AcquireSRWLockExclusive` `GetSystemTimeAsFileTime` `GetFileAttributesExW` `GetConsoleOutputCP` `FlushFileBuffers` `HeapDestroy` `GetFileAttributesW` `CreateDirectoryW` `SetFileAttributesW` `HeapCreate` `WriteFile` `SetEndOfFile` `SetFilePointer` `QueryPerformanceCounter` `QueryPerformanceFrequency` `SystemTimeToFileTime` `WideCharToMultiByte` `GetCurrentThreadId` `SetThreadStackGuarantee` `DeleteFileW` `CreateFileW` `GetFileSizeEx` `ReadFile` `GetLastError` `VirtualAlloc` `VirtualFree` `Sleep` `LeaveCriticalSection` `lstrcmpW` `GetExitCodeThread` `SetStdHandle` `FindFirstFileExW` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `WriteConsoleW` `WakeAllConditionVariable` `SleepConditionVariableSRW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `GetDiskFreeSpaceExW`
USER32.dll	`ShowWindow` `MessageBoxW` `SetForegroundWindow` `MoveWindow` `GetWindowRect` `BringWindowToTop` `SetClassLongPtrW` `PostQuitMessage` `SetWindowTextW` `MapWindowPoints` `GetMonitorInfoW` `MonitorFromWindow` `EnableWindow` `LoadIconW` `DialogBoxParamW` `GetWindow` `LoadStringW` `PostMessageW` `RegisterClassExW` `GetDlgItem` `GetClassInfoExW` `IsWindowVisible` `LoadImageW` `SetTimer` `LoadBitmapW` `GetClassNameW` `SetWindowLongW` `SetWindowPos` `SystemParametersInfoW` `CreateWindowExW` `GetWindowTextLengthW` `GetWindowTextW` `BeginPaint` `EndPaint` `FillRect` `IsWindowEnabled` `GetFocus` `DrawFocusRect` `SetCursor` `TrackMouseEvent` `GetCapture` `ReleaseCapture` `GetCursorPos` `ScreenToClient` `UpdateWindow` `IsWindow` `GetDC` `ReleaseDC` `GetWindowLongW` `OffsetRect` `InvalidateRect` `CallWindowProcW` `GetWindowLongPtrW` `SetWindowLongPtrW` `DefWindowProcW` `DrawTextW` `SetRectEmpty` `GetSysColor` `PtInRect` `SetFocus` `SetCapture` `GetParent` `SendMessageW` `GetDlgCtrlID` `GetClientRect` `UnregisterClassW` `DestroyWindow` `GetActiveWindow` `CharLowerW` `CharNextW` `PostMessageA` `GetSystemMetrics` `MessageBeep` `EndDialog` `GetTopWindow` `GetWindowThreadProcessId` `KillTimer` `LoadCursorW`
GDI32.dll	`SetBkMode` `SetTextColor` `ExtTextOutW` `SetBkColor` `GetStockObject` `CreateFontIndirectW` `GetObjectW` `DeleteDC` `DeleteObject` `GetTextExtentPoint32W` `CreateSolidBrush` `CreateCompatibleDC` `CreateCompatibleBitmap` `GdiGradientFill` `BitBlt` `GetTextExtentPointW` `TextOutW` `RestoreDC` `SaveDC` `CreateFontW` `EnumFontFamiliesExW` `CreateDIBitmap` `SelectObject` `GetDIBits`
ADVAPI32.dll	`OpenProcessToken` `GetFileSecurityW` `GetSecurityDescriptorDacl` `GetAclInformation` `GetAce` `EqualSid` `RegDeleteValueW` `RegEnumKeyExW` `RegQueryInfoKeyW` `RegDeleteKeyW` `RegSetValueExW` `RegCreateKeyExW` `RegOpenKeyExW` `RegQueryValueExW` `RegCloseKey` `FreeSid` `SetNamedSecurityInfoW` `SetEntriesInAclW` `AllocateAndInitializeSid` `RegDeleteKeyExW` `RegEnumKeyW` `OpenSCManagerW` `EnumServicesStatusW` `CloseServiceHandle` `OpenServiceW` `QueryServiceStatus` `ControlService` `QueryServiceConfigW` `RegQueryValueW` `GetTokenInformation`
SHELL32.dll	`SHBrowseForFolderW` `ShellExecuteW` `SHGetSpecialFolderLocation` `SHChangeNotify` `SHGetFileInfoW` `SHGetSpecialFolderPathW` `SHGetPathFromIDListW` `SHGetFolderPathW` `ShellExecuteExW`
ole32.dll	`CreateStreamOnHGlobal` `CoUninitialize` `CoInitializeEx` `CoTaskMemFree` `CoInitializeSecurity` `CoTaskMemAlloc` `CoCreateInstance` `CoSetProxyBlanket` `CoTaskMemRealloc`
OLEAUT32.dll	`SysAllocString` `SysFreeString` `VariantClear` `VarUI4FromStr`
SHLWAPI.dll	`PathCanonicalizeW` `PathFindExtensionW`
COMCTL32.dll	`DestroyPropertySheetPage` `PropertySheetW` `ImageList_GetImageCount` `ImageList_GetImageInfo` `ImageList_Create` `ImageList_SetBkColor` `ImageList_AddMasked` `ImageList_Draw` `ImageList_Destroy` `InitCommonControlsEx` `CreatePropertySheetPageW`
dbghelp.dll	`StackWalk64` `SymLoadModule64` `SymGetOptions` `SymSetOptions` `SymGetModuleBase64` `MiniDumpWriteDump` `SymInitialize` `SymFunctionTableAccess64`
gdiplus.dll	`GdipCreateHBITMAPFromBitmap` `GdipCloneImage` `GdipAlloc` `GdipDisposeImage` `GdipCreateBitmapFromStream` `GdiplusStartup` `GdiplusShutdown` `GdipFree`
WINTRUST.dll	`WTHelperGetProvCertFromChain` `WinVerifyTrust` `WTHelperProvDataFromStateData` `WTHelperGetProvSignerFromChain`
KERNEL32.dll (#2)	`FindFirstFileW` `FindClose` `FindNextFileW` `GetTimeZoneInformation` `SystemTimeToTzSpecificLocalTime` `FileTimeToDosDateTime` `GetModuleHandleW` `lstrcmpiW` `SizeofResource` `LoadResource` `FindResourceW` `InitializeCriticalSectionEx` `RaiseException` `GetCurrentProcess` `GetCurrentProcessId` `Thread32Next` `ReadProcessMemory` `ResumeThread` `GetThreadContext` `SuspendThread` `OpenThread` `Thread32First` `CreateToolhelp32Snapshot` `GetCurrentThread` `Module32NextW` `LockResource` `FindResourceExW` `Module32FirstW` `GetProcessHandleCount` `GetLogicalProcessorInformationEx` `GetLocalTime` `K32GetProcessMemoryInfo` `GetEnvironmentVariableW` `AddVectoredExceptionHandler` `SetUnhandledExceptionFilter` `LocalFree` `DecodePointer` `OpenProcess` `HeapSize` `GetProcessHeap` `CompareStringW` `lstrlenW` `VerifyVersionInfoW` `VerSetConditionMask` `GlobalFree` `GlobalUnlock` `GlobalLock` `GlobalAlloc` `IsValidCodePage` `FreeResource` `EnumResourceNamesW` `CreateProcessW` `MoveFileExW` `GetFileSize` `CopyFileW` `SetLastError` `EnterCriticalSection` `RemoveDirectoryW` `GetTempPathW` `TerminateThread` `Process32FirstW` `K32GetProcessImageFileNameW` `Process32NextW` `VirtualQuery` `LoadLibraryExA` `FlushInstructionCache` `InterlockedPushEntrySList` `InterlockedPopEntrySList` `InitializeSListHead` `EncodePointer` `OutputDebugStringW` `IsDebuggerPresent` `GetStartupInfoW` `IsProcessorFeaturePresent` `TerminateProcess` `RtlUnwindEx` `RtlPcToFileHeader` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `ExitProcess` `GetFileType` `GetStdHandle` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `VirtualProtect` `FileTimeToSystemTime` `DosDateTimeToFileTime` `HeapReAlloc` `HeapFree` `HeapAlloc` `UnhandledExceptionFilter` `DeviceIoControl` `LoadLibraryExW` `GetProcAddress` `FreeLibrary` `GetSystemDirectoryW` `GetVolumeInformationW` `GetSystemInfo` `LCMapStringW` `GetCPInfo` `GetStringTypeW` `GetACP` `GetOEMCP` `SetFilePointerEx` `GetConsoleMode` `ReadConsoleW` `GetVersionExW` `GetUserDefaultUILanguage` `GlobalMemoryStatusEx` `GetModuleFileNameW` `WaitForSingleObject` `CloseHandle` `DeleteCriticalSection` `InitializeCriticalSection` `MultiByteToWideChar` `ReleaseSRWLockExclusive` `GetActiveProcessorCount` `GetTickCount64` `AcquireSRWLockExclusive` `GetSystemTimeAsFileTime` `GetFileAttributesExW` `GetConsoleOutputCP` `FlushFileBuffers` `HeapDestroy` `GetFileAttributesW` `CreateDirectoryW` `SetFileAttributesW` `HeapCreate` `WriteFile` `SetEndOfFile` `SetFilePointer` `QueryPerformanceCounter` `QueryPerformanceFrequency` `SystemTimeToFileTime` `WideCharToMultiByte` `GetCurrentThreadId` `SetThreadStackGuarantee` `DeleteFileW` `CreateFileW` `GetFileSizeEx` `ReadFile` `GetLastError` `VirtualAlloc` `VirtualFree` `Sleep` `LeaveCriticalSection` `lstrcmpW` `GetExitCodeThread` `SetStdHandle` `FindFirstFileExW` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `WriteConsoleW` `WakeAllConditionVariable` `SleepConditionVariableSRW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `GetDiskFreeSpaceExW`

Delayed Imports

3

Type	`AFX_DIALOG_LAYOUT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

4

Type	`AFX_DIALOG_LAYOUT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

5

Type	`AFX_DIALOG_LAYOUT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

6

Type	`AFX_DIALOG_LAYOUT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

7

Type	`AFX_DIALOG_LAYOUT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

48

Type	`AFX_DIALOG_LAYOUT`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

131

Type	`FILE`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2fe15`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96612`
MD5	`b2b9870b5c4ada39fcb34d5e8397faf9`
SHA1	`8fa53d835fc02c5852432072e56844396d6b0954`
SHA256	`52fcb255c48d2880dabeef54ce37fac4e3e822d1cf70a262d0a6a590c828e5e6`
SHA3	`b2a8d8a8c37a3db39693e4f3326176d3b2336cfbb846ed1ebafac59d01f62304`

132

Type	`FILE`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2f0f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

133

Type	`FILE`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x31b12`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

102

Type	`LNG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x18cfe`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

104

Type	`LNG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1a2c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

106

Type	`LNG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x141f2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

111

Type	`LNG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x151c2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

112

Type	`LNG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14f88`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

113

Type	`LNG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14fc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

114

Type	`LNG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14f70`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

1

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x302a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

2

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1d4ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

47

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x242a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

1 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1628`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.67965`
MD5	`a4f9307f3709cc2de8bb7da42b511ea2`
SHA1	`b4b5aefe4114a8f810f9636e15713e5d083996b8`
SHA256	`ca1fb55951208df29ef5b54e58d99eb34797deaa3275acf90ca0e1e968ff8f84`
SHA3	`7fb7976d3979ec0ce61c292c914366769e46c5a470f701fb4de15bdd7f2d632c`

2 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.70616`
MD5	`d5c0d32c5e5b2f660c9066f428612f05`
SHA1	`d2c0eb8a97671e641145546548d2068da41b88a3`
SHA256	`f26d47f266a1a5fe7b8bfcc4d13f905394e7684ad77e069839d60e82b057c667`
SHA3	`ebb66294c0697e71c3a67d75b11fc8c7b099ba163de85a2bd28b510ac5ca5f11`

3 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12548`
MD5	`a979f000fbe23c5a39dfd92d4d8ffb99`
SHA1	`6258e8f0646e51290b2394a9b128a9a58f2da017`
SHA256	`d6de000a241575928e74ad3c77916f4e23d43250ec4af782e11cfffbc20e20ef`
SHA3	`8e68687a13eff30806088c85cf2a83ad886dc47fc651a721bfe352921f40b24e`

4 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12894`
MD5	`95961a6b3d940c7d3095bcd76fb37ee7`
SHA1	`93d28dca865b064681fc51ba8545a3794308c01f`
SHA256	`ea68114c282c139a55453feb211ed1833b7c56328f4c200b7bcaed824b57864c`
SHA3	`2ebadc13152e4705eed24ed529ddaf5e10299145d7057f2aa69e205c8be70547`

5 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.74424`
MD5	`a9fdba1a4d3dd204d2320ce2d9470830`
SHA1	`d180f74e2fdeb76d16632ca98afd5cdde638944a`
SHA256	`316490aa7a00de502f9e39b03ecf6e3883e91d025cafec84a8ec02c32c541b89`
SHA3	`a536897a09ce9f01ae0b8d9895dac4592abad414ae297eeaa7f4035cfddcc417`

6 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.80927`
MD5	`c23975c5015640f8a5e57524423b6bd7`
SHA1	`f3531dda0c3fa2ebc1f1d28c31f71fcade1e1395`
SHA256	`f157a6a0d86cf696e9ab9f5e677265eb552db1b63d871f0bcb3a8a861c34d17c`
SHA3	`4988ab5dc0cb70800170b596c4ec1bb44fd2e257f30a1d06f97582ddbcfe95cb`

7 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.54659`
MD5	`0ac456b0d4caeefb3246c40cf0e20664`
SHA1	`9a66f4b155d9f63f7f9f6189eda52a80e39f1eab`
SHA256	`1d7f06e7cc304abfddefa1ed72082efb221c70438c787a2d5867c455d6bfc366`
SHA3	`76aad6e806ef3f88534f123ffa9514ae1e663d707370eb1204d32b665a1b031a`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.70265`
MD5	`a70d7a9f0b2cc8b9f93f535fcc4062b9`
SHA1	`97ba616b4764d5ad47a117cca630cc3d043fc000`
SHA256	`af8cf5e33410a630e8dfbe0daabc8eb3a5042b1918c73de08084cdf7b7fcc611`
SHA3	`36259a97ef936dcf446247954d070d4dcc717dba1693524c886890f8e28e4165`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x748`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.58956`
MD5	`77e302425aac664551a3d8f7fdab8b7d`
SHA1	`1c09059984038fa63a2ee44e9025a90d9c3faa12`
SHA256	`66a41369f441aeeb69e8efcb1c82c5d4ed8d35d48b8c7b99d49998716279b3ae`
SHA3	`10d31164ec9e1ff34c7d15620585bd99282c7650d11505ffd73bcfb5fdd71633`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.47855`
MD5	`dcb27e21cffd3df0c134615f0facb23b`
SHA1	`020befe514e42a772ae0df2108e79c47bf783613`
SHA256	`07169d9df457b96ab7277aff4eb92562163f57faf637e0d7fbe57032f36a78de`
SHA3	`1865df621590f01cb2a7a6a1d2244ad41a61faebf0aa80af014227a5a235b7f5`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.46652`
MD5	`49df28d87b0fdcc552f7b36e51f1ca74`
SHA1	`0a0b5dff47f5451d64936040208cc47141647f0c`
SHA256	`b7f623a5305d4379171eae942c7d24fb672e0ee6fb99c8d1ac4f7dc8250d44e9`
SHA3	`be58c08c21f6ba9d46227714cc7a91fcc5a44b3dee089fec56482ad3fd154cb8`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.43957`
MD5	`6fc8741b8a04d4e348a0bec8d845df30`
SHA1	`166009e91c0911a53a9a7d323a7394d9fab6967c`
SHA256	`a2811df37a89166c87556a711fd452158b935c20c7b438f0e84ab24171babe9f`
SHA3	`b51afa2cc1b5ca696abe44b47ab19b9575904dea3020bb822d026584540fd257`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.76677`
MD5	`d9df7be5dc510e1d1c2ab235e996fe3e`
SHA1	`ff507003a526a4abe11f82805b7086a6c932d71b`
SHA256	`a2a0e0f194c16432ca2996d5533cdfc5e2e5b2962ddca902bdc88a74fdd67950`
SHA3	`c3d9fee67895a87b03dc20bf11bb8627b38d059c80dd4ea5a5a0b5b52e18b751`

14

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.92429`
MD5	`42394c51d26f54ed2db5d9793462bf07`
SHA1	`40e9f9232655124955657209a64bb098e1146df7`
SHA256	`1592fa3f46ae81face8f9482667122b452b0ad8ab11c5e3f1d0ad619f69e8e1a`
SHA3	`c5084be5f18152618d0c0d5352793789574244743ed768c603238b8da8d0581b`

15

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.78284`
MD5	`2f77886d029150c765298c9effec4c70`
SHA1	`ca6bb837e94918a51ac8013d187fdabbfbeb9a00`
SHA256	`08e0c4a7f980fc7fcaacdaf462c7df3e298cc9a17ebd78d0eda8e56bd534a5f8`
SHA3	`bf3e8565f6f13ebf9cf06d18a64ccb97b38c92485841a9f88a7f488cc8e69971`

16

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1628`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.73044`
MD5	`ec221a0971531681682d4715da1cb319`
SHA1	`5a5eea6c4f6f12bf85c1af2cc23f3abdd864cb2e`
SHA256	`b1c2f07eaa961f10a94ab5bcab2a3add6ecadba75543d592adbc025240114f79`
SHA3	`5d29caf186717034024710c1c7d4bf384fca4d095f769aa64610130711e9d3aa`

17

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.77121`
MD5	`9ea8ec7ce4d380195038c816bdecbed2`
SHA1	`18b9f4fac4e9bd64ed7f933860b7cf4bd7160a9c`
SHA256	`02f2081bf138ed9b4bf05c6d53d908eb97257244b4bc4cd5d2eb72dd605b5cd2`
SHA3	`d2d0d71502263d0236e14f1abc54cf3d60ea846cf87db01d2c174e9e38fa13f0`

18

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12278`
MD5	`456d15140b2eff19aca1fea296ea59a1`
SHA1	`5a2f35a595b9966d95060442c2240bc47f790983`
SHA256	`ed388af13dd808c5c81d8f09d2b7fb262c7b1f8b861ef23d36524b1c6ec69fb0`
SHA3	`5965f19c12d4a772482af382bcd96c8a679e4fa1b8dc953a81b7fa0ddd479830`

19

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.20635`
MD5	`71815551e6d9883dcfe8e5c52ffb4ce9`
SHA1	`8467d2458da68b30d09c3882680ed0f92fd8c127`
SHA256	`b4339d71f050de5e5e45d6dd79864263a2763b798fcc80437df8e1205d5e3133`
SHA3	`f35d503dec20dfc79c1d2fe25e405dcc903631d5e6c2344664b8f6715a6051b9`

20

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.13468`
MD5	`1bdd8143e528e1fdf0290562e721b732`
SHA1	`107247c276c57de17042897a0b99b15cb419def4`
SHA256	`7908add7f34ced368e3151ab3274f85b7828a8b82d6717e1682aaf6b982a86a0`
SHA3	`844f225a0cc002892085a3d105faa8c35665c3de2cf8b3eb9707a47e61a0cca5`

21

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84962`
MD5	`d14caf3418475c2d7892ec31995ce89d`
SHA1	`e90d2c2d4bd5e1fcf07f639d883bb083d8c6b429`
SHA256	`c95af5b331280d5f4ad51ef3615e1900bb44f3067adffb4b19e6befa015dcf48`
SHA3	`c51a5c4c44ca7088ca501b5f241dc80ab0432ebe91fac638369fc28a7fef3f7b`

22

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.66289`
MD5	`e61db91f962d1bdad80778618d927669`
SHA1	`574c159d400e05300d75c25cd3e20f90985f8cbf`
SHA256	`c4bc42f05b212d1c9577f72154f309abfaec9a9b1fab8f442a53f16789933776`
SHA3	`6338e2b4aa1cc5fabc72f34b3fdc7391a45e4e23a678fc5b793d649e7262c1f5`

23

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.65557`
MD5	`c5cc7f5f2740b6db733834807540a9fd`
SHA1	`59433bece0ace1b4a4cc6b793a81d07da7a83869`
SHA256	`24f5ce99fb0ae51f108104c9dd9f366d19d0b12b951b4c6e61a23e48fc0fd66a`
SHA3	`31b088a6a81617ad73234c9e1ae5278f4b34b23ae4f07cbcb9ecce246def0248`

24

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x748`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.6315`
MD5	`f5ab1eaed94056b793f60bbb035647f6`
SHA1	`0bfc522bbe16a5394f38b8375471fbff1b632f3f`
SHA256	`ec618294877d565ca6e14036d279acd731edbaddc49abfa8432e760346304c27`
SHA3	`ea6cb01b52e2b32f33d8dec4cc6c5111927d8d6512d5a82707f39e98cc296ccf`

25

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00611`
MD5	`cfbdf0971fec80d74062961ff69846b9`
SHA1	`532d746af3f8e00b1c9ba605f28c78fd6de8fdd0`
SHA256	`3ef95a39fc1e7538543fa64a76336ae9f4e63f7d1dbe92783f4ceb298cba7514`
SHA3	`8146266ef85500bb410e2282d9b14c0618609d7915df96fa69675b39befc7d91`

26

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.50486`
MD5	`7b236dd31255ea229f3f627003bf70cc`
SHA1	`8a756a22435ced141669b9e74b458bfdb1f37b19`
SHA256	`9007d991913ec8586670181dc130cc6ac32250e9c115c8f67725f35c97c1a91b`
SHA3	`08deb45d618f30ffc949c88a52649f916e024b1e8d63fbce92d31893afdb4ed0`

27

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.52207`
MD5	`5215cb23af8ff8fcfae66304b618332e`
SHA1	`60a824cfe807c52a99cd738da4d9ca525b65b5a9`
SHA256	`c636ec236d46aa6527a5e2ef237566323d86e0caac7f00327426cd91728bd4ce`
SHA3	`2ad53594da169fc8fcd4f1c0da7d209d98a6b0a452dae458cad37fd507233932`

28

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.71088`
MD5	`b95b7f9d33a20dca74d0ee1da3d20965`
SHA1	`a49cee8596affeeb0e0399c2fd673c70df60c35f`
SHA256	`65aad763fb43089a4690f8763a6331b1ab118ad969c53821aa26fce31f49ce1c`
SHA3	`7a304d6cae5d7e5c0ba90257b30781367f7f248c468aed43fce1863121d334d1`

29

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.95544`
MD5	`7b77958cf4939a4bb874dca483bcaade`
SHA1	`e2c6933338605538f0adf3addf817bb32518d750`
SHA256	`c04a91b82289d6f0cd45f7883d0effafab5409cf7d7b607ff52c02b826e618e3`
SHA3	`21621f562d6e78b8fba7675bbe04c2e4ca5f35ab2f1260dbb274b15177eb612b`

30

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.54941`
MD5	`1c54db6abc1f2b9588893c8afd50a720`
SHA1	`ccb1ec354badc60d6e02553580b7d5c3bba7699b`
SHA256	`7de670ef74e6aa318c7c2654a94d5b0233a5a87c62eb315c75946883c481d49b`
SHA3	`fc54da05365ee1f5946fa1d4761a972f117b47519a1dbd7c475859002f1d33e6`

3 (#3)

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4 (#3)

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x106`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

5 (#3)

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x304`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

6 (#3)

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

7 (#3)

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x376`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

48 (#2)

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x260`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

1 (#3)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xcc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

2 (#3)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x272`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3 (#4)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1da`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4 (#4)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xca`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

26 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x130`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

24 (#2)

Type	`RT_ACCELERATOR`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

58

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x114a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

59

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xa30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

60

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x15d6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

61

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x145e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

62

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1380`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

63

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xd5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

64

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x135e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

65

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x135e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

66

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x12d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

67

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x13f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

68

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x12a2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

69

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x12dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

70

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x13ca`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

71

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x12e6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

72

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xa34`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

73

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1256`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

74

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1152`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

76

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1246`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

77

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x148a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

78

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x12ee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

79

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

80

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1104`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

81

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1268`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

82

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x12c6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

83

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x137a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

84

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xc58`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

85

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x13ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

86

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1326`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

87

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x12c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

88

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x13aa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

89

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1442`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

90

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x136c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

91

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x12f6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

9 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xd8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14068`
Detected Filetype	Icon file
MD5	`c36a0bbc1be2087583bfdb90c69451d9`
SHA1	`c3fd929ecde353dd12e558745f1381b50742292f`
SHA256	`8b12a6a7a6eef253de52acdd373a5823b9ebddcb832d4bc8a35e3808b267f66c`
SHA3	`a4e53019925398311911f8bc109b82bba8c5210e3e055840988fe922dee257ef`

33

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xd8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20695`
Detected Filetype	Icon file
MD5	`e8b731cea258391d6ed6064e0bde96c6`
SHA1	`520b5c9696debcd1b2730219efddcd20155a93b9`
SHA256	`9ec5cf812deb619ac67a7921c5fb0f620fd2efa6d8aa7300296d7033ff3e0e34`
SHA3	`c26add1c03d8621197c62b264c4be73545ce0561483f08a603186669c70809e1`

1 (#4)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x378`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22737`
MD5	`1caeafbfd1a237f33edebd63a9dea028`
SHA1	`b3c92577f6e8d27491434bd4f262bdc0091b19df`
SHA256	`81e2efad32ae56a66ba38545cdf9c49bae6089dd1f73174067b12047ec78749a`
SHA3	`1935dad2e69d7cb9847c440557e610b4292f7e85a9ad5bdbfe5446824aefa125`

1 (#5)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3011`
MD5	`d04b0b954936b246384ac0a9ee6b607b`
SHA1	`37db50364ec1791d63e7c905e534cec55c420245`
SHA256	`4bfdda7d559a4e828a647a42044a9dc11d7b485e2cefa94c1df923b5459631c7`
SHA3	`d45c80495162727a2ba84cd80d537217af7970ec5d98268d8b16e821f066f38c`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.0.0.4490
ProductVersion	5.0.0.4490
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
Comments	https://www.metaquotes.net
CompanyName	MetaQuotes Ltd.
FileDescription	Setup
FileVersion (#2)	5.0.0.4490
InternalName	Setup
LegalCopyright	© 2000-2024, MetaQuotes Ltd.
LegalTrademarks	MetaTrader
OriginalFilename	Setup
ProductName	Setup
ProductVersion (#2)	5.0.0.4490

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Aug-21 02:57:21
Version	`0.0`
SizeofData	`103`
AddressOfRawData	`0x4614450`
PointerToRawData	`0x46bc50`
Referenced File	E:\workspace\MetaTrader5\Build\Installers\Distributive Core\Release64\core.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Aug-21 02:57:21
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x46144c0`
PointerToRawData	`0x46bcc0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Aug-21 02:57:21
Version	`0.0`
SizeofData	`1064`
AddressOfRawData	`0x46144e0`
PointerToRawData	`0x46bce0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0x800`
EditList	`0`
SecurityCookie	`0x14021e040`

RICH Header

XOR Key	`0x9314d709`
Unmarked objects	`0`
C++ objects (33136)	`190`
ASM objects (33136)	`11`
ASM objects (33808)	`9`
C objects (33808)	`19`
C objects (34120)	`12`
C++ objects (34120)	`1`
C++ objects (33808)	`59`
Imports (VS2015 UPD3.1 build 24215)	`2`
C objects (33136)	`21`
C objects (CVTCIL) (33136)	`1`
Total imports	`423`
Imports (33136)	`29`
C++ objects (LTCG) (34120)	`79`
Resource objects (34120)	`1`
151	`1`
Linker (34120)	`1`

Errors

[!] Error: Could not reach the TLS callback table.
[!] Error: Could not read a WIN_CERTIFICATE's data.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section .fptable has a size of 0!
[*] Warning: Section .cod0 has a size of 0!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[!] Error: Bitmap  is malformed!
[!] Error: Bitmap  is malformed!
[!] Error: Bitmap  is malformed!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!