Manalyze report for 26f38d53a07de98f4ebdf387dc2a9167

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Jun-23 09:20:02
Detected languages	English - United States

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .didata` `Unusual section name found: .kyua0` `Unusual section name found: .kyua1`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread FindWindowW CreateToolhelp32Snapshot` `Code injection capabilities: OpenProcess VirtualAlloc WriteProcessMemory` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegCloseKey RegCreateKeyExW RegDeleteKeyW RegDeleteValueW RegEnumKeyExW RegEnumValueW RegFlushKey RegLoadKeyW RegOpenKeyExA RegOpenKeyExW RegQueryInfoKeyW RegQueryValueExA RegQueryValueExW RegReplaceKeyW RegRestoreKeyW RegSaveKeyW RegSetValueExW RegUnLoadKeyW RegDeleteKeyExW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: CreateFileA CreateFileW GetTempPathA` `Uses functions commonly found in keyloggers: CallNextHookEx GetForegroundWindow MapVirtualKeyW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: WinHttpAddRequestHeaders WinHttpCloseHandle WinHttpConnect WinHttpGetIEProxyConfigForCurrentUser WinHttpGetProxyForUrl WinHttpOpen WinHttpOpenRequest WinHttpQueryAuthSchemes WinHttpQueryDataAvailable WinHttpQueryHeaders WinHttpQueryOption WinHttpReadData WinHttpReceiveResponse WinHttpSendRequest WinHttpSetCredentials WinHttpSetOption WinHttpSetStatusCallback WinHttpSetTimeouts WinHttpWriteData` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetLogicalDriveStringsA GetVolumeInformationA` `Manipulates other processes: OpenProcess WriteProcessMemory` `Can take screenshots: BitBlt CreateCompatibleDC FindWindowW GetDC GetDCEx` `Queries user information on remote machines: NetWkstaGetInfo` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2019-Jun-22 12:58:20`
Malicious	VirusTotal score: 19/68 (Scanned on 2019-06-23 09:43:15)	`Bkav: HW32.Packed.` `FireEye: Generic.mg.26f38d53a07de98f` `Malwarebytes: Adware.DLAssistant.Generic` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of Win32/DownloadAssistant.S potentially unwanted` `APEX: Malicious` `Kaspersky: not-a-virus:HEUR:Downloader.Win32.Generic` `Sophos: Download Assistant (PUA)` `Invincea: heuristic` `SentinelOne: DFI - Malicious PE` `Microsoft: PUA:Win32/Puwaders.B!ml` `Endgame: malicious (high confidence)` `ZoneAlarm: not-a-virus:HEUR:Downloader.Win32.Generic` `Acronis: suspicious` `Cylance: Unsafe` `Rising: PUA.DownloadAssistant!8.182 (TFE:dGZlOgVh8c8aN829IA)` `eGambit: PE.Heur.InvalidSig` `CrowdStrike: win/malicious_confidence_80% (D)` `Qihoo-360: HEUR/QVM19.1.0DBD.Malware.Gen`

Hashes

MD5	`26f38d53a07de98f4ebdf387dc2a9167`
SHA1	`75f614dd20374279c8498316b0ea3c093ed980a9`
SHA256	`5bfff1820153fe7953567c57edad65fa6b871772f849d7043a2807bc3e06ee3c`
SHA3	`a848a9706ec4d9aa69a38900ac0797e45a59a9a9ac1ee453bca985e614aca5cc`
SSDeep	`98304:A2NWkdgClDliXfUetfhH0uhRfAQOdS8xfMwl26t6IAy:AQdPlmtfi+uQ3CfMwl26t6IAy`
Imports Hash	`4a64664a10ca7e4bd66da6ec6ca1a098`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`10`
TimeDateStamp	2019-Jun-23 09:20:02
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x387000`
SizeOfInitializedData	`0x3e200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0075DECE (Section: .kyua1)`
BaseOfCode	`0x1000`
BaseOfData	`0x388000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0xacb000`
SizeOfHeaders	`0x600`
Checksum	`0x4d7f3f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x387000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x40000`
VirtualAddress	`0x388000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1000`
VirtualAddress	`0x3c8000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1000`
VirtualAddress	`0x3c9000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`

.idata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4000`
VirtualAddress	`0x3ca000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.didata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1000`
VirtualAddress	`0x3ce000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.edata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1000`
VirtualAddress	`0x3cf000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.kyua0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2253dd`
VirtualAddress	`0x3d0000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.kyua1

MD5	`be562a620be3a29a43e2651491bf843d`
SHA1	`dfec27cbe640c504e8f130faa6d8e6b0b4f9af46`
SHA256	`7e4e3a5ad3e0379be03927f7977336aa8607f38acc66bc480d344cfaa966c9f1`
SHA3	`a6d68689ee50ccc763f861d9d15f8e9efa6e7e99645b90154615d7b90554773b`
VirtualSize	`0x4c9dc0`
VirtualAddress	`0x5f6000`
SizeOfRawData	`0x4c9e00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.94525`

.rsrc

MD5	`aa3fa200db08f787e890a588d4fbd25d`
SHA1	`5066566607a2085a045cd9b1034f2a6bc01d9681`
SHA256	`828af2e559859ad7a046ff5456fa624b35b428d32f021bbe99427477f3528d18`
SHA3	`9c995aed7efe875a28674dc6784fb7d0fa51f1f4978369c48ee0fbc324ef74bc`
VirtualSize	`0xafb8`
VirtualAddress	`0xac0000`
SizeOfRawData	`0xb000`
PointerToRawData	`0x4ca400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.93867`

Imports

ADVAPI32.DLL	`ConvertSidToStringSidA` `GetTokenInformation` `GetUserNameA` `OpenProcessToken` `RegCloseKey` `RegConnectRegistryW` `RegCreateKeyExW` `RegDeleteKeyW` `RegDeleteValueW` `RegEnumKeyExW` `RegEnumValueW` `RegFlushKey` `RegLoadKeyW` `RegOpenKeyExA` `RegOpenKeyExW` `RegQueryInfoKeyW` `RegQueryValueExA` `RegQueryValueExW` `RegReplaceKeyW` `RegRestoreKeyW` `RegSaveKeyW` `RegSetValueExW` `RegUnLoadKeyW`
KERNEL32.DLL	`CloseHandle` `CompareStringW` `CreateDirectoryA` `CreateEventW` `CreateFileA` `CreateFileW` `CreateMutexW` `CreateProcessW` `CreateThread` `DeleteCriticalSection` `DeleteFileA` `EnterCriticalSection` `EnumCalendarInfoW` `EnumResourceNamesW` `EnumSystemLocalesW` `ExitProcess` `ExitThread` `ExpandEnvironmentStringsA` `FileTimeToSystemTime` `FindClose` `FindFirstFileW` `FindResourceW` `FormatMessageW` `FreeLibrary` `FreeResource` `GetACP` `GetCPInfo` `GetCPInfoExW` `GetCommandLineW` `GetComputerNameW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetDateFormatW` `GetDiskFreeSpaceW` `GetEnvironmentStringsW` `GetExitCodeThread` `GetFileAttributesA` `GetFileAttributesW` `GetFileSize` `GetFileType` `GetFullPathNameW` `GetLastError` `GetLocalTime` `GetLocaleInfoA` `GetLocaleInfoW` `GetLogicalDriveStringsA` `GetModuleFileNameA` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleW` `GetOEMCP` `GetProcAddress` `GetProcessHeap` `GetStartupInfoA` `GetStartupInfoW` `GetStdHandle` `GetStringTypeA` `GetStringTypeW` `GetSystemDefaultLangID` `GetSystemDefaultUILanguage` `GetSystemInfo` `GetTempPathA` `GetThreadLocale` `GetThreadPriority` `GetTickCount` `GetTimeZoneInformation` `GetUserDefaultLCID` `GetUserDefaultUILanguage` `GetVersion` `GetVersionExA` `GetVersionExW` `GetVolumeInformationA` `GlobalAddAtomW` `GlobalAlloc` `GlobalDeleteAtom` `GlobalFindAtomW` `GlobalFree` `GlobalLock` `GlobalUnlock` `HeapAlloc` `HeapCreate` `HeapDestroy` `HeapFree` `HeapSize` `InitializeCriticalSection` `InterlockedDecrement` `InterlockedExchange` `InterlockedIncrement` `IsDBCSLeadByteEx` `IsDebuggerPresent` `IsValidLocale` `LCMapStringA` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExW` `LoadLibraryW` `LoadResource` `LocalAlloc` `LocalFree` `LockResource` `MulDiv` `MultiByteToWideChar` `OpenProcess` `OutputDebugStringW` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadFile` `ReleaseMutex` `ResetEvent` `ResumeThread` `RtlUnwind` `SetConsoleCtrlHandler` `SetEndOfFile` `SetErrorMode` `SetEvent` `SetFilePointer` `SetHandleCount` `SetLastError` `SetThreadLocale` `SetThreadPriority` `SizeofResource` `Sleep` `SuspendThread` `SwitchToThread` `TerminateThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `UnhandledExceptionFilter` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualAlloc` `VirtualFree` `VirtualProtect` `VirtualQuery` `VirtualQueryEx` `WaitForMultipleObjectsEx` `WaitForSingleObject` `WideCharToMultiByte` `WriteFile` `lstrcmpW` `lstrlenW`
NETAPI32.DLL	`NetApiBufferFree` `NetWkstaGetInfo`
VERSION.DLL	`GetFileVersionInfoA` `GetFileVersionInfoSizeA` `GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueA` `VerQueryValueW`
WINSPOOL.DRV	`ClosePrinter` `DocumentPropertiesW` `EnumPrintersW` `#203` `OpenPrinterW`
COMCTL32.DLL	`FlatSB_GetScrollInfo` `FlatSB_GetScrollPos` `FlatSB_SetScrollInfo` `FlatSB_SetScrollPos` `FlatSB_SetScrollProp` `ImageList_Add` `ImageList_BeginDrag` `ImageList_Copy` `ImageList_Create` `ImageList_Destroy` `ImageList_DragEnter` `ImageList_DragLeave` `ImageList_DragMove` `ImageList_DragShowNolock` `ImageList_Draw` `ImageList_DrawEx` `ImageList_EndDrag` `ImageList_GetBkColor` `ImageList_GetDragImage` `ImageList_GetIcon` `ImageList_GetIconSize` `ImageList_GetImageCount` `ImageList_GetImageInfo` `ImageList_LoadImageW` `ImageList_Read` `ImageList_Remove` `ImageList_Replace` `ImageList_ReplaceIcon` `ImageList_SetBkColor` `ImageList_SetIconSize` `ImageList_SetImageCount` `ImageList_SetOverlayImage` `ImageList_Write` `#17` `InitializeFlatSB` `_TrackMouseEvent`
DWMAPI.DLL	`(EMPTY)`
GDI32.DLL	`AbortDoc` `AngleArc` `Arc` `ArcTo` `BitBlt` `Chord` `CombineRgn` `CopyEnhMetaFileW` `CreateBitmap` `CreateBrushIndirect` `CreateCompatibleBitmap` `CreateCompatibleDC` `CreateDCW` `CreateDIBSection` `CreateDIBitmap` `CreateFontIndirectW` `CreateHalftonePalette` `CreateICW` `CreatePalette` `CreatePenIndirect` `CreateRectRgn` `CreateSolidBrush` `DeleteDC` `DeleteEnhMetaFile` `DeleteObject` `Ellipse` `EndDoc` `EndPage` `EnumFontFamiliesExW` `EnumFontsW` `ExcludeClipRect` `ExtFloodFill` `ExtTextOutW` `FrameRgn` `GdiFlush` `GetBitmapBits` `GetBkMode` `GetBrushOrgEx` `GetClipBox` `GetCurrentPositionEx` `GetDIBColorTable` `GetDIBits` `GetDeviceCaps` `GetEnhMetaFileBits` `GetEnhMetaFileDescriptionW` `GetEnhMetaFileHeader` `GetEnhMetaFilePaletteEntries` `GetNearestPaletteIndex` `GetObjectW` `GetPaletteEntries` `GetPixel` `GetRgnBox` `GetStockObject` `GetStretchBltMode` `GetSystemPaletteEntries` `GetTextExtentPoint32W` `GetTextExtentPointW` `GetTextMetricsW` `GetWinMetaFileBits` `GetWindowOrgEx` `IntersectClipRect` `LineTo` `MaskBlt` `MoveToEx` `PatBlt` `Pie` `PlayEnhMetaFile` `PolyBezier` `PolyBezierTo` `Polygon` `Polyline` `RealizePalette` `RectVisible` `Rectangle` `ResizePalette` `RestoreDC` `RoundRect` `SaveDC` `SelectClipRgn` `SelectObject` `SelectPalette` `SetAbortProc` `SetBkColor` `SetBkMode` `SetBrushOrgEx` `SetDIBColorTable` `SetDIBits` `SetEnhMetaFileBits` `SetMapMode` `SetPixel` `SetROP2` `SetRectRgn` `SetStretchBltMode` `SetTextColor` `SetViewportOrgEx` `SetWinMetaFileBits` `SetWindowOrgEx` `StartDocW` `StartPage` `StretchBlt` `StretchDIBits` `UnrealizeObject`
MSIMG32.DLL	`(EMPTY)`
SHELL32.DLL	`ShellExecuteW` `Shell_NotifyIconW` `#190` `#155` `SHOpenFolderAndSelectItems`
SHFOLDER.DLL	`SHGetFolderPathA`
USER32.DLL	`ActivateKeyboardLayout` `AdjustWindowRectEx` `BeginPaint` `CallNextHookEx` `CallWindowProcW` `CharLowerBuffW` `CharLowerW` `CharNextW` `CharUpperBuffW` `CharUpperW` `CheckMenuItem` `ChildWindowFromPoint` `ClientToScreen` `CloseClipboard` `CopyIcon` `CopyImage` `CreateAcceleratorTableW` `CreateIcon` `CreateMenu` `CreatePopupMenu` `CreateWindowExW` `DefFrameProcW` `DefMDIChildProcW` `DefWindowProcW` `DeleteMenu` `DestroyCursor` `DestroyIcon` `DestroyMenu` `DestroyWindow` `DispatchMessageA` `DispatchMessageW` `DrawEdge` `DrawFocusRect` `DrawFrameControl` `DrawIcon` `DrawIconEx` `DrawMenuBar` `DrawTextExW` `DrawTextW` `EmptyClipboard` `EnableMenuItem` `EnableScrollBar` `EnableWindow` `EndMenu` `EndPaint` `EnumChildWindows` `EnumDisplayDevicesW` `EnumDisplayMonitors` `EnumThreadWindows` `EnumWindows` `FillRect` `FindWindowExW` `FindWindowW` `FrameRect` `GetActiveWindow` `GetCapture` `GetClassInfoW` `GetClassLongW` `GetClassNameW` `GetClientRect` `GetClipboardData` `GetCursor` `GetCursorPos` `GetDC` `GetDCEx` `GetDesktopWindow` `GetDlgCtrlID` `GetFocus` `GetForegroundWindow` `GetIconInfo` `GetKeyNameTextW` `GetKeyState` `GetKeyboardLayout` `GetKeyboardLayoutList` `GetKeyboardLayoutNameW` `GetKeyboardState` `GetLastActivePopup` `GetMenu` `GetMenuItemCount` `GetMenuItemID` `GetMenuItemInfoW` `GetMenuState` `GetMenuStringW` `GetMessageExtraInfo` `GetMessagePos` `GetMonitorInfoW` `GetParent` `GetPropW` `GetScrollBarInfo` `GetScrollInfo` `GetScrollPos` `GetScrollRange` `GetShellWindow` `GetSubMenu` `GetSysColor` `GetSysColorBrush` `GetSystemMenu` `GetSystemMetrics` `GetTopWindow` `GetUpdateRect` `GetWindow` `GetWindowDC` `GetWindowLongW` `GetWindowPlacement` `GetWindowRect` `GetWindowTextW` `GetWindowThreadProcessId` `HideCaret` `InsertMenuItemW` `InsertMenuW` `InvalidateRect` `IsChild` `IsDialogMessageA` `IsDialogMessageW` `IsIconic` `IsWindow` `IsWindowEnabled` `IsWindowUnicode` `IsWindowVisible` `IsZoomed` `KillTimer` `LoadBitmapW` `LoadCursorW` `LoadIconW` `LoadKeyboardLayoutW` `LoadStringW` `LockWindowUpdate` `MapVirtualKeyW` `MapWindowPoints` `MessageBeep` `MessageBoxW` `MonitorFromPoint` `MonitorFromRect` `MonitorFromWindow` `MoveWindow` `MsgWaitForMultipleObjects` `MsgWaitForMultipleObjectsEx` `OpenClipboard` `PeekMessageA` `PeekMessageW` `PostMessageW` `PostQuitMessage` `RedrawWindow` `RegisterClassW` `RegisterClipboardFormatW` `RegisterWindowMessageW` `ReleaseCapture` `ReleaseDC` `RemoveMenu` `RemovePropW` `ScreenToClient` `ScrollWindow` `SendMessageA` `SendMessageW` `SetActiveWindow` `SetCapture` `SetClassLongW` `SetClipboardData` `SetCursor` `SetCursorPos` `SetFocus` `SetForegroundWindow` `SetMenu` `SetMenuItemInfoW` `SetParent` `SetPropW` `SetRect` `SetScrollInfo` `SetScrollPos` `SetScrollRange` `SetTimer` `SetWindowLongW` `SetWindowPlacement` `SetWindowPos` `SetWindowRgn` `SetWindowTextW` `SetWindowsHookExW` `ShowCaret` `ShowOwnedPopups` `ShowScrollBar` `ShowWindow` `SystemParametersInfoW` `TrackPopupMenu` `TranslateMDISysAccel` `TranslateMessage` `UnhookWindowsHookEx` `UnregisterClassW` `UpdateWindow` `WaitMessage` `WindowFromPoint` `wsprintfA`
IMM32.DLL	`(EMPTY)`
OLE32.DLL	`CoCreateInstance` `CoInitialize` `CoInitializeEx` `CoInitializeSecurity` `CoSetProxyBlanket` `CoTaskMemAlloc` `CoTaskMemFree` `CoUninitialize` `IsEqualGUID` `OleInitialize` `OleUninitialize`
OLEAUT32.DLL	`#200` `#15` `#20` `#19` `#148` `#2` `#4` `#6` `#5` `#12` `#9` `#10` `#8`
SHLWAPI.DLL	`AssocQueryStringW` `PathFileExistsA` `PathFindFileNameW` `#156` `StrFormatByteSizeW`
IPHLPAPI.DLL	`GetAdaptersInfo`
WTSAPI32.DLL	`WTSEnumerateProcessesW` `WTSFreeMemory`
WINDOWSCODECS.DLL	`(EMPTY)`
UXTHEME.DLL	`(EMPTY)`
SHCORE.DLL	`(EMPTY)`
WINHTTP.DLL	`WinHttpAddRequestHeaders` `WinHttpCloseHandle` `WinHttpConnect` `WinHttpGetIEProxyConfigForCurrentUser` `WinHttpGetProxyForUrl` `WinHttpOpen` `WinHttpOpenRequest` `WinHttpQueryAuthSchemes` `WinHttpQueryDataAvailable` `WinHttpQueryHeaders` `WinHttpQueryOption` `WinHttpReadData` `WinHttpReceiveResponse` `WinHttpSendRequest` `WinHttpSetCredentials` `WinHttpSetOption` `WinHttpSetStatusCallback` `WinHttpSetTimeouts` `WinHttpWriteData`
CRYPT32.DLL	`(EMPTY)`
WTSAPI32.DLL (#2)	`WTSEnumerateProcessesW` `WTSFreeMemory`
KERNEL32.DLL (#2)	`CloseHandle` `CompareStringW` `CreateDirectoryA` `CreateEventW` `CreateFileA` `CreateFileW` `CreateMutexW` `CreateProcessW` `CreateThread` `DeleteCriticalSection` `DeleteFileA` `EnterCriticalSection` `EnumCalendarInfoW` `EnumResourceNamesW` `EnumSystemLocalesW` `ExitProcess` `ExitThread` `ExpandEnvironmentStringsA` `FileTimeToSystemTime` `FindClose` `FindFirstFileW` `FindResourceW` `FormatMessageW` `FreeLibrary` `FreeResource` `GetACP` `GetCPInfo` `GetCPInfoExW` `GetCommandLineW` `GetComputerNameW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetDateFormatW` `GetDiskFreeSpaceW` `GetEnvironmentStringsW` `GetExitCodeThread` `GetFileAttributesA` `GetFileAttributesW` `GetFileSize` `GetFileType` `GetFullPathNameW` `GetLastError` `GetLocalTime` `GetLocaleInfoA` `GetLocaleInfoW` `GetLogicalDriveStringsA` `GetModuleFileNameA` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleW` `GetOEMCP` `GetProcAddress` `GetProcessHeap` `GetStartupInfoA` `GetStartupInfoW` `GetStdHandle` `GetStringTypeA` `GetStringTypeW` `GetSystemDefaultLangID` `GetSystemDefaultUILanguage` `GetSystemInfo` `GetTempPathA` `GetThreadLocale` `GetThreadPriority` `GetTickCount` `GetTimeZoneInformation` `GetUserDefaultLCID` `GetUserDefaultUILanguage` `GetVersion` `GetVersionExA` `GetVersionExW` `GetVolumeInformationA` `GlobalAddAtomW` `GlobalAlloc` `GlobalDeleteAtom` `GlobalFindAtomW` `GlobalFree` `GlobalLock` `GlobalUnlock` `HeapAlloc` `HeapCreate` `HeapDestroy` `HeapFree` `HeapSize` `InitializeCriticalSection` `InterlockedDecrement` `InterlockedExchange` `InterlockedIncrement` `IsDBCSLeadByteEx` `IsDebuggerPresent` `IsValidLocale` `LCMapStringA` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExW` `LoadLibraryW` `LoadResource` `LocalAlloc` `LocalFree` `LockResource` `MulDiv` `MultiByteToWideChar` `OpenProcess` `OutputDebugStringW` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadFile` `ReleaseMutex` `ResetEvent` `ResumeThread` `RtlUnwind` `SetConsoleCtrlHandler` `SetEndOfFile` `SetErrorMode` `SetEvent` `SetFilePointer` `SetHandleCount` `SetLastError` `SetThreadLocale` `SetThreadPriority` `SizeofResource` `Sleep` `SuspendThread` `SwitchToThread` `TerminateThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `UnhandledExceptionFilter` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualAlloc` `VirtualFree` `VirtualProtect` `VirtualQuery` `VirtualQueryEx` `WaitForMultipleObjectsEx` `WaitForSingleObject` `WideCharToMultiByte` `WriteFile` `lstrcmpW` `lstrlenW`
USER32.DLL (#2)	`ActivateKeyboardLayout` `AdjustWindowRectEx` `BeginPaint` `CallNextHookEx` `CallWindowProcW` `CharLowerBuffW` `CharLowerW` `CharNextW` `CharUpperBuffW` `CharUpperW` `CheckMenuItem` `ChildWindowFromPoint` `ClientToScreen` `CloseClipboard` `CopyIcon` `CopyImage` `CreateAcceleratorTableW` `CreateIcon` `CreateMenu` `CreatePopupMenu` `CreateWindowExW` `DefFrameProcW` `DefMDIChildProcW` `DefWindowProcW` `DeleteMenu` `DestroyCursor` `DestroyIcon` `DestroyMenu` `DestroyWindow` `DispatchMessageA` `DispatchMessageW` `DrawEdge` `DrawFocusRect` `DrawFrameControl` `DrawIcon` `DrawIconEx` `DrawMenuBar` `DrawTextExW` `DrawTextW` `EmptyClipboard` `EnableMenuItem` `EnableScrollBar` `EnableWindow` `EndMenu` `EndPaint` `EnumChildWindows` `EnumDisplayDevicesW` `EnumDisplayMonitors` `EnumThreadWindows` `EnumWindows` `FillRect` `FindWindowExW` `FindWindowW` `FrameRect` `GetActiveWindow` `GetCapture` `GetClassInfoW` `GetClassLongW` `GetClassNameW` `GetClientRect` `GetClipboardData` `GetCursor` `GetCursorPos` `GetDC` `GetDCEx` `GetDesktopWindow` `GetDlgCtrlID` `GetFocus` `GetForegroundWindow` `GetIconInfo` `GetKeyNameTextW` `GetKeyState` `GetKeyboardLayout` `GetKeyboardLayoutList` `GetKeyboardLayoutNameW` `GetKeyboardState` `GetLastActivePopup` `GetMenu` `GetMenuItemCount` `GetMenuItemID` `GetMenuItemInfoW` `GetMenuState` `GetMenuStringW` `GetMessageExtraInfo` `GetMessagePos` `GetMonitorInfoW` `GetParent` `GetPropW` `GetScrollBarInfo` `GetScrollInfo` `GetScrollPos` `GetScrollRange` `GetShellWindow` `GetSubMenu` `GetSysColor` `GetSysColorBrush` `GetSystemMenu` `GetSystemMetrics` `GetTopWindow` `GetUpdateRect` `GetWindow` `GetWindowDC` `GetWindowLongW` `GetWindowPlacement` `GetWindowRect` `GetWindowTextW` `GetWindowThreadProcessId` `HideCaret` `InsertMenuItemW` `InsertMenuW` `InvalidateRect` `IsChild` `IsDialogMessageA` `IsDialogMessageW` `IsIconic` `IsWindow` `IsWindowEnabled` `IsWindowUnicode` `IsWindowVisible` `IsZoomed` `KillTimer` `LoadBitmapW` `LoadCursorW` `LoadIconW` `LoadKeyboardLayoutW` `LoadStringW` `LockWindowUpdate` `MapVirtualKeyW` `MapWindowPoints` `MessageBeep` `MessageBoxW` `MonitorFromPoint` `MonitorFromRect` `MonitorFromWindow` `MoveWindow` `MsgWaitForMultipleObjects` `MsgWaitForMultipleObjectsEx` `OpenClipboard` `PeekMessageA` `PeekMessageW` `PostMessageW` `PostQuitMessage` `RedrawWindow` `RegisterClassW` `RegisterClipboardFormatW` `RegisterWindowMessageW` `ReleaseCapture` `ReleaseDC` `RemoveMenu` `RemovePropW` `ScreenToClient` `ScrollWindow` `SendMessageA` `SendMessageW` `SetActiveWindow` `SetCapture` `SetClassLongW` `SetClipboardData` `SetCursor` `SetCursorPos` `SetFocus` `SetForegroundWindow` `SetMenu` `SetMenuItemInfoW` `SetParent` `SetPropW` `SetRect` `SetScrollInfo` `SetScrollPos` `SetScrollRange` `SetTimer` `SetWindowLongW` `SetWindowPlacement` `SetWindowPos` `SetWindowRgn` `SetWindowTextW` `SetWindowsHookExW` `ShowCaret` `ShowOwnedPopups` `ShowScrollBar` `ShowWindow` `SystemParametersInfoW` `TrackPopupMenu` `TranslateMDISysAccel` `TranslateMessage` `UnhookWindowsHookEx` `UnregisterClassW` `UpdateWindow` `WaitMessage` `WindowFromPoint` `wsprintfA`
KERNEL32.DLL (#3)	`CloseHandle` `CompareStringW` `CreateDirectoryA` `CreateEventW` `CreateFileA` `CreateFileW` `CreateMutexW` `CreateProcessW` `CreateThread` `DeleteCriticalSection` `DeleteFileA` `EnterCriticalSection` `EnumCalendarInfoW` `EnumResourceNamesW` `EnumSystemLocalesW` `ExitProcess` `ExitThread` `ExpandEnvironmentStringsA` `FileTimeToSystemTime` `FindClose` `FindFirstFileW` `FindResourceW` `FormatMessageW` `FreeLibrary` `FreeResource` `GetACP` `GetCPInfo` `GetCPInfoExW` `GetCommandLineW` `GetComputerNameW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetDateFormatW` `GetDiskFreeSpaceW` `GetEnvironmentStringsW` `GetExitCodeThread` `GetFileAttributesA` `GetFileAttributesW` `GetFileSize` `GetFileType` `GetFullPathNameW` `GetLastError` `GetLocalTime` `GetLocaleInfoA` `GetLocaleInfoW` `GetLogicalDriveStringsA` `GetModuleFileNameA` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleW` `GetOEMCP` `GetProcAddress` `GetProcessHeap` `GetStartupInfoA` `GetStartupInfoW` `GetStdHandle` `GetStringTypeA` `GetStringTypeW` `GetSystemDefaultLangID` `GetSystemDefaultUILanguage` `GetSystemInfo` `GetTempPathA` `GetThreadLocale` `GetThreadPriority` `GetTickCount` `GetTimeZoneInformation` `GetUserDefaultLCID` `GetUserDefaultUILanguage` `GetVersion` `GetVersionExA` `GetVersionExW` `GetVolumeInformationA` `GlobalAddAtomW` `GlobalAlloc` `GlobalDeleteAtom` `GlobalFindAtomW` `GlobalFree` `GlobalLock` `GlobalUnlock` `HeapAlloc` `HeapCreate` `HeapDestroy` `HeapFree` `HeapSize` `InitializeCriticalSection` `InterlockedDecrement` `InterlockedExchange` `InterlockedIncrement` `IsDBCSLeadByteEx` `IsDebuggerPresent` `IsValidLocale` `LCMapStringA` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExW` `LoadLibraryW` `LoadResource` `LocalAlloc` `LocalFree` `LockResource` `MulDiv` `MultiByteToWideChar` `OpenProcess` `OutputDebugStringW` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadFile` `ReleaseMutex` `ResetEvent` `ResumeThread` `RtlUnwind` `SetConsoleCtrlHandler` `SetEndOfFile` `SetErrorMode` `SetEvent` `SetFilePointer` `SetHandleCount` `SetLastError` `SetThreadLocale` `SetThreadPriority` `SizeofResource` `Sleep` `SuspendThread` `SwitchToThread` `TerminateThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `UnhandledExceptionFilter` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualAlloc` `VirtualFree` `VirtualProtect` `VirtualQuery` `VirtualQueryEx` `WaitForMultipleObjectsEx` `WaitForSingleObject` `WideCharToMultiByte` `WriteFile` `lstrcmpW` `lstrlenW`
USER32.DLL (#3)	`ActivateKeyboardLayout` `AdjustWindowRectEx` `BeginPaint` `CallNextHookEx` `CallWindowProcW` `CharLowerBuffW` `CharLowerW` `CharNextW` `CharUpperBuffW` `CharUpperW` `CheckMenuItem` `ChildWindowFromPoint` `ClientToScreen` `CloseClipboard` `CopyIcon` `CopyImage` `CreateAcceleratorTableW` `CreateIcon` `CreateMenu` `CreatePopupMenu` `CreateWindowExW` `DefFrameProcW` `DefMDIChildProcW` `DefWindowProcW` `DeleteMenu` `DestroyCursor` `DestroyIcon` `DestroyMenu` `DestroyWindow` `DispatchMessageA` `DispatchMessageW` `DrawEdge` `DrawFocusRect` `DrawFrameControl` `DrawIcon` `DrawIconEx` `DrawMenuBar` `DrawTextExW` `DrawTextW` `EmptyClipboard` `EnableMenuItem` `EnableScrollBar` `EnableWindow` `EndMenu` `EndPaint` `EnumChildWindows` `EnumDisplayDevicesW` `EnumDisplayMonitors` `EnumThreadWindows` `EnumWindows` `FillRect` `FindWindowExW` `FindWindowW` `FrameRect` `GetActiveWindow` `GetCapture` `GetClassInfoW` `GetClassLongW` `GetClassNameW` `GetClientRect` `GetClipboardData` `GetCursor` `GetCursorPos` `GetDC` `GetDCEx` `GetDesktopWindow` `GetDlgCtrlID` `GetFocus` `GetForegroundWindow` `GetIconInfo` `GetKeyNameTextW` `GetKeyState` `GetKeyboardLayout` `GetKeyboardLayoutList` `GetKeyboardLayoutNameW` `GetKeyboardState` `GetLastActivePopup` `GetMenu` `GetMenuItemCount` `GetMenuItemID` `GetMenuItemInfoW` `GetMenuState` `GetMenuStringW` `GetMessageExtraInfo` `GetMessagePos` `GetMonitorInfoW` `GetParent` `GetPropW` `GetScrollBarInfo` `GetScrollInfo` `GetScrollPos` `GetScrollRange` `GetShellWindow` `GetSubMenu` `GetSysColor` `GetSysColorBrush` `GetSystemMenu` `GetSystemMetrics` `GetTopWindow` `GetUpdateRect` `GetWindow` `GetWindowDC` `GetWindowLongW` `GetWindowPlacement` `GetWindowRect` `GetWindowTextW` `GetWindowThreadProcessId` `HideCaret` `InsertMenuItemW` `InsertMenuW` `InvalidateRect` `IsChild` `IsDialogMessageA` `IsDialogMessageW` `IsIconic` `IsWindow` `IsWindowEnabled` `IsWindowUnicode` `IsWindowVisible` `IsZoomed` `KillTimer` `LoadBitmapW` `LoadCursorW` `LoadIconW` `LoadKeyboardLayoutW` `LoadStringW` `LockWindowUpdate` `MapVirtualKeyW` `MapWindowPoints` `MessageBeep` `MessageBoxW` `MonitorFromPoint` `MonitorFromRect` `MonitorFromWindow` `MoveWindow` `MsgWaitForMultipleObjects` `MsgWaitForMultipleObjectsEx` `OpenClipboard` `PeekMessageA` `PeekMessageW` `PostMessageW` `PostQuitMessage` `RedrawWindow` `RegisterClassW` `RegisterClipboardFormatW` `RegisterWindowMessageW` `ReleaseCapture` `ReleaseDC` `RemoveMenu` `RemovePropW` `ScreenToClient` `ScrollWindow` `SendMessageA` `SendMessageW` `SetActiveWindow` `SetCapture` `SetClassLongW` `SetClipboardData` `SetCursor` `SetCursorPos` `SetFocus` `SetForegroundWindow` `SetMenu` `SetMenuItemInfoW` `SetParent` `SetPropW` `SetRect` `SetScrollInfo` `SetScrollPos` `SetScrollRange` `SetTimer` `SetWindowLongW` `SetWindowPlacement` `SetWindowPos` `SetWindowRgn` `SetWindowTextW` `SetWindowsHookExW` `ShowCaret` `ShowOwnedPopups` `ShowScrollBar` `ShowWindow` `SystemParametersInfoW` `TrackPopupMenu` `TranslateMDISysAccel` `TranslateMessage` `UnhookWindowsHookEx` `UnregisterClassW` `UpdateWindow` `WaitMessage` `WindowFromPoint` `wsprintfA`
ADVAPI32.DLL (delay-loaded)	`ConvertSidToStringSidA` `GetTokenInformation` `GetUserNameA` `OpenProcessToken` `RegCloseKey` `RegConnectRegistryW` `RegCreateKeyExW` `RegDeleteKeyW` `RegDeleteValueW` `RegEnumKeyExW` `RegEnumValueW` `RegFlushKey` `RegLoadKeyW` `RegOpenKeyExA` `RegOpenKeyExW` `RegQueryInfoKeyW` `RegQueryValueExA` `RegQueryValueExW` `RegReplaceKeyW` `RegRestoreKeyW` `RegSaveKeyW` `RegSetValueExW` `RegUnLoadKeyW`

Delayed Imports

Attributes	`0x1`
Name	`ADVAPI32.DLL`
ModuleHandle	`0x3ce1a0`
DelayImportAddressTable	`0x3ce1a4`
DelayImportNameTable	`0x8a42a4`
BoundDelayImportTable	`0x3ce1b4`
UnloadDelayImportTable	`0x3ce1bc`
TimeStamp	`1970-Jan-01 00:00:00`

__GetExceptDLLinfo

Ordinal	`1`
Address	`0x2343`

TMethodImplementationIntercept

Ordinal	`2`
Address	`0x82380`

___CPPdebugHook

Ordinal	`3`
Address	`0x3880ac`

dbkFCallWrapperAddr

Ordinal	`4`
Address	`0x3b8a1c`

1

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.6633`
MD5	`ff4e5862f26ea666373e5fab2bddfb11`
SHA1	`cfa13c0ab30f1bbd566900dee3631902f9b6451c`
SHA256	`b8e6fc93d423931acbddae3c27dd3c4eb2a394005d746951a971cb700e0ee510`
SHA3	`91dae12a9f43c5443e0661091a336f882fa1482f75fa9a57c9298d1d70c8ae69`

2

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.80231`
MD5	`2e87b3c111e3073a841775c1f8ec5a90`
SHA1	`20292304fa2ef1bfdc4a1000e90a1c16d4765a96`
SHA256	`ce19ace18e87b572e6912306776226af5b8e63959c61cde70a8ff05b3bbdcc41`
SHA3	`9527f09e739c2064835800a7e5c317cb422bdd7237f00fca079a1c62f58a2612`

3

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.00046`
MD5	`a04c3c368cb37c07bd5f63e7e6841ebd`
SHA1	`699300bceaa1256818c43fecfc8cad93a59156b2`
SHA256	`ee1c9c194199c320c893b367602ccc7ee7270bd4395d029f727e097634f47f8c`
SHA3	`58722e3138aad1382e284c1605ecd665ced536de4906749ac8d6e11252cc9558`

4

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.56318`
MD5	`9929115b21c2c59348058d4190392e75`
SHA1	`626fba1825d572ea441d36363307c9935de3c565`
SHA256	`9d9edf87ca203ecc60b246cc783d54218dd0ce77d3a025d0bafc580995a4abd8`
SHA3	`fea156e872544252c625076a6bf3baa733ee5b3d5399716e156734af7a841369`

5

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.6949`
MD5	`f321ad13d1c3f35a05d67773b4bc27d6`
SHA1	`30aded8525417e2531d5eb88bf2f868172945baa`
SHA256	`99676c52310db365580965ea646ece86c62951bfd97ec0aae9f738a202a90593`
SHA3	`04c839da98a8c50a36697076af5bc6d527560a69153b2f718f065908fd4fe3ad`

6

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.62527`
MD5	`5ca217e52bdc6f23b43c7b6a23171e6e`
SHA1	`d99dc22ec1b655a42c475431cc3259742d0957a4`
SHA256	`11726dcf1eebe23a1df5eb0ee2af39196b702eddd69083d646e4475335130b28`
SHA3	`b358d8a5b0f400dd2671956ec45486ae1035556837b5289df5f418fe69348b3f`

7

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.91604`
MD5	`6be7031995bb891cb8a787b9052f6069`
SHA1	`487eb59fd083cf4df02ce59d9b079755077ba1b5`
SHA256	`6f938aab0a03120de4ef8b27aff6ba5146226c92a056a6f04e5ec8d513ce5f9d`
SHA3	`0f1c6c0378a3646c9fbf3678bbeeccf929d32192f02d1ea9d6ba0be5c769e6ab`

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25755`
MD5	`c5af786bfd9fd1c53c8fe9f0bd9ce38b`
SHA1	`4f6f7d9973b47063aa5353225a2bc5a76aa2a96a`
SHA256	`f59f62e7843b3ff992cf769a3c608acd4a85a38b3b302cda8507b75163659d7b`
SHA3	`e178a71f02edb18e31bf550d484b2cba8d865e1e9796065addb07855ce5627f9`

2 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47151`
MD5	`0a451222f7037983439a58e3b44db529`
SHA1	`6881cba71174502883d53a8885fb90dad81fd0c0`
SHA256	`dc785b2a3e4ea82bd34121cc04e80758e221f11ee686fcfd87ce49f8e6730b22`
SHA3	`d5599c242df5383add3fb330d42b31f1751594b36bbf52195e7d1dd564e7f0e3`

3 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91708`
MD5	`90ed3aac2a942e3067e6471b32860e77`
SHA1	`b849a2b9901473810b5d74e6703be78c3a7e64e3`
SHA256	`ca8fc96218d0a7e691dd7b95da05a27246439822d09b829af240523b28fd5bb3`
SHA3	`3f02085a0d69091556ede0b585f45145adce9849e175d8177c2f0fe0891a1bd8`

4 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91366`
MD5	`af05dd5bd4c3b1fc94922c75ed4f9519`
SHA1	`f54685a8a314e6f911c75cf7554796212fb17c3e`
SHA256	`3bbacbad1458254c59ad7d0fd9bea998d46b70b8f8dcfc56aad561a293ffdae3`
SHA3	`150dba8cc825d5c0e9ff3c59015533288d19931847210338a3ef7cdc390c0e78`

4065

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x680`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.27554`
MD5	`1d7b0a535b6864823648a4f6d54c9f20`
SHA1	`f486b9e7d1de8cd14161d0a72e47b79db899bdb7`
SHA256	`d2e0201449edc6bd74c2684153a932b1efc5e506bfad6322242e9b85720e5493`
SHA3	`45ef793d3a8cc7742c2aa15d5626827e228d508dbe1ee90ddb9a24ec4ef2ef96`

4066

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xbf4`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.23113`
MD5	`31d89d9b7a1029f573ded32d02db849c`
SHA1	`3143e977e6aa4f8fd41129925ba6f6fc551082d0`
SHA256	`3408f1696d7b781cdd1820ab5e1227c94609a31c494b555c360c387c7300d115`
SHA3	`7fead11c05309307214289946aded717728dba989c548e1cdd811379b4b7b76f`

4067

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4bc`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.2309`
MD5	`f33791b69a5b64e2f8d11505354d2a3d`
SHA1	`d255d4799cb2f7c01fadf59f884066b707fb9865`
SHA256	`20814cb1ee11cca8fd080f350ab0ca8e30d6b0bd1ebf860aa298f641e4947cdd`
SHA3	`28735f73e2a46ca71cabfa827b7102f0129cf44f5c405c9ef8799a2ee11e026f`

4068

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4a0`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.15174`
MD5	`d98df623b9d234d28dc40e94f6e498ed`
SHA1	`6d929234f0d5c73665eb912eb5c814e60cb74818`
SHA256	`88c578f768cfc00faa2cf35f882f9dc72556a371fb2d933eb9efe27b4bfa3f64`
SHA3	`78403dbe7ccb7630eebf058dfbc43acf29074f2d967983588f68b74195e5d4d9`

4069

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3f8`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.20251`
MD5	`616be77500098e9125a44d6fdd8388cf`
SHA1	`17eae57ea0fe1464cedb1045704884a64bbf1421`
SHA256	`453e081bb3e20a2b64157006674399b7f6f65646a1e48f8cc99a5c9f19c6a905`
SHA3	`207cba2640da89c46f93ea470892472c7fd05f3717ce2efae80209050290249e`

4070

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3f4`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.25743`
MD5	`0fc3b5ed0b614b0ada4f7c9511d2e5c8`
SHA1	`54aa867ef918a3f7e69109f686880516109e2e78`
SHA256	`3c15c3c4cbfa7a6ce423356d80c2a7e64fe187bba0b4d1e121a46dba501ae501`
SHA3	`e1455f38adf935789b1e5564036ac24b32b64b5e73b1e4a142b475fe67bfce5e`

4071

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2a4`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.21254`
MD5	`1a14ae4f0fc1a1551449174e413e9d20`
SHA1	`d50a2e1af09ea89c29768b302067ae81d7e2afa6`
SHA256	`6bfb621892bbb2741dbd81b64ccbd3b54bcc03a8c68902a6b2983f5d923c02c0`
SHA3	`d420a50fe597fce26861ea1cdba5b9e51e59a9ac272d7b03fdf765304973d965`

4072

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xe0`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.09238`
MD5	`c4a8766330ca2f0964d05841256dd560`
SHA1	`c9a4d87ef897d1a2b7df45f48fd6a852c4451223`
SHA256	`12e90ce04438d67d208fb4eee5ab932f53a26b7c154e0684da9ce7c2e6172488`
SHA3	`7de301620057aa5dce79ee36f91d7710e54b5b8df3750a01c0f2136c5064199d`

4073

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.2183`
MD5	`b3bcb1320a50ba8712f233cd66ff6572`
SHA1	`65476754266d64fe700cd16b61583e729dbaa321`
SHA256	`fe560d8b87a3acc3dd0153dcbe46f469916446151dff50803c49b5226fb94c64`
SHA3	`a8b03f3e7b030f3f49fe6fd10acdf5e1fc87acdb45db5a8fd88bafc5828e235c`

4074

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x410`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.17539`
MD5	`91dfc9a0f5ca5743a4763b47a1c6179f`
SHA1	`fe47136d1a9ffe8d171027a4b3a35b7b88100800`
SHA256	`e0491beaff585ec38af8a2c170b11bb14f11dd179a296c2f15dcc41b908ea618`
SHA3	`39fcc9f653bd6bab26e09f5066cb5b5f9336cd7e0753029b7e4d2134716c8a50`

4075

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3f4`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.25136`
MD5	`919a3c8d7c58d8a496c85bd9b854050f`
SHA1	`f334bca9f251654036c54ed4df01e8045b7ff516`
SHA256	`22dca7dfe17e73cf673158478a3cac0dd90d4fa1f70f5b32f9cb1da686fa42a6`
SHA3	`b800b10544d901e043e292cbe295a1b255dd534e19efba2ac1a0ecaa80d951aa`

4076

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3f0`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.23213`
MD5	`93362c0090ae1baf662000277b0f9e94`
SHA1	`46ff5ba5fb52acd8c143c8c8ac692d934ac75dac`
SHA256	`6aac3d8f5acdae343135527ac2c3ab379ef35b3ad6505369c52d9f252279ac61`
SHA3	`c44274c226ca044be729dfefcc0ed8dcfc2e4a5abf6ecde500a9f062077378a3`

4077

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x47c`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.20418`
MD5	`f5ab73115aab969af36bbaf2f197a214`
SHA1	`a5eeede6a2281d8a62703e7d51d432f4ba1d5f1a`
SHA256	`624fe5db489042ac0963cc3efeef25f59ebb6b5233df058bdd20eb0a5a71f2f1`
SHA3	`2dc50e56851d722f2812ce5f2acb13ea62384b090019059f2e36bfcad519c1c7`

4078

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.23894`
MD5	`44d704f2932882bbd77a12d6b4b57977`
SHA1	`788a9015e9b83af59ba914ade50e5320d1680e7a`
SHA256	`c742164df2d50042dc5945234022130fc8551a9fa582173ca0cbf1e7956571e9`
SHA3	`2203796f1e8ab8c41ceca0dc3b47e9354986a7be0aef7e5ccec889af1d5df37a`

4079

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x53c`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.3061`
MD5	`e49f300b0afe9a10b618327c018d0321`
SHA1	`245a4a58efe4a58e3b4d3a2b406a98211112a896`
SHA256	`bf4e06c4a9055c721636c4b24283c0cd98a0385d130a5f5ce16b896f40e17d96`
SHA3	`d5582e1b3a582d444692a26370afbf60f306a03b57aaf071762d04211773d6ef`

4080

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x494`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.20274`
MD5	`e1c2fb7be6ad3abfbf2784d1558b35eb`
SHA1	`be9f5522fa91da3c44510b827f899d7d033c6d64`
SHA256	`8e25bcd1bda81e37f5737a385545cc73938e927212ca27dc9fbfa2e213af7eb5`
SHA3	`2c95be04d626d030783c30603f0c912eee2040df934a6dbb946f150d63648127`

4081

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x63c`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.23489`
MD5	`81b88a478f8bcd490f305873a3fc3fe4`
SHA1	`403ab952b70fdfa385a5c7c63b49c6dc57df0e1d`
SHA256	`cb6118aeb2708ff070878bb6f8ab0e97e5fb47a8a5c6cfa22fe7fa31847ed6cb`
SHA3	`8854ea2af376356391d26e1a97adae7a8011460cfc7c33c65e3c8bacd26ed5af`

4082

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2b4`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.31343`
MD5	`5e50acefd48543801569cd7b95f5e606`
SHA1	`e34608a1c5bd663889b3190e588bab864bbdeaa6`
SHA256	`a5777310d5f0640f2f71e7e1de8c82dd2627e4dde4928c471b2447dc295d7b27`
SHA3	`2732661435598326cdf461b0a0d29d30a727ca062f887757d07af32dd725f18a`

4083

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x440`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.23235`
MD5	`c7e90aaead6601e3856b8a91fc6001e3`
SHA1	`71e17f2f2bfaaceb03953b79c3ce659236afb3a2`
SHA256	`491807f7bece83b3e80a5dc08d1edc5c57c048b4d5609b844a2a6f7cef23361a`
SHA3	`ef8588ecd50db36f0b817ede56e43249e0005f447d7e4bbbc0468015d74b8045`

4084

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c8`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.26385`
MD5	`b1f34615c3304f9eddb25bf69069a3ef`
SHA1	`7cceedef946d9f7287afa4bfb7a2177a9e80cdbe`
SHA256	`08d811628337c32273b6e3cb706362006a009c999e8856648c3e8b3e6eabb104`
SHA3	`f5d91772d51bcff40e9f38eb663b6adde2dc1ac2bfe8bddf86b09baea2a103a2`

4085

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6cc`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.29677`
MD5	`72d15442b33ca51df6f375ef5129d361`
SHA1	`3af1484730416747289394157418ef501b52f431`
SHA256	`8944eea17764914649e6d0b8ba16810a100e9aa26ff7a566826a883c19781ec7`
SHA3	`ff14b9d0f51817cef17a0fb3a70f5f8f0173f38ea948e7deab7054fdca91d4f3`

4086

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x444`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.1362`
MD5	`e61580256df49a041c5c591d6427c332`
SHA1	`221444ce12a3ec950690e32e2daa82b6863f12be`
SHA256	`e4d7a5070cc6a54d374fd9d32331ba19926943b0e76eb4a04646a66ff2d013f7`
SHA3	`705091a0e0217a1225c400163aa4aaa7391e1f3ea403ad61ee273dc0b3f3c9f5`

4087

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x36c`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.26833`
MD5	`172fedb0730f91ac7f9c6dfae617f35e`
SHA1	`9efda87bb2b606d8469cb0f6c41b322034546db3`
SHA256	`f6cf4b8e36c24ae8e19c948463daf37c4713c64748c7db66220c9490df3ba86d`
SHA3	`909f7a452086f9e616d74ec98cc4bf449bfda4751f5e49c4d6bfdcbf8b9776ef`

4088

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3f0`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.26662`
MD5	`fa8bcadf7ebc6c81b87d88f0607390fb`
SHA1	`3711db84015efb157d81490c58a00f459a8c91c1`
SHA256	`217c7ee4ccd55794c92d969d4f0ab4884d4183ca3b7dc27345a257c1d7ac4759`
SHA3	`92073415a917cfe825f8cb58bd27ec86219e6462a46ecb25d2ba1f0a03de8200`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3c0`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.23636`
MD5	`fd597326a64b26894d65249df9bc4f42`
SHA1	`166136de1fc45471adb6ebaea5193bee49415d85`
SHA256	`9ae246614bb09323a591a391bc536a11a83c71b23f6f35a7989179745c2b46ba`
SHA3	`f57d45be2a4cd2205ea9d0348eaade10f68420eceee7e1833c7f01c3b9034724`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xf0`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.8942`
MD5	`4e0bdd0b5506bdeb5747dfff8b0c0b24`
SHA1	`ec81d8347a0e7e1fe0d21780ab729868614d093d`
SHA256	`20a88211d2706ccaafc049ace2750e0072e3755cc9c56f7517291a9a83eb1c7d`
SHA3	`db292f85e54473f3c8ae1151ace59334c0b01ef0f4ca1afb2b01caf09eef8884`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd8`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.9852`
MD5	`bff595d6a12e6245241288c4da2986cb`
SHA1	`43502b3ae6c8bfe0829b854e234138bfb245bbd8`
SHA256	`1eddbe329d5339582536f7dd2b5d8553b46f7c39611c11076e94e5b954377c4a`
SHA3	`a4c0d1de52c3a479db88530e47c938d644eb14c58230740c3225af7e142cd7f7`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2b8`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.26189`
MD5	`4ec7a13782f5c78d0959af29a196acb3`
SHA1	`ee39567793a4f87b73ef63193d23597c280a67f1`
SHA256	`b441f427a229ef80c687c695e415ac3fc73bc872240e21de6a915919aa2234f5`
SHA3	`57a2e9ef319510ac60d7e0815216cbab79407cf45802646ca3cf03408cad43c9`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x458`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.26148`
MD5	`6a3d6bd63b7ec4e07a63b1fd67d80773`
SHA1	`46d1a58824834952235238d60a90fcd011ed912f`
SHA256	`b590fb40e878c347136e667045159dae66326e28fc7c682463b236c3b3ba6889`
SHA3	`1c5f9d20f3f9c4cab567a0aaaca620c44c709a1075b5f4a3505c36d9d502c5ac`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x35c`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.24358`
MD5	`6fcf033ac3549ae30a74b745a641c15b`
SHA1	`ee25ac9c7df3b417f895f7b8ca7cb71b052102d5`
SHA256	`efbe61415b8d5dc846cb275e292ff6d035a71ff03360570ee791a355220a954e`
SHA3	`541f4c7021a4db88eaddb0c4ae17e6a7deb17f9b8213e98d6635c12b0e85d690`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x308`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.18366`
MD5	`bcb6e66d4ba2ba573a250c31f4c50f4f`
SHA1	`50548401506e749f0935d2e8317d81fef088646a`
SHA256	`8fc9d14d54a97905bc24bda6bb6ea3563053240f89af82bbab67ef26dad7b0b2`
SHA3	`2bad4eb9079b465c20b1b701958770bab5dd46316476a6d8f49728ad4cfcf657`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3b8`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`3.13307`
MD5	`41492d8dcb44da041b2e8e66b15238b5`
SHA1	`395158c7af5528c601158a184e5157ff0f40a2fe`
SHA256	`f8965f4c9d6a6629c42a55c84d2ba8dbc9ef3d0caef0f3fe07081ea5c784e494`
SHA3	`0d1b1634190edc3c7fa9ed5c5d1c5d0f02ba309473728bfd501c0413be11e676`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

PLATFORMTARGETS

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

32761

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`1.83876`
Detected Filetype	Cursor file
MD5	`a2baa01ccdea3190e4998a54dbc202a4`
SHA1	`e8217df98038141ab4e449cb979b1c3bbea12da3`
SHA256	`c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710`
SHA3	`8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc`
Preview

32762

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`1.91924`
Detected Filetype	Cursor file
MD5	`aff0f5e372bd49ceb9f615b9a04c97df`
SHA1	`e3205724d7ee695f027ab5ea8d8e1a453aaad0dd`
SHA256	`b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c`
SHA3	`9cb042121a5269b80d18c3c5a94c0e453890686aedade960097752377dfa9712`
Preview

32763

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`48e064acaba0088aa097b52394887587`
SHA1	`310b283d52aa218e77c0c08db694c970378b481d`
SHA256	`43f40dd5140804309a4c901ec3c85b54481316e67a6fe18beb9d5c0ce3a42c3a`
SHA3	`38753084b0ada40269914e80dbacf7656dc94764048bd5dff649b08b700f3ed5`
Preview

32764

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`1ae28d964ba1a2b1b73cd813a32d4b40`
SHA1	`8883cd93b8ef7c15928177de37711f95f9e4cd22`
SHA256	`ff47a48c11c234903a7d625cb8b62101909f735ad84266c98dd4834549452c39`
SHA3	`a85dadd416ce2d22aa291c0794c45766a0613b853c6e3b884a2b05fc791427b8`
Preview

32765

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`0893f6ba80d82936ebe7a8216546cd9a`
SHA1	`0754cbdf56c53de9ed7fbd47859d20b788c6f056`
SHA256	`a0adcedb82b57089f64e2857f97cefd6cf25f4d27eefc6648bda83fd5fef66bb`
SHA3	`ce6148ade08ef9b829f83cb13b4c650d9d4a7012bfd1ab697a7870a05f4104f8`
Preview

32766

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`dcaa3c032fe97281b125d0d8f677c219`
SHA1	`58fe36409f932549e2f101515abee7a40cf47b2c`
SHA256	`6e1e7738a1b6373d8829f817915822ef415a1727bb5bb7cfe809e31b3c143ac5`
SHA3	`02ef292e1b4a70e439e362af6b4fa213e3816ade45222b78dabab712b6afba54`
Preview

32767

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`a95c7c78d0a0b30b87e3c4976e473508`
SHA1	`b19f3999f1b302a2d28977cb18a3416c918d486c`
SHA256	`326c048595bbc72e3f989cb3b95fbf09dc83739ced3cb13eb6f03336f95d74f1`
SHA3	`8157b4e6afa7ed2e2ffc174d655bec9fb81db609e4c5864faa5ead931ff60689`
Preview

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`2.64576`
Detected Filetype	Icon file
MD5	`f6262f462f61a1af1cac10cf4b790e5a`
SHA1	`4aa3239c2c59fa5f246b0dd68da564e529b98ff4`
SHA256	`44b095a62d7e401671f57271e6cada367bb55cf7b300ef768b3487b841facd3c`
SHA3	`f2a1d165133c29eba349014fa5f8059ddebe1aba5b220fb89f1a474e95c482ca`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x714`
TimeDateStamp	2019-Jun-22 12:58:20
Entropy	`5.26418`
MD5	`378f6c5a58d46e5437a5441381b6e5a7`
SHA1	`37194279b45faf9cf1b7114fde5eae79117e2280`
SHA256	`086eb7fec67ef1048c4ab15d998abd629cf2a117f1375a7118d7a495ef54c1f7`
SHA3	`ea7bf80c069a68c68d2f57c4d3a06754da0bd02ae924a62ab48331ff2748908d`

String Table contents

It's not allowed to add a new chunk because the current image is invalid.
The png image could not be loaded from the resource ID.
Some operation could not be performed because the system is out of resources. Close some windows and try again.
Setting bit transparency color is not allowed for png images containing alpha value for each pixel (COLOR_RGBALPHA and COLOR_GRAYSCALEALPHA)
This operation is not valid because the current image contains no valid header.
The new size provided for image resizing is invalid.
The "Portable Network Graphics" could not be created because invalid image type parameters have being provided.
The "Portable Network Graphics" image could not be loaded because it uses an invalid image bit depth.
Error on call to Winsock2 library function %s
Error on loading Winsock2 library (%s)
The "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corrupted
This "Portable Network Graphics" image is invalid because it has missing image parts.
Could not decompress the image because it contains invalid compressed data.
Description:
The "Portable Network Graphics" image contains an invalid palette.
The file being read is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corrupted, try obtaining it again
This "Portable Network Graphics" image is not supported or it might be invalid.
(IHDR chunk is not the first)
This "Portable Network Graphics" image is not supported because either its width or height exceeds the maximum size of 65535 pixels.
There is no such palette entry.
This "Portable Network Graphics" image contains an unknown critical part which could not be decoded.
This "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.
This "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.
This "Portable Network Graphics" image uses an unknown color type which could not be decoded.
The chunks must be compatible to be assigned.
This "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.
This "Portable Network Graphics" image contains no data.
The program tried to add a existent critical chunk to the current image which is not allowed.
Invalid index
Unable to insert an item
Invalid owner
RichEdit line insertion error
Failed to Load Stream
Failed to Save Stream
%s is already associated with %s
This control requires version 4.70 or greater of COMCTL32.DLL
Date exceeds maximum of %s
Date is less than minimum of %s
You must be in ShowCheckbox mode to set to this date
Failed to set calendar date or time
Failed to set maximum selection range
Failed to set calendar min/max range
Failed to set calendar selected range
This "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)
Class '%s' is not registered for '%s'
%s parameter cannot be nil
Feature not supported by this style
Style '%s' is not registered
Cannot unregister the system style
Style not registered
Cannot call BeginInvoke on a control with no parent or window handle
Failed to clear tab control
Failed to delete tab at index %d
Failed to retrieve tab at index %d
Failed to get object at index %d
Failed to set tab "%s" at index %d
Failed to set object at index %d
MultiLine must be True when TabPosition is tpLeft or tpRight
Invalid item level assignment
Invalid level (%d) for item "%s"
Cannot remove shell notification icon
%s requires Windows Vista or later
Button%d
RadioButton%d
Caption cannot be empty
CategoryPanel must have a CategoryPanelGroup as its parent
Only CategoryPanels can be inserted into a CategoryPanelGroup
Unable to load style '%s'
Unable to load styles: %s
Style '%s' already registered
Style class '%s' already registered
Style '%s' not found
Style class '%s' not found
Invalid style handle
Invalid style format
Class '%s' is already registered for '%s'
Docked control must have a name
Error removing control from dock tree
- Dock zone not found
- Dock zone has no control
Error loading dock zone from the stream. Expecting version %d, but found %d.
Multiselect mode must be on for this feature
Length of value array must be >= length of prompt array
Prompt array must not be empty
&Username
&Password
&Domain
Login
Separator
Error setting %s.Count
Listbox (%s) style must be virtual in order to set Count
No OnGetItem event handler assigned
Right
Down
Ins
Del
Shift+
Ctrl+
Alt+
Value must be between %d and %d
All
Unable to insert a line
Clipboard does not support Icons
Cannot open clipboard: %s
Text exceeds memo capacity
Operation not supported on selected printer
There is no default printer currently selected
Menu '%s' is already being used by another form
&Ignore
&All
N&o to All
Yes to &All
&Close
BkSp
Tab
Esc
Enter
Space
PgUp
PgDn
End
Home
Left
Up
Metafiles
Enhanced Metafiles
Icons
Bitmaps
TIFF Images
Warning
Error
Information
Confirm
&Yes
&No
OK
Cancel
&Help
&Abort
&Retry
Scrollbar property out of range
%s property out of range
Menu index out of range
Menu inserted twice
Sub-menu is not in menu
Not enough timers available
Printer is not currently printing
Printing in progress
Printer index out of range
Printer selected is not valid
%s on %s
GroupIndex cannot be less than a previous menu item's GroupIndex
Cannot create form. No MDI forms are currently active
Can only modify an image if it contains a bitmap
A control cannot have itself as its parent
Cannot drag a form
Invalid image size
Invalid ImageList
Unable to Replace Image
Unable to Insert Image
Invalid ImageList Index
Failed to read ImageList data from stream
Failed to write ImageList data to stream
Error creating window device context
Error creating window class
Cannot focus a disabled or invisible window
Control '%s' has no parent window
. Path:
%s
Parent given is not a parent of '%s'
Cannot hide an MDI Child Form
Cannot change Visible in OnShow or OnHide
Cannot make a visible window modal
Tab position incompatible with current tab style
Tab style incompatible with current tab position
Bitmap image is not valid
Icon image is not valid
Metafile is not valid
Invalid pixel format
Invalid image
Scan line index out of range
Cannot change the size of an icon
Cannot change the size of a WIC Image
Unknown picture file extension (.%s)
Unsupported clipboard format
Unsupported stream format
Out of system resources
Canvas does not allow drawing
Text format flag '%s' not supported
Error querying headers: (%d) %s
Error obtaining session handle
Error sending data: (%d) %s
Error receiving data: (%d) %s
Error connecting to server: %s
Error opening request: (%d) %s
Error adding header: (%d) %s
Error removing header: (%d) %s
Error reading data: (%d) %s
Error setting timeout for the request: (%d) %s
Pair of extension and mime type already exists
Mime type cannot be empty
OLE error %.8x
Method '%s' not supported by automation object
Variant does not reference an automation object
Dispatch methods do not support more than 64 parameters
Credential without user and password
Platform-dependant function not implemented
Scheme-dependant function not implemented
Method already assigned
URL already assigned
Parameter index (%d) out of range (%d..%d)
Invalid URL: "%s"
Parameter "%s" not found
Maximum number of redirections (%d) exceeded
Error getting Server Certificate
Server Certificate Invalid or not present
Server Certificate not accepted
Empty certificate list
Unspecified certificate from client
Client rejected the certificate
Execution of request terminated with unknown error
UTF8: A start byte not followed by enough continuation bytes
UTF8: An unexpected continuation byte in %d-byte UTF8
UTF8: Type cannot be determined out of header byte
The input value is not a valid JSON
. Path '%s', line %d, position %d (offset %d)
The nesting level of JSON arrays / objects is greater than %d
Value '%s' not found
Value %s cannot be added to %s
Unexpected char for root element: .
Path ended with an open bracket
Path ended with an open string
Invalid index for array: %s
Unexpected character while parsing indexer: %s
Empty name not allowed in dot notation, use ['']
Scheme "%s" already registered for %s
Scheme "%s" is not registered
Cannot construct an ITask in this manner
List of tasks to Join method empty
At least one task in array nil
Cannot start a task that has already completed
One or more tasks were cancelled
One or more errors occurred
Must wait on at least one event
Cannot call BeginInvoke on a TComponent in the process of destruction
A regular expression specified in RegEx is required
Error in regular expression at offset %d: %s
Error studying the regex: %s
Successful match required
Strings parameter cannot be nil
Invalid index type
Index out of bounds (%d)
Invalid group name (%s)
Windows 8
Windows 8.1
Windows 10
Observer is not supported
Cannot have multiple single cast observers added to the observers collection
The object does not implement the observer interface
No single cast observer with ID %d was added to the observer collection
No multi cast observer with ID %d was added to the observer collection
Observer is not available
Invalid date string: %s
Invalid time string: %s
Invalid time Offset string: %s
Error decoding URL style (%%XX) encoded string at position %d
Invalid URL encoded character (%s) at position %d
The Break method was previously called. Break and Stop may not be used in combination in iterations of the same loop
The Stop method was previously called. Break and Stop may not be used in combination in iterations of the same loop
%s (Version %d.%d, Build %d, %5:s)
%s Service Pack %4:d (Version %1:d.%2:d, Build %3:d, %5:s)
32-bit Edition
64-bit Edition
Windows
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 2000
Windows XP
Windows Server 2003
Windows Server 2003 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
No help found for context %d
Unable to open Index
Unable to open Search
Unable to find a Table of Contents
No topic-based help system installed
No help found for %s
Argument out of range
Argument must not be nil
Unbalanced stack or queue operation
Item not found
Duplicates not allowed
Insufficient RTTI available to support this operation
Parameter count mismatch
Type '%s' is not declared in the interface section of a unit
VAR and OUT arguments must match parameter type exactly
Specified Login Credential Service not found
Invalid Timeout value: %s
SpinCount out of range. Must be between 0 and %d
Invalid Reset Count: %d
Invalid Count: %d
Invalid Decrement Count: %d
Invalid Increment Count: %d
Decrement amount will cause invalid results: Count: %d, CurCount: %d
Count already max: Amount: %d, CurCount: %d
Countdown already reached zero (0)
Timespan too long
The duration cannot be returned because the absolute value exceeds the value of TTimeSpan.MaxValue
Value cannot be NaN
Negating the minimum value of a Timespan is invalid
Invalid Timespan format
Timespan element too long
No context-sensitive help installed
Parameter %s cannot be nil
Parameter %s cannot be a negative value
Input buffer exceeded for %s = %d, %s = %d
Invalid characters in path
?
The given "%s" local time is invalid (situated within the missing period prior to DST).
No help viewer that supports filters
Invalid argument
Index out of range (%d). Must be >= 0 and < %d
String index out of range (%d). Must be >= %d and <= %d
Invalid UTF32 character value. Must be >= 0 and <= $10FFFF, excluding surrogate pair ranges
High surrogate char without a following low surrogate char at index: %d. Check that the string is encoded properly
Low surrogate char without a preceding high surrogate char at index: %d. Check that the string is encoded properly
Length of Strings and Objects arrays must be equal
Source and Destination arrays must not be the same
Class %s is not intended to be constructed
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented
Operation not allowed on sorted list
String expected
%s expected
%s not in a class registration group
Property %s does not exist
Stream write error
Thread creation error: %s
Thread Error: %s (%d)
Cannot terminate an externally created thread
Cannot wait for an externally created thread
Cannot call Start on a running or suspended thread
Cannot call CheckTerminated on an externally created thread
Cannot call SetReturnValue on an externally create thread
Invalid data type for '%s'
Invalid string constant
Line too long
List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d)
Out of memory while expanding memory stream
%s has not been registered as a COM class
Number expected
ANSI or UTF8 encoding expected
%s on line %d
Error reading %s%s%s: %s
Stream read error
Property is read-only
Failed to create key %s
Failed to get data for '%s'
CheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists
List does not allow duplicates ($0%x)
A component named %s already exists
String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Identifier expected
Invalid binary value
Invalid stream format
'%s' is an invalid mask at (%d)
''%s'' is not a valid component name
Invalid property value
Invalid property path
Invalid property value
Invalid source array
Invalid destination array
Character index out of bounds (%d)
Start index out of bounds (%d)
Invalid count (%d)
Invalid destination index (%d)
Invalid code page
Invalid encoding name
No mapping for the Unicode character exists in the target multi-byte code page
Invalid StringBaseIndex
Operation Cancelled
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range
Can't write to a read-only resource stream
''%s'' expected
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
Exception in safecall method
Object lock not owned
Monitor support function not initialized
Feature not implemented
Method called on disposed object
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%s%s
A call to an OS function failed
Jan
Feb
Mar
Apr
May
Jun
Invalid NULL variant operation
Invalid variant operation (%s%.8x)
%s
Custom variant type (%s%.4x) is out of range
Custom variant type (%s%.4x) already used by %s
Custom variant type (%s%.4x) is not usable
Too many custom variant types have been registered
Could not convert variant of type (%s) into type (%s)
Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Control-C hit
Privileged instruction
Exception %s in module %s at %p.
%s%s

Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Variant method calls not supported
Read
Write
Execution
Invalid access
Error creating variant or safe array
Variant or safe array index out of bounds
Variant or safe array is locked
Invalid variant type conversion
Invalid variant operation
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
<unknown>
'%s' is not a valid integer value
'%s' is not a valid integer value for %s type
'%s' is not a valid floating point value
'%s' is not a valid floating point value for %s type
'%s' is not a valid date and time
'%d.%d' is not a valid timestamp
'%s' is not a valid GUID value
'%s' is not a valid boolean value
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .tls has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .idata has a size of 0!
[*] Warning: Section .didata has a size of 0!
[*] Warning: Section .edata has a size of 0!
[*] Warning: Section .kyua0 has a size of 0!
[*] Warning: 1 invalid export(s) not shown.