Manalyze report for 56d846b6827eb8fb8943b55168ec02e3

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Mar-29 19:26:11
Detected languages	English - United States Portuguese - Brazil Spanish - Argentina Spanish - Spain (International sort)
TLS Callbacks	1 callback(s) detected.
Debug artifacts	HostAppServiceInterface.pdb
CompanyName	SweetLabs, Inc.
FileDescription	Host App Service Interface
FileVersion	`0.273.4.677`
InternalName	HostAppServiceInterface
LegalCopyright	Copyright (C) 2010-2023 - SweetLabs, Inc
OriginalFilename	HostAppServiceInterface.exe
ProductName	Host App Service Interface
ProductVersion	`0.273.4.677`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://www.winimage.com http://www.winimage.com/zLibDll https://curl.se winimage.com www.winimage.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryA LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Can access the registry: RegQueryValueExW RegNotifyChangeKeyValue RegCreateKeyExW RegOpenKeyW RegDeleteValueW RegSetValueExW RegEnumValueW RegQueryInfoKeyW RegEnumKeyExW RegOpenKeyExW RegCloseKey SHRegDuplicateHKey` `Uses Microsoft's cryptographic API: CryptSignHashW CryptEnumProvidersW CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam CryptDestroyKey CryptAcquireContextW CryptReleaseContext CryptGetHashParam CryptCreateHash CryptHashData CryptDestroyHash CryptDecrypt` `Can create temporary files: CreateFileW GetTempPathW GetTempPathA CreateFileA` `Leverages the raw socket API to access the Internet: htons socket setsockopt listen WSAIoctl select gethostname WSACloseEvent WSACreateEvent WSAEnumNetworkEvents WSAEventSelect htonl connect closesocket bind accept WSASetLastError send recv freeaddrinfo getaddrinfo WSAGetLastError WSACleanup ntohs getsockopt getsockname ioctlsocket recvfrom sendto getpeername __WSAFDIsSet` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetVolumeInformationW GetDriveTypeW` `Manipulates other processes: OpenProcess Process32FirstW Process32NextW` `Interacts with the certificate store: CertOpenStore CertOpenSystemStoreA`
Info	The PE is digitally signed.	`Signer: SweetLabs Inc` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/75 (Scanned on 2024-07-31 14:49:21)	`All the AVs think this file is safe.`

Hashes

MD5	`56d846b6827eb8fb8943b55168ec02e3`
SHA1	`9666f35e6c93f7d2d0da533d68e791a95a76de70`
SHA256	`c48d3be891e06b3ed8c28164acfb39f57647cd81b38c596ac8a40bd343613330`
SHA3	`ca4d090676c34a4352ee6f5eb7f98a40163724722e053d82d75e86108727b248`
SSDeep	`98304:3m7zynZHB0veuOUUx6B6i5ob02zi31fLO2WbJUSGD6:3mMhY3OUNDMbJUr6`
Imports Hash	`9c44fe76a0ec044c6f59ae2f0b46bf25`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2023-Mar-29 19:26:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x316a00`
SizeOfInitializedData	`0x156800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000083720 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x470000`
SizeOfHeaders	`0x400`
Checksum	`0x46d720`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f9ed9aea7c38dfba329621b0c76ad2eb`
SHA1	`74a76d19a693dfdd6a15473fa8331d9ebd9e2c5f`
SHA256	`b5e1a109fae91a397363ae5a336401aeb85f3eda1a3ffce7d1781ccc8deb50ca`
SHA3	`66c1020b31b12c90530638ce172777df139cc52897d8a75226629b86df552edf`
VirtualSize	`0x31699a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x316a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46994`

.rdata

MD5	`d5c2d9da7ccaf39caabd7aa68305ae07`
SHA1	`7d681da6c012a721c8c2f796417da364ff3e9269`
SHA256	`911685e47a8e8ebc64216503b238d8f6870426965a3cb80df66e76a92da88116`
SHA3	`c9a48cb243dd21931bc5625fc2e08e1e3120b547b23a738435bebdaa18ae870f`
VirtualSize	`0xe8b2e`
VirtualAddress	`0x318000`
SizeOfRawData	`0xe8c00`
PointerToRawData	`0x316e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.79764`

.data

MD5	`59ce1bf2394760d3acdb588290fe5678`
SHA1	`03f3be90c917298185be898f4f18c10f2e46a080`
SHA256	`0039b6956cacbe7b1e97ea526320478dc83baddd3e79fc2cbcf5150f98d3bcd7`
SHA3	`8a9b104723e691d0f7412db9e1d2118feeac136d89acb2df2339e941e7fc4284`
VirtualSize	`0x11fbc`
VirtualAddress	`0x401000`
SizeOfRawData	`0xaa00`
PointerToRawData	`0x3ffa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.05161`

.pdata

MD5	`605982fb8897a62e4585efddff5b7d9b`
SHA1	`9f4afd43800ced40348626b0226e81358f949b05`
SHA256	`33182d2051d02689fad66e03232703de1bbf300f2c64b10c2d29112793a11e2a`
SHA3	`5bc9f9908f7220b584bf28708dbffdee591ea6b126d4fdb3bd87844ee0aa4e47`
VirtualSize	`0x24b28`
VirtualAddress	`0x413000`
SizeOfRawData	`0x24c00`
PointerToRawData	`0x40a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.31114`

_RDATA

MD5	`45afc6f81f73e924ed8fd112793d590c`
SHA1	`28ecbee18735b011241ff0e2e0a4db9f2a9f0010`
SHA256	`bfdce721e7d3a20c1876acd63e52c9025ae9d88c4c5a30a6ab51cea31eed08d8`
SHA3	`e9dd5796cc8be775b7b54724007c51c8ccb41b698ea8a67796b740f03d1dc127`
VirtualSize	`0x15c`
VirtualAddress	`0x438000`
SizeOfRawData	`0x200`
PointerToRawData	`0x42f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.32975`

.rsrc

MD5	`6912adf8573a42a4ea7a756771e929e0`
SHA1	`000dc02c5ecad3bb5e0fb101c5ceeeec0c58ea82`
SHA256	`631fe6b890fc9d7b7d33730a4372acb614d0516dcca9e14f78e2a59ded52acd7`
SHA3	`cf9858fb856cd4494be4aed89817946f7b43c8d42632dab1a4910ac158f6e47a`
VirtualSize	`0x2edb0`
VirtualAddress	`0x439000`
SizeOfRawData	`0x2ee00`
PointerToRawData	`0x42f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.68228`

.reloc

MD5	`4c0d17915a5269782a2bcf39402547be`
SHA1	`cd4e52c1eae3b4f888835471e6987202491abd1e`
SHA256	`8179dcc36bb37025041a8829390b6047783b120f5aff752f488dd8e9174a3f1d`
SHA3	`f9f28ce3306e4b8b64de0ff7e9bebb1bf96a4a7c149c6aa7f2b5f409443ec475`
VirtualSize	`0x7e68`
VirtualAddress	`0x468000`
SizeOfRawData	`0x8000`
PointerToRawData	`0x45e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.4484`

Imports

KERNEL32.dll	`GetDiskFreeSpaceW` `LockFile` `GetFullPathNameA` `GetGeoInfoW` `GetUserGeoID` `VerSetConditionMask` `GetEnvironmentVariableW` `GetCurrentProcess` `GetCurrentProcessId` `OpenProcess` `GetVersionExW` `FreeLibrary` `GetModuleFileNameW` `LoadLibraryW` `VerifyVersionInfoW` `GetLocaleInfoW` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `ExpandEnvironmentStringsW` `CreateDirectoryW` `CreateFileW` `DeleteFileW` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `GetLongPathNameW` `ReadFile` `SetFilePointer` `WriteFile` `GetTempPathW` `CopyFileW` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `SystemTimeToFileTime` `QueryPerformanceCounter` `QueryPerformanceFrequency` `GetCurrentThreadId` `UnregisterWaitEx` `RegisterWaitForSingleObject` `CancelIo` `SleepEx` `QueueUserAPC` `lstrlenW` `ReadDirectoryChangesW` `SetLastError` `LoadLibraryA` `LCMapStringW` `GetUserDefaultLCID` `OutputDebugStringW` `GetCurrentThread` `GetPackagesByPackageFamily` `OpenPackageInfoByFullName` `ClosePackageInfo` `GetPackageInfo` `GetVolumeInformationW` `GetSystemDirectoryW` `GetComputerNameW` `GetFileAttributesW` `GetFileSizeEx` `CreateThread` `GetFileSize` `ReleaseMutex` `CreateMutexA` `CompareStringW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `UnlockFileEx` `GetModuleHandleA` `LocalAlloc` `QueryFullProcessImageNameW` `InitializeCriticalSection` `TryEnterCriticalSection` `TlsAlloc` `TlsGetValue` `TlsSetValue` `MultiByteToWideChar` `IsDebuggerPresent` `RaiseException` `InitializeSRWLock` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryAcquireSRWLockExclusive` `GetStringTypeW` `EncodePointer` `LCMapStringEx` `GetCPInfo` `GetSystemTimeAsFileTime` `ReleaseSemaphore` `WaitForMultipleObjectsEx` `OpenEventA` `SetWaitableTimer` `ResumeThread` `TlsFree` `GetSystemInfo` `CreateWaitableTimerA` `InitializeCriticalSectionAndSpinCount` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `GetStartupInfoW` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `LoadLibraryExW` `RtlUnwind` `ExitProcess` `GetModuleHandleExW` `ExitThread` `FreeLibraryAndExitThread` `GetStdHandle` `GetACP` `GetFileType` `GetDateFormatW` `GetTimeFormatW` `IsValidLocale` `EnumSystemLocalesW` `GetTimeZoneInformation` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `ReadConsoleW` `SetFilePointerEx` `SetEnvironmentVariableA` `IsValidCodePage` `GetOEMCP` `SetConsoleCtrlHandler` `GetCommandLineA` `GetCommandLineW` `OutputDebugStringA` `SetStdHandle` `WriteConsoleW` `SetEndOfFile` `CreateMutexW` `UnmapViewOfFile` `HeapValidate` `GetTempPathA` `GetDiskFreeSpaceA` `GetFileAttributesA` `GetFullPathNameW` `SwitchToFiber` `DeleteFiber` `CreateFiber` `GetEnvironmentVariableA` `CompareFileTime` `MoveFileExA` `GetSystemDirectoryA` `ConvertFiberToThread` `ConvertThreadToFiber` `SetConsoleMode` `ReadConsoleA` `MapViewOfFile` `CreateFileMappingW` `GetSystemTime` `LockFileEx` `UnlockFile` `HeapCompact` `DeleteFileA` `CreateFileA` `WaitForSingleObject` `DeleteCriticalSection` `HeapDestroy` `DecodePointer` `HeapReAlloc` `HeapSize` `InitializeCriticalSectionEx` `LeaveCriticalSection` `EnterCriticalSection` `SetDefaultDllDirectories` `SetDllDirectoryW` `FreeConsole` `AttachConsole` `Sleep` `GetModuleHandleW` `GetProcAddress` `GetLastError` `WaitForMultipleObjects` `GetTickCount` `ResetEvent` `HeapFree` `GetProcessHeap` `HeapAlloc` `SetEvent` `WaitForSingleObjectEx` `CloseHandle` `CreateEventW` `CreateEventA` `LocalFree` `WideCharToMultiByte` `FormatMessageW` `FormatMessageA` `HeapCreate` `AreFileApisANSI` `GetCurrentDirectoryW` `PeekNamedPipe` `GetDriveTypeW` `FlushViewOfFile`
gdiplus.dll	`GdiplusShutdown` `GdiplusStartup`
USER32.dll	`GetUserObjectInformationW` `MessageBoxW` `TranslateMessage` `DispatchMessageW` `LoadStringW` `LoadIconW` `LoadCursorW` `RegisterClassExW` `PostQuitMessage` `DefWindowProcW` `FindWindowW` `SendMessageW` `MsgWaitForMultipleObjects` `wsprintfW` `PeekMessageW` `GetProcessWindowStation` `CreateWindowExW`
ADVAPI32.dll	`CryptSignHashW` `CryptEnumProvidersW` `CryptExportKey` `CryptGetUserKey` `CryptGetProvParam` `CryptSetHashParam` `CryptDestroyKey` `CryptAcquireContextW` `CryptReleaseContext` `CryptGetHashParam` `CryptCreateHash` `CryptHashData` `CryptDestroyHash` `OpenProcessToken` `GetTokenInformation` `RegQueryValueExW` `RegNotifyChangeKeyValue` `RegCreateKeyExW` `OpenThreadToken` `RegOpenKeyW` `LookupAccountNameW` `RegDeleteValueW` `RegSetValueExW` `ConvertSidToStringSidW` `RegEnumValueW` `RegQueryInfoKeyW` `CryptDecrypt` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `RegEnumKeyExW` `RegOpenKeyExW` `RegCloseKey`
SHELL32.dll	`SHGetDesktopFolder` `SHGetFolderPathW` `SHCreateDirectoryExW` `SHGetMalloc` `CommandLineToArgvW` `SHFileOperationW`
ole32.dll	`CoCreateGuid` `CoTaskMemFree` `PropVariantClear` `CoCreateInstance` `CoUninitialize` `CoInitializeEx` `StringFromGUID2`
OLEAUT32.dll	`SysAllocStringLen` `VariantClear` `SysFreeString`
msi.dll	`#173` `#217`
RPCRT4.dll	`UuidToStringW` `RpcStringFreeW`
USERENV.dll	`ExpandEnvironmentStringsForUserW`
SHLWAPI.dll	`StrRetToBufW` `#487` `PathFindFileNameW` `SHRegDuplicateHKey` `PathFileExistsW`
bcrypt.dll	`BCryptGenRandom`
CRYPT32.dll	`CertDuplicateCertificateContext` `CertFindCertificateInStore` `CertCloseStore` `CertOpenStore` `CertGetCertificateContextProperty` `CertEnumCertificatesInStore` `CertFreeCertificateContext` `CertOpenSystemStoreA` `CertGetEnhancedKeyUsage` `CertGetIntendedKeyUsage`
WS2_32.dll	`htons` `socket` `setsockopt` `listen` `WSAIoctl` `select` `gethostname` `WSACloseEvent` `WSACreateEvent` `WSAEnumNetworkEvents` `WSAEventSelect` `htonl` `connect` `closesocket` `bind` `accept` `WSASetLastError` `send` `recv` `freeaddrinfo` `getaddrinfo` `WSAGetLastError` `WSACleanup` `ntohs` `getsockopt` `getsockname` `ioctlsocket` `recvfrom` `sendto` `getpeername` `__WSAFDIsSet`
WLDAP32.dll	`#200` `#30` `#79` `#35` `#33` `#32` `#27` `#26` `#301` `#46` `#143` `#22` `#41` `#50` `#45` `#60` `#211` `#217`
Normaliz.dll	`IdnToAscii`

Delayed Imports

CA

Type	`TEXT`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x217d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99624`
Detected Filetype	GZip Compressed Archive
MD5	`c014af1628411606fe7b77e42a3f1370`
SHA1	`760b97dc5c3b3d32d7f53ccde82a4a70a425bbb8`
SHA256	`ba179285008fc423a1726f99333743ebf21a5abfe503b080f00ab0cfd188bf85`
SHA3	`888492f9ac5d2697cea4a23c890f3538b3395593dbc78fdae76de94c5ea53561`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18158`
MD5	`aecaef26c8fc14efa961590d614f2e84`
SHA1	`a231ac119553d45c1fcf58a75055f0163fe30fc8`
SHA256	`aa7496d888fa49767c774eb667654f3fbb5553ac2e3f6cbe7c871337f955f2d0`
SHA3	`80ceed2ca6260fbc362672adb34b1e28919cacf75e70b626229d70fae662d726`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29111`
MD5	`f0389960ba8e40a854720e5cd09c3a73`
SHA1	`f55bee6186f7c3e90658a0e6942cd1b2b156c4be`
SHA256	`6038d941a8a443d17f47e9b9e31cd7b3068b981515e98184daa2070dfe28a371`
SHA3	`e253baa49fad0ed1421d0802bfe6d0cadd182c4d9b97f8a9e591bed15d686df2`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1705`
MD5	`4a507734ec1d13489f50b137dc1144ae`
SHA1	`b857b9a31b775bb267cfae79bfc70ae67ff6b7a5`
SHA256	`90c395a460932571581352ccb99e169e02bcce5cb3a808cc057d19a262f887ae`
SHA3	`4d8258ce3ee812783508845a42d53c78870870aa6bb0e02bccb769a8d26ec1b6`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72442`
MD5	`fe0917fb80ea4a63e54d58b91e929402`
SHA1	`f6e5f8211cd1ea1addfeccf8ee3549975e728886`
SHA256	`23a635bebe91a39d43e88e7e285ad5a2d870d8f326528ca659ee4d7a81dfe6e9`
SHA3	`a276e571e2fb3a6bb0b4a12073088c3b14b785452870eeb401e41a522c8de95d`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.17423`
MD5	`1a0726560abaf945d0442d59eb2561b2`
SHA1	`3900f1510d7c46678a8c57c20f75bbc1acdcea96`
SHA256	`457308ab2455f4c54b5a15deb4a10d64204ad7cc09f45e213c2d5c620922e2ef`
SHA3	`0688f7e0754422e162545d0ac8c65e741a71493edb87004916816ea810ff57b3`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.09695`
MD5	`f0412717cf70ac11ae1af56bf02f5772`
SHA1	`4fe7ff16dc98646c0807e1b3d3dafc42fcd0b0db`
SHA256	`55cd02edf46530d9fc34915acaade250a92a33ad67eec10bea5be2e1a75a66f4`
SHA3	`44345e7ee6e058ff6d2948a54c599cc82aba88b117efcd8c5edf0d2f65043bb3`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0117`
MD5	`3b294ead5b9791e0d545c0f57e622e28`
SHA1	`d39cd183ec1d0d4f9e70ef86e5ada93411ff499b`
SHA256	`ad8df15db1f67485befa156238a66bb84f6f1d1bcd54d300ec6e501fb6e28bbb`
SHA3	`30283282bd608ea5a16f7ff9f11e522039bccc4cccd06344909dfb3dd6868b50`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.03281`
MD5	`04decf93e7ae871cffa5f0543cffc150`
SHA1	`f09c1c525fbd6dcf1f5322945d06d403465bc995`
SHA256	`c644efb8b352139b90cea0c105de70e2c88ef3efb2acd480f40804b8adfe1867`
SHA3	`3e8f28453538272ac6daa213bcd104b649b027291e7762fe8b3874037e82b979`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x402e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93561`
Detected Filetype	PNG graphic file
MD5	`8b231b8fd1b6791789675b54d7b143f4`
SHA1	`e1c536f6decf467a4ea03e5229ad05a697089cc1`
SHA256	`dce1e9388d151d213b2e91bec37ae1c89feedf82e1cb6fcc8bdeab29a36b1d5e`
SHA3	`f4738e1cc438af8b8026627bd6640dcef1302787e44405e4641c904ae6f4ce12`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.52489`
MD5	`98c49503da74fab567576a28ea88b8b4`
SHA1	`f5ca864aa4340b40c862935c9b8ec79d95352c5d`
SHA256	`589b2873e29802a9848eb556c26e4c45ba49bc6c03eb54be9d1d8d97858872ba`
SHA3	`12063c4d8e1e59ce621a692be06a2cd6678a6b41f5880547fdd3fecd63f4a808`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65614`
MD5	`2b5142426a85c301377c33315edc1e01`
SHA1	`0716a424f250ae544c5952d3e2b786d8b97fa9a7`
SHA256	`397f4e1da1a40c89d4bffd7f0ed4606956efcd771162f0420affb41d9b3d3de6`
SHA3	`886a746fb477e24e5e1b839566903aae5d2edbff3280c5487cf399051691f6e0`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.68031`
MD5	`7b52de00b91531e1b965f6d1cf3510d6`
SHA1	`cd07c11cd6ff638a4a01a8b555a9a15e84e77357`
SHA256	`01d926d10424809b469775f9e9e7749c763841968dc0ff96be847385429a329e`
SHA3	`71fe71ce46fa90b6fa5ec8fc96b5980d3057d4787bfc8cadaf593cf729865abc`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32052`
MD5	`3a2e2cc9ef53e9a29958913bbbffa740`
SHA1	`8e3f3e64271f8e842465d78391516396d06aaf52`
SHA256	`8792fb054a35bf3e0e3c7e08a6d2160adcedb803ce822ef3ef4ca6febd64da5b`
SHA3	`ef474785ee471734dc41d31464069442911dd75c72d187d456c8d73654e47702`

5009

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95122`
MD5	`4e14b8e0d763f0c2fc1fa62cddb1fd26`
SHA1	`3b76da2fef17ee70b942e4278edcadc24cdc3185`
SHA256	`de413def67e86f02c3060e600b340b65928d86f7a98471e0a4f08879d763da3d`
SHA3	`fa1c03bd548168a90ea3a9d9df0232981cecfefe37f688c17eea49ee81c09a98`

5014

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92811`
MD5	`b60a49dbfb6147ccec9ed2403c2bad55`
SHA1	`dfb7460b3437e1bdfb912f3ac784b3f1096034dd`
SHA256	`7ac3ccc03d1c11680cae434a26c3763c0b2b11895ea916df27c320562811657d`
SHA3	`409d401d435bea927d871fbc3e070f747acdfb5ab63779f6c8a7c01c164805b1`

7 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05614`
MD5	`bf08e8065199aa46f02b434f034e9f18`
SHA1	`4edc8e78e509db3718276ed122fa94f6ed8662cd`
SHA256	`e12e6dc1742f3d60dfbb25f77a80a21721a65a9d2448bdc34fe043707864876a`
SHA3	`72cfdeb8e1a254aabab38ac061fb1da76b2589e070f96bbd172efb450e91ef44`

313

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x38`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73692`
MD5	`12cd03294b5ee2dcce9ba865a42e3706`
SHA1	`c5b9fcf7c9db70a75020eb7fd622839aa2cdc8ed`
SHA256	`ae2fbcc4d1077c76a3f0b04ca63095f72a20313729be28473c536b85d9693d22`
SHA3	`c6334b842f1cc78bfe5ac005603830407fccc5c38c4aef36b5cfe8547729c687`

313 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62011`
MD5	`718871cbad1dd9c52a15d7414b0b03ec`
SHA1	`47b69b199dcb69d6e762c94ec10b16528b9e66f0`
SHA256	`f6c990f1ddc670f9700b6b43c4295599b734573485d976d80e7eabd0f4b57203`
SHA3	`0aaa1bdfed2b3a3733856ce7ce3bd2fd0a2d488035095c2d2b19269a86439b04`

313 (#3)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.5656`
MD5	`769f8dc050a474156524ee936adfe27b`
SHA1	`2bd3e5fda59486b3be349260bc1c8d0af150fff3`
SHA256	`721186faf71bac4b711c5fa9d0f3a04797be7b30cdf59241690023741c902ac9`
SHA3	`e95c6953a46f946c81801b52c37e26af3f999217c5b1349cca781b79ab7cebca`

313 (#4)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x66`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56416`
MD5	`862530bd29edb94d5f1d0f694cee03a7`
SHA1	`31810f2a553697bfaa70488ad3daf8d502feb639`
SHA256	`3ee51c44eb7624ac2077a924958be0431d5af9a7ea4ac9699c334a2881b85167`
SHA3	`da015b82af39fbd32146e3a4a0e284c7718826a4a4babd324ee356cc094f09d8`

313 (#5)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.61816`
MD5	`989cefeb7493c18ff345c3f0f6e1bace`
SHA1	`b8c7b7dea05437248f8d14d0e901a2a0f494a7ba`
SHA256	`d040ce699517a4eb253e1be3c5f8230700cd5ae9c815b56e273a793950fc5fc1`
SHA3	`8a74b649a35b99ed1c5c362a4f6fcc904474961d61658636757fb94a7f5b8a00`

313 (#6)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x58`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.59342`
MD5	`8b05d220c665c00ba195c588382e2759`
SHA1	`623eea6323769ca0075b1c19d77a28112980699a`
SHA256	`11bd1d765f275fd5b4d4b67146bd12f0fca9d3444e8b951aba27e9bd52d78c82`
SHA3	`2d3d55a8b8bff43a5f61c1d39e7ab32b32a1e698189230e5b91c9460970d9896`

313 (#7)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.52646`
MD5	`28e350bb479049d2d17c4d7005923514`
SHA1	`37eeeb1461a7ddac99aa12ee7b63a29f29d2f644`
SHA256	`6c5502238a8e0c946f980b93c3e9dc175e19517ad3aafdc939a62bad847b701b`
SHA3	`7caaff6204a58455fe310e4616dff5f7e060ecd6952fbb932caf136b8d55a1e2`

313 (#8)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58656`
MD5	`8692a353f6b2966b012ceed8439807bd`
SHA1	`5c3742dd1dde167e07052c0319ae01b6ba0382f5`
SHA256	`373f1f6a9a1a6156cf1825c85c5b2cd3233da35e843620e0d722e52aaf77c062`
SHA3	`2f631a03744620faf50f91a1124b3941bfd4686d5400f5651324ed0faf6bb01f`

313 (#9)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60216`
MD5	`e0d10ad45b2c8ba70bc3741825ea5538`
SHA1	`5e40070f03c96070c1a28a249e01e1cc9c609e10`
SHA256	`6fb3f65b97d177a9298a578ee597b70ef48daee4a0b7b5a9e850544281b57a5e`
SHA3	`058a1b1a1f5077f48184fc2455b9972021495c427d3da261b90e17b8033a2d60`

313 (#10)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.193`
MD5	`46a920df67a814add80988a4c359a3be`
SHA1	`9ccfdd4ec3b1594146b6aa99d8fb098ee21ec36a`
SHA256	`883ace972905d99c7148dc5f9f0e03c0ccf0d154587566dd5c09de9c55e7aa3c`
SHA3	`8d6040eed05e9c7e63137ab47c5277b19056ceb9798d5592a8e8b5e0a456004f`

313 (#11)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6657`
MD5	`7c6079606496531ebf9a4680f06ef6cd`
SHA1	`41e3523a94c059561221c5bc4142eb5ecc7543fc`
SHA256	`9dee61e884f8326cacb7871aee3ea3ca0d60e8105c1311aebcaedb7803bf680e`
SHA3	`8041a7c62943c0ecec500a28700f7e4c31b862a7ca6b35a4123860a2107b489c`

313 (#12)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67093`
MD5	`7ea2f4c205ff20d40348ce8ea80cb68d`
SHA1	`884f33a66121f4f4e176b795a1ffb3c428e70062`
SHA256	`c4cc930e03e0de1651a0f48d6b1559af732b445de1e8a042fc48ebfe428d249b`
SHA3	`8cf4009bc471258c9590524ee7b99f2579d4f9ede42af598a090d493822a7417`

313 (#13)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67738`
MD5	`c279ffaf4b371411606139ce4cc2d6db`
SHA1	`bad4deb1597b3fed9fd8704932da4633dc47fd7a`
SHA256	`7428cb0f422b5e028db52befea9c21422f633c3dd439e069594af0be7c25d57e`
SHA3	`14a242ecfd0945240ddbc29f8be31cb346a823d591e7fbd183b491a6cdd214f8`

313 (#14)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69912`
MD5	`bfd054f0006b7e64992770b60ee6ba6a`
SHA1	`37d7e3baccfc95776d24f8131a26e9fc383cdc72`
SHA256	`d7c86b40328bad5cf427e37ae94adc2afe4c598ec0353ae5be8b3395ad9e1956`
SHA3	`ea6f794fe9c6381feaf941ace1ea9b4054ffbd017e8b92854713d01eb6a22b33`

313 (#15)

Type	`RT_STRING`
Language	Spanish - Argentina
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69912`
MD5	`bfd054f0006b7e64992770b60ee6ba6a`
SHA1	`37d7e3baccfc95776d24f8131a26e9fc383cdc72`
SHA256	`d7c86b40328bad5cf427e37ae94adc2afe4c598ec0353ae5be8b3395ad9e1956`
SHA3	`ea6f794fe9c6381feaf941ace1ea9b4054ffbd017e8b92854713d01eb6a22b33`

313 (#16)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77022`
MD5	`f6944b07785acb627dd8892b8f254acc`
SHA1	`34d42ca41268b8a197ad9d75e115751116e37658`
SHA256	`f2ed1f75942f07b6b6fdc8ebeb340a2ee5d01bc64b1f324c5f4b67e2f8daebd4`
SHA3	`82f25ea01f5e9ab0f1399ee44e9078b4aa8a9b1a17a11630bd87d958d63cf2df`

376

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x56`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.4147`
MD5	`ed940490df5e78e471616633da190e26`
SHA1	`3f203e8f04fad780adc9c27e162e2e4709b7a5bb`
SHA256	`601b4eb4902033028bde0405ddc7244dfe6aa8f6a6d1f139060036e6d927afa8`
SHA3	`e9e81f28382386dc41db28fa12bc7dd5acc171ce8fa97acb85a82a2dc8b88a62`

376 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.34502`
MD5	`ca94e4a17895cf24e6c573768aa5d260`
SHA1	`e9fe4cc6e3901d634e224a01e4b6218f0fedc454`
SHA256	`3942bd8c53c124d0976083f8685e252b560251fe403296a5518d9ac95bf52071`
SHA3	`372265d41e0da3e4670912961bc9d338b708d26ea1c64a3c4d3e448616d351df`

376 (#3)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.3214`
MD5	`2df5563d78511372334e9235399ac156`
SHA1	`579333c6fcd275c83366412d660c7a3f2aa676e0`
SHA256	`9ef197c232a3cd95321c3df0134e31971d71248f307de441b39bdff889abd0a1`
SHA3	`57e64e37a20849fc23e6560be15ff209f5d5fd8644997aa37801afaec6dbcf2c`

376 (#4)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44616`
MD5	`21a6a04a30a88ccd6299ad8150a5b73a`
SHA1	`ef578e02ae87017170371b6f37f6e822d867a0aa`
SHA256	`fda0a51cd88534a52f8ea8e77cb6e088946e7e2189fe560682b190042de8395f`
SHA3	`2cab357914964e209e9cf83fa0d28cf641e0d19a8846f73642003feb525e1818`

376 (#5)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x62`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.35361`
MD5	`0b9ba5ce6a5e748b07b387a20837de8f`
SHA1	`77ff02862272291507e343afb97012423d2b5973`
SHA256	`18f936ff6002e46a9171f970bf407401948a83d9636076b597a864cbe4752ac5`
SHA3	`66b81d98eb1d9f8c3bb60959b0395476e261458cac5a282fc060bbd0c633314a`

376 (#6)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.4747`
MD5	`91e041b7c51724d12dc7ed898b00fab7`
SHA1	`b7b61b831f0c45e7ad99947ca2aabbdc4e321e32`
SHA256	`0ba5415f7aa02073688cfc850cedff2c90d1b75fd111e6f1b22f09b8072b19c6`
SHA3	`7bc1d9744fcf58b782ad994f4f216afae244920719176527aa3847463d5f84c3`

376 (#7)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.40388`
MD5	`c3d2951c0706a41d3c082ba1f595b654`
SHA1	`63daf262f0cd93b2f433bdfe1505940b1431f4cb`
SHA256	`90e3f104dd7c54b971500aaad332554ed7b9ed5931786d35c355b10cb66425f4`
SHA3	`13e05eb5f81d64320895845ecfaf3e07cb7e8f5fe8980c4127edf08d9ba16c40`

376 (#8)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x56`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44674`
MD5	`2c00b5ff491eccf4df07ea03c69b4b74`
SHA1	`25e92e414edfa7da2ec56cbad2d783c8b269624a`
SHA256	`203d5d19566bcce2fd59fc754c36b22d38b1661350317a2b033e31ce72555b02`
SHA3	`d0be4d358af17ccf0cabed03893338f7638776200df38f64120c976a4a7b52bf`

376 (#9)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.42307`
MD5	`0def07b5ab4e9666a1cc810840a0a0a5`
SHA1	`e5bffb69c8d513bba22cd0c350ed477345ed89d0`
SHA256	`3356383f360cf6db4f20f43215298b5cca32da6234501dd276b5ee937357f64f`
SHA3	`1b73a455d822cb481d643dec149e815813b05acc93534d9439fed6b6bad6dbc1`

376 (#10)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x62`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85716`
MD5	`f102416501f7bed08fac552a2cec39b3`
SHA1	`ca9c2941f99d48a1d579f5cb74bd72462254a75a`
SHA256	`67fc544545204d1bf4c7eafde65b94d56a6bac07a2bda50f493929d47b4cf584`
SHA3	`7aea74915eb7b7341008f28553713e35bfb6f08cf68ba9c0e29ff81c1bf44b11`

376 (#11)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x62`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.34887`
MD5	`929c1617ff6b68f4a49a947d192d7e92`
SHA1	`6fe3eeb7516c92b8139770cd295346357d26304d`
SHA256	`f088b0e54a150aa2a3cce56e37fc4da7f2b93223a33d5889108f6ab6088b0e46`
SHA3	`6f1896eacebdfe3863cfbd82d52a9d28d969d01d195e03d9901726f3271b88aa`

376 (#12)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.26746`
MD5	`fd5e0fd6b5b54f31ec6fd881fc871fed`
SHA1	`7e0305910cd18236e1857694e3bc99eb119c7203`
SHA256	`b8ffcb344057fdc5f5b68dae1855d5d49398f3a468e0173f420f10f7194af156`
SHA3	`f0fa53f7b09f01164e78f1f7d95bfdcc8da5f13fc6cd106faa5ae1c616f2455c`

376 (#13)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.41622`
MD5	`12e3617de8f59ecba91fa5fa1c5a4c90`
SHA1	`1f9deb8e27e0352da027f856705448cc09dd392e`
SHA256	`9ae0c1551673976858261bb4c2ff1c6106465d16ed8cf30e8929c7403e67265c`
SHA3	`7e62dd91367931e48942c9a3b83171c891907cf41345542b0fdd42afc4a8727e`

376 (#14)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x62`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.33718`
MD5	`c6e0cd2bd3d1efd631412c1001ca5524`
SHA1	`4cd2e7d6e3e5507a0023c89c16f4cb063bdfdac8`
SHA256	`142541b2cf83e6d8e0f9225d9381ec0a5bf53c6774529adc5f6737f5d5cd9074`
SHA3	`d1ad4959ab840de857a4938c6c7bab75f8503ea4009da763f8d911a61f7a4aff`

376 (#15)

Type	`RT_STRING`
Language	Spanish - Argentina
Codepage	UNKNOWN
Size	`0x62`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.33718`
MD5	`c6e0cd2bd3d1efd631412c1001ca5524`
SHA1	`4cd2e7d6e3e5507a0023c89c16f4cb063bdfdac8`
SHA256	`142541b2cf83e6d8e0f9225d9381ec0a5bf53c6774529adc5f6737f5d5cd9074`
SHA3	`d1ad4959ab840de857a4938c6c7bab75f8503ea4009da763f8d911a61f7a4aff`

376 (#16)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x58`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.53904`
MD5	`8a1f564c84a09cc17d6771b42ffeb07f`
SHA1	`49516ffce818d9ea91548225da6f2e8ec6bc2a27`
SHA256	`86b789d0062962d5a2dec1798e7b1fb8f1a73a4605a14c5675578f023283ebc4`
SHA3	`a68cdca0c54e85adfe7297653ddf578b24ed7ba27861c00f59641e5479a20d5f`

109

Type	`RT_ACCELERATOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

107

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06903`
Detected Filetype	Icon file
MD5	`28e876c096248f78d1ecc6d10cc60254`
SHA1	`63a25bca951df7a3b10c3a9eb2b0cab9ae24d649`
SHA256	`9da2480da45a2f5d7330a14a96c28dbca4c570c240a656da2139d447ed3bc9ba`
SHA3	`4c863965f3289aa370c2db7fd1b45c0e7dab3fc89c7c9f1e434aee92b419d06b`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x370`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50788`
MD5	`9fe6f8b0fa69456b6c30436032377851`
SHA1	`92d28499225556d3848dd31f66d6587eac0873b0`
SHA256	`34cac8ff4daf2aaae2fc9d4483571ae40c494c2f5993667385094bbb8244e3eb`
SHA3	`4fc39ae2322c50595f54168324b3afb91208bee45fd83ed5c84ecf4256977649`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x784`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16936`
MD5	`c5245cd0b567ae4cabc08a19895617f9`
SHA1	`ac0db01ca83e826920e460ecc9b8cb3c1dfd09c7`
SHA256	`be25cb8e67dd1b8be53251f77cab518beba4b174758bedeb7d942678d7cf1bdb`
SHA3	`575fb3f72922d37572693e3bcc79183060202536908d40d6b0a7e85643387e9e`

String Table contents

AppIndexer
APPINDEXER
秒
分钟
小时
天
kB
MB
GB
sekunder
minutter
timer
dage
kB
MB
GB
Sekunden
Minuten
Stunden
Tage
kB
MB
GB
sekuntia
minuuttia
tuntia
päivää
Kt
Mt
Gt
secondes
minutes
heures
jours
Ko
Mo
Go
secondi
minuti
ore
giorni
KB
MB
GB
秒
分
時間
日
kB
MB
GB
초
분
시간
일
kB
MB
GB
sekunder
minutter
timer
dager
kB
MB
GB
секунд
минут
часов
дней
КБ
МБ
ГБ
sekunder
minuter
timmar
dagar
kB
MB
GB
seconds
minutes
hours
days
kB
MB
GB
segundos
minutos
horas
dias
kB
MB
GB
segundos
minutos
horas
días
kB
MB
GB
segundos
minutos
horas
días
kB
MB
GB
秒數
分鐘
小時
日
kB
MB
GB
{received}/{total}
剩下 {time}
{received}/{total}
{time} tilbage
{received}/{total}
Noch {time}
{received}/{total}
{time} jäljellä oleva
{received}/{total}
Il reste {time}
{received}/{total}
{time} di tempo rimanente
{received}/{total}
残り{time}
{received}/{total}
{time} 남음
{received}/{total}
{time} gjenværende
{received}/{total}
Осталось {time}
{received}/{total}
{time} återstår
{received}/{total}
{time} left
{received}/{total}
{time} restante(s)
{received}/{total}
{time} restante
{received}/{total}
{time} restante
{received}/{total}
還剩下 {time}

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.273.4.677
ProductVersion	0.273.4.677
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	SweetLabs, Inc.
FileDescription	Host App Service Interface
FileVersion (#2)	0.273.4.677
InternalName	HostAppServiceInterface
LegalCopyright	Copyright (C) 2010-2023 - SweetLabs, Inc
OriginalFilename	HostAppServiceInterface.exe
ProductName	Host App Service Interface
ProductVersion (#2)	0.273.4.677

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Mar-29 19:26:11
Version	`0.0`
SizeofData	`52`
AddressOfRawData	`0x3d1018`
PointerToRawData	`0x3cfe18`
Referenced File	HostAppServiceInterface.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Mar-29 19:26:11
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x3d104c`
PointerToRawData	`0x3cfe4c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Mar-29 19:26:11
Version	`0.0`
SizeofData	`1068`
AddressOfRawData	`0x3d1060`
PointerToRawData	`0x3cfe60`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2023-Mar-29 19:26:11
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1403d14b0`
EndAddressOfRawData	`0x1403d14b8`
AddressOfIndex	`0x14040d578`
AddressOfCallbacks	`0x140319378`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`0x0000000140082F30`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140401260`

RICH Header

XOR Key	`0x5f6c0351`
Unmarked objects	`0`
241 (40116)	`12`
242 (40116)	`35`
243 (40116)	`185`
253 (VS2022 Update 4 (17.4.2) compiler 31935)	`6`
ASM objects (VS2022 Update 4 (17.4.2) compiler 31935)	`10`
C++ objects (VS2022 Update 4 (17.4.2) compiler 31935)	`97`
C objects (VS2022 Update 5 (17.5.0-2) compiler 32215)	`1`
C++ objects (VS2022 Update 5 (17.5.0-2) compiler 32215)	`68`
C objects (VS2022 Update 4 (17.4.2) compiler 31935)	`707`
244 (40116)	`8`
C objects (VS2022 Update 3 (17.3.0-3) compiler 31629)	`8`
239 (40116)	`47`
Total imports	`584`
C++ objects (VS2022 Update 3 (17.3.0-3) compiler 31629)	`1`
C++ objects (LTCG) (VS2022 Update 5 (17.5.0-2) compiler 32215)	`9`
Resource objects (VS2022 Update 5 (17.5.0-2) compiler 32215)	`1`
151	`2`
Linker (VS2022 Update 5 (17.5.0-2) compiler 32215)	`1`

56d846b6827eb8fb8943b55168ec02e3

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

CA

1

2

3

4

5

6

7

8

9

10

11

12

13

5009

5014

7 (#2)

313

313 (#2)

313 (#3)

313 (#4)

313 (#5)

313 (#6)

313 (#7)

313 (#8)

313 (#9)

313 (#10)

313 (#11)

313 (#12)

313 (#13)

313 (#14)

313 (#15)

313 (#16)

376

376 (#2)

376 (#3)

376 (#4)

376 (#5)

376 (#6)

376 (#7)

376 (#8)

376 (#9)

376 (#10)

376 (#11)

376 (#12)

376 (#13)

376 (#14)

376 (#15)

376 (#16)

109

107

1 (#2)

1 (#3)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors