Manalyze report for 1e339c03fd07fab4ef9e6afd9697074988f1691736011f97626d40de77f6d8e3

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-20 11:28:11
Detected languages	Chinese - PRC English - United States
Debug artifacts	E:\jenkins\.jenkins\workspace\install_project\install_setup\install_and_uninstall\Release\setup.pdb
FileVersion	`1.1026.1070.520`
ProductVersion	`1.1026.1070.520`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig2(h)` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: regsvr32.exe` `Contains references to security software: 360sd.exe QQPCTray.exe avp.exe` `Accesses the WMI: ROOT\CIMV2` Contains domain names: 7-zip.org adobe.com api.ludashi.com cdn-file-ssl-pc.ludashi.com cdn-file-ssl.ludashi.com file-ssl-pc.ludashi.com file-ssl.ludashi.com http://api.ludashi.com http://api.ludashi.com/pc/cnf/InstCompAlertConf?app http://api.ludashi.com/pc/pcdn/downloadConfig http://api.ludashi.com/pc/ud/eva http://l.public.ludashi.com http://l.public.ludashi.com/pc/feedback/uninst http://l.public.ludashi.com/pc/ud/dogsun http://ns.adobe.com http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://s.ludashi.com http://s.ludashi.com/url2?pid http://s.ludashi.com/url3?pid http://www.ludashi.com http://www.ludashi.com/ http://www.ludashi.com/cms/service/jump.php?key http://www.ludashi.com/stat/pc.php?pid http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# https://cdn-file-ssl-pc.ludashi.com https://cdn-file-ssl-pc.ludashi.com/pc/appstore/ludashi/ludashisetup2020.exe https://cdn-file-ssl.ludashi.com https://cdn-file-ssl.ludashi.com/pc/appstore/ludashi/ludashisetup.exe https://pc-package.ludashicdn.com https://pc-package.ludashicdn.com/pc/ https://www.ludashi.com https://www.ludashi.com/service/faq l.public.ludashi.com ludashi.com ludashicdn.com ns.adobe.com openssl.org package.ludashicdn.com pc-package.ludashicdn.com pc.ludashi.com public.ludashi.com s.ludashi.com ssl-pc.ludashi.com ssl.ludashi.com www.7-zip.org www.ludashi.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to Blowfish` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryA LoadLibraryW GetProcAddress LoadLibraryExA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread FindWindowW` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowW` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegEnumKeyExA RegSetValueExW RegQueryInfoKeyW RegDeleteValueW RegDeleteKeyW RegCreateKeyExW RegQueryValueExW RegOpenKeyExW RegEnumKeyExW RegCloseKey RegGetValueW SHGetValueW SHGetValueA SHDeleteKeyW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptReleaseContext CryptDestroyKey CryptSetKeyParam CryptGenRandom CryptImportKey CryptEncrypt CryptDecrypt CryptContextAddRef CryptBinaryToStringW CryptBinaryToStringA CryptStringToBinaryW CryptStringToBinaryA` `Can create temporary files: GetTempPathW CreateFileW GetTempPathA CreateFileA` `Has Internet access capabilities: InternetGetConnectedState URLDownloadToCacheFileW URLDownloadToFileW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken CheckTokenMembership` `Interacts with services: QueryServiceStatusEx QueryServiceStatus QueryServiceLockStatusW QueryServiceConfig2W QueryServiceConfigW OpenServiceW OpenSCManagerW DeleteService CreateServiceW ControlService ChangeServiceConfigW` `Enumerates local disk drives: GetLogicalDriveStringsW GetDriveTypeW` `Manipulates other processes: Process32NextW Process32FirstW OpenProcess EnumProcesses` `Changes object ACLs: SetNamedSecurityInfoW` `Can take screenshots: GetDC FindWindowW CreateCompatibleDC BitBlt` `Can shut the system down or lock the screen: ExitWindowsEx`
Malicious	The PE is possibly a dropper.	`Resource 203 detected as a CAB Installer file.`
Info	The PE is digitally signed.	`Signer: \xE6\x88\x90\xE9\x83\xBD\xE5\xA5\x87\xE9\xB2\x81\xE7\xA7\x91\xE6\x8A\x80\xE6\x9C\x89\xE9\x99\x90\xE5\x85\xAC\xE5\x8F\xB8` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`0058213d42a14b814c649179fb3e2cce`
SHA1	`4c0d6995b9af996ff64145839b4f0113f8176425`
SHA256	`1e339c03fd07fab4ef9e6afd9697074988f1691736011f97626d40de77f6d8e3`
SHA3	`7b631af55ca1dcd825d52822c059ae574743d32cb90d8b10edff64ef059a4b28`
SSDeep	`98304:QS9iwtytT4DoKPG7VxaX3KtsjRKgWDqKIe2nKFWKGLTS9GqRsnMVU7:7iwvGHOKgWDT5anKGLOnRK7`
Imports Hash	`5c6f23f482c99bf7920711b626d8f465`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x150`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2026-May-20 11:28:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x14c000`
SizeOfInitializedData	`0x473600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00099B74 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x14d000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x5c5000`
SizeOfHeaders	`0x400`
Checksum	`0x5cb49a`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`39ab706ddaf19d4230486faaa10f1be9`
SHA1	`7c30715585aef67cdb0d5d536df6c7c264b064ae`
SHA256	`f7ec0487073b844e197da16efb809bf3e4fd26c889db7067b1bdb0bc23cb20d5`
SHA3	`cc695453824357eaa01af57e98540e7174f46662e28a050dd4e38779a8134c33`
VirtualSize	`0x14be7d`
VirtualAddress	`0x1000`
SizeOfRawData	`0x14c000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.57291`

.rdata

MD5	`47eab02cf6fb65949481cf335dbfc11d`
SHA1	`670e9f991c04eafc19e6e06d87372bd7374b6352`
SHA256	`affec14da0e5bec0bdf22703f59ae04bfff4794858c6f2b6901db1727b9673b3`
SHA3	`5a5bff95bee96e85944da1bc2cc1f832624865247ba457785aa798d860edeb03`
VirtualSize	`0x45d44`
VirtualAddress	`0x14d000`
SizeOfRawData	`0x45e00`
PointerToRawData	`0x14c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.96808`

.data

MD5	`d68f4d3086e722585cfdd114e09d916a`
SHA1	`315c993adb0b058560532b81d33828786ee0316f`
SHA256	`954a68b4afa5e3362cbe17129c8809a5d4c1155a9971a6514bcf0c84ff597719`
SHA3	`838624f0c483fcc6b1847b77799d33069825e744b83273fbe2c55682617d75b2`
VirtualSize	`0xadbc`
VirtualAddress	`0x193000`
SizeOfRawData	`0x7600`
PointerToRawData	`0x192200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.74872`

.rsrc

MD5	`ce77650a9939b409c09782b938231149`
SHA1	`ceb64f5e0faf6186eb829bad9fbd136a3d9f5608`
SHA256	`e895d24a7e8f072f2e479cc562776d33cc6f83c1a98446dd2a1a25ef93a56e91`
SHA3	`74f8d09439b484a408c117b90ece5e3cab0c448125f298a348977a8fc134ceea`
VirtualSize	`0x414ee8`
VirtualAddress	`0x19e000`
SizeOfRawData	`0x415000`
PointerToRawData	`0x199800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.85039`

.reloc

MD5	`42e2647338f892124059af426f7b429c`
SHA1	`64de295f5804b549be1a25f674b4c326c1cd385b`
SHA256	`4ef77cf626389820cc51f9d793df0e5b26bb0962a9237dbb722fbd66551b60a6`
SHA3	`24c881cf5345aebc915206a4345adc32ab4094365ee34b72ba677aa661433c2b`
VirtualSize	`0x110dc`
VirtualAddress	`0x5b3000`
SizeOfRawData	`0x11200`
PointerToRawData	`0x5ae800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.69203`

Imports

KERNEL32.dll	`CreateEventW` `WaitForMultipleObjects` `GetTempFileNameW` `CreateProcessW` `GetStartupInfoW` `GetVersion` `OpenEventW` `GlobalAddAtomW` `GetFileSizeEx` `GetCommandLineW` `DecodePointer` `LoadLibraryExW` `lstrcmpiW` `LoadLibraryA` `GetLocalTime` `CopyFileW` `OutputDebugStringA` `ResetEvent` `GetPrivateProfileStringW` `CreateDirectoryW` `GetShortPathNameW` `FormatMessageW` `GetCurrentProcessId` `CreateMutexW` `WaitForSingleObject` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `GetTickCount64` `IsDebuggerPresent` `EncodePointer` `InitializeSListHead` `InterlockedPopEntrySList` `InterlockedPushEntrySList` `FlushInstructionCache` `GlobalLock` `GlobalAlloc` `GetSystemDirectoryW` `GetLogicalDriveStringsW` `GetDriveTypeW` `GetDiskFreeSpaceExW` `MoveFileExW` `MoveFileW` `lstrlenW` `GetWindowsDirectoryW` `SetLastError` `GetTempPathW` `SetFileAttributesW` `RemoveDirectoryW` `GetFullPathNameW` `GetFileAttributesW` `FindNextFileW` `FindFirstFileW` `FindClose` `DeleteFileW` `GetLongPathNameW` `WideCharToMultiByte` `GetTickCount` `Sleep` `GetLastError` `WritePrivateProfileStringW` `FindResourceW` `SizeofResource` `WriteConsoleW` `ReadConsoleW` `SetStdHandle` `WaitForSingleObjectEx` `SetEnvironmentVariableW` `SetEnvironmentVariableA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineA` `GetOEMCP` `IsValidCodePage` `FindFirstFileExW` `FindFirstFileExA` `SetConsoleCtrlHandler` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetTimeFormatW` `GetDateFormatW` `GetCurrentThread` `GetConsoleMode` `GetConsoleCP` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `GetExitCodeProcess` `TerminateProcess` `GetCurrentProcess` `VerifyVersionInfoW` `GetCurrentThreadId` `DeleteCriticalSection` `InitializeCriticalSectionEx` `RaiseException` `VerSetConditionMask` `MultiByteToWideChar` `UnlockFile` `LockFile` `GetFileSize` `MulDiv` `Process32NextW` `Process32FirstW` `CreateToolhelp32Snapshot` `GlobalFindAtomW` `GlobalDeleteAtom` `LockResource` `LoadResource` `GetModuleHandleW` `GetModuleFileNameW` `FreeLibrary` `FindResourceExW` `GetVersionExW` `DeviceIoControl` `UnmapViewOfFile` `MapViewOfFile` `CreateFileMappingW` `GetFileAttributesExW` `CreateFileW` `LoadLibraryW` `DosDateTimeToFileTime` `GetProcAddress` `GetProcessHeap` `HeapSize` `HeapFree` `HeapReAlloc` `HeapAlloc` `HeapDestroy` `OutputDebugStringW` `SetFilePointer` `ReadFile` `LocalFileTimeToFileTime` `GetTempFileNameA` `GetTempPathA` `CloseHandle` `SetEvent` `LocalAlloc` `IsProcessorFeaturePresent` `VirtualAlloc` `VirtualFree` `LoadLibraryExA` `OpenProcess` `GlobalFree` `LocalFree` `GlobalUnlock` `GetStringTypeW` `InitializeCriticalSectionAndSpinCount` `SwitchToThread` `TlsAlloc` `SetFilePointerEx` `GetFileType` `GetACP` `GetModuleFileNameA` `ExitProcess` `GetTimeZoneInformation` `GetModuleHandleExW` `FreeLibraryAndExitThread` `TlsGetValue` `ResumeThread` `ExitThread` `CreateThread` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `GetCPInfo` `OpenFileMappingW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `QueryPerformanceCounter` `FlushFileBuffers` `SearchPathW` `SetFileTime` `FindCloseChangeNotification` `FindFirstChangeNotificationW` `CompareFileTime` `GetFileInformationByHandle` `SetEndOfFile` `GetStdHandle` `InterlockedCompareExchange` `FreeResource` `GetSystemWindowsDirectoryW` `lstrcmpA` `InterlockedFlushSList` `WriteFile` `DeleteFileA` `CreateFileA` `RtlUnwind` `ReleaseMutex` `FileTimeToDosDateTime` `FileTimeToLocalFileTime` `SystemTimeToFileTime` `GetSystemTime` `GetFileTime` `FindNextFileA` `FindFirstFileA` `lstrcmpiA` `GetSystemInfo`
USER32.dll	`DrawTextW` `UnhookWinEvent` `wsprintfW` `SetTimer` `KillTimer` `GetWindowTextLengthW` `GetMessageW` `TranslateMessage` `DispatchMessageW` `PeekMessageW` `DestroyWindow` `GetDC` `ReleaseDC` `SendMessageW` `ShowWindow` `IsWindowVisible` `IsIconic` `SetForegroundWindow` `FindWindowExW` `GetWindowThreadProcessId` `PostMessageW` `IsWindow` `SetCursor` `SetRect` `OffsetRect` `LoadCursorW` `ScreenToClient` `PtInRect` `CopyRect` `DrawFocusRect` `BeginPaint` `EndPaint` `IsRectEmpty` `DefWindowProcW` `CallWindowProcW` `UnregisterClassW` `RegisterClassExW` `GetClassInfoExW` `CreateWindowExW` `InvalidateRect` `GetClientRect` `GetWindowRect` `GetWindowLongW` `SetWindowLongW` `GetParent` `UpdateLayeredWindow` `SetWindowPos` `SetWindowRgn` `SystemParametersInfoW` `WaitForInputIdle` `GetSystemMetrics` `MonitorFromWindow` `GetWindowTextW` `SetWinEventHook` `UnregisterClassA` `FindWindowW` `SendNotifyMessageW` `SendMessageTimeoutW` `RegisterWindowMessageW` `MessageBoxW` `IsDialogMessageW` `EndDialog` `BringWindowToTop` `RedrawWindow` `GetMonitorInfoW` `LoadImageW` `GetWindow` `MapWindowPoints` `SetWindowTextW` `CharNextW` `MoveWindow` `PostQuitMessage` `ExitWindowsEx` `SetProcessDPIAware` `DialogBoxParamW`
GDI32.dll	`DeleteObject` `SaveDC` `RestoreDC` `SetTextColor` `SetBkMode` `CreateRectRgn` `CombineRgn` `SetViewportOrgEx` `CreateCompatibleDC` `CreateCompatibleBitmap` `BitBlt` `ExtTextOutW` `SetBkColor` `DeleteDC` `SelectObject` `GetTextExtentPoint32W` `GetDeviceCaps` `CreateFontIndirectW` `EnumFontFamiliesW` `CreateFontW`
ADVAPI32.dll	`CryptAcquireContextW` `RegQueryValueExA` `RegOpenKeyExA` `RegEnumKeyExA` `RegSetValueExW` `RegQueryInfoKeyW` `RegDeleteValueW` `RegDeleteKeyW` `RegCreateKeyExW` `RegQueryValueExW` `RegOpenKeyExW` `RegEnumKeyExW` `RegCloseKey` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `OpenProcessToken` `UnlockServiceDatabase` `StartServiceW` `QueryServiceStatusEx` `QueryServiceStatus` `QueryServiceLockStatusW` `QueryServiceConfig2W` `QueryServiceConfigW` `OpenServiceW` `OpenSCManagerW` `LockServiceDatabase` `DeleteService` `CreateServiceW` `ControlService` `CloseServiceHandle` `ChangeServiceConfig2W` `ChangeServiceConfigW` `GetUserNameW` `AllocateAndInitializeSid` `CheckTokenMembership` `FreeSid` `DeleteAce` `EqualSid` `LookupAccountSidW` `LookupAccountNameW` `SetEntriesInAclW` `GetExplicitEntriesFromAclW` `GetNamedSecurityInfoW` `SetNamedSecurityInfoW` `BuildExplicitAccessWithNameW` `GetTrusteeNameW` `GetTokenInformation` `CryptReleaseContext` `CryptDestroyKey` `CryptSetKeyParam` `CryptGenRandom` `CryptImportKey` `CryptEncrypt` `CryptDecrypt` `CryptContextAddRef` `RegGetValueW`
SHELL32.dll	`#165` `CommandLineToArgvW` `SHGetSpecialFolderPathW` `SHFileOperationW` `SHGetPathFromIDListW` `SHBrowseForFolderW` `ShellExecuteW` `SHLoadInProc` `ShellExecuteExW` `SHChangeNotify` `SHGetDesktopFolder` `SHGetSpecialFolderLocation` `SHCreateDirectoryExW`
ole32.dll	`CoCreateGuid` `CoInitializeSecurity` `CoSetProxyBlanket` `CoInitialize` `CoTaskMemRealloc` `CoUninitialize` `CLSIDFromProgID` `StringFromGUID2` `CreateStreamOnHGlobal` `OleRun` `CoTaskMemFree` `CoCreateInstance` `CoInitializeEx` `CoTaskMemAlloc`
OLEAUT32.dll	`VariantCopy` `CreateErrorInfo` `SetErrorInfo` `VariantChangeType` `GetErrorInfo` `VariantInit` `SysStringLen` `VariantClear` `SysAllocStringByteLen` `SysStringByteLen` `SysAllocString` `SysFreeString` `VarUI4FromStr`
SHLWAPI.dll	`PathIsRootW` `PathFindFileNameA` `PathRenameExtensionA` `PathAppendW` `PathCombineW` `PathFileExistsW` `PathRemoveFileSpecW` `PathFindExtensionW` `wnsprintfW` `StrCmpW` `PathFindFileNameW` `PathUnquoteSpacesW` `SHGetValueW` `SHSetValueW` `PathIsPrefixW` `PathIsRelativeW` `StrStrIW` `SHDeleteValueW` `PathIsDirectoryW` `StrStrIA` `StrCmpNIW` `StrTrimA` `StrToIntExW` `SHGetValueA` `SHSetValueA` `PathAppendA` `SHDeleteKeyW` `StrCmpIW`
COMCTL32.dll	`InitCommonControlsEx` `_TrackMouseEvent`
gdiplus.dll	`GdipDeleteBrush` `GdipGraphicsClear` `GdipDrawImagePointRectI` `GdipSetStringFormatTrimming` `GdipSetStringFormatLineAlign` `GdipSetStringFormatAlign` `GdipSetStringFormatFlags` `GdipDeleteStringFormat` `GdipCreateStringFormat` `GdipMeasureString` `GdipDrawString` `GdiplusStartup` `GdiplusShutdown` `GdipAlloc` `GdipFree` `GdipCloneImage` `GdipDisposeImage` `GdipGetImageWidth` `GdipGetImageHeight` `GdipCreateBitmapFromStream` `GdipCreateBitmapFromFile` `GdipCreateBitmapFromStreamICM` `GdipCreateBitmapFromFileICM` `GdipCreateFromHDC` `GdipDeleteGraphics` `GdipDrawImageRectRect` `GdipDrawImageRectRectI` `GdipCloneBrush` `GdipDeleteFont` `GdipCreateSolidFill` `GdipCreateImageAttributes` `GdipDisposeImageAttributes` `GdipSetImageAttributesColorMatrix` `GdipSetTextRenderingHint` `GdipCreateFontFamilyFromName` `GdipDeleteFontFamily` `GdipCreateFont` `GdipFillRectangleI`
Cabinet.dll	`#23` `#20` `#22`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`
PSAPI.DLL	`EnumProcesses` `GetModuleFileNameExW`
SETUPAPI.dll	`SetupIterateCabinetW`
IPHLPAPI.DLL	`GetAdaptersInfo`
WININET.dll	`InternetGetConnectedState`
urlmon.dll	`URLDownloadToCacheFileW` `URLDownloadToFileW`
Secur32.dll	`GetUserNameExW`
CRYPT32.dll	`CryptBinaryToStringW` `CryptBinaryToStringA` `CertGetNameStringW` `CryptStringToBinaryW` `CryptStringToBinaryA`
WINTRUST.dll	`WTHelperProvDataFromStateData` `WinVerifyTrust`

Delayed Imports

_Start@12

Ordinal	`1`
Address	`0x44ee0`

StartEast

Ordinal	`2`
Address	`0x44fb0`

260

Type	`CHECK_SIGN`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xb9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.70534`
MD5	`7cebb090a3f015822002ff3047a01a97`
SHA1	`636850dbd66c0e3742eda975ff64acb8e6a1a704`
SHA256	`1794283298eee2d2205adfe5a606ccc2187b4503231255031f2c0e33531731f6`
SHA3	`a98cf752a6b61b3ec4d64db432c9ba23123c234beb8751d6f1e6b8fd916d3d74`

203

Type	`DLL_7Z`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x82e3c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99813`
Detected Filetype	CAB Installer file
MD5	`4f5c6e49c7f8acbcccbf922fdb2003c1`
SHA1	`f8b9935d87e4b7f87dbefc3e31a957de52ee8ea9`
SHA256	`7074d42936e899ff09be10b8bba23cef0a6bcfe7618f5ae51859eebfe98e6589`
SHA3	`4a8ae114dae53555459839cfd171780c9d99b4467fead4c9edc83da3dcbab859`

241

Type	`DLL_NETBRIDGE`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xbde19`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99976`
Detected Filetype	7-Zip compressed file
MD5	`e1b9fc109b9df13d5e400c46cfce05e9`
SHA1	`03bed9cf763abc6ae92215c4fdef3d2842174f8b`
SHA256	`fad899dc36e9ef5ac01ab6bbbeba004f67eff013c556cfe2e5b998d0428e248d`
SHA3	`310dfb5a9c471aab6e9ebae5d4b9dccfe988991417592b54697fa8016f78cd4c`

258

Type	`DLL_NET_TITAN`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xddbb9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99978`
Detected Filetype	7-Zip compressed file
MD5	`1384c0caf9637d054578fbd128df81c8`
SHA1	`5742b5c85868e22311871d56911049321b83442b`
SHA256	`74e58e461ffff059d7925ecae9dbb2953038dd2cffb462e99fb521f67bb87fab`
SHA3	`092051dbe30d5609f575d0e5c6512f09695adf1bca0ec44fdcc0b0966908e106`

269

Type	`EDGE_INST`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x371cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99914`
Detected Filetype	7-Zip compressed file
MD5	`df928e503a96a69d15a867192fe5cb6e`
SHA1	`daae55ae089851847b63c41dfa26916e0dedbdc6`
SHA256	`1bcadf2d9584622db03f63c467eef3c13396f17d245b833c06d26bc091d37d40`
SHA3	`b6a8b30a61aca47bb2d14cb39630bbfe11ed17e478c080ae4cae7292922daf55`

253

Type	`LAYER_ZIP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x3b2bb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98759`
Detected Filetype	Zip Compressed Archive
MD5	`d0e7562eb462d20cc4424acf1c6b341d`
SHA1	`857bb19b43fd435b83605579e0d65a7a79407523`
SHA256	`6d449db92027632329c86447da50c3ddae5cf38fd427bf2ae1fb1f8d44a3d919`
SHA3	`d462bb6055c08029967b8526770f078a804efa377ea85bc40ff1e885731e8e0c`

254

Type	`LAYER_ZIP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x68062`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99553`
Detected Filetype	Zip Compressed Archive
MD5	`72add81e829f2e29e048e74bb172c751`
SHA1	`d5b7c48db2015a67386a0bda91caa173a47ea130`
SHA256	`348f6c5a42ecaada8dcf434b4cf4590ffd8df25dd9f7acf07492118e9eedff4a`
SHA3	`9be38039e64d7cc7b4de36fdffa285e7bb25658f2384cad5a234fa7ba97ab587`

255

Type	`LAYER_ZIP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x8ae3d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99702`
Detected Filetype	Zip Compressed Archive
MD5	`d86c344b682957b46504edb683072068`
SHA1	`21f91f3803bf599813b66618e42538b9a7aeb2ea`
SHA256	`b0c767a407aa558611859afd634abd5148d129d5cad3fc0b2ea2a71d283dd037`
SHA3	`9d76279fe4af8aec4a5c9495d53ac465b624b2abe774402b430fdb023dffb240`

251

Type	`LICENCE`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x30b2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.87235`
MD5	`cbfef1e1677f7c497ac9c4f4f0143c8b`
SHA1	`d654106333e736e2ee90a5bc3f393429e08d7665`
SHA256	`33b4263d1a5544ffbc4fd4c211ca9711fdb851bdf076f0564044a6236d39cf27`
SHA3	`04427903118e7fb2a7b912614644cbc78b748eef5991188664db6232941ea67a`

IDB_PNG_LICENCE_CLOSE_BTN_MAX

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x85c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.28006`
Detected Filetype	PNG graphic file
MD5	`934db06c806c42162052345e5e11ead5`
SHA1	`fb26c5fb9e2206f941f894bd2581c91d5b18b931`
SHA256	`0f43c42e6a64b161690548274994eed632da1c59b8e8935035fc9dac31a9045f`
SHA3	`74bf4061f7f65b357c37d1f0db0fa73a5ac588ed5479cdc62dfce42f09fa2e82`

IDB_PNG_LICENCE_CLOSE_BTN_MID

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x783`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.30019`
Detected Filetype	PNG graphic file
MD5	`73ef9665a446d3bcd5993ca90d5772fb`
SHA1	`fc59698bcd4d5633f939ed3f7091dc7140d4f2dc`
SHA256	`15bef3dc66106966c4fc7b51d53c7b5f7fa04989107ddb26ccb6435e3c6d6d7e`
SHA3	`7b9b6abe344ddf2f86a033d165a1debb6bb8587f32288737e125504d564296f2`

102

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2d2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.11518`
Detected Filetype	PNG graphic file
MD5	`9f15edadbcb981153e455f02b1b3bd23`
SHA1	`0be0297958fcbe8f4916fba3195eef6018164e62`
SHA256	`33a0b64c154bdcd0eb8f41e783c358a9f15a09be0d8c953bf112024d1aa20bf6`
SHA3	`ccf1fa3880a9273f3bfbcfb905a5fdd02687eece5ef4079521252db9747fcdac`

103

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x800`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.46776`
Detected Filetype	PNG graphic file
MD5	`d9704103807676d00b0501e45475b082`
SHA1	`dd18e03ce7109d9412379cf3ca5f6b9fd24a18b3`
SHA256	`de9e4de6677eff770c278e121e796d98fb690b61239a043fd25c4d167b022f77`
SHA3	`6a8d7157ad315fd7b49a612ad921ef3ed47b2fb18be890099971ccffd19a41f5`

104

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x716`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.28185`
Detected Filetype	PNG graphic file
MD5	`aef918963c75dfdc6cb0a737a4f02324`
SHA1	`4a2251c5a59a1680345b751815c2a1d75390f0d0`
SHA256	`a9fcaa07f831713a640fe61c3614bfa3bb151d46453be88b94a461716fa971af`
SHA3	`3dbad88c34333ec785b4f6a9bf6b372c9bd7f6c1816b82e9daf0996067a0a521`

105

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x8c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.60281`
Detected Filetype	PNG graphic file
MD5	`d0b7ee0f74dac8c7d96001cadb2476c5`
SHA1	`7410cb806939a7484590522509ca62f928cf8666`
SHA256	`51b06d3fa8fafcf738346a23bede1a0d3261d5e91774a371f88da9cb60559af4`
SHA3	`800b800b871a62ee8e40bc1dc8ba75755980449fdbb7cc27e31117d3a62bc2b2`

106

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x740`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.31713`
Detected Filetype	PNG graphic file
MD5	`28ea9e9389effcbd4c18c153cb66b8e3`
SHA1	`eddc43a462f90a8197341dc46ff2f20ae9b1879e`
SHA256	`5afc0c6f0d978d7083cf9fbd199309ab0bf88a0dca28a476cb9e30bbcda7961e`
SHA3	`2d87217ebeb2940c862cee5596bd31961d599dc8f03bdb61e85fa9c04634a1c2`

107

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x64b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.94249`
Detected Filetype	PNG graphic file
MD5	`c862a34218b511107eea62d397a512e6`
SHA1	`5a946cf1dccdc1b152969f1d2c8eee76f86c63ec`
SHA256	`d7af42463781a038080739e566d5f38ab52e5bf21e4826a0ef5428474d4dd2cb`
SHA3	`cc2ab0614d371f856b45d01551743a533186d071a7cba8071effa18a0c821c7b`

109

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x5da`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83432`
Detected Filetype	PNG graphic file
MD5	`e72c19d0f55a1ca81433787eb179d9ec`
SHA1	`8ae92562da12443accec633742c00ae4a1b7b2c9`
SHA256	`f7eabdbec8e9722cd01c2f79af175c3fcbadd76564ff6989410bf675a26aa059`
SHA3	`210adf63d28396957eb74b3e558c1bc5ed84107c26b4329a5aeedf5ad1cde397`

110

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x8c2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.50214`
Detected Filetype	PNG graphic file
MD5	`3bf6a51fe573b9bb95b00fffd80c7f4e`
SHA1	`f7f670d2ff534e41093d7b741ef4ec24484d585f`
SHA256	`1ee4bbe7f81e524904757b488c340c87e0239a2e591e9fefa447cc9f8dbd3119`
SHA3	`15780cefa8799d26960cd3bb304832917805f0a4e032973b2fdbdc9b697dd86f`

111

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x707`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.35155`
Detected Filetype	PNG graphic file
MD5	`0e52b3f5bf166deb3302f1fcbc016f59`
SHA1	`84f9bb93bc47b168cffebd11fa80ac490ef52c18`
SHA256	`2fbe45a3e9b9c86a5327fbd81b5a0d34dba7805bf2c8f56896ab03f69a17c4d5`
SHA3	`ae8691b98d1770c43c19423b512b8b29d5c3687f523cf2120381b307e2c4e421`

112

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x215b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86417`
Detected Filetype	PNG graphic file
MD5	`933c66aa009fdeafac27b7940128baa5`
SHA1	`69189845b8ba53e3aea3e1a94974c3ceaa6cb644`
SHA256	`69adf883560fafbf79f71ff6ee822f17c14babe9b12ca5bc058ce4bb85d2b04d`
SHA3	`f4335fc337c05900829edcb4310bd31a776b57ba322689e50e6ad8f2946aaf6b`

113

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x225`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13707`
Detected Filetype	PNG graphic file
MD5	`93a00ea399bdfa7cc199383e1ae84beb`
SHA1	`070ea75f33a0f6d92a3c434fa3cf1abfd35788fa`
SHA256	`92b24e3e915be46f4fb6cdfd2ba5a69c53921d37482a4fa9c7194328ac135b7e`
SHA3	`a06950cae56f1c3b80b045f81dd986415caffca862a649873b1f1724f74d06cf`

114

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2c6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.92194`
Detected Filetype	PNG graphic file
MD5	`a793c057596fbd0d20f9eb722de9123a`
SHA1	`5e91552d93503db55d078f9cada868fcfeb6b4b2`
SHA256	`11be25b3f9eb873233b748eee36cf08cbbfe3cdb05d94f652e23be00e6cffac8`
SHA3	`85764c189ec95ab70fe7fd7f29f543baf4db9330412b4fce0d3776b559d7c824`

115

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x1393`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.67027`
Detected Filetype	PNG graphic file
MD5	`5cd59115508bc057e48d6745389d6517`
SHA1	`48ccfe8f36ce9ee42804f421bfbda1071c35b9ea`
SHA256	`aeed3e8855880bf81eb16ef54ea911200211e5d44f52680c13b619033408e0e4`
SHA3	`45f3f60622cb5188a939efa35fd776cf0a7e3daee95c63fdd30db33ea58d3e56`

116

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x68d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.08852`
Detected Filetype	PNG graphic file
MD5	`385e48541c056140a441d3426893e827`
SHA1	`0476516ce1b4f63710c02faf9e29aafb9df49035`
SHA256	`099f91535cd01c5a26e84a317876fe4fc51b083ef9c051a5ff4be2abf3ddbef0`
SHA3	`dc87877a8f4778d88d446411a345a5758057d338f554afc77a30aef634165a1b`

117

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x6f3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.13996`
Detected Filetype	PNG graphic file
MD5	`903282bcfdd19624acba8db9a73e8a10`
SHA1	`b91efa195c78f765ce971417401c3353d7559070`
SHA256	`dab8454fa98044b118810efbc0ee90785d4cdf4799f11be40b406db2c81bcf5e`
SHA3	`7d31153378db77f216884dd50bf3b0266e4025e92380bdbd64e66010e6d8dc92`

118

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x547`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.64882`
Detected Filetype	PNG graphic file
MD5	`21bbcd4493eba2696ffe034c8002b53c`
SHA1	`ed797c3f20bf5e18edf1108ada2d510f89cee86a`
SHA256	`c78a4e17299b02d7d3f3fd5527d114791c14a682a0bafb211c210dc77b724807`
SHA3	`64340aa0631693433fc452c6c91658643444bf01e5cd4aa2cb8281f550f04edc`

119

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x1541`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.07357`
Detected Filetype	PNG graphic file
MD5	`6dbe4ee72304338a7084724a9cb7e487`
SHA1	`74b678c5bfe2532da21b182461089c4ba6f75cb0`
SHA256	`4497a602ddd79eb4be00726de5c12e6555204fc88034b3486a28ef0f1f8e33c0`
SHA3	`fc7a64f44e60bf84fc9267896e41eec953333f789a984daeac60a017d6f9b398`

120

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x8fd2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.01633`
Detected Filetype	PNG graphic file
MD5	`e47836ef956ffb4c000f1df6d3e3fd1e`
SHA1	`14e3135380a35d933e5078474cd1e231a7420194`
SHA256	`a7044d59d07c0ff3c7c077c21cb21c2eaf58ed45ff2dd027c7d61a69eb95e171`
SHA3	`495a5164987407904966ed78b152cd8ca56372bfeafbd13cee1aa7afc51384b5`

121

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x68d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.08852`
Detected Filetype	PNG graphic file
MD5	`385e48541c056140a441d3426893e827`
SHA1	`0476516ce1b4f63710c02faf9e29aafb9df49035`
SHA256	`099f91535cd01c5a26e84a317876fe4fc51b083ef9c051a5ff4be2abf3ddbef0`
SHA3	`dc87877a8f4778d88d446411a345a5758057d338f554afc77a30aef634165a1b`

122

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2a00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.68338`
Detected Filetype	PNG graphic file
MD5	`9be684fc3999eceed7213a5e7aab3479`
SHA1	`aecc9b3abf1670853c6592b77f14a1dceecdee44`
SHA256	`0b307631a881866c1b3bfe3c12bc82cf9123b1a81e1c8de6c555718f3b334ddc`
SHA3	`c7f816c7eb9ccb02bf13b929914da5c7bd0f006f795ef6a557be6d3163fd6543`

123

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2a00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.68372`
Detected Filetype	PNG graphic file
MD5	`15cad24c963b243074c3ed9f515c2a29`
SHA1	`d4d768c9ae92c82e14335ffcb7962d2a998677cc`
SHA256	`ba3ea66d9156f57b348b6de4cc4ff8ff48409eb3a3b6f7ece8bdbe8a2958a766`
SHA3	`6321d7b10cec1aa22266dfc2fbdc1b56d6a130c6506679839beca12b7ac98cda`

124

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x783`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.30019`
Detected Filetype	PNG graphic file
MD5	`73ef9665a446d3bcd5993ca90d5772fb`
SHA1	`fc59698bcd4d5633f939ed3f7091dc7140d4f2dc`
SHA256	`15bef3dc66106966c4fc7b51d53c7b5f7fa04989107ddb26ccb6435e3c6d6d7e`
SHA3	`7b9b6abe344ddf2f86a033d165a1debb6bb8587f32288737e125504d564296f2`

125

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x85c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.28006`
Detected Filetype	PNG graphic file
MD5	`934db06c806c42162052345e5e11ead5`
SHA1	`fb26c5fb9e2206f941f894bd2581c91d5b18b931`
SHA256	`0f43c42e6a64b161690548274994eed632da1c59b8e8935035fc9dac31a9045f`
SHA3	`74bf4061f7f65b357c37d1f0db0fa73a5ac588ed5479cdc62dfce42f09fa2e82`

126

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x943`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.43071`
Detected Filetype	PNG graphic file
MD5	`ea3ab81095fe1985a1dfe2f6053ca548`
SHA1	`c4196ccea8d000c57dd8544a43ff0f041ff30fae`
SHA256	`ac9099f56232f174ab446a24aef2c172f044e58bdd1f274de9e0e97846869345`
SHA3	`73345d48f8874bf4d6e002300bb3fed58facfc47f15995dd05a00c511a99f5dc`

127

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xa20`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.45236`
Detected Filetype	PNG graphic file
MD5	`767ce0811664c93bd7ce5632ee2ff849`
SHA1	`801ea259b45abe98174fc130ed9d709e21afb84f`
SHA256	`b28b7d4400a60566e43084e8f8b727c57fb491a74d5956036a81f5a6f0d3c439`
SHA3	`fdf8e2d9b8bcb8365b113b172a09bc003571adafbb87e751cfc85f613c33e168`

128

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x5cd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.78083`
Detected Filetype	PNG graphic file
MD5	`29003be7888fb9e6b1aac240a1e5582b`
SHA1	`68f6736fd1040155b9a77f6d833ad2d50571e6f2`
SHA256	`5dd7106d0b5d2819236cacf4b1c308134b0573547c52fad8cc2cfff4730cd88a`
SHA3	`7ae22c4722f681c4a09c37055e545497a19e98879bb169919fb44c366fdd6f4d`

129

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x6c6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.9562`
Detected Filetype	PNG graphic file
MD5	`94fc0f2ca3b1655c3e998419ed0376e5`
SHA1	`878b75e4f91a5fd8b615360f39809c66f8234ca5`
SHA256	`5589096ab97066f6f07b242e8873d189ac3f40e716af55fd2811ab7d5aa419ff`
SHA3	`389abd55540eb28458e21717c86a577b86b9391d4c02ec3f962e67353f33dad5`

130

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2691`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.81697`
Detected Filetype	PNG graphic file
MD5	`9f8fe6053432afa9a4030de4f6b43bd8`
SHA1	`1b5a701b8e2ec8ea0d0d66a9e49583148aadb6c6`
SHA256	`437c76fa404db0c0a1b7ba670c1e67a50d18a650a0ca9464677fa601865ab8fe`
SHA3	`f09eb6389f226d064fd6a9143af4f8dd26c07c85cb9c7d677eec025069d56f54`

131

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x3a71`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.48943`
Detected Filetype	PNG graphic file
MD5	`75adf09826de9a86f16c895c20c6fbf1`
SHA1	`a3e65b5c9c1318577462157126988436fae1cbfd`
SHA256	`46e1cb32dd6ee9ea5ace53a70e9ab2b7ef81145e86f91bf94974f2fd4586971a`
SHA3	`85dbdc3312c7774a57e2db87d1f130dce0196d41241b39e4e8c4ac01c5b5548e`

207

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x64b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.94249`
Detected Filetype	PNG graphic file
MD5	`c862a34218b511107eea62d397a512e6`
SHA1	`5a946cf1dccdc1b152969f1d2c8eee76f86c63ec`
SHA256	`d7af42463781a038080739e566d5f38ab52e5bf21e4826a0ef5428474d4dd2cb`
SHA3	`cc2ab0614d371f856b45d01551743a533186d071a7cba8071effa18a0c821c7b`

213

Type	`SETUPCONFIG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x380`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.60533`
Detected Filetype	7-Zip compressed file
MD5	`f59e044da7b4c1f9ed4bc9300bb75474`
SHA1	`ad662dc5720391bf5012a9110c5c481895fea295`
SHA256	`c710fbad9d944314b521b8bb06f654acc49a011416a65e567763869e40bed774`
SHA3	`0890884d7f7276be3ab46c1e1ff2181d807e177ba191044ef35a65aff7b7f482`

215

Type	`SETUPDATA`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x18`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.33496`
MD5	`baa78ebcf76f35fbc9add4a4a67fd81c`
SHA1	`dd0aec3b2ff8d18858af9b8f68fdcc6003eb0645`
SHA256	`8788a5004d2a3a0cf234158bc1e695d81c431d9e1ec3a13689f32140f4326c14`
SHA3	`6e9cfd64826ca9792498221531c8181b08ce9b6016bc5a1eda7ad1b9deaae068`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.4946`
MD5	`9380b6d469ae6be04f6738563933e1f8`
SHA1	`04b99119c9dee34a1abfaaa7d67283dc521e36a5`
SHA256	`f5a29c1dd6c811fe0e35c1c0503270b7c353419a242e10bddf90ee380ad52738`
SHA3	`e25799f5e65d898506d43d1dc6b0c3fde70cd410f6ba21dc9a75665847566af9`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.23559`
MD5	`9d84f76316c04e67ca0d57a51d0c375f`
SHA1	`6246b8b43e7d34f3077453c1fd2d68415149dfbb`
SHA256	`ecf36a373e4a56b95dc2a7414027518f37a76a4b1145542f805fb3ea60deda68`
SHA3	`7e1b925e7dadade4096e3ac34c9bcc9cad85cdadc971f4daca9683a81ecf94aa`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.61294`
MD5	`8358d2afabc1cd2cd9ad7334fb7d5d59`
SHA1	`381463709141b4078ef2af1b216c82218b2a4939`
SHA256	`80dcf020b4e4d5e4b5f1abb6d2f13a23566dfaedc3a8cfcccb40b42f2927888e`
SHA3	`14dedadc97f5e36bcb5a0cf1e884e9dd9e0520caec1ad26ad7afec1317e886be`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.69622`
MD5	`f3a9f9d89f77f1ec1fff52c12c5e29c9`
SHA1	`f2a48999963ea93369d50e58fe812bc451123920`
SHA256	`6fbfd7aac1dcbd7aa01320282ac33c4160fbeadd8afc8ee26b82e448a25702d9`
SHA3	`0a916a08b07eb34853dbbbf26310b3c254c60850c80928bcc7dc969b5260b940`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.55422`
MD5	`1d850a45eafc121a1a58a256e66a343a`
SHA1	`7dac4945eda27e47e5926ecc20d3216847bc1624`
SHA256	`16fc513a3207502be99ee2e215339b82e7ecc1c5d3b83ddec148ffba1c33e4c4`
SHA3	`00811d1adc07715e9e67c35b2761be26f72efe5ae664c712718f0245630d39a1`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79702`
MD5	`ec05f282637918c30f75b2cb670d4e48`
SHA1	`b6731f5750bacc6f692bfbefeb94eeb87d839198`
SHA256	`3cf404279d70e7f4dca3962471971368401b8e9766faf00459b0573f3c92f80a`
SHA3	`9fdd763315b4932f373ed46ccca9d0815984eb1bf165354b15beb959107023a3`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00957`
MD5	`f244e1c367b2b0f2db17f3bd1b93cdcd`
SHA1	`c8df36fcb99a85c27a98fb003602bd491af06e7f`
SHA256	`422f3e44d1534f3e1d9775bdfa21b01b47496be0cd336ea67afc960345e31bf8`
SHA3	`7075da2158c1231014102b447d00fcc78b67ba7073b6bef9f88464d30e146d6a`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12034`
MD5	`6db644bd5dcf7b82451d07a43e731230`
SHA1	`68b58cd03d2385d637d43224669bdced206d5bf9`
SHA256	`0bf2e77d811e350c7c73b2e23deb9c92885ffd2e02e96ba1afb4ddd53af5a4fe`
SHA3	`867c1aead4ed00ca1d2a243b249ef73e088dc7f6d1a1415afbbfe4df512055e2`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23029`
MD5	`694b0fe47918de0219bea4e337c32a54`
SHA1	`ab5f8b4c35135fb3cbd672e7980d28dfa425338e`
SHA256	`68d2b82f6fed0b13b62f451ab9a6f124b463247b52476ad66b47ee8ab0487d42`
SHA3	`49f5f77f7c79ff0b6f73f8e58b3640098e60eb5ef61a33e7d0170911d9e2cbc1`

101

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x40`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45491`
MD5	`c17739ee2ca612214933ae53c448c5b2`
SHA1	`15d5ae5c831c751020329b94a838807dec84f997`
SHA256	`66ab8e8fa818c5cf74d0340ca85582a6e3abbfd476c28090aa94f9932471fccf`
SHA3	`502d47affc3dde0a1da429e680fb85135f4864c8218888e31aa045ff65929a6a`

7 (#2)

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x26`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.20635`
MD5	`1727cd3fc34e0a9823b769608fc2caee`
SHA1	`5f48ade12909a4148e334bfba52de972b2acf80b`
SHA256	`a555a2198ac519c24b04a6bef371ee8497ab7a623b707dd506f910e63c9d4002`
SHA3	`29540f16579a13157848b262567a57e55c0e33510daa187dfd577dcef1fb291d`

14

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32434`
MD5	`87bd9ba0c4faf14bd2c8d7076a6cf007`
SHA1	`a7c37f3240b4649afd37092fec355dc8e41c9b2c`
SHA256	`c5f4fc3c0757d7b7be33f0ad7f7e5e3bade9fdaf4852d4de356713beb10cb432`
SHA3	`d8f4f84903a4bdc92aff34899875921e29a061d1ceda52a535089cac88fbe380`

128 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01226`
Detected Filetype	Icon file
MD5	`0a13fa2fb3d482e348632d920a8dd2ec`
SHA1	`5291ee4761a0e5d1ba34a6b75665dba9cbc5f866`
SHA256	`d670ce3db3b0dbc8bed5e3de0f3f34d874be9035e1d14782adcc19171b2e3c92`
SHA3	`fc8d06e04bab8e99a6cda69f037335b3cbaeeac345dcfd3ce3eace210c329fba`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x160`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32677`
MD5	`b2fd233ee930c2d78f182b93b1419b8c`
SHA1	`58c69f173b18a6c4bfd057080e593682ea5ae06f`
SHA256	`4b4453e0c9f7a690b9efdc4feee2ccf2244f57d4396c31c3898e4eb938776f1c`
SHA3	`c06c6cff5d142c1064cf6f40ed499af810b65ad5b088117ce7837a0e571bed70`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x526`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35467`
MD5	`6c9de45c7162b95a2b1fbc7423685873`
SHA1	`8d318ea0a4a760d6b0175fe10e667c1f88e75008`
SHA256	`2368350e3fefa496dc36a36bfd34728ded09ea158c3cd3b6178efc9e4f985482`
SHA3	`71928a7cdb72a512f4ff913d6332176dcb01fd30264510a78fb52d394d5af8a6`

String Table contents

鲁大师
buychannel_02
normal
no
0

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1026.1070.520
ProductVersion	1.1026.1070.520
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	Chinese - PRC
FileVersion (#2)	1.1026.1070.520
ProductVersion (#2)	1.1026.1070.520

Resource LangID	Chinese - PRC

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-May-20 11:28:11
Version	`0.0`
SizeofData	`124`
AddressOfRawData	`0x17b1c8`
PointerToRawData	`0x17a5c8`
Referenced File	E:\jenkins\.jenkins\workspace\install_project\install_setup\install_and_uninstall\Release\setup.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-May-20 11:28:11
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x17b244`
PointerToRawData	`0x17a644`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-May-20 11:28:11
Version	`0.0`
SizeofData	`984`
AddressOfRawData	`0x17b258`
PointerToRawData	`0x17a658`

TLS Callbacks

StartAddressOfRawData	`0x57b640`
EndAddressOfRawData	`0x57b648`
AddressOfIndex	`0x59dd94`
AddressOfCallbacks	`0x54d96c`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x595aec`
SEHandlerTable	`0x579f20`
SEHandlerCount	`1194`

RICH Header

XOR Key	`0x39844a5e`
Unmarked objects	`0`
241 (40116)	`18`
243 (40116)	`173`
242 (40116)	`31`
C++ objects (VS2017 v15.9.12-13 compiler 27031)	`5`
C objects (LTCG) (27051)	`2`
Unmarked objects (#2)	`1`
C++ objects (VS2017 v15.7.5 compiler 26433)	`10`
C++ objects (VS2017 v15.9.14-15 compiler 27032)	`6`
199 (41118)	`3`
ASM objects (VS 2015/2017 runtime 26706)	`25`
C objects (VS 2015/2017 runtime 26706)	`35`
C++ objects (VS 2015/2017 runtime 26706)	`81`
C objects (65501)	`4`
208 (65501)	`3`
Imports (65501)	`41`
Total imports	`480`
C objects (27051)	`1`
C++ objects (27051)	`106`
Exports (27051)	`1`
Resource objects (27051)	`1`
151	`2`
Linker (27051)	`1`

Errors

Leave a comment

No comments yet.