3be905842d284ed9b831478ed50fa304

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Oct-19 01:48:38
Detected languages Chinese - Taiwan
English - United States
Korean - Korea
Portuguese - Brazil
Process Default Language
TLS Callbacks 1 callback(s) detected.
Debug artifacts C:\teamcity-agent\work\Trunk2017\build.msvc\Win32\Installer-Release\BootstrapperQTStudio\RobloxStudioLauncherBeta.pdb
CompanyName Roblox Corporation
FileDescription Roblox
FileVersion 1, 6, 3, 353595
LegalCopyright Copyright © 2019 Roblox Corporation. All rights reserved.
OriginalFilename Roblox.exe
ProductName Roblox Bootstrapper
ProductVersion 1, 6, 3, 353595

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h)
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • rundll32.exe
Contains references to internet browsers:
  • chrome.exe
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found: CPADinfo
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
  • LoadLibraryExW
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Can access the registry:
  • RegQueryValueExW
  • RegQueryInfoKeyW
  • RegSetValueExW
  • RegOpenKeyExW
  • RegCreateKeyExW
  • RegCloseKey
  • RegDeleteValueW
  • RegDeleteKeyW
  • RegEnumKeyExW
  • RegEnumValueW
  • RegFlushKey
  • SHDeleteKeyW
Possibly launches other programs:
  • CreateProcessW
  • ShellExecuteW
Uses Microsoft's cryptographic API:
  • CryptAcquireContextW
  • CryptReleaseContext
  • CryptGetHashParam
  • CryptCreateHash
  • CryptHashData
  • CryptDestroyHash
Can create temporary files:
  • CreateFileW
  • GetTempPathW
Has Internet access capabilities:
  • InternetCloseHandle
  • InternetOpenW
  • InternetReadFile
  • InternetWriteFile
  • InternetQueryDataAvailable
  • InternetSetOptionW
  • InternetConnectW
  • InternetQueryOptionW
  • WinHttpConnect
  • WinHttpCloseHandle
  • WinHttpOpen
  • WinHttpReadData
  • WinHttpQueryHeaders
  • WinHttpReceiveResponse
  • WinHttpWriteData
  • WinHttpSetTimeouts
  • WinHttpOpenRequest
  • WinHttpAddRequestHeaders
  • WinHttpCrackUrl
  • WinHttpSendRequest
Leverages the raw socket API to access the Internet:
  • #20
  • #23
  • #3
  • freeaddrinfo
  • #115
  • #116
  • #111
  • #19
  • #4
  • #9
  • getaddrinfo
Functions related to the privilege level:
  • DuplicateToken
  • OpenProcessToken
  • CheckTokenMembership
Enumerates local disk drives:
  • GetDriveTypeW
Manipulates other processes:
  • ReadProcessMemory
  • OpenProcess
  • EnumProcesses
Info The PE is digitally signed. Signer: Roblox Corporation
Issuer: Symantec Class 3 SHA256 Code Signing CA
Safe VirusTotal score: 0/71 (Scanned on 2019-11-20 02:04:59) All the AVs think this file is safe.

Hashes

MD5 3be905842d284ed9b831478ed50fa304
SHA1 faa01e8a8ec87fc044ce356cd11036cdfc9d5829
SHA256 c69b54ad81a59e598b6755a19068d6f43e7e0f48152959c33a9efc72effa5a82
SHA3 b05bdd1356e758789c5bc7870de7e6d12617c113c951875faa8626e5ad0f2d7a
SSDeep 49152:lBCN3vT0eRh5KTy8e6d5a3yMM+QoPKdAmNTZZrbgco00:lBoT01rb4
Imports Hash c6bdc1e848c64430ce44743b0081f6f5

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x140

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 2019-Oct-19 01:48:38
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xcde00
SizeOfInitializedData 0x16d400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000599FC (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xcf000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x241000
SizeOfHeaders 0x400
Checksum 0x1f6016
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 94c32c679cc1c787a6a010734bca1112
SHA1 37792e8fc716df01c5f8258f2c13772281e2c064
SHA256 e4ab3ee1dca3c33e2867ac08d6f7befe53cd4c6efece11c7cf6ab3654127d997
SHA3 e28d6158f91081e07737f498d5f8c4c7af3f50da768497264b7cc4b182350152
VirtualSize 0xcdc86
VirtualAddress 0x1000
SizeOfRawData 0xcde00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.63405

.rdata

MD5 43c0346f76fde50459720fdaa76cead8
SHA1 f4385de429106343b85ffdd441963be583117b58
SHA256 6087c9bfd37ca1887a3a0b10a7125508aea9b6e6f5c873e237f0debe7bd2b2d1
SHA3 130aa05f9f03fa957165f3a9251045ec09874dd05dd79798bc3f5a9747e9c07c
VirtualSize 0x433ec
VirtualAddress 0xcf000
SizeOfRawData 0x43400
PointerToRawData 0xce200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.73944

.data

MD5 7b2b76c7aa03822f0babc0e048013f3c
SHA1 07a29fb2b15afef073e8c8626d85ff2573fcfc5a
SHA256 3b6ce316fbbf4bc4296cfd9f8bfbd0cca6aa64ab2be27ed67afcc633634413be
SHA3 07b06e7c892f6ac2690e26194a0cac70cb717e40396fed87171f3116f9a18cbc
VirtualSize 0x56370
VirtualAddress 0x113000
SizeOfRawData 0x4a00
PointerToRawData 0x111600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.77454

.tls

MD5 8e3343efa9afc26ac6caf49228cbe049
SHA1 3143ac41539699ebe8a88a0a68b536da9d4608b2
SHA256 e0f57ad1d60c08a61e8f443f5134dd3cdd93b5d8201a4d149bdbaf1d540310bf
SHA3 a91e951cb0c6e94a1cf2e825ff96df04eaf95e1afb511c74656ca74d2e10e798
VirtualSize 0xd
VirtualAddress 0x16a000
SizeOfRawData 0x200
PointerToRawData 0x116000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

.gfids

MD5 a11f173d069b2a49b2b0a0f0a63afaa3
SHA1 686765136e8afee1f88c62f4145ae49012a09a28
SHA256 eb4c2ce8c8bdbf9dc2cd4b52f1acd550a0f494d8369149b61c5ea4ba0d299d96
SHA3 a56eda7ca6e9553ef3703523e815aa9259ed09a7c8f7dabe8c0dceccd7dece41
VirtualSize 0x1a4
VirtualAddress 0x16b000
SizeOfRawData 0x200
PointerToRawData 0x116200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.52119

CPADinfo

MD5 842689af09e7bf563672a4b43f1a2286
SHA1 87fd79e9cdafca9f691aeb6345b577953f4f53d0
SHA256 c6ab4dedabd0103aa45921ac166f6a9046356cb6073e10e06a3a8503472530cf
SHA3 abbb3e8624739cecd33afe9b57a68095eefc456c46e7dcc62374ca1c59012890
VirtualSize 0x28
VirtualAddress 0x16c000
SizeOfRawData 0x200
PointerToRawData 0x116400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.122276

.rsrc

MD5 4623d343101daa1d53f0019af3c2e156
SHA1 8ee77352bfcbc21054543587be5b0c22ba2f05e3
SHA256 a9c629c27e05aa0414809c5f9b8b1958a0c11df3e22bb038de1cd8ade69fde56
SHA3 3e11ed44723238d6febe10d9b4f3832a65b00bd5dc18b0b3c4c1eba4ebe0fb4e
VirtualSize 0xc85d0
VirtualAddress 0x16d000
SizeOfRawData 0xc8600
PointerToRawData 0x116600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.59661

.reloc

MD5 ad16aedd682507079ce9b5932873e901
SHA1 b13066f891d0d60543af0fae565a1f9aade8b591
SHA256 633977a544599b8961823905d71f799839f86e47daa69be23dfaf20bc9a4f4c0
SHA3 ea39462e970767a9cfb85f528992c6043a8a17e80c06d38b267907c64b5f45ac
VirtualSize 0xae70
VirtualAddress 0x236000
SizeOfRawData 0xb000
PointerToRawData 0x1dec00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.63522

Imports

KERNEL32.dll GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryW
GetFullPathNameW
DeleteCriticalSection
RaiseException
DecodePointer
CreateEventA
GetModuleHandleW
OpenEventW
CreateEventW
OpenMutexW
CreateMutexW
lstrlenW
lstrcmpW
CloseHandle
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
HeapSize
SwitchToThread
RegisterWaitForSingleObject
UnregisterWaitEx
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
DisconnectNamedPipe
ConnectNamedPipe
WaitNamedPipeW
CreateNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSection
GetSystemDefaultLCID
HeapFree
HeapReAlloc
HeapAlloc
GetThreadLocale
GetThreadContext
GetProcessId
SuspendThread
GetProcessTimes
SetProcessShutdownParameters
UnlockFileEx
LockFileEx
GetVersion
GetExitCodeThread
SleepEx
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
SetConsoleCtrlHandler
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
IsValidLocale
HeapDestroy
GetProcAddress
LocalFree
FormatMessageA
LockResource
LoadResource
SizeofResource
FindResourceW
FindResourceExW
CreateDirectoryW
CreateFileW
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
SetLastError
ReleaseSemaphore
Sleep
GetTickCount
CreateSemaphoreW
WaitForSingleObjectEx
VerSetConditionMask
GetFileSize
WriteFile
ReadFile
FormatMessageW
FindResourceA
GetTempPathW
DeleteFileW
GetVersionExW
VerifyVersionInfoW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
FreeLibrary
OpenProcess
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThread
GetStdHandle
FindClose
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LoadLibraryW
GetModuleFileNameW
CreateProcessW
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
FindFirstFileW
FindNextFileW
CopyFileW
GetGeoInfoW
GetUserGeoID
GetUserDefaultLCID
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
FreeConsole
AttachConsole
GetSystemTimeAsFileTime
CreateSemaphoreA
DuplicateHandle
GetModuleHandleA
GetShortPathNameW
IsWow64Process
GetFileSizeEx
FlushFileBuffers
SetFileTime
lstrcpyW
GetFileAttributesExW
MoveFileW
OpenEventA
GetCurrentProcessId
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetSystemInfo
WaitForMultipleObjectsEx
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateWaitableTimerW
SetWaitableTimer
FileTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
SetFilePointer
GetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrcmpiW
lstrcatW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
LoadLibraryExW
GetCommandLineA
GetCommandLineW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetFileType
SetFilePointerEx
ExitProcess
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
USER32.dll GetWindowRect
InvalidateRect
ShowWindow
SetWindowLongW
GetParent
CreateWindowExW
CallWindowProcW
DefWindowProcW
SendMessageW
UnregisterClassW
MessageBoxA
GetWindowLongW
DrawTextW
GetWindowTextW
SetForegroundWindow
IsWindowVisible
PostMessageW
LoadBitmapW
FillRect
MessageBoxExW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
SetWindowPos
CharUpperW
CharNextW
SetFocus
LoadAcceleratorsW
TranslateAcceleratorW
AllowSetForegroundWindow
SetWindowTextW
MessageBoxW
EnumWindows
GetWindowThreadProcessId
LoadIconW
PostQuitMessage
RegisterClassW
DestroyWindow
GetDlgItem
GetDlgCtrlID
SetTimer
KillTimer
EndPaint
GetSystemMetrics
EnableWindow
GetDC
ReleaseDC
BeginPaint
GDI32.dll CreateSolidBrush
DeleteObject
SetDCBrushColor
SelectObject
SetDCPenColor
Rectangle
GetStockObject
GetDeviceCaps
CreatePen
CreateFontW
SetBkMode
SetTextColor
RoundRect
ADVAPI32.dll RegQueryValueExW
RegQueryInfoKeyW
GetTokenInformation
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CryptCreateHash
CryptHashData
CryptDestroyHash
RegDeleteValueW
ImpersonateNamedPipeClient
DuplicateToken
OpenProcessToken
OpenThreadToken
IsValidSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
GetUserNameW
CheckTokenMembership
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
SystemFunction036
RevertToSelf
RegFlushKey
SHELL32.dll CommandLineToArgvW
SHGetFolderPathAndSubDirW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconA
#165
Shell_NotifyIconW
ole32.dll CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal
SHLWAPI.dll StrCmpW
PathFileExistsW
PathRemoveExtensionW
StrStrW
PathAppendW
PathRemoveFileSpecW
StrDupW
StrCmpNW
StrCpyW
SHDeleteKeyW
PathAddBackslashW
StrRChrW
VERSION.dll GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
WININET.dll InternetCloseHandle
InternetOpenW
InternetReadFile
InternetWriteFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetSetOptionW
HttpEndRequestW
HttpSendRequestExW
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
InternetQueryOptionW
HttpOpenRequestW
WS2_32.dll #20
#23
#3
freeaddrinfo
#115
#116
#111
#19
#4
#9
getaddrinfo
SensApi.dll IsNetworkAlive
USERENV.dll UnloadUserProfile
COMCTL32.dll InitCommonControlsEx
_TrackMouseEvent
gdiplus.dll GdipAlloc
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipCloneImage
PSAPI.DLL GetProcessImageFileNameW
EnumProcesses
WINMM.dll timeBeginPeriod
timeSetEvent
timeGetTime
timeGetDevCaps
WINHTTP.dll WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpCrackUrl
WinHttpSendRequest
POWRPROF.dll CallNtPowerInformation
IPHLPAPI.DLL GetAdaptersInfo

Delayed Imports

157

Type PNG
Language Process Default Language
Codepage UNKNOWN
Size 0x299
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.30906
Detected Filetype PNG graphic file
MD5 8c1df45f2214ab429392c89f6ec792bf
SHA1 ca2e99d5385a7f2035caecb3493c7a142eef749c
SHA256 2e512a3f77e5109f3a858cad954651cdf9d711e6a5fd1afc7b2c4c886e85e514
SHA3 af54f74632baaf08a0af61755e39f0726ae09cef1a1803d2d821d39e27bc1dfd

158

Type PNG
Language Process Default Language
Codepage UNKNOWN
Size 0x332
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.56743
Detected Filetype PNG graphic file
MD5 ce26e1488fce5a594efabdf51cd47925
SHA1 0157a0ed2f580e12c9b922eb7fe6c350d18f7991
SHA256 5bd023524116a046c4ccbaa5f0135f01a72c6bd601c4292db7bb49e167b5dbeb
SHA3 6e836d983d6dbaaf3d2e45146165dd7c150854f32ac65d5cafaa509462d9b053

159

Type PNG
Language Process Default Language
Codepage UNKNOWN
Size 0x300
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.4739
Detected Filetype PNG graphic file
MD5 f08ce75a5892e86ce83d1b4c054ee896
SHA1 3aa8f46e1928e439479ebe940bd1af3b0d5284d1
SHA256 73203ef33f691d679c82b4dfef0d188b6b31d8ab3f06026e6dedb05980e638b9
SHA3 ac5c2926fe0a2856f3ee842110e9e32487502b604589ae750c07720287236864

160

Type PNG
Language Process Default Language
Codepage UNKNOWN
Size 0x3b0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.62047
Detected Filetype PNG graphic file
MD5 1e898dd99415c425afe1edc7e859eed6
SHA1 2b8c1dcc27c9d7099919fda1a3c96567d1bb4e14
SHA256 25ec614d94423b40b76303b7ba4b56c94dc058ce7711ef82b769f16c68a2536e
SHA3 c74607f4f72e94103afda78683cbc6a197d2ee387802c18a4597add281c8338b

162

Type PNG
Language Process Default Language
Codepage UNKNOWN
Size 0x1ad8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.9464
Detected Filetype PNG graphic file
MD5 ee081cde1cb3698aeb8575abbcaff3d7
SHA1 b83a7167ca3d01e5ae8fa5653bffa108caf9a482
SHA256 bbadcb7e7c630a43d281a73a91002997e362bb19fd6f89d1b69d43118b467d94
SHA3 702870ba66185890e4e99435d97d3e2232578e2a0c406690340f563d3fad430f

165

Type PNG
Language Process Default Language
Codepage UNKNOWN
Size 0x15b1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.95776
Detected Filetype PNG graphic file
MD5 7e55149f492a28c5e6ed02b64f0d28ae
SHA1 2d977e05eefd1320d5e98df8e48275d3ec36f2da
SHA256 cecfb33bfa6d2ef7e46935af7600283eeadbd3f19118cde5b75b6ae71ea49393
SHA3 f4b56bd00c049a4ae5f0e454574396066b6e992f283c75b53c2e2b41d94c1bac

166

Type PNG
Language Process Default Language
Codepage UNKNOWN
Size 0x47a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.66343
Detected Filetype PNG graphic file
MD5 4f66cbb001c6e79e2aacb1003000d0d6
SHA1 a11f198d1c57b979eeab2f78a247e7ad88550718
SHA256 61beb9171d057cea7fd106a5c3c8fe78e1c461d9b1975c89c33d335a9f1f5a65
SHA3 185d1048e46446435e35577bb7a6473e992029733ab48042b51c4677a7d3a351

167

Type PNG
Language Process Default Language
Codepage UNKNOWN
Size 0x516
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.7187
Detected Filetype PNG graphic file
MD5 5e904dd75bdacec2b246cfa4d8cbee03
SHA1 4c3e8b3c2722cb081972dbbf92c4703e01dc1dd8
SHA256 145ad8a8f0a483286b272cddbf9f4b930a212025f3656302a944903b9cb01f8b
SHA3 058938d703a480c7d000e25b68f6ec8b85a667240199cfa95e47541c8a80ce00

168

Type PNG
Language Process Default Language
Codepage UNKNOWN
Size 0x336
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.63294
Detected Filetype PNG graphic file
MD5 db87d4655fbcd0ff8f26c46171cc72ac
SHA1 00bfb143eecc22db3a56243a190fd0f38e83df23
SHA256 3d3872e70c747708de53ddf8649e7d714576a48eb79598c7210661c8411a8693
SHA3 c9415bc372a72775525cc50782b63d903a59d98a8d89114f86c4feee9f3dfee4

169

Type PNG
Language Process Default Language
Codepage UNKNOWN
Size 0x363
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.61217
Detected Filetype PNG graphic file
MD5 3b27679d47b7e05555c6e80a0fe63e86
SHA1 18add382f2c04e3752183003798fd007bbac1139
SHA256 5c101b99f8c8a9d9a5643f3e245b0881c43cff20abd5c9cac0e7b85d2c770f90
SHA3 09f6771ca460beb86b865737de0c400dc16721be6ae4e820189860a7119e611f

170

Type PNG
Language Process Default Language
Codepage UNKNOWN
Size 0x1230
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.90587
Detected Filetype PNG graphic file
MD5 3bc8df1ae36711f8b8748d79a5d269a5
SHA1 35990d40b195ff2a0ef602020b1c6fbf16dcff71
SHA256 c5ee8e1e4f45b66dcb4b7508b4035538b316fd53e397393d6524864ec06987e9
SHA3 72b50ebeaa64d1b662143bec410e7197e69e4bdcd4cee534247febdd81d53e4e

171

Type PNG
Language Process Default Language
Codepage UNKNOWN
Size 0x1134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.91517
Detected Filetype PNG graphic file
MD5 555c74ca373bfe2e9b4ad3a1c690c426
SHA1 af701a3e684430af4360b166fc6932dfa7670fcc
SHA256 b36ed6a0908d9ad02fc18adb4c41bbb674f353ab404bf74bc15f0538a15ffa4d
SHA3 0d3135adae9cfc11d6a30ebf14905345b296fa6bf66bdca2e40c9a7799f50284

1

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x10618
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.25781
MD5 7061b1d7df61680a5043f3fef1254eb5
SHA1 2ab7a8f8d31fb400ee113545166192f626f659a8
SHA256 f94a49db5df323b4f9561a5384cc94fcdce47382700ad5f23b6a999774af4d77
SHA3 0532727efe078db84fc8cb8f9836e5ab6671d81cab5e91c2f96111034d2e2c4b

2

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.8905
MD5 328195faa501c9cfcd408fb9bdd5925f
SHA1 86ca7da2606ef1ad55e32dd3c632ed59ec32620b
SHA256 95dfa5a45043571818aaef7ba338a89f5147b085717a6fe449f2053c64b54235
SHA3 7e71543ace3b01d7195fa2999fe4de9e25de6e69cac01d630578e864d02858c3

3

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x413c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.00882
MD5 41133ded27b84011418ca645d86596c1
SHA1 d73b52de5024d9d7816b99b94b389250f7e9e7fc
SHA256 a50df5fea575d354494cd5496684c21eebdf1c46dc63f7ff7913d95ca7e3bafd
SHA3 a2a85e6488ea6a3e09b235b041eb77696d0a68e97a89cf0fa2b345d4994ca9c9

4

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31826
MD5 32e39d1ecefcd1467ed6176b5ded8eb7
SHA1 1eda461fde2caeb373cf562b69039c92b310d1ea
SHA256 63261cc20ba1aa9e174997f802084377c002846ed57ebb5b3066f904366cc730
SHA3 7b0b47833863af080969a0fda97a980c3f4f194e5cb11cafb75eb953698578fb

5

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.74775
MD5 5d074fb4ec5f10a2533ba5281c12f571
SHA1 6a191afa3883c0586246118626b6d150236a9d52
SHA256 bcdc7fa5f99d0e5d666de3b46fc876854f692101a21c190e5e3290148b2a8b7b
SHA3 6ac6a4bf638bbcd7506783c21059a26c031aa2fda911c8eb0ecb409cbe40608c

6

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x10618
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.25781
MD5 7061b1d7df61680a5043f3fef1254eb5
SHA1 2ab7a8f8d31fb400ee113545166192f626f659a8
SHA256 f94a49db5df323b4f9561a5384cc94fcdce47382700ad5f23b6a999774af4d77
SHA3 0532727efe078db84fc8cb8f9836e5ab6671d81cab5e91c2f96111034d2e2c4b

7

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.8905
MD5 328195faa501c9cfcd408fb9bdd5925f
SHA1 86ca7da2606ef1ad55e32dd3c632ed59ec32620b
SHA256 95dfa5a45043571818aaef7ba338a89f5147b085717a6fe449f2053c64b54235
SHA3 7e71543ace3b01d7195fa2999fe4de9e25de6e69cac01d630578e864d02858c3

8

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x6b8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.7494
MD5 393ccab52b96f6e4524e6deeb1071f3f
SHA1 5e3034c334530ab12c1b75bb5dca290e5937d59a
SHA256 0351d50096ebf31406edc224679c870b889d99ea8f06b7fa5b5f4e40f54f467b
SHA3 f6e8aadf6a7039230ffd38764222b5b321a589b7ca749302216dff17691db6da

9

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.60437
MD5 05df91fa46a69dab91cf70b9b7c44d24
SHA1 a22101eb8ede6b4014c5ebfa6e2023dd61804e09
SHA256 b5fbe6446436bcd19114641018b86761e82d52b91935e192f9ca95ea5584af3d
SHA3 b312deda379431ca810e3ccb79d72bf7a8bec6051d419bd2c37c4ee94c941dda

10

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x413c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.00882
MD5 41133ded27b84011418ca645d86596c1
SHA1 d73b52de5024d9d7816b99b94b389250f7e9e7fc
SHA256 a50df5fea575d354494cd5496684c21eebdf1c46dc63f7ff7913d95ca7e3bafd
SHA3 a2a85e6488ea6a3e09b235b041eb77696d0a68e97a89cf0fa2b345d4994ca9c9

11

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31826
MD5 32e39d1ecefcd1467ed6176b5ded8eb7
SHA1 1eda461fde2caeb373cf562b69039c92b310d1ea
SHA256 63261cc20ba1aa9e174997f802084377c002846ed57ebb5b3066f904366cc730
SHA3 7b0b47833863af080969a0fda97a980c3f4f194e5cb11cafb75eb953698578fb

12

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x1a68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.05596
MD5 8ecf554c39356a2e39251574254b4745
SHA1 9473dbedb3fafa776015a1ee449e5649c5f34b82
SHA256 7675f4e39cddc2d164c0aa657ae4512baa654264234ca5241af9a0c5d76cafbd
SHA3 a24d3ec58a1f0cde43c17c63f8a0ecf8d48fba15beb55a95add01ae51a81c757

13

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.93417
MD5 326ab180e981e282577b5b42e4a774f6
SHA1 deb05fac68f0966a5942bf275b0a1ef7eeb2505b
SHA256 966ef1bd2faf119ff1048cbb5060c0daa08b86b4972669da6e2c3a5395fb28b7
SHA3 cb1d4ab41cfd5cda95bb38f593f8e4110e7e0e91d7f6c52eb8170715dd57ef9d

14

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.74775
MD5 5d074fb4ec5f10a2533ba5281c12f571
SHA1 6a191afa3883c0586246118626b6d150236a9d52
SHA256 bcdc7fa5f99d0e5d666de3b46fc876854f692101a21c190e5e3290148b2a8b7b
SHA3 6ac6a4bf638bbcd7506783c21059a26c031aa2fda911c8eb0ecb409cbe40608c

15

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x148
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.05597
MD5 d462fee87d80030bb6a7233163512e1f
SHA1 f959852df41f8a18a5420b95b43b958a0036080b
SHA256 06903372da64497db2c17e0312718a40cc44ff161911e599576570a06e544161
SHA3 19a28d497400de1c7d17289b1290265e4137bf75afdbb963919422d200574ee0

16

Type RT_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.4553
MD5 b756846d3d537e5f6fb1b4d8190b6f4d
SHA1 d3530c27891fea6fd8c01793b29e377d1f390c2f
SHA256 c6e8ef2f6f713590b29e28a048b0608f5d4000d7df2d627a9a9d866e71fd5016
SHA3 9307dba98a7cc4eeec08c0abc8010be8d80eac1456eb91b833a703ba98680210

130

Type RT_DIALOG
Language Process Default Language
Codepage UNKNOWN
Size 0xfe
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.12907
MD5 d1abf688811da87c83e01743b3c1f726
SHA1 91a4d79a3dd276f4242f59889f2118bd25f8b5d7
SHA256 67ad3549b7386a7df9fcf2825450c74c99f089bbe81fa88898ad895c5d272805
SHA3 155eb34f9fc1cbd8baf42af1955bffa1c1159299a561d2c95c38314e07051d41

7 (#2)

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0xe2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.85602
MD5 822fd5c191e71b7d5cbd9af52d686aa8
SHA1 bb56dcaa48868826d2b5ca1dd7770c1a3ee489d7
SHA256 dbcc872a6e603832ec0dea6713d1e0b5cd47aaef5e770c919a3cc862b975e9ec
SHA3 0c5d2315c44e81c1bdafca1678357e2935a8061d9c0320ca8825bd9dc1d9e0c6

7 (#3)

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x21c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.44789
MD5 b7bfeb430e8a287e5fa4cb641874f6d0
SHA1 9acd7dc6b06931159af85e8c44836c0d2ae83a57
SHA256 5ca83a7c4b19aac413277fcc984673551abf71a09389f793df184dddb4948d25
SHA3 bb01371e744afa87cef36f1bc4deeb0bcfe25a3a08fd3a52eb8ca39a58347472

7 (#4)

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x220
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.40784
MD5 d97478bb26e241ae15e6ff60b50650cb
SHA1 c1a3eaa11acd8f731cb3a4edd98ef3825453de93
SHA256 e79c771ba76ec34c7de698d5e2129162006ee7d2fba679a00035cbca3c9b1550
SHA3 d58820b6a8747024d9619f5af1d484ed83f30e269407cd18ee6177f7cc42f514

7 (#5)

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x236
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.48305
MD5 b3868872ba55c2f767aefc8f831a5b07
SHA1 f3a97ee0f080ed149fc0537054ec95bd9b646541
SHA256 b2292beca2a38107b00d9162790d36a1d9dcfa1825d47828b34e5dab647591b9
SHA3 9d81613373df5470e5bc0aa3be3e631e391c49acb896d86e5e2504e1b8221c11

7 (#6)

Type RT_STRING
Language Chinese - Taiwan
Codepage UNKNOWN
Size 0xe6
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.06832
MD5 775849b036d1ac2cf0c639d0ee932719
SHA1 0aae7bae5e2384b8786ced04e9a30e40e7fdb16c
SHA256 091ffb41fa1d502496e47b9b652c2aea5387aefd17f1c2cbe4eb9641601d2069
SHA3 5a219997b3c58279e819bb705c3f8915b7263e4c1b53b1707e9855637c80fccb

7 (#7)

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x212
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.51877
MD5 56478327cd4f86abcb59e54afe5bb1b8
SHA1 7813814dfa89b1798a9c39c630ab947e6b3fccb2
SHA256 37c061e88616019269f7f9c64d9a2e9532a0c428e857e6a386db41e7bdae8812
SHA3 7ace259139e5bcd13864b6b4513705c538b913c759b76dd800783ef169fbd5c8

7 (#8)

Type RT_STRING
Language Korean - Korea
Codepage UNKNOWN
Size 0x11c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.78527
MD5 b635400cafbaf1889406d08b9b831cea
SHA1 9802960273ed8c25f01eaf9b9b1d9653b02ff807
SHA256 c9a5eefbd265f23cd84f70844603a474b66a918d07dcf36e33edd2fb480fcad6
SHA3 929465d56cab159191f65a7fc54688539092e79252eaad7721ba159d002948a7

7 (#9)

Type RT_STRING
Language Portuguese - Brazil
Codepage UNKNOWN
Size 0x1e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.38178
MD5 5461f60c196f792aa22edd958dfe0972
SHA1 d6a2a0e47fc3676b024e074a44c25397abbdc142
SHA256 09aef5011a5a4341708b22f9f6ddaf3947cda52b5d51ca0cb49c8b74fbdf7b1f
SHA3 cf33ed35a4d15b22c596878441c1e38dfb4acea38804aeaf75db89eab95f562b

8 (#2)

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x1cc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.3048
MD5 53d6cb4965a5e30c53e9a4503d0d1d30
SHA1 dccfdf859681789ab5b5d97fdb72b54f2f51fe63
SHA256 b23c162db111dad1027b4d45e731c24d9d6da14f03ee761a8a6bcddd57aa88d8
SHA3 702de3d486e6973530594321cf7dfaef3859fbb8931dfd222e03dbb38203f116

8 (#3)

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x456
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.32039
MD5 623344fdcfee313605196bbfaf7cb798
SHA1 06ae1e8762c709af48ea361ea7b1d171248b6337
SHA256 1f6af97c0a892fb0ba89b58814ce5ea40759ff9d3f163283350b6cc5f5f9f248
SHA3 83b7b42c056e3eda79e281012742e8cf36d975a25a0210541bbbf9470fa1cf43

8 (#4)

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x3ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.34126
MD5 0b80db912a617615ed449069757169e3
SHA1 2a42c8cabd6e50ed86d1c8f589c381ce7196a86a
SHA256 fea6829a68ab66a91c9269640e816e1121a02ef43db8c0d22b9c26179c77a692
SHA3 4dca02aaed8604acf4f75523bcbf8cbba4615e619e1ba7a4fb7051bf62322ca1

8 (#5)

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x410
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.40914
MD5 afb1bd9c5e257bc43b2789d5ff19aa80
SHA1 1b1d1aa86f4f682e242a658b3276a848324eb020
SHA256 92f52f3f737722a52917da094119f0ca5c6efd8eab81571812fc466351b3e18a
SHA3 367f2425a06e472a777354f8512acc1c87fbd95eb8dac6eec13aa81892d1b6c0

8 (#6)

Type RT_STRING
Language Chinese - Taiwan
Codepage UNKNOWN
Size 0x1b4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.31833
MD5 e40c21c45119d3ed7d3b735c88c4e7cb
SHA1 f8f7cfba1450b04a717604c4d47d519f4fe7c0b1
SHA256 d410c8a641e993f9e390da1f1d98362a71872c8e293ac14b688a27f98d893d61
SHA3 eb56dcaa4e3f76d6d1cc551ac30ec1a26d37175ba6971af516bbbb516908357e

8 (#7)

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x37c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.35096
MD5 6410f4a6e1779c4c831879c4b1ba80c4
SHA1 8a93be39f1df7eff1f3cae18d1cbbbc9b5555762
SHA256 be489f1c0d45d77335db72745a8ce71cb49e40d0e9f32593604293fb923fb23a
SHA3 c1aa0f00361c815bb9afbab758600473e286d5894bbea2dc166570503b347015

8 (#8)

Type RT_STRING
Language Korean - Korea
Codepage UNKNOWN
Size 0x240
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.99488
MD5 be37464a04529ca481cd3e7334584f6f
SHA1 e88b21f25c3d90400a8599e0039856bdde75572f
SHA256 fed07bcb383b7f6e40ce8bb1acf364cae51c35c1a46367486d31656b4ed20586
SHA3 2888409a9b3217b59ef2014c24d0bc4c157a2bf7129fb71e8e7436843cc75818

8 (#9)

Type RT_STRING
Language Portuguese - Brazil
Codepage UNKNOWN
Size 0x3ae
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.37397
MD5 8dc8c2a01185a935312ae164c82d4d82
SHA1 1fb9cd4e90155e621539d2ed8d45a864f09621bf
SHA256 55e3595895e392278fabc8f8b4015bfbd87edc15607890ca5b7cda0675d77d77
SHA3 d80daa757c00f5a0f60c77567f20072720bc6b0a1dee9385d7875bfb3be48e10

9 (#2)

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x176
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91787
MD5 4447ed90c9f5fccb56430f97630c8d3b
SHA1 9e4f692d246695c83d33255d1cf31e2421c9b321
SHA256 8aab438ede4dae8f9172d4b5344959add5286a0d1fc3d6635312d69a255aeef7
SHA3 736d3f1e300381e806161cf04b16bd6a2957aa19e6e9226426cb3b175e5f6caa

9 (#3)

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x30c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.15951
MD5 735eb907685bc9e056389c8f6c4b3989
SHA1 8d2b1cd986ab125181aeef0445bd413511408691
SHA256 2cd91ce9fb31ae408fdd7c0d81e374d458437721994a1258fa2aa5533bfd739a
SHA3 8de02913e72bf3f4b1a5e069a2696620def0f0533c6312bfaf4b1d8070adae44

9 (#4)

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x2be
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.11118
MD5 4ed06230852d705beb3a9696a80c6d9d
SHA1 c755e9d91428647ff273b33186e8fecb91f4e3b7
SHA256 f0c8d1a66b6eb806b5f1d5d0abf1cd74bbaec51e8f4907a9baaa8f04a341ad7e
SHA3 e22ca22966c02b01768e30573ce94ee71ba777a9fec38c43980add9309d2f990

9 (#5)

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x32a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.10321
MD5 707d33caab0ad8c53bd1e8f460d362f3
SHA1 ec1bbc57717dbca8fb8525c75dcdf99760d308e2
SHA256 8d46fecc1d3993270a2ddcb60e989b0cf106cdd524942ddd0216a339513a3ad3
SHA3 a595bf8882c261164708b62e5b6a4386b1228df99346e2f961a1a9edae8c608a

9 (#6)

Type RT_STRING
Language Chinese - Taiwan
Codepage UNKNOWN
Size 0x164
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.85322
MD5 302c680a1b949d1caf7fc93d495517bc
SHA1 f4604c1fcf247bfc4808b8db69e5b087e16e935d
SHA256 7a7ea46e33c24b219b983943b8f9c94d467650512da3c2e96c76ed57bd5fe336
SHA3 d0ee60087ed37677f699d1b28a8f3c979a887f67913659b6479ecc00d2092326

9 (#7)

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x29c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.08483
MD5 4a0be20d8d0f6bc45d873c44fb1beb74
SHA1 ba138bac8c8e3daf868f4475d201dcc9086ac9b9
SHA256 9e1d7c696de26e0b2399e86f7b592a7babd1dd956a9fe8b40ab50b3b310edb30
SHA3 aac9dd5688834f5a3b7a1e5a75b8151d6cdfa095e7dc3d3c459bb139840af67f

9 (#8)

Type RT_STRING
Language Korean - Korea
Codepage UNKNOWN
Size 0x1c0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.62923
MD5 fd289e241d4460e980ed193ee11ece7f
SHA1 0e5856030461dab486095cfa77e8c72804547c54
SHA256 984f74f62e0ce3ac4533448e1cb8f4cedf1dea298872b9a0d4d2e6b54c18234d
SHA3 ac56f157727beb42d235796e6b1172893f6060241dce8e3445437a267a5eb06e

9 (#9)

Type RT_STRING
Language Portuguese - Brazil
Codepage UNKNOWN
Size 0x29a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.0813
MD5 ee8425cddbdfa1741bd7df70a6ef1d53
SHA1 d20487e45b912ab52c1ff5ec6f2f6924c55875db
SHA256 f8266a4b2d108b1f447c8698073559e978e28c673e447f16cc4377055b715b98
SHA3 626aaac814fb921a0b059d7046256e12a1d907f0b7ddb09b9b4060e3a552602e

11 (#2)

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x2e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.10136
MD5 3cc1fd8bb98a60d73606e185ee29d78e
SHA1 31f7ac71520b50c32e26f2c2febf9615438c4bd6
SHA256 99cc367ca9f2c9fa7a2efa34c068262dcacd68dc16e0b103648e87b026139698
SHA3 93be0f363d7b2ddf9254e0fefc514bd9bd064c50efc554eeb5ddba69163017cb

131

Type RT_ACCELERATOR
Language Process Default Language
Codepage UNKNOWN
Size 0x8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2
MD5 89f0636f6e66627ef5529a478982c33e
SHA1 af1c3b7b4ba6e1718d2b6f2bef1f4740bca81393
SHA256 0e690e70c2c1e194b5534bbcfada8039486f6e4baebf26a3e7e29d43737012a9
SHA3 8f6d3dae032358c523cd9963714b6e5bc9d98d88c4e0913df15eabfccb47eb30

2 (#2)

Type RT_GROUP_ICON
Language Process Default Language
Codepage UNKNOWN
Size 0xe6
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.22485
Detected Filetype Icon file
MD5 3977cd5664b9231d293a23db7a30bbe7
SHA1 f0c8da47e23111345b885bd2c545848cd87295d4
SHA256 0116bae8993aeda370691d7b52fec1e41290800c5a4723587058daa7731c20cc
SHA3 a29d73b3569e568ac2c76d845d9060cc4755e85b14333b6b45f8656c360a0719

1 (#2)

Type RT_VERSION
Language Process Default Language
Codepage UNKNOWN
Size 0x300
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.46889
MD5 3342c4ae86160ed60bd0d50eb71094af
SHA1 262fe87a7f30a970b787af4f9c150a75844abea9
SHA256 8e257eef75a990300604fb9683564e2db3977e4def02c8e916671db50fe6004f
SHA3 e4b69f25484ca0d9ea73533cd4a7c895612c2facbebba72d04aa99f339890f0a

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x42e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.33374
MD5 38511124eab6ef21700ff1e0ed33f751
SHA1 e80e708c73e52056e992438d75f3a0195c01567b
SHA256 485418ac922bdb74173e3a828e73380a95bff6481044a740dd8259f378cd1b60
SHA3 ce60370f875748c62b21b2910a17235e415e8c634ab330e4224fc289d9a443b8

String Table contents

ROBLOX 已成功安装!
点击'开始游戏'按钮即可加入行动!
ROBLOX STUDIO 已成功安装!
Click "运行 Studio" 开始制作你的新游戏!
下载并安装 %s
正在运行文件检查...
ROBLOX WURDE ERFOLGREICH INSTALLIERT!
Klicke auf 'Spielen' und stürze dich in die Action!
ROBLOX STUDIO WURDE ERFOLGREICH INSTALLIERT!
Klicke auf "Studio starten" und erschaffe dein neues Spiel!
Roblox herunterladen und installieren
Dateien werden geprüft ...
¡ROBLOX SE HA INSTALADO CORRECTAMENTE!
¡Haz clic en el botón Jugar en cualquier juego para unirte a la acción!
¡ROBLOX STUDIO SE HA INSTALADO CORRECTAMENTE!
¡Haz clic en Lanzar Studio para crear tu nuevo juego!
Descargar e instalar %s
Verificando el archivo ...
ROBLOX A ÉTÉ INSTALLÉ AVEC SUCCÈS !
Cliquez sur « Jouer » sur n'importe quel jeu pour plonger dans l'action !
ROBLOX STUDIO A ÉTÉ INSTALLÉ AVEC SUCCÈS !
Cliquez sur « Lancer Studio » pour créer votre nouveau jeu !
Télécharger et installer Roblox
Vérification du fichier...
ROBLOX 已成功安裝!
在任何遊戲按一下「開始遊戲」按鈕以加入行動!
ROBLOX STUDIO 已成功安裝!
按一下「啟動 Studio 」來製作您的新遊戲!
下載並安裝 Roblox
檔案檢查進行中…
setup.roblox.com
www.roblox.com
ROBLOX IS SUCCESSFULLY INSTALLED!
Click the 'Play' button on any game to join the action!
ROBLOX STUDIO IS SUCCESSFULLY INSTALLED!
Click "Launch Studio" to make your new game!
Download and install %s
Performing file check...
ROBLOX 설치에 성공했어요!
원하는 게임의 '플레이' 버튼을 클릭하여 시작하세요!
ROBLOX STUDIO 설치에 성공했어요!
새 게임을 만들려면 "Studio 시작"을 클릭하세요!
Roblox 다운로드 및 설치
파일 확인 중...
ROBLOX FOI INSTALADO COM SUCESSO!
Clique no botão Jogar em qualquer jogo para entrar na ação!
ROBLOX STUDIO FOI INSTALADO COM SUCESSO!
Clique em Iniciar Studio para criar seu novo jogo!
Baixe e instale Roblox
Verificando o arquivo...
文件检查完毕
启动 %s ...
%s 已是最新版本
正在升级 %s ...
正在安装 %s ...
正在连接至 %s ...
下载最新版引导程序?
正在获取最新版本的 %s ...
请稍候 ...
正在关闭 %s
正在卸载 %s ...
%s 已卸载
正在配置 %s ...
取消
请注意,出于安全原因,Roblox 将在不久后不再支持 Windows XP 或 Vista 系统。若要继续使用 Roblox,请更新至 Windows 7 或更高版本。
Dateiprüfung abgeschlossen
%s wird gestartet ...
%s ist auf dem neuesten Stand
%s wird aufgewertet ...
%s wird installiert ...
Verbindung zu %s wird hergestellt ...
Neuesten Bootstrapper herunterladen?
Neueste Version von %s wird beschafft ...
Bitte warten ...
%s wird abgeschaltet
%s wird deinstalliert ...
%s wurde deinstalliert
%s wird konfiguriert ...
Okay
Abbrechen
Bitte beachte, dass Roblox aus Sicherheitsgründen Windows XP oder Vista bald nicht mehr unterstützen wird. Um Roblox weiterhin zu spielen, aktualisiere bitte auf Windows 7 oder höher.
Verificación del archivo finalizada
Inicializando %s ...
Roblox está actualizado
Actualizando %s ...
Instalando %s ...
Conectando a %s ...
¿Descargar el programa de arranque más reciente?
Obteniendo la versión más reciente de %s ...
Espera...
Cerrando %s
Desinstalando %s ...
%s ha sido desintalado
Configurando %s ...
Aceptar
Cancelar
Por razones de seguridad, pronto Roblox dejará de ser compatible con Windows XP o Vista. Para seguir jugando Roblox, actualiza a Windows 7 o a una versión superior.
Vérification du fichier terminée
Lancement de : %s...
%s est à jour
Amélioration de : %s...
Installation de : %s...
Connexion à : %s...
Télécharger le plus récent bootstrapper ?
Récupération de : %s…
Veuillez patienter...
Fermeture de : %s
Désinstallation de : %s...
%s a été désinstallé
Configuration de : %s...
OK
Annuler
Note que, pour des raisons de sécurité, dans le futur, Roblox ne supportera plus Windows XP ou Vista. Pour continuer à jouer à Roblox, il faut faire une mise à niveau vers Windows 7 ou supérieur.
檔案檢查完成
正在啟動 %s …
%s 已是最新版本
正在升級 %s …
正在安裝 %s …
正在連線到 %s …
下載最新的bootstrapper?
正在擷取最新的 %s …
請稍後 …
正在關閉 %s
正在卸載 %s …
%s 已安裝
正在設定 %s …
確定
取消
為了保護使用者的安全,Roblox 未來將不再支援 Windows XP 或 Vista。若要繼續使用 Roblox,請升級到 Windows 7 或更高版本。
File check complete
Starting %s ...
%s is up-to-date
Upgrading %s ...
Installing %s ...
Connecting to %s ...
Download the latest bootstrapper?
Getting the latest %s ...
Please Wait ...
Shutting down %s
Uninstalling %s ...
%s has been uninstalled
Configuring %s ...
OK
Cancel
Please note that for security reasons, in the near future Roblox will no longer support Windows XP or Vista. To keep playing Roblox, please upgrade to Windows 7 or above.
파일 확인 중...
%s 시작 중...
%s이(가) 최신 상태네요
%s 업그레이드 중...
%s 설치 중...
%s에 연결 중...
최신 bootstrapper를 다운로드할까요?
최신 %s을(를) 가져오는 중...
잠시 기다려주세요...
%s 종료 중
%s 삭제 중...
%s이(가) 삭제되었어요
%s 구성 중...
확인
취소
머지 않아 Roblox는 보안상의 이유로 인해 Windows XP 및 Vista 지원을 중단할 예정입니다. Roblox를 계속해서 플레이하려면 Windows 7 이상으로 업그레이드하세요.
Verificação concluída
Iniciando %s...
%s está atualizado
Fazendo upgrade %s...
Instalando %s...
Conectando-se ao %s...
Baixar a versão mais recente do bootstrapper?
Obtendo a versão mais recente do %s...
Aguarde...
Desligando %s
Desinstalando %s...
%s foi desinstalado
Configurando %s...
OK
Cancelar
Please note that for security reasons, in the near future Roblox will no longer support Windows XP or Vista. To keep playing Roblox, please upgrade to Windows 7 or above.
请注意,出于安全原因,Roblox 的下一个更新版本中将不再支持 Windows XP 或 Vista 系统。若要继续使用 Roblox,请更新至 Windows 7 或更高版本。
请注意,出于安全原因,Roblox 将不再支持 Windows XP 或 Vista 系统。若要继续使用 Roblox,请更新至 Windows 7 或更高版本。
Bitte beachte, dass Roblox in der nächsten Version aus Sicherheitsgründen Windows XP oder Vista nicht mehr unterstützen wird. Um Roblox weiterhin zu spielen, aktualisiere bitte auf Windows 7 oder höher.
Bitte beachte, dass Roblox aus Sicherheitsgründen Windows XP oder Vista nicht mehr unterstützt. Um Roblox weiterhin zu spielen, aktualisiere bitte auf Windows 7 oder höher.
Por razones de seguridad, el próximo lanzamiento de Roblox dejará de ser compatible con Windows XP o Vista. Para seguir jugando Roblox, actualiza a Windows 7 o a una versión superior.
Por razones de seguridad, Roblox ya no es compatible con Windows XP o Vista. Para seguir jugando Roblox, actualiza a Windows 7 o a una versión superior.
Note que, pour des raisons de sécurité, dans la prochaine mise à jour, Roblox ne supportera plus Windows XP ou Vista. Pour continuer à jouer à Roblox, il faut faire une mise à niveau vers Windows 7 ou supérieur.
Note que, pour des raisons de sécurité, Roblox ne supporte plus Windows XP ou Vista. Pour continuer à jouer à Roblox, il faut faire une mise à niveau vers Windows 7 ou supérieur.
為了保護使用者的安全,Roblox 在下一個版本裡不再支援 Windows XP 或 Vista。若要繼續使用 Roblox,請升級到 Windows 7 或更高版本。
為了保護使用者的安全,Roblox 已不再支援 Windows XP 或 Vista。若要繼續使用 Roblox,請升級到 Windows 7 或更高版本。
Please note that for security reasons, in the next release Roblox will no longer support Windows XP or Vista. To keep playing Roblox, please upgrade to Windows 7 or above.
Please note that for security reasons, Roblox no longer supports Windows XP or Vista. To keep playing Roblox, please upgrade to Windows 7 or above.
다음 릴리스부터 Roblox는 보안상의 이유로 인해 Windows XP 및 Vista를 지원하지 않을 예정입니다. Roblox를 계속해서 플레이하려면 Windows 7 이상으로 업그레이드하세요.
Roblox는 보안상의 이유로 인해 Windows XP 및 Vista를 더 이상 지원하지 않습니다. Roblox를 계속해서 플레이하려면 Windows 7 이상으로 업그레이드하세요.
Please note that for security reasons, in the next release Roblox will no longer support Windows XP or Vista. To keep playing Roblox, please upgrade to Windows 7 or above
Please note that for security reasons, Roblox no longer supports Windows XP or Vista. To keep playing Roblox, please upgrade to Windows 7 or above.
VANILLA

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.6.3.25915
ProductVersion 1.6.3.25915
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Roblox Corporation
FileDescription Roblox
FileVersion (#2) 1, 6, 3, 353595
LegalCopyright Copyright © 2019 Roblox Corporation. All rights reserved.
OriginalFilename Roblox.exe
ProductName Roblox Bootstrapper
ProductVersion (#2) 1, 6, 3, 353595
Resource LangID Process Default Language

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2019-Oct-19 01:48:38
Version 0.0
SizeofData 142
AddressOfRawData 0x104e5c
PointerToRawData 0x10405c
Referenced File C:\teamcity-agent\work\Trunk2017\build.msvc\Win32\Installer-Release\BootstrapperQTStudio\RobloxStudioLauncherBeta.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2019-Oct-19 01:48:38
Version 0.0
SizeofData 20
AddressOfRawData 0x104eec
PointerToRawData 0x1040ec

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Oct-19 01:48:38
Version 0.0
SizeofData 1040
AddressOfRawData 0x104f00
PointerToRawData 0x104100

TLS Callbacks

StartAddressOfRawData 0x56a000
EndAddressOfRawData 0x56a00c
AddressOfIndex 0x568690
AddressOfCallbacks 0x4cf8d4
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks 0x0045267B

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x513500
SEHandlerTable 0x504730
SEHandlerCount 459

RICH Header

XOR Key 0xce63e9cf
Unmarked objects 0
241 (40116) 15
243 (40116) 174
242 (40116) 30
199 (41118) 4
ASM objects (VS2015 UPD3 build 24123) 29
C++ objects (VS2015 UPD3 build 24123) 64
C objects (VS2015 UPD3 build 24123) 39
C++ objects (23013) 2
C objects (VS2008 SP1 build 30729) 4
Imports (VS2008 SP1 build 30729) 41
Total imports 408
C objects (VS2017 v15.9.11 compiler 27030) 8
ASM objects (VS2017 v15.9.11 compiler 27030) 2
C++ objects (VS2017 v15.9.11 compiler 27030) 128
C++ objects (VS2015 UPD3.1 build 24215) 48
Resource objects (VS2015 UPD3 build 24210) 1
151 1
Linker (VS2015 UPD3.1 build 24215) 1

Errors

<-- -->