Manalyze report for 49d14b1fd0a849e4dd96bc16b1098ffc

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Apr-25 01:16:29
Detected languages	English - United States
Debug artifacts	C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\Setup___Win32_Release_Prerequisites_Unicode\setupPreReq.pdb
CompanyName	NeoDeck Software Corp
FileDescription	Setup Launcher Unicode
FileVersion	`3.0.0.7`
InternalName	Setup
LegalCopyright	Copyright (c) 2012 Flexera Software LLC. All Rights Reserved.
OriginalFilename	InstallShield Setup.exe
ProductName	NeoMed Client
ProductVersion	`3.0.0.7`
Internal Build Number	115289
ISInternalVersion	19.0.160
ISInternalDescription	Setup Launcher Unicode

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run` `Contains domain names: http://www.installshield.com http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode installshield.com www.installshield.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Code injection capabilities: VirtualAlloc WriteProcessMemory OpenProcess` `Code injection capabilities (process hollowing): WriteProcessMemory SetThreadContext ResumeThread` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegEnumKeyW RegCreateKeyW RegEnumKeyExW RegQueryInfoKeyW RegDeleteKeyW RegEnumValueW RegDeleteValueW RegSetValueExW RegCreateKeyExW RegQueryValueExW RegOpenKeyExW RegCloseKey RegOpenKeyW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: GetTempPathW CreateFileA CreateFileW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtectEx VirtualProtect` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: WriteProcessMemory Process32FirstW Process32NextW OpenProcess` `Can take screenshots: GetDC FindWindowW CreateCompatibleDC BitBlt` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE's resources present abnormal characteristics.	`Resource 103 is possibly compressed or encrypted.`
Info	The PE is digitally signed.	`Signer: NEODECK HOLDINGS CORP` `Issuer: Go Daddy Secure Certification Authority`
Safe	VirusTotal score: 0/66 (Scanned on 2018-04-05 16:49:55)	`All the AVs think this file is safe.`

Hashes

MD5	`49d14b1fd0a849e4dd96bc16b1098ffc`
SHA1	`8773c0a08cdd8bb51ed1b8bed7472562188a945f`
SHA256	`a93e292d40d0bdd4c8e237dc72c72e019b5f7652fbb9ad8120ef69c2f98efb5b`
SHA3	`9ac1c0a9e74ceceb5abd142cc3bd6ab13c727759c202003b173136e3788c2ffe`
SSDeep	`98304:bEhljRO3RvR/ZBnGfjel4sB9fqUwJpVjwBE+VaNuAElhSD3gY4td:bIROdRRBajel1vEEBhVaNk4LQd`
Imports Hash	`254182bf34b8d1c6e873c8f219c8d260`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2012-Apr-25 01:16:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0xe2e00`
SizeOfInitializedData	`0x7d000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0009895B (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xe4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x168000`
SizeOfHeaders	`0x400`
Checksum	`0x5870bb`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b2e6465308e6857a116cdbdb0dc54c40`
SHA1	`f4dff238c7fcbe4d4d0f6787a99958ffd8b8334c`
SHA256	`679786217c34c1698028aa8d181598ee0b3fe729ec73c5cb3798ae2ac2e0ed90`
SHA3	`2afe3f7560c983c40f924759f53c37e5ba02224a86a31e00f4d12453fb017b14`
VirtualSize	`0xe2d2b`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe2e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59524`

.rdata

MD5	`85171aa4179d7f4afec4302c929554e9`
SHA1	`34a27e107f06e5fcc524e28d700f7d2c9b411e94`
SHA256	`283a1cd32914903d53975a3bcee7f5157144d9a83967c0f20cb6497d5b375244`
SHA3	`8fe89c2f9adf42908069aa5536ec5d7ea66339ac331b197bfa48cc8c82e189a7`
VirtualSize	`0x31dec`
VirtualAddress	`0xe4000`
SizeOfRawData	`0x31e00`
PointerToRawData	`0xe3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76162`

.data

MD5	`f0272d79af07cde9705c963653bf45d4`
SHA1	`53b538654a81a44b18f231f2116333d2533b9d5f`
SHA256	`37c746bb7374ad4f3e403b8d2bf482e3c0494d06c0e6a6d78160161ac2c96ffc`
SHA3	`2dd5a91bfbe6074611851fde68faaab6bafdeb0e23bc840bbddded2ad929d332`
VirtualSize	`0x8b48`
VirtualAddress	`0x116000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x115000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.55644`

.rsrc

MD5	`c8489a015e5c8a8e2a2a994a21704f55`
SHA1	`c0bd276972c6e7ff6ea5c7a26cbf62454c25570d`
SHA256	`9e5501f3f54db565415f6f5c3500b54ed98f99ca74a6da97f86cdff908d21a79`
SHA3	`98cd5b5d5efffb5233a469f0fae894719830850744c769b89d797be8c3ef2cf1`
VirtualSize	`0x487f8`
VirtualAddress	`0x11f000`
SizeOfRawData	`0x48800`
PointerToRawData	`0x117a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.40391`

Imports

VERSION.dll	`VerQueryValueW` `GetFileVersionInfoSizeW` `GetFileVersionInfoW`
COMCTL32.dll	`#17`
KERNEL32.dll	`IsValidLocale` `GetLocaleInfoW` `ExitThread` `lstrcpyA` `GetCommandLineW` `GetExitCodeProcess` `GetSystemDefaultLangID` `GetUserDefaultLangID` `lstrcmpW` `lstrcmpiW` `VerLanguageNameW` `FindClose` `FindNextFileW` `CompareFileTime` `FindFirstFileW` `MoveFileW` `GetPrivateProfileStringW` `CreateDirectoryW` `SetFileAttributesW` `GetSystemTimeAsFileTime` `LocalFree` `FormatMessageW` `GetSystemInfo` `MulDiv` `RaiseException` `InitializeCriticalSection` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `LoadLibraryExW` `GetModuleHandleW` `GetVersion` `GetLocalTime` `GetFileAttributesW` `FileTimeToLocalFileTime` `GetFileTime` `GetCurrentDirectoryW` `VirtualQuery` `IsBadReadPtr` `FlushFileBuffers` `SetEndOfFile` `GetDriveTypeW` `GetCurrentThread` `GetProcAddress` `LocalAlloc` `InterlockedExchange` `LoadLibraryA` `FreeLibrary` `LoadLibraryW` `GetTempFileNameW` `lstrcatW` `QueryPerformanceFrequency` `InterlockedDecrement` `CreateEventW` `CompareStringW` `CompareStringA` `GetVersionExW` `InterlockedIncrement` `CopyFileW` `CreateThread` `GetExitCodeThread` `GetTickCount` `GlobalFree` `GlobalLock` `GlobalUnlock` `FindResourceW` `LoadResource` `SizeofResource` `GlobalAlloc` `LockResource` `ExpandEnvironmentStringsW` `GetTempPathW` `SetErrorMode` `SetEnvironmentVariableA` `CreateFileA` `WriteConsoleW` `GetConsoleOutputCP` `WriteConsoleA` `SetStdHandle` `GetTimeZoneInformation` `GetConsoleMode` `GetConsoleCP` `LCMapStringA` `InitializeCriticalSectionAndSpinCount` `SetConsoleCtrlHandler` `GetStringTypeW` `GetStringTypeA` `EnumSystemLocalesA` `GetLocaleInfoA` `GetUserDefaultLCID` `GetDateFormatA` `GetTimeFormatA` `GetStartupInfoA` `GetFileType` `SetHandleCount` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `HeapDestroy` `HeapCreate` `HeapReAlloc` `VirtualAlloc` `VirtualFree` `FatalAppExitA` `GetModuleHandleA` `LCMapStringW` `IsValidCodePage` `GetOEMCP` `GetACP` `GetCPInfo` `HeapSize` `GetCurrentThreadId` `TlsFree` `TlsSetValue` `TlsAlloc` `TlsGetValue` `GetWindowsDirectoryW` `lstrcpyW` `GetSystemDirectoryW` `SetCurrentDirectoryW` `CreateProcessW` `WaitForSingleObject` `DeleteFileW` `RemoveDirectoryW` `Sleep` `ExitProcess` `GetCurrentProcess` `DuplicateHandle` `GetPrivateProfileSectionW` `TerminateProcess` `MoveFileExW` `GetThreadContext` `VirtualProtectEx` `WriteProcessMemory` `FlushInstructionCache` `SetThreadContext` `ResumeThread` `GetModuleFileNameW` `lstrlenW` `lstrcpynW` `GetProcessHeap` `HeapAlloc` `HeapFree` `WriteFile` `ReadFile` `SetFilePointer` `MultiByteToWideChar` `WideCharToMultiByte` `CreateFileW` `GetFileSize` `CreateFileMappingW` `MapViewOfFile` `UnmapViewOfFile` `CloseHandle` `lstrlenA` `GetLastError` `SetLastError` `GetShortPathNameW` `WritePrivateProfileSectionW` `GetDiskFreeSpaceW` `GetModuleFileNameA` `GetStdHandle` `GetStartupInfoW` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlUnwind` `FreeResource` `lstrcmpiA` `GetPrivateProfileSectionNamesA` `GetPrivateProfileIntA` `lstrcatA` `GetPrivateProfileStringA` `lstrcpynA` `lstrcmpA` `SearchPathW` `VirtualProtect` `SystemTimeToFileTime` `QueryPerformanceCounter` `SetEvent` `ResetEvent` `GetCurrentProcessId` `GetEnvironmentVariableW` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `GetDateFormatW` `GetTimeFormatW` `FindResourceExW` `OpenProcess` `GetProcessTimes`
USER32.dll	`DispatchMessageW` `PostMessageW` `KillTimer` `PostQuitMessage` `SetTimer` `DefWindowProcW` `TranslateMessage` `wvsprintfW` `CharPrevW` `LoadImageW` `CreateDialogParamW` `MoveWindow` `GetParent` `GetWindowTextW` `SetCursor` `GetDlgItemTextW` `GetWindow` `SetFocus` `SetDlgItemTextW` `SetForegroundWindow` `SetActiveWindow` `GetDlgCtrlID` `GetDC` `FillRect` `GetSysColor` `GetSysColorBrush` `GetSystemMetrics` `SetRect` `FindWindowW` `IntersectRect` `SubtractRect` `CreateDialogIndirectParamW` `CharNextW` `EnableWindow` `FindWindowExW` `GetWindowRect` `ScreenToClient` `SendMessageW` `IsDialogMessageW` `IsWindow` `DestroyWindow` `SendDlgItemMessageW` `MessageBoxW` `WaitForInputIdle` `GetWindowLongW` `SetWindowLongW` `GetClientRect` `ClientToScreen` `ExitWindowsEx` `CharUpperW` `CallWindowProcW` `MapWindowPoints` `GetPropW` `DrawFocusRect` `InflateRect` `DrawTextW` `CopyRect` `GetClassNameW` `RemovePropW` `SetPropW` `EnumChildWindows` `UpdateWindow` `InvalidateRect` `DrawIcon` `MapDialogRect` `wsprintfA` `RegisterClassExW` `SetWindowPos` `GetWindowDC` `ReleaseDC` `EndPaint` `BeginPaint` `EndDialog` `SetWindowTextW` `GetDlgItem` `ShowWindow` `DialogBoxIndirectParamW` `GetDesktopWindow` `MsgWaitForMultipleObjects` `PeekMessageW` `wsprintfW` `LoadIconW` `LoadCursorW` `RegisterClassW` `CreateWindowExW` `GetMessageW`
GDI32.dll	`CreateHalftonePalette` `UnrealizeObject` `SelectPalette` `RealizePalette` `CreateFontW` `SetBkMode` `GetDeviceCaps` `CreateSolidBrush` `GetDIBColorTable` `CreateFontIndirectW` `TranslateCharsetInfo` `CreateCompatibleDC` `SelectObject` `BitBlt` `CreateDIBitmap` `DeleteDC` `DeleteObject` `GetStockObject` `RestoreDC` `GetTextExtentPoint32W` `CreatePalette` `CreatePatternBrush` `CreateCompatibleBitmap` `CreateDCW` `DeleteMetaFile` `SetMetaFileBitsEx` `SetStretchBltMode` `SelectClipRgn` `CreateRectRgn` `SetPixel` `PatBlt` `PlayMetaFile` `SetBkColor` `StretchBlt` `CreateBitmap` `SetViewportExtEx` `SetViewportOrgEx` `SetWindowExtEx` `SetWindowOrgEx` `SetMapMode` `SaveDC` `GetSystemPaletteEntries` `GetObjectW` `SetTextColor`
ADVAPI32.dll	`OpenThreadToken` `OpenProcessToken` `RegEnumKeyW` `RegCreateKeyW` `LookupPrivilegeValueW` `GetTokenInformation` `AllocateAndInitializeSid` `EqualSid` `FreeSid` `InitializeSecurityDescriptor` `SetSecurityDescriptorOwner` `SetSecurityDescriptorGroup` `SetSecurityDescriptorDacl` `RegEnumKeyExW` `RegQueryInfoKeyW` `RegDeleteKeyW` `RegEnumValueW` `RegDeleteValueW` `RegSetValueExW` `RegCreateKeyExW` `RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey` `AdjustTokenPrivileges` `RegOpenKeyW`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHGetMalloc` `SHGetPathFromIDListW` `SHBrowseForFolderW` `ShellExecuteW` `ShellExecuteExW` `CommandLineToArgvW`
ole32.dll	`CoCreateInstance` `CLSIDFromProgID` `CoTaskMemAlloc` `CoCreateGuid` `CreateItemMoniker` `ProgIDFromCLSID` `CoTaskMemFree` `CoInitialize` `CoUninitialize` `CoInitializeSecurity` `GetRunningObjectTable` `CoTaskMemRealloc` `StringFromGUID2`
OLEAUT32.dll	`GetErrorInfo` `VarUI4FromStr` `SystemTimeToVariantTime` `LoadTypeLib` `RegisterTypeLib` `SetErrorInfo` `CreateErrorInfo` `VarBstrCmp` `VariantChangeType` `VariantClear` `VarBstrFromDate` `SysStringByteLen` `SysAllocStringByteLen` `SysAllocString` `VarBstrCat` `SysStringLen` `SysReAllocStringLen` `SysAllocStringLen` `SysFreeString`
RPCRT4.dll	`UuidCreate` `UuidToStringW` `RpcStringFreeW` `UuidFromStringW`
msi.dll (delay-loaded)	`#8` `#145` `#141` `#16` `#113` `#70` `#103` `#125` `#17` `#120` `#150` `#78` `#92` `#34` `#94` `#19` `#111` `#264` `#58` `#160` `#118` `#159` `#32` `#49` `#72` `#96` `#169` `#137` `#88` `#171`

Delayed Imports

Attributes	`0x1`
Name	`msi.dll`
ModuleHandle	`0x11ca7c`
DelayImportAddressTable	`0x118940`
DelayImportNameTable	`0x113b10`
BoundDelayImportTable	`0x113b8c`
UnloadDelayImportTable	`0x113c08`
TimeStamp	`1970-Jan-01 00:00:00`

IDR_GIF1

Type	`GIF`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6592`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97134`
Detected Filetype	GIF graphic file
MD5	`ace8f4800dad511cae8d4f64b6a546c5`
SHA1	`0a9719946a51d5dd5e7e5f1b0efa66dd7c8a072e`
SHA256	`292558ee43849f21d1862496dc7d18dae36175946ed530532032bdd54a6e2de4`
SHA3	`06cff5a6640c96412d3b309995aa25abe4ba3faa874ecefbc74a43aef5d30488`

103

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14220`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.19301`
MD5	`11d8906bd5a3ac7cc14e2c0817e2e83c`
SHA1	`e87c34a9ea6d5860302847363f09628a7e26e4e4`
SHA256	`2c1d7e2094b50a5aa3b7808db1f732f9c8d26d55691f849e93240134e7c17030`
SHA3	`f89ba4dfaa74412224d6d054fdf2e2ef450869f827f200fd1e7b9407c9f3d9ab`
Preview

10550

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1b5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.54635`
MD5	`441aa5f867dfd2ad74c7da511dac8e96`
SHA1	`d22ab57c50902ade576f7e1ccd6cf88526b070f4`
SHA256	`c2f7f7e254d0053ca1f5615e8baad380ad4218ae44213cff6042875279167e6e`
SHA3	`67b6acb4beb4704a9037623310807c26701b51e6164dad1a6dc11c662344cebb`
Preview

10551

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x38e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.06921`
MD5	`3bab088935c8c517cd73b271a1567e3c`
SHA1	`6efaededbc23a916a72ed97b8c729ecaeebaaf6c`
SHA256	`f10f65452c48575987303de35f20e1b30f9e8fba6348baf1d729e103afdb1653`
SHA3	`c88faab1dd6a7cc4afcde31cd889f43df57a181a4cd37e29bb0ccaeaabe18828`
Preview

10553

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1238`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.94256`
MD5	`1fef42f21c7f38122e5031d8c0c2556d`
SHA1	`dbecbb2f06fcffbda66037f3856129ca8d9b9c4a`
SHA256	`ed0f9f1dad2e631e93a64b6958cf0f952f1b633b8b27ea9c5fecacef89648f32`
SHA3	`b3e7cca7cced51bbf57e176cf6bebd170a6295a22f7853d8b748fd43a64adf0c`
Preview

10650

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6588`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.93286`
MD5	`6770f6ad64a4cae6e9d16b3821cf09c1`
SHA1	`1e30386eccd37848bd07591283b2336ec05b509c`
SHA256	`463c15976e2dd0f64d142cb634dd8a1bb3df39a9f33b3075177bc167f356a14b`
SHA3	`54bcfc5abccf6099cc173eda6a2068ccee6f9dec1167baf68cfc5ae728a667d6`
Preview

10651

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x11f88`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15548`
MD5	`05afcce75570a86f6bb4583014c1440e`
SHA1	`ff24df68d0053367d25266eb5283739e8c47b3c7`
SHA256	`b09b6e5f42319f07470a444e785d01a0edfa6ffb02b7507cf6d5dc6d4b04ca33`
SHA3	`742222b976d75a92f0eb86c53325c36b3da0d156fcae66e94cc114e4a36420f0`
Preview

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27303`
MD5	`e44b510a905fe9f6633b16f9782de458`
SHA1	`4a0837743544bcfdca8e5c0e02e82fbfaeae0081`
SHA256	`36c17a0ae3efc992aab704b85701f6626c0b810dc1940c2c4e84ffd127372cc0`
SHA3	`48d0e00e5b8059124e24fef8dd9cd762fa076f1da0ec33d4724b1e1c9b17bc47`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.835`
MD5	`d4c3ebfd360fce1fd74c0b50345fa975`
SHA1	`524ab4691d631edab3d44a51df8bf9426f3d9104`
SHA256	`e254fc981e45af620aeeca0a94518c9b0b2f7b569c2f4e67ee74a1590219b69a`
SHA3	`e4046b8ce8e77e3378605eca9855e2a259035218d3e68df2d122ab32aa93648c`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35696`
MD5	`22d4389155b51a5080e99c744d5df93a`
SHA1	`c120895a9aa8999a1fdea10e9879c0879b711a66`
SHA256	`c8df0e52cd2dc4f9923a03799c4ffb7f4f64abb0438a8005ef248566e0dedf2f`
SHA3	`cbdf44abac2e87c47e1a08723952d72afbbe24283f7655cec1c881e854dd1d82`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.14965`
MD5	`599c09b226724ea8ce08f5b2829414a7`
SHA1	`c27b49ed307c36120319f40ba3c28d71b79ab94b`
SHA256	`777f4b78aa701b9a34f3db691af4102162148f9f96940203d8288ef104a99ce3`
SHA3	`3d64a65d1df37cd883ae7ad8cb7cca7d861351a1d5d3d1923c18c63742243377`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.18448`
MD5	`fd057d8882c5ec6855e488a6600d03fe`
SHA1	`05120665e0c4f66e986605e08b549d5064125169`
SHA256	`21aa1126912b5a3741cc88589a53723bc32756e0aee0d81e6d731de60a96e3fa`
SHA3	`5e6d487f5c79386feb0655ac929bc91ca496ad2cdec72177c3d1327453e81b50`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.85842`
MD5	`ddfeb13f402ecbe5d2d7c9a692e6655d`
SHA1	`b56d580a495f459fc0b6e6197ace4d88bb866dfe`
SHA256	`c8fcda3f2ac6930c3df9eeb5212b481a66a94bda0321188dd2d5a5385b3337d0`
SHA3	`077ce348197a8e996b8c3bcd27df83664c2131919c421aaac3f1ae456b27b846`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.57777`
MD5	`4fa7749250cebdd49d837ff21a0d4317`
SHA1	`4c6558ef196060046fa9c892266a8b3fe5d75b15`
SHA256	`e932072e226aff97b92c35a87af398d8a9a5b7ff95e3518b03d7df702685b020`
SHA3	`8161f20a385e504c1218be304aae52f7b2ea4cd9519e223d67699edc44ff4acb`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.81004`
MD5	`2ba483c7246a0f329babc23fa054af4e`
SHA1	`439efbd019fccf47d553168061761ac0bff3d3bf`
SHA256	`4e03708d36fba0aa96a0caf5248c724b878857db0ca7be2de11b4c7c401565c8`
SHA3	`1c2d2b76e8843f65094c9a324bca6a2c7ffaa4d466a5b5c85962a3cea5e9d935`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.06596`
MD5	`c533afcb13f82eb8b2843a91a0a12795`
SHA1	`b8f6de7e3af569e812a21510a56e9f65cd24276c`
SHA256	`c352473c2d0367eb903ba016aaad14385534da8a171045882667db84c0e404a4`
SHA3	`89bddf68cda2f155f7394018e94673df80bde22205aa9948786b31e07ac36bcd`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22977`
MD5	`6d74deb9b1d1f2302f7b083a7b531a09`
SHA1	`efadbf6fca3fb542aeaad5746bb90c8fa0de0829`
SHA256	`bd49d60cd9ffe7b74c16ed681c4fa9bc477d518de5026e113cea2530546b6ae8`
SHA3	`7cca62606e4d8970e1ec72d78f55b55d3c10cf5c97d3a3df8c98fdb0dc226446`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5927`
MD5	`8a119cd704088b68ddc2d019340c968c`
SHA1	`461a0ad3670d41fdfc74a2ba83d8a2e2d0f69c4f`
SHA256	`d2d28da689a68e476deca303b752b3e865217888db7c9acff7c581fc86148469`
SHA3	`ed665f6a95d6a1f2068096e42f986e47236a53fea995f36c9265ae6b1a7db73a`

103 (#2)

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75551`
MD5	`78c375d40d6193f291607357b712a169`
SHA1	`72a4a7fd7b29d265ceadf8f121b88a24444cc80a`
SHA256	`f07b2b9f7b124b441ceac137d9cd2650cddf0a72c92478b67726f56bef1a03fc`
SHA3	`9d93cb26ab24ef38ef8dbdfd3eb9eea33ab9abf45dfee31427e528a23017e61c`

105

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x286`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90529`
MD5	`e57ef0b26f56e8aa5bc8b6f31f722453`
SHA1	`f45158d32b3c3ccbdfd1305cfa743b5abbc53b2c`
SHA256	`21c24f8fd499a5feb4e36df33574a6c6d285f25b5b80bc218cb48e09016328e8`
SHA3	`07ee64fb9f4bf6c2a4ea507020471b4783a3b0bd7afa1127c28556fb6254acaa`

106

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8662`
MD5	`63e78fd8ee4fbbbb78e4c35fd0c0fb6d`
SHA1	`e89fc826b04f362e83bd7d1ea52e04f6d02f5b09`
SHA256	`b68d0e4b1a516b8692c6ebd62832c9fb6dbdf76bd54fab16d01078d3609faec9`
SHA3	`47f25c12c7e2d9ea87907bfced5615367a5fb9aad3cfcf93903820d856ff6087`

107

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.10943`
MD5	`f2d6ea4bdd4a26752809c1cca93adaa7`
SHA1	`f92d0775822b72584e2aa6bed8fbd75a84e5025c`
SHA256	`8fe68faa00dd75c43d2da33c69cc59cd8da11a4d6746e3c71e2c9d91d33b8507`
SHA3	`a4db3a78d0ac20e283c38aa30c031c524fd01cf0ea57856ec1ddcf6ba2d62943`

108

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x42`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.34615`
MD5	`bca31ed227327ecb2a496fcbd05d1868`
SHA1	`38bfe5a42edfc7fe28548b413041dcab6cab2db4`
SHA256	`7a7f52bd48839c3e76d700504893310d649052030d2363626e8b36ad69e5042c`
SHA3	`56319c27faabab046fa680ed8c9fad639b51d17047cb2565d92e006be31b73dd`

109

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xe6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89246`
MD5	`97baef0fece938aaa694b83f10393114`
SHA1	`a752106c6079c60680bba1785a8fe9ccd840d037`
SHA256	`9dfc38406a28f38e68017b85051b7b49f4a26bd3f669ef172d16086e0b4af75d`
SHA3	`9f5c8ad523b96c020dd45ae5dd76a2ceaf5f43ccb00e6ce0b7d4ce241e9ee4d0`

119

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x124`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.78409`
MD5	`9e2e46ffea5bb4b7dea6a7460fd7f079`
SHA1	`e168eb431ac562cbec11301648b50d4cbd755fda`
SHA256	`735635d4e89ed7f2f8d66094b92241f821b6aed67770ec7b56755218284dd12c`
SHA3	`7b8d58ddfb4cee053c040a9b8a1b71b143e2a4dc14aae362e824b8dece97518e`

121

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xd6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.59739`
MD5	`3d3b2e190fe84865aba2fa63ec2ca762`
SHA1	`96c5cab2afac24f15745a705b9eaa82486be6baa`
SHA256	`6b3c87265db845c827ce756ff4225d2873c7aaee326880562f8b0865790427d4`
SHA3	`6019775f653f86b8844709cd06d1146e3c31d24600c2bffd8c565bccd97d2fda`

125

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x266`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91297`
MD5	`41d2324e1aaf7d2c3b6e0361d3c0ed68`
SHA1	`1ab68a3a5254584dad043973e39b45747d1bf220`
SHA256	`41761d6be744db2cca12194b8226dbdff01d46b37c321f05befcfaa797e1b7a1`
SHA3	`8b922efb6d40ec87f4c8527fc8a5ceb4ed6d81e866026ab7b2ccf52f5e166601`

126

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31452`
MD5	`a6dc3a50b8e717507171f4ac5c9e6699`
SHA1	`f1391a152140f4c25e6a04a8838cc5c1bdda51cb`
SHA256	`350b8a489071b5a5279d94526745de33386aed19b1d79d38b1416881cd4efe24`
SHA3	`0840eb80efe28c9642d1f18d01d15ee7eb7a05bf2289eccc45bb14459d427c19`

127

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x172`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8498`
MD5	`0b3b806371c327dee264edf278f72cdb`
SHA1	`2690fbeb64db4de1d163b006fd2399a365c2b118`
SHA256	`ff28b24c44e92172cbefefaf6bfb56a7655a0eeab1fa23058e71ea39843b9546`
SHA3	`1abe18fbbc234c49e2f2e91c5b8bb2c9a453bfbd8b71ed989d25a1774a88f9f8`

128

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x20c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.02177`
MD5	`62c5d86e746bbabc6605fa4dc00fc52b`
SHA1	`28b0b98d773faf5bbfe5d3f98ec93a4f715aa983`
SHA256	`71f37d8d5684bafe4cffe7cce1b6a09b9f3c0ddfac1bc967440ca90863997d26`
SHA3	`04ea78b88b8d53df9ae46ab3d1283325bacac724c80ce85d03a302d76c099e5e`

129

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.05272`
MD5	`5516ad96c33c38ab07ba4ac8fa89ea65`
SHA1	`addd55674094dc1e29995b2d833ccc82b0dad4da`
SHA256	`a7b03b27d33e5efbe9b9593499efb03b00ad8e59603943a9a84c9d6ac67d208c`
SHA3	`ea63248bc9a4541cf1d1bc1012c23d777c2131f87bdb35381b05a5254a3919f3`

130

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x212`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95266`
MD5	`6b2ab2f0d07f8b724ba5f9c1af5fbb7a`
SHA1	`a81614cdde1cc0e93a72876e2539421785467777`
SHA256	`5b7fd7583836201d299d19edeff07eb43092d59613226c57be1e46c75da9666f`
SHA3	`ecd748b244064e0af7ec3b978f8b0a1384de53a35b60be81e815a2b768b68492`

131

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82979`
MD5	`a41d5e49ca41e82fbb15a16d08238b38`
SHA1	`00237963ee41d3e62fbcee7ecbba261260595469`
SHA256	`e6ea3b4185803b335c5539f9496a1b1a7a17a3bcfd2750ca53f9a6614d3fef71`
SHA3	`164bcb2134726a1fb57d8012ecc8f85d1bee71085b699854e44f6b0217aa9178`

132

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31164`
MD5	`107302f9ced3af1f8ac68ab666cb94aa`
SHA1	`ca5b1ffb0fd911fe60e196a44b5b9b15b77494f7`
SHA256	`9c182272047c8cf749a93bc0a267dbc9d9aad068e0616bb3b7bf17a41e3f5352`
SHA3	`87afa7eb15deb1417e7324b3ef077bcc8b80682b1ac439f6f714402a3eb2a4fb`

1000

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9372`
MD5	`06bfc5137afe6e0b4272c2ab9a36e92d`
SHA1	`42fe54940aedcc99823f463e6fa977a79968b6a8`
SHA256	`8eb3dbd2158dee7e1cf04bd602ae06163a4ba2bb39b074861c3c17aa54e8ec16`
SHA3	`41df19cd4b7636688e1ba1e0a84d704bfc312e8e8a21bec7a939a13156969436`

1001

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03717`
MD5	`516f3fa37936b47fd3dad33f5907f5d9`
SHA1	`b3f37a5ed971d2ca24e70b5ed3a0eda8d46dc70a`
SHA256	`a848323447e85d8d424f52a10528fa403827ff53ee955f54b610d8e894f75c2f`
SHA3	`8fab1e24e492fa3bf333ad64829dd6d7a0094c5bc0b03f8ce0d741ab4ac809f4`

1008

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x116`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06116`
MD5	`888816b2a352cd75f4a6d3b337b87e0e`
SHA1	`220e2a28489c401e07c7a1bee9b89b92cc8287e0`
SHA256	`ce1433590ba9c3e768c99bf0028741e9294e9aa01b315ad92cede8c1c4a634eb`
SHA3	`6eb9332c24d264e4753aa09d9538af1f661d760808728cf29e871224fa514fc9`

1026

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88533`
MD5	`d002762779c677ba2eff41467b4b3032`
SHA1	`3ba0afd1291209b70da781e067373ca3ce4da0a0`
SHA256	`4570ccd4cf778043be946175ade4336aba87bcd24041c19a54f24f129078e0e2`
SHA3	`8dc9b9650f75646161c26a7997c492f578f27aab267b11f1f434466bf7dfa3dc`

1034

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96257`
MD5	`c5f2d3abafa5c5ba2751ed79d21bca52`
SHA1	`00890039a7b96eebb387477ae07de108ca0be518`
SHA256	`105c7e80d4aac011cc960f8eba7f6023690188611c981deb901080b2ad499624`
SHA3	`421cd7755845f02dc1f5cf6379e7b892dc84c001ae905c3b0d694e9b56f3fe2b`

3003

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20109`
MD5	`5551c386ff0d165bd649416455dc3576`
SHA1	`40e76583c586cd095ee6451c482b06d664c4f23f`
SHA256	`4aab1436f849d1ed4e1225616978f512edea859fd749cc78a8c1edd224563521`
SHA3	`cf0c0e57b9cc8083c68ad7eab0d47a4f64d9f82148b731f770504c8638ba87b8`

3004

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20733`
MD5	`76d810d1e30d15a0a449fc7091cc8ee6`
SHA1	`d71d2c3102e1e2dac0ed2260994a815181ec6f85`
SHA256	`bece05ee860e33347b79268a45e66a3efcb6d519f11f809e377b6df90e45cbd0`
SHA3	`2049b892f777d20321f2e94d5cc322f8f0e68793144fa211b52afe996cda73e6`

69

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x160`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10251`
MD5	`572b4652bcded9fe5b2ff879214a6c7b`
SHA1	`c8764bae203c6ec1699b5c6bf76b6baf0560148b`
SHA256	`ad49677ffa11550aac8e410eb9acbf9c53a2e9de7c369136c43067365b337d73`
SHA3	`f9646b00b6741ada9d415595cc0fbd1342997a00e27546c048f95311b7f63c7d`

70

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x23e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14661`
MD5	`6af163e393980ecaab0d6c9764ebe160`
SHA1	`b9122541b62d0449dc61bd68f935b8641af18c05`
SHA256	`0aefbf895f45f37d244e659ef158fa6a02cbd1d34d4ff36e8361abec7b22ec89`
SHA3	`9438b1c40ca71df492430e9b46feec543caa4c4bec0bf2f319cc59cbde23076c`

71

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x378`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25053`
MD5	`f3da1e60a94c4c5cd6c078c8d1d431cb`
SHA1	`f5722c1183ab8e74e9b7d72d256aab50ba33cff0`
SHA256	`d9c3dda7a23302d3424196ce4303feb823cbcd3eda8ea535f1cb10a0eec3d899`
SHA3	`1cc6d2cf25174dff5027f4b082374d982bf936e7346e19f914591660f0ac98d2`

72

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x252`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.13124`
MD5	`f16d0f304aa818c26003d5d6e5f4b075`
SHA1	`7ac4900f70a68676f191b48d4ebbdf379b82681b`
SHA256	`b554a8e8d6d90965dbd39188e62110145f5e6cb8e3c8a33e97e4a3261d47a41e`
SHA3	`bfddc57577fbbc3e8ef6d6c0ce08405b9c3ecd22db990181c4b8500c21030586`

73

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06893`
MD5	`8d7522472a83bf52b945a457a2f12768`
SHA1	`c09a7c1278e5868ec9247743c87d6674240649ca`
SHA256	`0bd115db78665e117a63ff686070525f79c9e4b38118c4fd38050e7847fab9d8`
SHA3	`246332a637f1d8b80a6bcbc5b7b81d01ea6da3bbf1333f2d6d88befcdc986b8f`

76

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x66c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26743`
MD5	`bee1cd7417aa085686a7110fc7870014`
SHA1	`b4cb52d56f0316259d5d225cb245d60bf90a3c81`
SHA256	`3f4dc4b876b7e56b94e4c7fe99dbbedaf92440707cf824017d6513481928073a`
SHA3	`b7ee579f25dee0f08cb5c9bd4dde2c808da3b0a9ad448f1d6e579cfad3fc45b0`

101

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x366`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22664`
MD5	`3acceab0966ed5b7bed6963b206e41de`
SHA1	`503023e4f53cf8d9716662aae30119351f42438f`
SHA256	`58576e1679571a7a705320b512d626164fbbf72bf2130366f57298419ffdd02b`
SHA3	`2d53b58b5a26a4ecfab04270fce2bdafa4e25da72f0f5169f482982f38f79e45`

102

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x27e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42599`
MD5	`f31ada5bfb35ba230aeaa0dcda91139e`
SHA1	`e4ba1ceeefd6a8a9d07b3c64d1f706d1de581831`
SHA256	`0a131fcd2d6d8a13b7ae4a6c7710b4ce835c74f518c6cb815ad7ae6246a83500`
SHA3	`405197e494160d4b5a4dcd4c85f5c37aec35e6096e3881d76dd9de5caa7ed48b`

103 (#3)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x518`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31512`
MD5	`996df2a003938c8856634d72462e49d2`
SHA1	`ae2125661991d40c591bccc18916552cd69df0ac`
SHA256	`dfeae7d440bc4592034bb9ecbf2650f5962baa8139fbb76d8dfc8145463d7c2d`
SHA3	`27582f16a9b9154e13c1cf269e60c5b2a6fb03d1cb9ad723aa81f686d326ca6b`

104

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x882`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30076`
MD5	`8e106743bbef67b67524c55abc228502`
SHA1	`54d52eeb22a579715fdde964baac0d1afbf8fda0`
SHA256	`74d115ec86f79688b003cd6dae785c83f625d629fca53f01c4f62c66cd2b9259`
SHA3	`0a706cc0736c5f601422616f0acbe847c6f2da4c501730b7e309b66313816c46`

105 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x23e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19238`
MD5	`06edef821c76d22d12e74ba1168288ca`
SHA1	`c0340707d2a433fe5653a02a47056768b70bbb56`
SHA256	`2f10839b8abc5bec394bc2389c837cada9f749f37709785f3c5c39c7ff4b79f1`
SHA3	`f9f2bb2a377e3b7328788c1dba336e8d7372eb41e8b113b801f6faef9ee63fda`

107 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3ba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15299`
MD5	`9a30cc9184933a7dd33bd6c8fdd62186`
SHA1	`f91d2f6d8864056b39355e2738a99e5d8df4c36c`
SHA256	`0e579051f7b62089b2979d829899aeaa0832ae0958cc7e008cfaa97215fc6bbb`
SHA3	`ffd56301210819028aabf974d4b02243944c1c632fa07715e9417e74d47ebe9c`

108 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x12c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03478`
MD5	`cb162d691f497a1761ec48f0e6828b18`
SHA1	`c6d79b825b23ae71018ec6aa66482d69cc5e568a`
SHA256	`2850820eebabc52e8bca80a49c27705a4a1338ac59880768c3534bfeb4d64d70`
SHA3	`450bc81f18e39342f7fdb906df7dc932eb5b0adab53a5907291ae5c636242f7d`

113

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.00435`
MD5	`2e380bcf668e5fa19b962bd6bc8539a3`
SHA1	`08b0fe9523d1bc1e003363e1f04ee6845ad473c4`
SHA256	`3886b598186390b5a956feaaef8a950ce45d4c72f70dc93e7680f6bc757cb153`
SHA3	`7bd4210336187618deb86270b0fdca1eea501a4d2eaeaf2497394f86ebb883f4`

114

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xda`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98194`
MD5	`e22ba1942e4dfc0da36561f522ca975b`
SHA1	`d6f09610bc0302abfd1a522c95e556fdf899dc0e`
SHA256	`e8e471c3d1a5a410287dd2929671d4cb869dba02f0a04e0edaedf6299135b74f`
SHA3	`94364ed2b35183141290fdaa0fc0c80640932834ebdc6517f2f491da8a5b2b76`

115

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x110`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12316`
MD5	`645c31bad035c67cd24e1248664e5c93`
SHA1	`786a29cd8f11ab877fb2e9cd94947df7d529d771`
SHA256	`da900c97e87ff670a75593ea6d41ea507be3ac9a2f5c945a90635cdccb78dbd1`
SHA3	`e041f3fe554c2877fe4223b31664f17ccb2b32b680ea61d497cdd33972a18d02`

116

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x20a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1073`
MD5	`8f5780a9d2c854f81bc3680372d0dfc6`
SHA1	`94e272a1f90415a225ef646272aa65e9e0134802`
SHA256	`701b6195e8ddf73fa48a23d815b706245cdb60a420ed70c4fcfc540312efe385`
SHA3	`20d8fe627d8e8faef881d0d552f2d18afad992aeb2765e3c7557ef375e4673a6`

117

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73605`
MD5	`35cf75ad805192501e0d43678aad915a`
SHA1	`ae711e014dc29280949148781fcd9fa8671a54ce`
SHA256	`767a61525a32aa6b2b0afc4fc57a95f0e7039ad9eec5e2d5c6a84559ef30132c`
SHA3	`fc46884c60369f9127f320c96642c2d823683e30c3a44d9db8c92c7836f52eb0`

118

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xa8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9224`
MD5	`303f1b34eae85370d33999f6a62c6415`
SHA1	`12d2571ce1eace6158ff7b2faea6b9db91beb4df`
SHA256	`747f577e722d2063f12aa050f4199b5ff0b89c1f9156cdad0e889f27bbdca399`
SHA3	`e40e0d332df5973d9f471ffe0bcb6e86c6d40655e21924d981fbc44b8623b655`

119 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x12a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99164`
MD5	`0ce4d40a9b9d5774c92f9fb6b64335c6`
SHA1	`7de32eb8e4725a71e32e53fe3ac2a10424d5203d`
SHA256	`cfd165dcb26e6c716665602801ca7effca26f782ce102c979534d48676173a67`
SHA3	`d456d57deae5a09df7adb69de776aa758d730d797731b752852c9a263c2736eb`

120

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x422`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06351`
MD5	`9681e0ecef2c0e5d3b2626f56bebbd1a`
SHA1	`4903b6b443457ca1d06806662846a7906b29ced4`
SHA256	`1408114c1891c6c912d0a8dfec43824c5906fdb96040b54e9451088a162e3e2d`
SHA3	`d7a0f27c74408177e08aca00c68cf007630eb10b8c5cc26717e33a078e7f2214`

126 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5c2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19674`
MD5	`97f1458b319d8d0bcdc24cdf41c881fd`
SHA1	`65bc091816477ce32269920cbdec0ffd926e7338`
SHA256	`2f52b9ca6f9067a7bfa332a7db0f83e91fbf35a69dad91c06db021d00e5fa427`
SHA3	`f7981ad5dcba3f60e06900e2f289b1a1c907829bd86a3e25c52d7f76cea12db4`

134

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x40`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.8271`
MD5	`2a7cd4ea0f93e2fb6561cb5fb4aa7d69`
SHA1	`da779b312d158781d77fdbc60c005e31e8d9d9ea`
SHA256	`823ed0db3f36524b80b1c8b7e345ab6c26800146e46b8eb3e91c5d178f73036b`
SHA3	`d0b4765b01007a339ec7771bf1352befbc9bdacb41771a347d9c70a1354a304b`

135

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xcaa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26135`
MD5	`239bdcafc38882b5d957a14e67896c9f`
SHA1	`c6f52938f623e5b6bf290bba6c7e634197fd25a5`
SHA256	`171bdccdb353a57e344016889875fbb9e35a16556823612262e874299a7235bc`
SHA3	`877451b70fc403261b472b977b9bce17feb25c84078ba0a2a6f8d880d356c622`

138

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x284`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.05682`
MD5	`b3ea1bc750dd0ad1fd0f9646246e2412`
SHA1	`abe116323d40706b1c97754d1680ebfa836c236a`
SHA256	`357ad79f10a0e44612c1f914926bddd5f02479b8e1a7d90782630845190f3fe2`
SHA3	`6ad6f6511315c1cea15222471378992d36654ae4a7de322687c27b1135a5579e`

100

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89097`
Detected Filetype	Icon file
MD5	`a6469ac97a109b7c2bc1bf3020168af3`
SHA1	`53f3b4b4b61af9cde9de74a33fbc492c71f7660c`
SHA256	`ca82878ac6f8f5d26249f03257b496eebf06e2d20e02349a0b871bf92766535c`
SHA3	`15f2850e54173ca36462fa901e1019404484e4da82f3668cb938a5e593f2ed53`

112

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32322`
Detected Filetype	Icon file
MD5	`87e182c1614e266b343fa24b761602ee`
SHA1	`10327108dbfe50a33cc8452cf334f78078719bc3`
SHA256	`1a5a53db43e95ffd2fd95ed4778e2ae36cb517d5e4d476ab345bcf017e6818d7`
SHA3	`38017a80cc9501644fb199b7827bc520a33cc85c3766b695c846fc2bd1bfdf86`

217

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32322`
Detected Filetype	Icon file
MD5	`bedb8ed4f3344c732cf5de675a59a9e4`
SHA1	`e2ecf2385c0e7dff838091579393543c50daf0ee`
SHA256	`605ec2b8ae6e6858919d1b42122b0913508e493df2f2421631badcaa245f0f35`
SHA3	`e772310875daeb78b63fd6caf5312050796f97a5bbf4e116d58922636b5a99a5`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x42c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44005`
MD5	`e9ff04b9a5fd71070e1543da4e2f513d`
SHA1	`ac59a0791e56681ee27b8a31a44fbd3276078237`
SHA256	`858fc2a5668551bc965c69821ba501e25257ebd461fc04058c986c51f9473cf3`
SHA3	`30f5a6cb9d4014cf5016a3cfeb5e030ed41e4c8dba59238f8dbeee28760b2537`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4ba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22609`
MD5	`bee8bd1c0d3a599c0e0e56e9a9932df8`
SHA1	`de1b1735c1485516ca1eb3f7f508b64ad0325b0c`
SHA256	`1606fc6375d333367aa2327ac3fc3e388fb2c72af659f2561efad7b14864ab4f`
SHA3	`e0490808a717c5873f9f77b28b63721da35b382b71356d38b2969f2e9d6cbf2d`

String Table contents

Setup Initialization Error
%s
%1 Setup is preparing the %2, which will guide you through the program setup process. Please wait.
Checking Operating System Version
Checking Windows(R) Installer Version
Configuring Windows Installer
Configuring %s
Setup has completed configuring the Windows Installer on your system. The system needs to be restarted in order to continue with the installation. Please click Restart to reboot the system.
%s
Choose Setup Language
Select the language for this installation from the choices below.
The installer must restart your system to complete configuring the Windows Installer service. Click Yes to restart now or No if you plan to restart later.
This setup will perform an upgrade of '%s'. Do you want to continue?
A later version of '%s' is already installed on this machine. The setup cannot continue.
OK
Cancel
Password:
Install
&Next >
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 6 (or later version), before relaunching the installation
Error writing to the temporary location
Error extracting %s to the temporary location
Error reading setup initialization file
Installer not found in %s
File %s not found
Internal error in Windows Installer
Error populating strings. Verify that all strings in Setup.ini are valid.
Restart
Setup needs %lu KB free disk space in %s. Please free up some space and try again
You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation
Command line parameters:
/L language ID
/S Hide intialization dialog. For silent mode use: /S /v/qn.
/V parameters to MsiExec.exe
Windows(R) Installer %s found. This is an older version of the Windows(R) Installer. Click OK to continue.
ANSI code page for %s is not installed on the system and therefore setup cannot run in the selected language. Run the setup and select another language.
Setup requires Windows Installer version %s or higher to install the Microsoft .NET Framework version 2.0. Please install the Windows Installer version %s or higher and try again.
This setup does not contain the Windows Installer engine (%s) required to run the installation on this operating system.
Unable to install %s Scripting Runtime.
Unable to create InstallDriver instance, Return code: %d
Please specify a location to save the installation package.
Unable to extract the file %s.
Extracting files.
Downloading file %s.
An error occurred while downloading the file %s. What would you like to do?
hr
min
sec
MB
KB
/sec
Failed to verify signature of file %s.
Estimated time remaining:
%d %s of %d %s downloaded at %01d.%01d %s%s
Preparing to Install...
Get help for this installation.
Help
Unable to save file: %s
Failed to complete installation.
Invalid command line.
/UA<url to InstMsiA.exe>
/UW<url to InstMsiW.exe>
/UM<url to msi package>
/US<url to IsScript.msi>
Setup Initialization Error, failed to clone the process.
The file %s already exists. Would you like to replace it?
Could not verify signature. You need Internet Explorer 3.02 or later with Authenticode update.
Setup requires a newer version of WinInet.dll. You may need to install Internet Explorer 3.02 or later.
You do not have sufficient privileges to complete this installation. Log on as administrator and then retry this installation
Error installing Microsoft(R) .NET Framework, Return Code: %d
%s optionally uses the Microsoft (R) .NET %s Framework. Would you like to install it now?
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 3 (or later version), before relaunching the installation
%s optionally uses the Visual J# Redistributable Package. Would you like to install it now?
(This will also install the .NET Framework.)
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running Windows 2000 Service Pack 3 (or later version), before relaunching the installation
%s requires the following items to be installed on your computer. Click Install to begin installing these requirements.
Installing %s
Would you like to cancel the setup after %s has finished installing?
The files for installation requirement %s could not be found. The installation will now stop. This is probably due to a failed, or canceled download.
The installation of %s appears to have failed. Do you want to continue the installation?
Succeeded
Installing
Pending
Installed
Status
Requirement
Failed
Extracting
Downloading
Skipped
The installation of %s has failed. Setup will now exit.
The installation of %s requires a reboot. Click Yes to restart now or No if you plan to restart later.
%1 optionally uses %2. Would you like to install it now?
Downloading file %2 of %3: %1
This installation lets you install multiple instances of the product. Select the instance you would like to install, and then click Next to continue:
&Install a new instance
&Maintain or upgrade an existing instance
Default
Instance ID
Product Name
Location
This installation lets you patch multiple instances of the product. Select an option below to specify how you would like to apply this patch, and then click Next to continue.
Patch &all of the existing instances
&Patch an existing instance
This installation requires Windows Installer version 4.5 or newer. Setup will now exit.
Decompressing
Version
Choose Setup Language
Select the language for the installation from the choices below.
&OK
InstallShield Wizard
Cancel
&Next >
< &Back
Do you wish to install %s?
Authenticity Verified
The identity of this software publisher was verified by %s.
Caution: %s affirms this software is safe. You should only continue if you trust %s to make this assertion.
&Always trust software published by %s.
This software has not been altered since publication by %s. To install %s, click OK.
InstallShield
Preparing Setup
Please wait while the InstallShield Wizard prepares the setup.
Finish
Transfer rate:
Estimated time left:
/s
%s - InstallShield Wizard
Exit Setup
Are you sure you want to cancel the setup?
&Install a new instance of this application.
Existing Installed Instances Detected
Select the appropriate application instance to maintain or update.
Setup has detected one or more instances of this application already installed on your system.
&Maintain or update the instance of this application selected below:
Setup has detected one or more instances of this application already installed on your system. You can maintain or update an existing instance or install a completely new instance.
Select the instance of the application you want to &maintain or update below:
Display Name
Install Location
%s Setup is preparing the InstallShield Wizard, which will guide you through the rest of the setup process. Please wait.
Error Code:
Error Information:
An error (%s) has occurred while running the setup.
Please make sure you have finished any previous setup and closed other applications. If the error still occurs, please contact your vendor: %s.
&Detail
&Report
There is not enough space to initialize the setup. Please free up at least %ld KB on your %s drive before you run the setup.
A user with administrator rights installed this application. You need to have similar privileges to modify or uninstall it.
Another instance of this setup is already running. Please wait for the other instance to finish and then try again.
Security Warning
Do you want to run this setup?
The origin and integrity of this application could not be verified. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
I &do not trust this setup
I &understand the security risk and wish to continue
The origin and integrity of this application could not be verified because it was not signed by the publisher. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
The origin and integrity of this application could not be verified. The certificate used to sign the software has expired or is invalid or untrusted. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
The software is corrupted or has been altered since it was published. You should not continue this setup.
This setup was created with a BETA VERSION of %s
This Setup was created with an EVALUATION VERSION of %s
Please enter the password
This setup was created with an EVALUATION VERSION of %s, which does not support extraction of the internal MSI file. The full version of InstallShield supports this functionality. For more information, see InstallShield KB article Q200900.
This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s days after they were built. Please rebuild the setup to run it again. The setup will now exit.
This setup works until %s. The setup will now exit.
InstallShield Setup Player V19
The path to the installation contains unsupported characters. Try moving the installation to a location that does not have special characters, and then try relaunching it.
This setup requires administrative privileges that appear to be unavailable. Would you like to try again?

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.0.0.7
ProductVersion	3.0.0.7
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	NeoDeck Software Corp
FileDescription	Setup Launcher Unicode
FileVersion (#2)	3.0.0.7
InternalName	Setup
LegalCopyright	Copyright (c) 2012 Flexera Software LLC. All Rights Reserved.
OriginalFilename	InstallShield Setup.exe
ProductName	NeoMed Client
ProductVersion (#2)	3.0.0.7
Internal Build Number	115289
ISInternalVersion	19.0.160
ISInternalDescription	Setup Launcher Unicode

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2012-Apr-25 01:16:29
Version	`0.0`
SizeofData	`132`
AddressOfRawData	`0xf8440`
PointerToRawData	`0xf7640`
Referenced File	C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\Setup___Win32_Release_Prerequisites_Unicode\setupPreReq.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x517230`
SEHandlerTable	`0x4fa2a0`
SEHandlerCount	`1457`

RICH Header

XOR Key	`0x93b1250b`
Unmarked objects	`0`
138 (VS2008 SP1 build 30729)	`11`
ASM objects (VS2008 SP1 build 30729)	`27`
C objects (VS2008 SP1 build 30729)	`148`
C objects (VS2012 build 50727 / VS2005 build 50727)	`3`
C++ objects (VS2008 build 21022)	`3`
Imports (VS2012 build 50727 / VS2005 build 50727)	`21`
Total imports	`422`
C++ objects (VS2008 SP1 build 30729)	`125`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`