Manalyze report for a09f8a37fb83c759598d57fd6b7d33b1fb75f6b5855f1e74c3303df4b36529b1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Oct-08 20:19:44
Detected languages	English - United States
TLS Callbacks	6 callback(s) detected.
Debug artifacts	shift.exe.pdb
CompanyName	Shift
FileDescription	Shift
FileVersion	`130.0.0.1768`
InternalName	chrome_exe
LegalCopyright	Copyright 2024 Shift Technologies Inc. All rights reserved.
OriginalFilename	shift.exe
ProductName	Shift
ProductVersion	`130.0.0.1768`
SourceVersion	130.0.6723.44
CompanyShortName	Shift
ProductShortName	Shift
LastChange	0927c68589810ccc6488dbc8c79c9d37e4a0d52f-refs/branch-heads/6723@{#1143}
Official Build	1

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe` `Contains domain names: blink.net chromium.org crashpad.chromium.org https://crashpad.chromium.org https://crashpad.chromium.org/ https://crashpad.chromium.org/bug/new openssl.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable` `Unusual section name found: .retplne` `Unusual section name found: CPADinfo` `Unusual section name found: malloc_h`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA LoadLibraryExW LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Code injection capabilities: CreateRemoteThread OpenProcess VirtualAlloc VirtualAllocEx WriteProcessMemory` `Code injection capabilities (mapping injection): CreateFileMappingW CreateRemoteThread MapViewOfFile` `Can access the registry: RegCloseKey RegCreateKeyExW RegOpenKeyExW RegQueryValueExA RegQueryValueExW` `Possibly launches other programs: CreateProcessW CreateProcessAsUserW` `Can create temporary files: CreateFileW GetTempPathW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualAllocEx VirtualProtect VirtualProtectEx` `Functions related to the privilege level: AdjustTokenPrivileges DuplicateTokenEx OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess Process32FirstW Process32NextW ReadProcessMemory WriteProcessMemory` `Changes object ACLs: SetNamedSecurityInfoW SetSecurityInfo`
Info	The PE is digitally signed.	`Signer: Shift Technologies Inc.` `Issuer: SSL.com EV Code Signing Intermediate CA RSA R3`
Suspicious	VirusTotal score: 1/72 (Scanned on 2025-07-28 16:00:44)	`Malwarebytes: PUP.Optional.ShiftBrowser`

Hashes

MD5	`21c8d470e01e4d0462837bb8567950d1`
SHA1	`ec57b0982e8696e80e1e30c37b8620172076e685`
SHA256	`a09f8a37fb83c759598d57fd6b7d33b1fb75f6b5855f1e74c3303df4b36529b1`
SHA3	`bd2b22e9e02421036c42f5fc522d75d0da57e1f37dae3f97e3d59d1772795762`
SSDeep	`49152:EXVGfWHY3nYpCZxXxCIV65gUq/3AZH4aKcFfCu8dw6:zRjRqz5CXd5`
Imports Hash	`320c827207fcbadf0198e7c9278980ea`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`12`
TimeDateStamp	2024-Oct-08 20:19:44
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x200c00`
SizeOfInitializedData	`0xbcc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000147DE0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`0.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x2d1000`
SizeOfHeaders	`0x400`
Checksum	`0x2c9610`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x800000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d070e1b60d7317ba47ea2bd2e7b05fbf`
SHA1	`f5f0db0f2fce4c0a2027682602ae9bf403b3958c`
SHA256	`7e8a730f613e6231dc2a43c85062a154882b0a785a5afa55016e0850a5851775`
SHA3	`bb06c4318ae330fe58d111f9453207561090ef010fb6b88db3bb4bd671834a66`
VirtualSize	`0x200a9b`
VirtualAddress	`0x1000`
SizeOfRawData	`0x200c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51308`

.rdata

MD5	`ccaefd8b63a8d3b7f644118f396790c0`
SHA1	`e648569402814c3b5c34cf50055cb5d220cc3aa8`
SHA256	`aa734437ddfef74b1bca29bfdcd770e543c2a1294726e0dc6c13bdc518f59c9a`
SHA3	`5a798c1a3f8c7d8577ae3b5ea686dfd0d3bbecbfc327dae92b2c413ca663a805`
VirtualSize	`0x419a4`
VirtualAddress	`0x202000`
SizeOfRawData	`0x41a00`
PointerToRawData	`0x201000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.60649`

.data

MD5	`1285f7c98bbaced084fc870c5714d7af`
SHA1	`6cb28b5582393385f7e21079f2446e862ec0a62d`
SHA256	`1caaa1b25f25969e6355afd6022ca85b86bfac6e94121654edb74e371ec26a06`
SHA3	`762d42f0fa9f24126e94fc38fd427d75490cb87fbae07536d0a37868651027f0`
VirtualSize	`0x19b20`
VirtualAddress	`0x244000`
SizeOfRawData	`0xf000`
PointerToRawData	`0x242a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.38276`

.pdata

MD5	`f389b92c5d5096efbc33aaf6b603eeeb`
SHA1	`cd09bae2c30e6daa273595ba2987325891c9d14f`
SHA256	`c7e8c945a6504b0fc0d4f65a12dea3551b233a74cff95436467f7a5aedc980a5`
SHA3	`e5b8a3ce0116d6a6a61b36cc0b8f940a29cd02fb4e1637ef2d21531ab86c568f`
VirtualSize	`0xd7ac`
VirtualAddress	`0x25e000`
SizeOfRawData	`0xd800`
PointerToRawData	`0x251a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.08018`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x26c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x25f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.retplne

MD5	`93238e538d6a2ca3d6a104cd7b055e2a`
SHA1	`975e317e802a310c94a066a221a347e41d9d5469`
SHA256	`a86784731568a16116765c78f639c08ef1aea5ede65d4c9227a5c88b1105d6de`
SHA3	`cf6fd04aff1cfd1a6cdb23e0260ba42a39c28713c66c3bc655c8ec07b28331ce`
VirtualSize	`0xe8`
VirtualAddress	`0x26d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x25f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`(EMPTY)`
Entropy	`1.63846`

.tls

MD5	`35b950468608a375fd2ba254314a9979`
SHA1	`b92a7cd172712396dce477b47ca58b74fef9cdde`
SHA256	`270fa9cc921d91d5edb4df274bda681e96cbc2a87cc0f01e8bb37f63559f39cf`
SHA3	`7e6eb853c11abd6edbff388964d16968b05b703fbb426ad125f216af92132939`
VirtualSize	`0x231`
VirtualAddress	`0x26e000`
SizeOfRawData	`0x400`
PointerToRawData	`0x25f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.214476`

CPADinfo

MD5	`60d3ea61d541c9be2e845d2787fb9574`
SHA1	`a314e912df98dd680cdb9679390177a970ee9ac8`
SHA256	`911d1a12eca8935990172cfcd6768f9c6351ed94b700833b2cf0cf457a1d752d`
SHA3	`44f366ded1e40e29d2543686d5e4f2fc6daf379b056e4f94af32c16e9f6b2205`
VirtualSize	`0x38`
VirtualAddress	`0x26f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x25fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.122276`

_RDATA

MD5	`1474d706246cee30cb6abadee0f0e230`
SHA1	`a66dbf29ed90b85390835be907e279718b1906d8`
SHA256	`16578e43e84188f8a1fd1e11b62208ef9f668b1d590aacb79db9af2201ebeada`
SHA3	`9855793dd06e3f222abdf0e3d918cc739e2aed4a1f29a50beba81d15565acf6d`
VirtualSize	`0x1f4`
VirtualAddress	`0x270000`
SizeOfRawData	`0x200`
PointerToRawData	`0x25fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.13744`

malloc_h

MD5	`2903e88c46de43922a0e987d71c7fd19`
SHA1	`547b50e4596929a8966a1275c1943c51a8cbef70`
SHA256	`178b472769f698eddcf20c8fd593f34264dc31f8db1a8129446aa0b1f3aff6af`
SHA3	`e522b005e2cb956abc894bdda8e5fa2a52564f35e6175c96e1de5f74fac5ada2`
VirtualSize	`0x5ad`
VirtualAddress	`0x271000`
SizeOfRawData	`0x600`
PointerToRawData	`0x25fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.0701`

.rsrc

MD5	`9da7cf890863f037e13ea7591046ff4c`
SHA1	`36cea3094baa8e9671661ffb1f545de47121ec6d`
SHA256	`ccccdad4a716a56a8807adb4119d44ec802624133b6f67701093dba0e921ed9d`
SHA3	`99bee0db8673e40bdf7c29ed02738b6fb3cd64d924c6736222479f2f856e5701`
VirtualSize	`0x5bbb0`
VirtualAddress	`0x272000`
SizeOfRawData	`0x5bc00`
PointerToRawData	`0x260400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.222`

.reloc

MD5	`3b5b32ee7e6cacedac78815326940e63`
SHA1	`8566449367c98159d11657309d542cdd061cc101`
SHA256	`7e5843e2403e847f8f07669eaa9fb571bdb5312b2f71bd226382ca51f6d2c464`
SHA3	`6ca542200b30138067041b926500cb3bb19e389298dfe78ba223f776d8c9d767`
VirtualSize	`0x230c`
VirtualAddress	`0x2ce000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x2bc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.41868`

Imports

shift_elf.dll	`GetInstallDetailsPayload` `IsBrowserProcess` `IsExtensionPointDisableSet` `SignalChromeElf` `SignalInitializeCrashReporting`
KERNEL32.dll	`AcquireSRWLockExclusive` `AddVectoredExceptionHandler` `CloseHandle` `CompareStringW` `ConnectNamedPipe` `CreateDirectoryW` `CreateEventW` `CreateFileMappingW` `CreateFileW` `CreateIoCompletionPort` `CreateJobObjectW` `CreateMutexW` `CreateNamedPipeW` `CreateProcessW` `CreateRemoteThread` `CreateSemaphoreW` `CreateThread` `CreateToolhelp32Snapshot` `DebugBreak` `DeleteCriticalSection` `DeleteFileW` `DeleteProcThreadAttributeList` `DisconnectNamedPipe` `DuplicateHandle` `EncodePointer` `EnterCriticalSection` `EnumSystemLocalesEx` `EnumSystemLocalesW` `ExitProcess` `ExpandEnvironmentStringsW` `FileTimeToSystemTime` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlsAlloc` `FlsFree` `FlsGetValue` `FlsSetValue` `FlushFileBuffers` `FlushViewOfFile` `FormatMessageA` `FormatMessageW` `FreeEnvironmentStringsW` `FreeLibrary` `GetACP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetComputerNameExW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentProcessorNumber` `GetCurrentThread` `GetCurrentThreadId` `GetDateFormatW` `GetDriveTypeW` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSizeEx` `GetFileTime` `GetFileType` `GetFullPathNameW` `GetLastError` `GetLocalTime` `GetLocaleInfoW` `GetLogicalProcessorInformation` `GetLongPathNameW` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleExW` `GetModuleHandleW` `GetNativeSystemInfo` `GetOEMCP` `GetProcAddress` `GetProcessHandleCount` `GetProcessHeap` `GetProcessHeaps` `GetProcessId` `GetProcessMitigationPolicy` `GetProcessTimes` `GetProductInfo` `GetQueuedCompletionStatus` `GetStartupInfoW` `GetStdHandle` `GetStringTypeW` `GetSystemDefaultLCID` `GetSystemDirectoryW` `GetSystemInfo` `GetSystemTimeAsFileTime` `GetTempPathW` `GetThreadContext` `GetThreadId` `GetThreadLocale` `GetThreadPriority` `GetTickCount` `GetTimeFormatW` `GetTimeZoneInformation` `GetUserDefaultLCID` `GetUserDefaultLangID` `GetUserDefaultLocaleName` `GetVersionExW` `GetWindowsDirectoryW` `GlobalMemoryStatusEx` `HeapDestroy` `HeapSetInformation` `InitOnceExecuteOnce` `InitializeConditionVariable` `InitializeCriticalSection` `InitializeCriticalSectionAndSpinCount` `InitializeCriticalSectionEx` `InitializeProcThreadAttributeList` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent` `IsValidCodePage` `IsValidLocale` `IsWow64Process` `K32GetModuleFileNameExW` `K32GetModuleInformation` `K32GetPerformanceInfo` `K32GetProcessMemoryInfo` `K32QueryWorkingSetEx` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryExA` `LoadLibraryExW` `LoadLibraryW` `LocalFree` `LockFileEx` `MapViewOfFile` `MoveFileW` `MultiByteToWideChar` `OpenProcess` `OutputDebugStringA` `PeekNamedPipe` `PostQueuedCompletionStatus` `PrefetchVirtualMemory` `Process32FirstW` `Process32NextW` `QueryInformationJobObject` `QueryPerformanceCounter` `QueryPerformanceFrequency` `QueryThreadCycleTime` `RaiseException` `ReadConsoleW` `ReadFile` `ReadProcessMemory` `RegisterWaitForSingleObject` `ReleaseMutex` `ReleaseSRWLockExclusive` `ReleaseSemaphore` `RemoveDirectoryW` `RemoveVectoredExceptionHandler` `ReplaceFileW` `ResetEvent` `ResumeThread` `RtlCaptureContext` `RtlCaptureStackBackTrace` `RtlLookupFunctionEntry` `RtlPcToFileHeader` `RtlUnwind` `RtlUnwindEx` `RtlVirtualUnwind` `SetConsoleCtrlHandler` `SetCurrentDirectoryW` `SetDefaultDllDirectories` `SetEndOfFile` `SetEnvironmentVariableW` `SetEvent` `SetFileAttributesW` `SetFilePointerEx` `SetHandleInformation` `SetInformationJobObject` `SetLastError` `SetNamedPipeHandleState` `SetProcessMitigationPolicy` `SetProcessShutdownParameters` `SetStdHandle` `SetThreadAffinityMask` `SetThreadInformation` `SetThreadPriority` `SetUnhandledExceptionFilter` `Sleep` `SleepConditionVariableSRW` `SleepEx` `SuspendThread` `SwitchToThread` `SystemTimeToTzSpecificLocalTime` `TerminateJobObject` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `TransactNamedPipe` `TryAcquireSRWLockExclusive` `UnhandledExceptionFilter` `UnlockFileEx` `UnmapViewOfFile` `UnregisterWaitEx` `UpdateProcThreadAttribute` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualAlloc` `VirtualAllocEx` `VirtualFree` `VirtualFreeEx` `VirtualProtect` `VirtualProtectEx` `VirtualQuery` `VirtualQueryEx` `WaitForMultipleObjects` `WaitForSingleObject` `WaitNamedPipeW` `WakeAllConditionVariable` `WakeConditionVariable` `WideCharToMultiByte` `Wow64GetThreadContext` `WriteConsoleW` `WriteFile` `WriteProcessMemory`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueW`
ntdll.dll	`RtlInitUnicodeString`
ADVAPI32.dll (delay-loaded)	`AccessCheck` `AddMandatoryAce` `AdjustTokenPrivileges` `BuildExplicitAccessWithNameW` `BuildSecurityDescriptorW` `BuildTrusteeWithSidW` `ConvertSidToStringSidW` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `ConvertStringSidToSidW` `CreateProcessAsUserW` `CreateRestrictedToken` `DuplicateTokenEx` `EqualSid` `FreeSid` `GetAce` `GetLengthSid` `GetNamedSecurityInfoW` `GetSecurityDescriptorControl` `GetSecurityDescriptorDacl` `GetSecurityDescriptorGroup` `GetSecurityDescriptorOwner` `GetSecurityDescriptorSacl` `GetSecurityInfo` `GetTokenInformation` `ImpersonateNamedPipeClient` `InitializeAcl` `IsValidAcl` `IsValidSecurityDescriptor` `IsValidSid` `LookupPrivilegeValueW` `MapGenericMask` `OpenProcessToken` `OpenThreadToken` `RegCloseKey` `RegCreateKeyExW` `RegDisablePredefinedCache` `RegOpenKeyExW` `RegQueryValueExA` `RegQueryValueExW` `RevertToSelf` `SetEntriesInAclW` `SetNamedSecurityInfoW` `SetSecurityInfo` `SetThreadToken` `SetTokenInformation`

Delayed Imports

Attributes	`0x1`
Name	`ADVAPI32.dll`
ModuleHandle	`0x252af8`
DelayImportAddressTable	`0x252b50`
DelayImportNameTable	`0x2366d8`
BoundDelayImportTable	`0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

GetHandleVerifier

Ordinal	`1`
Address	`0x6c400`

GetPakFileHashes

Ordinal	`2`
Address	`0x967d0`

IsSandboxedProcess

Ordinal	`3`
Address	`0x99be0`

1

Type	`GOOGLEUPDATEAPPLICATIONCOMMANDS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.811278`
MD5	`4352d88a78aa39750bf70cd6f27bcaa5`
SHA1	`3c585604e87f855973731fea83e21fab9392d2fc`
SHA256	`67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450`
SHA3	`295cd1698c6ac5bd804a09e50f19f8549475e52db1c6ebd441ed0c7b256e1ddf`

1 (#2)

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72812`
MD5	`d4ff4e9e724f25f5265a3b0cd07d03d4`
SHA1	`9777e4e59ce089e4c8727910586b325f1cbfe12d`
SHA256	`8c5a126b0e59e2927158fe5008c375aeef5396adb797c682e07578d13c283a3f`
SHA3	`c75e4c8d4280cd1e4d3a7d59a7d7993be648ff029d47900a843807031484d03d`

2

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05033`
MD5	`717434e636786d3d0fb3f571f6109660`
SHA1	`2ed8ddea1a94e39f624dd752c1843648e5ad2aa6`
SHA256	`06db3222f267c74b72573a349de6a24bcfbb4bba9656d3dd6b50f4f64326e156`
SHA3	`11bf1f65e167fb701bcd216f1c0dfafb324c6d5c883989c59fcfcd08d93072a3`

3

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.80214`
MD5	`97f6acbd9fba8933adafe9cef8193ff7`
SHA1	`3fcce71b59dd9806e573170748858cc02c00c260`
SHA256	`91baaad720c63aaff01b902deda14e2c8b355c31159b71c481dc6fb67bcbb4cf`
SHA3	`d5b9de20cb7ea1c27b6a8500de4b0e2b8b436804b1d70a4ddbd8d77ce60ef340`

4

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63098`
MD5	`14a8d213994c484121f0f0d63746601d`
SHA1	`3ad42569021b69060eb157875531fa0310b48e86`
SHA256	`2d2aea139c8f41675322a459ce75295ac168eb0e925ed5a75c0981b3693069aa`
SHA3	`e684a3170b7471ffd03ac8607f9d5d56a3892db7d3d21bc5d4ab9383fbebcb92`

5

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55212`
MD5	`04a6442470e12c4f6931ecd090862ef9`
SHA1	`11704afd9e26ca32f68ede4e0c043405722ffba3`
SHA256	`a4319fd1d9a81d7a6dc9ef1818d85dc68ded85342754d2f5768e01d0edf46780`
SHA3	`37952f4114576bfe8616ef61541c8f81eddef30236d455ce5f74a30d98a8539f`

6

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.29146`
MD5	`db2dc0ce6ad8b8cdc5be830bf79a761b`
SHA1	`c9345712f79eed69677a5f165d115624da3de4cf`
SHA256	`ff8ccb25e747ead631922be99ebc2004a97295b0b606f40e83f15c2dc2bbbc81`
SHA3	`c0f08c34bfb83c0aebe052470d5b51b2367a2bb61bb911259c200931f6b0d42b`

7

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.17845`
MD5	`35fffe5c3ef617079a0237e67ada2472`
SHA1	`70900b1268464c03c8c5f7192456b7e6efceb1da`
SHA256	`860a680c92db087b12dd6bf2ef581979c08ac13ed9657403dab974f387420555`
SHA3	`dd8b7568bca263f759c9dffa79fc19cf647abcbfdc473b14d2ac11a86fd45e70`

8

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.995644`
MD5	`1b905e5ca2a21da398c9c73124428505`
SHA1	`6f922d03bc5d6ec61789deb9731141893edf55a0`
SHA256	`5edad8d3d744070cb51e4dfdb02053a15101c8c954f952e4dfe57a4d7659e5b2`
SHA3	`f07b653197b1cf5483179f834c56415c8e7f11f3e59af3a35753df6cd0a94520`

9

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.666526`
MD5	`75bec5efc67babcf530d51321d95ed7e`
SHA1	`38eb531d42adfab051bc81ef0590d60a21d77498`
SHA256	`3bd84b82f6e6a2cb156d881bdc1f29567d5712ad81d2da33b0ff9cd8a5a9981f`
SHA3	`665bc39673c1b61060b16e7572c6520c7d50080a166343540e56f4dd9e233502`

10

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84104`
MD5	`acd42b137b48d1f19ee65a10fc90814e`
SHA1	`d1f9068dee688563ae870c437900709795cc6dbe`
SHA256	`d87015c12fb89d2c54c2b1ea0b5f0feaf50bba50cddcf546668c62316597bf2f`
SHA3	`eafa118068102c848c31a6c914e40e8de8a682f2c36091294cb30b518fc5e6e5`

11

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.82478`
MD5	`3a50f5b7c71bbdc5512fbc3873192dcf`
SHA1	`bcedef446ec1d6f465f15aef66474e7adab95a48`
SHA256	`c7988ba08e9df9a1eee74d2ed9ecda968a384dd1ac105125b95dee98cc663c19`
SHA3	`6f3a01136cfd17eae5a4d0d5c60b8652742debf4ef5c0874d40fe007b4ed3432`

12

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.82478`
MD5	`68e0f3426f82d799afe0f96427beec21`
SHA1	`4ea992afa212b04e07fea303ecb328ff54e061cc`
SHA256	`744c1f78a1a9d3ec04ad6358c2bdbd89b8a1cfa9d850c1ee4ecfa4b3f256ff26`
SHA3	`745e989aef3ea85a98abbf63a7b4afe3fb525c099bc5dce78aa7f5af17b5f70e`

13

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.670417`
MD5	`6d9a8875e9bc6d3e9eae95b2b03257ce`
SHA1	`b7c15c9636773a47be134736c68bdd339922aeb9`
SHA256	`cbb310244272c36ea589f9257476e6c19b1eb6be0cd5193cd5901efd4d184c35`
SHA3	`744ffb0101cc0d94ee909ff8cdc163f79773c26af417370d25faffc4bc936155`

14

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.659108`
MD5	`fe9cc0eafbb8e74285bf641fb8e73244`
SHA1	`5ab52f22cb2de40638a657785c87df0ae3729fa7`
SHA256	`302d274cf49db7ebc8f97dd4320489781da8a44447cbb2a7346ccff84b1b944b`
SHA3	`2803d7cd35174ade40efc9c9f338db79b345777a589353be85b7c744e7a3a4fc`

15

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.65993`
MD5	`53fb50fe6ce1aa6722afa878db7289a8`
SHA1	`a31cf91b8df398a12b84c5fbd10494b2ff6b749d`
SHA256	`bc19a3937fe7fb79cf877d2bea8d1ab4ea30d1a05f4c60d42cf57142c81290e9`
SHA3	`6a4d76c847f3ef198074c93c4e25056a081fc8131151daa0473cd2a9394db239`

16

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.670417`
MD5	`12a2030014722c91cddfed04b83be533`
SHA1	`c462f3e4e6bc388726ba3d488506d366ea0c6999`
SHA256	`9534fac9229e10c53a85e5a6deb4224d12a7a3024b7ff9ccc1cb8717ffd7acaa`
SHA3	`11e87ce0be315125dcceaf8d8136b0ec09a3ed22b2fbc4724501aeaf38077e1c`

17

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.659108`
MD5	`94ea73b19eada640886c96389652ec8f`
SHA1	`aaaf2828cb9aed84f203efec44e302e5af20bafe`
SHA256	`faf155f58e17b8e1a98cc26aaa92597c62dc87ff98555cd708f6684eb8243d4c`
SHA3	`cb12ab171e7bf02f1c82573cf89cac99f83e304a66f3c4137bf54d4b742f4e7c`

18

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.65993`
MD5	`2dc824995511736d22408fb4dba702ba`
SHA1	`9aac0c12e6f517872128083df0f5b1105d6d8e7c`
SHA256	`f4bcc6750981e15e3fc8c751997156f4df9055cece8d16944e4dea2ce4bc911b`
SHA3	`56d609cc52f073b584c7138bb6349751b24e07fe66ba60fb56ea997b8bb1f078`

19

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.799151`
MD5	`6505e57c301902618e8f1d070667db1a`
SHA1	`c8a96d9801db8e9550741da0e8f4a55655253281`
SHA256	`787dc2d9d3f4034a91bd222034d01eafb01e1053ac3579a0fd033f141dcccb69`
SHA3	`92104dc773f9195f1795235be40b81774a87b52603a7e3089d48780829cf7bae`

20

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.65872`
MD5	`ea82e850caed8b7eda4b753fb9d8c03a`
SHA1	`699e1bb7f568456fcc41c9ed9ecc9089d640d6a1`
SHA256	`236462dd2d629d67ff18c41f41cfa739549aff2933f7df2bd51630790b4d424e`
SHA3	`7cc9d637e593f742566b68ce8dd23201f2097429a4f48d55993f87da0d726754`

21

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.46615`
MD5	`ff49a9a5c7e188634136611a03c441ed`
SHA1	`756344327134a9f9c1404185baaad435bf0a53fc`
SHA256	`3eba69eaec7cef56d2c964dee1f9c0226a365b3ae869a402690d548c82c16ba3`
SHA3	`a5bebb0afb2d86976c02d4f2befc5fa28d496be24ad98a8611055f9d67683c27`

22

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.08719`
MD5	`b490b06239b76334192a94969717671b`
SHA1	`3f19007fbd45bebdd6fe4235fb95517bf67911c1`
SHA256	`2a53b434f3ab8d37381a5461163027d2a256f0bda3ea8f65795ed6d2c66b4e30`
SHA3	`5217b671e39ef4e252e5fa4e6b4f1a05d89627e53702a0842d0c9504b7aa3ee6`

23

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.07143`
MD5	`aac863f48e2b416af0febc82cd648345`
SHA1	`f4bec546c4c140e4436ca28d82148997a56f1ac0`
SHA256	`5b4c85e7d881d8c74760c07f9e4fe3d7427a72bed0e379aed6a78f7cbeca3199`
SHA3	`3c0698cb59f54d170bb85287b6fc265cf78e0a7a8b2502718f0c7899fdc95685`

1 (#3)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.64471`
MD5	`f8c7a7bd352fc14129ef48a8f65a42ab`
SHA1	`781499a042f83d565d212355a772e2f82a29b161`
SHA256	`ccd7e9b1b60d0498f8fd1d9f17d06910d638d9dbe3dc985df80d55caf8833018`
SHA3	`0e46d829a58f0321196e59b15d20c8e771eabd356f04f6b4c2f03f6b4bf95dea`

2 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.57146`
MD5	`600d34f77d1af8cd9ab86eb5cae43225`
SHA1	`665e8903fa71df9adf71c1695276bd006cc93795`
SHA256	`8330013657c40dda3856a3cc1893f10a10a401444f2cf9fac8b622d11429d06d`
SHA3	`1a928b107816ac847465868ff3020450d3c0cd0c7f13a473df1d262db64c6337`

3 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.3627`
MD5	`8ff5217341242206773ece0d692b1cbe`
SHA1	`8228c5756983fce4e15e5e8002f776686a757d06`
SHA256	`25b5a32697de60cd9edb439f13e8cf785c47a2857a5fc645c5de1c60f2849c31`
SHA3	`da93490f640ee756478b3179bf315c48339659541128e204ccc1851148fb9cce`

4 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.3024`
MD5	`08a2ea1d76bfb289ab2d380557f71476`
SHA1	`69d2d5dbc2285fc9f654b72aa538c5a10dd7afe1`
SHA256	`d2fe7a5371f2e2a3b42f7aa98e4473089618e462c2dfc13870502409247cdf47`
SHA3	`e02112d9538d113b76b28dfe2ffcef070ed76bb293a8454e130d1e1534c4cb4e`

5 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.13425`
MD5	`e230ed7ddfcf1184d2b182f1c2f6b58c`
SHA1	`f1207b55dc151d90b51430c722cce11d82a034b1`
SHA256	`4b6012e8ec564811ad82b9f3b3bf0cc7e3cadf3dde17468ef8efb159dcf12c7e`
SHA3	`e40b95e518a4077a88de92cd3a4113a25148d13a4d1b511ce51fc584ace71b19`

6 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcc7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98907`
Detected Filetype	PNG graphic file
MD5	`718990bc32b34a037557183c7bfd689c`
SHA1	`7edd460d477d607dd6a9897ad62e7c783762cb52`
SHA256	`6913b812e60a1ce0811413960c66f3a38f263cb266eaa9c6c3343d723cf7496c`
SHA3	`488dc3e3f072fd9a4eb2470862b55539b4563fedca2dbb32b5923cfcc17ea703`

7 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.05163`
MD5	`1d631f6d8fa19398d2df5863be341a2c`
SHA1	`97243c848ad1a29da52855996d88fbdb092ef48f`
SHA256	`7abae35099733d994c7168b58edf433d9a87096ffacdbee04cacc5a05dd84909`
SHA3	`d6fbfd69d2f15297c09308bc2fc122cb08b379927f53cbf30c5974c6f62067a9`

8 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.36687`
MD5	`f5a0e41bc60f9722f17d2eec66a72996`
SHA1	`db94b2c361fd617c8ef978dc1e4e5f71e0538d7c`
SHA256	`110d31262fc1d5c2a33c27059c94469b6fb4f7e4e16a91572c0492795c3f21b7`
SHA3	`2c2652334d23ef6e09283055ceb3997751854a44b3907deca030491f4fd46f59`

9 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32943`
MD5	`faaa6b184f0de776b3694d7333bb7dd3`
SHA1	`821091dda1f7b14e9d84a2114021773366aead18`
SHA256	`a8589c4aab8ed377a9602ef5bf3b6565e45a3357911efd6048f38a56b0a102c7`
SHA3	`3f0f8f6b4531727f1e8196654de4352ba230b90a335a6b5f621bbca551d72e9d`

10 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.26175`
Detected Filetype	PNG graphic file
MD5	`44ecf3fd91cf33cfb4535bb2ea59e27a`
SHA1	`3090f24b36ec71739d9820d550aa3f4eed8e52e9`
SHA256	`977990ecb2a3a7bf7ef2edea2c484b538b73476eb46722791fb8591d19bcda4a`
SHA3	`b339de91d44a8b0b0dddcc8b659a82533fc85134b67ad2e7a6c70e9a13577924`

11 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32779`
MD5	`d790cb9b9086f45ea53fec385891355d`
SHA1	`20e3548d16dbba68b8f322a1c4f7086e38110d10`
SHA256	`18621604c0b5f4229416994b569e2afda775a608e1759d5ba7082a31458e1169`
SHA3	`b14e2bb5e8953ae807c2ec3b726942eb2ead7890772fdf6a410a8c9a71e81915`

12 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21995`
MD5	`7ab8c3240114b0f7ebc42c5c489060f6`
SHA1	`0de249b988a94d3374bbf9eb3585f00ace2e5499`
SHA256	`f5feb3ba96da36d90fb879e6f1af274a1c5f6fd4ba68332b1c25d97c6508d062`
SHA3	`def1c08500690c2ea7b272685c0a594f8ca5bf9865055bfb9c488d12a6955dfe`

13 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65783`
MD5	`d720ab3b897affd8516a5c73e9020b19`
SHA1	`36e5ac25f4b4f4b869d109c0072da7f6f1fd03c2`
SHA256	`f269848277f345c8fc62634f14c012bc8ee1afa4887e8819228e99c6915bbdf3`
SHA3	`c946f83fcb2547d27caf0a1adff84c375349fd416f64281d3fb2653a224affa0`

14 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70621`
MD5	`7a8fd82c16489f1ed6e5cdc5dc38c815`
SHA1	`595b39dc0c92b6e3943ea918a213cec58503daf4`
SHA256	`9260d8b6f0fd7fc00e9a960db1b1283180efd59049be2c8867a4e660b1ff0123`
SHA3	`2eec2ac06df13fa72c5317fe2f7e049cddea95363b53620674c73c866a7f8d52`

15 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1234`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.90997`
MD5	`11921cfff61b5877c53bb37c86b6d09c`
SHA1	`3800127e39a03ea9b2a9f79538d40227ef4d0c89`
SHA256	`c714566bd8b7f0be360e68950a5615a2fb365d53b14ea7c2812f23c458497799`
SHA3	`0e2df531413bcc400f2f42179d34b093d3229754f3ee9d7c982faacd2f766e18`

16 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.72497`
MD5	`0e559d7f5897727c98dfdd1e6c3631e7`
SHA1	`fcd9803592250e14d186e9c8fd0f094e7debfdf0`
SHA256	`6e6dd7cc3df380721e4678fb1825b982df22a4dc058091634e733c33f3543b1f`
SHA3	`54cc4d475eb6e3066dda379e7ce197dad0d994522cc58d68673a5707d4aa46cf`

17 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x184b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91162`
Detected Filetype	PNG graphic file
MD5	`e3e595605f7ba7a83a424e5698b342b4`
SHA1	`b7cf89a883818649ffeab77f323b07808b1b717e`
SHA256	`05de73b49e62f848770d877a92a4a920e2ef6812538b84ab3a3255ee89bf3666`
SHA3	`0a0834c7fc8c9270e4ef414eb9095219a154fefc631b38f811eb7639a46a3aec`

18 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16758`
MD5	`e3ef6c429eb5f9ad3b5b6157649357a9`
SHA1	`dea84f3bcf21fd240409b3c37b7c735187e37b8b`
SHA256	`40c246379eab917bd7db6383143113ae30ea291638b417c373563a3020932b21`
SHA3	`1f2bc790a682901115c14931548451154fdcc1ead3db65ee17c86ab846883e51`

19 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3439`
MD5	`1c75923afa52b8b821a91e1a93047fb3`
SHA1	`eea53acb157f13ed250552973b3b6df26ce08abf`
SHA256	`dcd1fd9f727b98ac32f898e1b7295511cff546626d4bf77d5f5d7eef18215777`
SHA3	`8a9f3bc5d1ceb2df837583dfc99e41d12fa6d5dbfdf868b664e15f3f3d924481`

20 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.67037`
MD5	`471e1322c6b73efdd4d2af85e113879e`
SHA1	`b62dba49d1fb23ac98fb4f79a595825ef989391f`
SHA256	`513a8bacfbbeed27c32198f8aaeabec8c2f5d01a246482ea5b21346a004c4653`
SHA3	`16c0b7d52da87a8349ac32ddbbd8daacd4efafa23d7e7dd89dc9cb384887429f`

21 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.57969`
MD5	`880e6bf1fa7d8c3cb0de94c0f297a674`
SHA1	`eb81c28cda97bba23b63efce39349589dbb6ecd6`
SHA256	`89f9844a73b620b46a9102569f1a2244ca5af6fe528ffb13e5658565f652b77a`
SHA3	`43728b80c98f7cdd527cb520781a3a54aabc2827b388244a26301983e23d5235`

22 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95126`
MD5	`995f327e043ec7becf5b4b5b06a80af1`
SHA1	`06054dccdacc69417992fdf27732b5222521abba`
SHA256	`19db737d57a8977454e8b3f1322b9e446f9a1d7c926e7ea2d8f81963bff8bfe5`
SHA3	`6c49af59b14944edda8c6e00248723a298f459d0c6228d26afe13e7b12fbe148`

23 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.1991`
MD5	`3c090b7925b0b1ff85a5bb6d59d00302`
SHA1	`bc072e63b5a70b0c2e05034a22cdec755f16fd35`
SHA256	`c584db8605be07e8ad5687946cd59dfac7184f234e234a6f5ef880b928e69638`
SHA3	`980d26de113ffeaf3f755a5883dcaa24f4a89dbc2b77b43938dc3213657c5886`

24

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x87de`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97899`
Detected Filetype	PNG graphic file
MD5	`c383459e792d4344e0bd17837304b010`
SHA1	`b253c676ee4b7e929a114cedc43d1f9983dd0b2e`
SHA256	`525c4d2c627af547cd3f7715c36bd39d730dc5ef5c55197d9ff28aae68ed2dac`
SHA3	`a42a65fe9e6201028af0ab4f71589a6838a763ba97175efde928e4fcf543328f`

25

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16758`
MD5	`e3ef6c429eb5f9ad3b5b6157649357a9`
SHA1	`dea84f3bcf21fd240409b3c37b7c735187e37b8b`
SHA256	`40c246379eab917bd7db6383143113ae30ea291638b417c373563a3020932b21`
SHA3	`1f2bc790a682901115c14931548451154fdcc1ead3db65ee17c86ab846883e51`

26

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3439`
MD5	`1c75923afa52b8b821a91e1a93047fb3`
SHA1	`eea53acb157f13ed250552973b3b6df26ce08abf`
SHA256	`dcd1fd9f727b98ac32f898e1b7295511cff546626d4bf77d5f5d7eef18215777`
SHA3	`8a9f3bc5d1ceb2df837583dfc99e41d12fa6d5dbfdf868b664e15f3f3d924481`

27

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.67037`
MD5	`471e1322c6b73efdd4d2af85e113879e`
SHA1	`b62dba49d1fb23ac98fb4f79a595825ef989391f`
SHA256	`513a8bacfbbeed27c32198f8aaeabec8c2f5d01a246482ea5b21346a004c4653`
SHA3	`16c0b7d52da87a8349ac32ddbbd8daacd4efafa23d7e7dd89dc9cb384887429f`

28

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.57969`
MD5	`880e6bf1fa7d8c3cb0de94c0f297a674`
SHA1	`eb81c28cda97bba23b63efce39349589dbb6ecd6`
SHA256	`89f9844a73b620b46a9102569f1a2244ca5af6fe528ffb13e5658565f652b77a`
SHA3	`43728b80c98f7cdd527cb520781a3a54aabc2827b388244a26301983e23d5235`

29

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95126`
MD5	`995f327e043ec7becf5b4b5b06a80af1`
SHA1	`06054dccdacc69417992fdf27732b5222521abba`
SHA256	`19db737d57a8977454e8b3f1322b9e446f9a1d7c926e7ea2d8f81963bff8bfe5`
SHA3	`6c49af59b14944edda8c6e00248723a298f459d0c6228d26afe13e7b12fbe148`

30

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.1991`
MD5	`3c090b7925b0b1ff85a5bb6d59d00302`
SHA1	`bc072e63b5a70b0c2e05034a22cdec755f16fd35`
SHA256	`c584db8605be07e8ad5687946cd59dfac7184f234e234a6f5ef880b928e69638`
SHA3	`980d26de113ffeaf3f755a5883dcaa24f4a89dbc2b77b43938dc3213657c5886`

31

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x835d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97814`
Detected Filetype	PNG graphic file
MD5	`3863cd7704ebb65bed5e9515c7240dd5`
SHA1	`3b8096bdf97a01ffa93557c4e10a7df80a45b682`
SHA256	`c9e199278660ddd007eb165f4f6aa23676af01abc68db14a28fb1fd91b414b93`
SHA3	`c0b926304f8bfd2a584c154ec29c4135afd390f07c55d6533dc7d39a3a2ce190`

53030

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83876`
Detected Filetype	Cursor file
MD5	`a2baa01ccdea3190e4998a54dbc202a4`
SHA1	`e8217df98038141ab4e449cb979b1c3bbea12da3`
SHA256	`c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710`
SHA3	`8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc`
Preview

53031

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Cursor file
MD5	`aff0f5e372bd49ceb9f615b9a04c97df`
SHA1	`e3205724d7ee695f027ab5ea8d8e1a453aaad0dd`
SHA256	`b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c`
SHA3	`9cb042121a5269b80d18c3c5a94c0e453890686aedade960097752377dfa9712`
Preview

53032

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`48e064acaba0088aa097b52394887587`
SHA1	`310b283d52aa218e77c0c08db694c970378b481d`
SHA256	`43f40dd5140804309a4c901ec3c85b54481316e67a6fe18beb9d5c0ce3a42c3a`
SHA3	`38753084b0ada40269914e80dbacf7656dc94764048bd5dff649b08b700f3ed5`
Preview

53033

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`1ae28d964ba1a2b1b73cd813a32d4b40`
SHA1	`8883cd93b8ef7c15928177de37711f95f9e4cd22`
SHA256	`ff47a48c11c234903a7d625cb8b62101909f735ad84266c98dd4834549452c39`
SHA3	`a85dadd416ce2d22aa291c0794c45766a0613b853c6e3b884a2b05fc791427b8`
Preview

53034

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.46809`
Detected Filetype	Cursor file
MD5	`d66ede131a0b66bc73b797f3ab01cae6`
SHA1	`049144cedcabc8443ba9b9d16c4a5f8fa6c2cbac`
SHA256	`f75e551324504a3c9caa453a4b0fd424884291acdb82f0549e7bb0b48ce01647`
SHA3	`bea99994e7901c76649ed73e68b2bf22bcf6c427b7665d2bbd09f70b80490229`
Preview

53035

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.46809`
Detected Filetype	Cursor file
MD5	`2933c67a462bd6238b86a9d44634158f`
SHA1	`7a818b5a1da0dbf5c9d3ec227eb5944a779f016a`
SHA256	`770a19a2be0c18daf7fb714c6f78e5fecde900b9fda29a6c4691c369253f6f0f`
SHA3	`3e59433bb9c9ef6b3f3dd6d6723238d79b0831e52aa016113d25b89e2085dac1`
Preview

53036

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`9edadd9eb5da2bb6aad56c666862c9c5`
SHA1	`3901ac1f5112ebee7a931141c73e76b60c984cf8`
SHA256	`7662c77c89bc776c64acfbc6ac7f22f56a631304205ac1a00d1d6c876ff1574d`
SHA3	`24753677cf5443d63f8406407477e81b9c98c7d2ee1ef92dca85d23fdd6e3e43`
Preview

53037

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`cc34525879592b62945fa5102955e7af`
SHA1	`1c1f341f0ff952d168ec070d95809224631c5f59`
SHA256	`c7f15e3e69f8bad21f5f9c9546b129828d66e90b38a8fe9cf33cf23846e62700`
SHA3	`1af1bcbf18cfdeb5e3d81c46ab15ef59bc0b1de5f5ff9dc32f491120f405f5c6`
Preview

53038

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`cb8d29dff5278e39030b2ad47022cf49`
SHA1	`a48b5853b494a9095f0899e23414db872433d366`
SHA256	`fd27224dee56e50f926e0c003d1bdb8c31db4d1f0a089280d0f55b79ff45c1e7`
SHA3	`3eca032eb883d63cd63778223e4ed5d3982bcbc58eed6534f0a70d84a7a624e5`
Preview

53039

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`874e41c97e9c38232490d3bea15ae8b3`
SHA1	`ae70b2c25c1566c2e13ac44e0057ef4f6daf8d91`
SHA256	`2c57fbd554735f2b8ff46f26b3d2d58a5a5e4152a02043e7fd6c552a43a3ceee`
SHA3	`b13a2c1efb8dad10ad85e8b4ce0067cbbea82053146cd5a81b0fecef2a15bf15`
Preview

53040

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`24d6779f223eda66e958315d638d0b62`
SHA1	`12525fd20006775a0366d61620ae851ae090dbfb`
SHA256	`1133ff27d25ac052e4a0570865c18ce0e07a3afbb89577bc52af61435a91b8cc`
SHA3	`feab5af24df559fd8b9b078058f0cd7af2d943e88736af167b57482cff6597bc`
Preview

53041

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`63e88d11b8e4a0868f5c2dcb5c944b1e`
SHA1	`19e86d2e68c188e8f8101e3c053bfa02ca714b97`
SHA256	`5907a1ab79be2dae328a84248db9750607aeb7b802af582f974a5ae59fb3c37c`
SHA3	`fe8a1640613ab39314806298ace08aae1c0f1d9f89c9aa23e7a270562db0dd0e`
Preview

53042

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`08ffff653a54f5518c6bbcbd1c4e82f4`
SHA1	`4a8832e7ebf39d3e0398d4332748b00d5964e6e0`
SHA256	`d19508d8742527d523aa3ef78e1091ce417bec079e9632181cdc8ff245c53ce9`
SHA3	`7650fb4c907b38dfe5785926961a8e754ad52af5bd6eef810c761e1cd02a1fb6`
Preview

53043

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.11924`
Detected Filetype	Cursor file
MD5	`384df7c4869187442684d2fb5292ac78`
SHA1	`ffa445392454d9a208a18fc2520b7ad60e5936df`
SHA256	`1dac0833fe30898ce2c1df2c70b09d62d51f8f765ae0ffd90b811067e875ae98`
SHA3	`1fbbe841170dac2994db17d7b74b60a56ffe6ab959f8e1bb6c5605c6bcf2c705`
Preview

53044

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`4e14da9e6db8978ffd0c5eb4b3e9e80a`
SHA1	`2a4d2df5f07e3a096a27db0f2297f46e7f8df507`
SHA256	`5fa51d73b8ea1316fb0c8f11c3740c6f755a8499a135e4e18ef6b823aad3ad70`
SHA3	`ea3bf238714cb012824de6f84f91faf385180340f7563976e327c4fef3750f5e`
Preview

53045

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`015d385990b99272d167c51c508f427e`
SHA1	`f4591544894c9e23e281d023fb2210a1274d1628`
SHA256	`7794cf070f4c99cd9ec27a43faa84daab8d19e765f0489c981a9ef28468a3899`
SHA3	`514c273141a62c18cd8fc7252db9af2dcfd0226ea3c3efe8ef3ed5ad3b16be99`
Preview

53046

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`9ee83aa87f2c8ba446b991fb305805f0`
SHA1	`c5b3271c02fd48848692cc701618ec1badc359e6`
SHA256	`4c9fe467bd0250366713a2a43f5162e5ec2e7cd566ea218f7a6545e0ad878184`
SHA3	`c5065128f9b38fcc3692787e5e4d29bcd359689a3fd3cda0bdc6e41ae32f4fd2`
Preview

53047

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`79bc23c45190436b2c51ff2941fa8720`
SHA1	`0a8234176fad8831709703a0a34337a08987a983`
SHA256	`b328fe22a904a2e7e1341a95dbf00e2fdffc9ab350bc64c5ee348d3007c2b479`
SHA3	`b897f30ec85dad865a74be84cd616e0066da486befd0983d87e2b6f5d66a6c6b`
Preview

53048

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`1e219dd609ce399df95ba7af59ef113f`
SHA1	`436a16dd20d5e3ec42342a4d005a664cd227f517`
SHA256	`8f51832638675f16ec5f251ab59251b3f85d84e5129025d44c45b3191b331c58`
SHA3	`9e44adcf523bb484f416a99197d947211027feae6b6665b457883e548218befd`
Preview

53049

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`690a20e696fc4e33ffb377a8ef54fb97`
SHA1	`972159605fa069921dbdee9b7a35879e6f1928a6`
SHA256	`6c2ef97bca5cdc6aa6de65b1f1ae8328bcb3494a16025eee870231d991e2cd56`
SHA3	`fd9d56519b5bf976a4ae748fe0c51dcd47ac27ce6a7c271fa2bbb3e00f473b22`
Preview

53050

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`459379b9418ad5b62b1bf409300acb32`
SHA1	`5363fc84172d6b624542a0b52edbbfe21e2443ae`
SHA256	`1085b7390dbd2b2006f85619521047c6ca58a8b274196eeed48e74ad8a1b746a`
SHA3	`2b8f3218d3da7e4ee463a712c6c3b8f5b58cc6799a84f5e582b6a40da38a2bfc`
Preview

IDR_MAINFRAME

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79908`
Detected Filetype	Icon file
MD5	`c3b5308ca8fd2f9aae350307a639887f`
SHA1	`9400e52cdc9063c8d3d8214628d58a0342c54486`
SHA256	`d77a3487f0961ab99d37afca8cc7bcd27d4cf3e0ec6f3899d5621778b79cf015`
SHA3	`974583544ccdeb8ce9a840d6645f1c793d502171552aeda18155074e15a75799`

IDR_X001_APP_LIST

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73939`
Detected Filetype	Icon file
MD5	`ed23277297f31f502b166c9886c1f4c9`
SHA1	`383ec5928db7527f1f48fd779c1ee9ce0c0a151e`
SHA256	`28743a04c851237147c5d6b0812c54f74f11e699b9f5220b0443e81310c94d76`
SHA3	`89e0b5225f4a9f1b3810e1e0b2d149b8bf824eb8f329b185fa3193333069bc79`

IDR_X003_INCOGNITO

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71898`
Detected Filetype	Icon file
MD5	`b822335656c55759929b5aa81fe00f9f`
SHA1	`d57fca85cab7046aa942a989543cdec5c3f55a86`
SHA256	`806e7226cc7cad024a452be29af6fffd5d33fb31a1843751c8b38580a633447d`
SHA3	`eae912d065ba343050a70218ff0142a02be0ffe28d4bf2ae454ca088940adae8`

IDR_X006_HTML_DOC

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81982`
Detected Filetype	Icon file
MD5	`1fdab9c8a3d0ab4d334299547548a142`
SHA1	`899fa9c700736719523f7401cbc6d800046b9db4`
SHA256	`f5cecadaec02ea97a0dffe53692b3bf987eeb078da058fb6e81c65a397327e70`
SHA3	`15a4a1cd7a23a697a31d0485dd85897eaebfb2ba9ffba5a710385b315f809f11`

IDR_X007_PDF_DOC

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81982`
Detected Filetype	Icon file
MD5	`9aca47672b52ddf58ed98f6189d90995`
SHA1	`18cee39a58d68368dc0afe32019f568302e0aefd`
SHA256	`9510549e17e00f42fc94dfcb8c990b483419b62047a2c034c8f9f9ffd8bca8d2`
SHA3	`0e36845b941323dff38065c06b84f660fcc543284dea4f1b4b4d2ebe57363969`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x470`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54162`
MD5	`591944fc05dce2396cc2f789dc527e00`
SHA1	`e70a9b5d137f7d8976a8caa35aaba57af5fd6604`
SHA256	`688e74cf0ccbb06fb61976e4a9062889e54fbe4f414524a466ccdc3256221900`
SHA3	`8bd62d68cea0279b3a1cfd9804d6be76e9344bd384244eaa604f022ed6cbcb72`

1 (#5)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x46a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32374`
MD5	`8d0d483df5099ea845ba90c6d45bbdca`
SHA1	`0abb271f0707ae54bbd43912963634412d3af534`
SHA256	`9580e867614110bc93aab4e5974b0d0c20de7ca220877d9b7950487e3a5e4410`
SHA3	`0e9b6a451209cb38497c48b9edc963365d4b2ca8afd28158d8278b33d272118c`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	130.0.0.1768
ProductVersion	130.0.0.1768
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Shift
FileDescription	Shift
FileVersion (#2)	130.0.0.1768
InternalName	chrome_exe
LegalCopyright	Copyright 2024 Shift Technologies Inc. All rights reserved.
OriginalFilename	shift.exe
ProductName	Shift
ProductVersion (#2)	130.0.0.1768
SourceVersion	130.0.6723.44
CompanyShortName	Shift
ProductShortName	Shift
LastChange	0927c68589810ccc6488dbc8c79c9d37e4a0d52f-refs/branch-heads/6723@{#1143}
Official Build	1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Oct-08 20:19:44
Version	`0.0`
SizeofData	`38`
AddressOfRawData	`0x234bc4`
PointerToRawData	`0x233bc4`
Referenced File	shift.exe.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	2024-Oct-08 20:19:44
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x234bec`
PointerToRawData	`0x233bec`

TLS Callbacks

StartAddressOfRawData	`0x14026e000`
EndAddressOfRawData	`0x14026e230`
AddressOfIndex	`0x140252f50`
AddressOfCallbacks	`0x1402364e8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_64BYTES`
Callbacks	`0x0000000140021230` `0x0000000140146B60` `0x0000000140071060` `0x00000001401460B0` `0x0000000140010490` `0x00000001400A9740`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140244040`
GuardCFCheckFunctionPointer	`5371028512`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

Errors

Leave a comment

No comments yet.