Manalyze report for 75259d5534fe90d1e8830ceafad1b094

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Sep-16 08:44:19
Detected languages	English - United States
Debug artifacts	Set-up.pdb
CompanyName	Adobe Inc.
FileDescription	Adobe Installer
FileVersion	`6.4.0.359`
InternalName	Adobe Installer
LegalCopyright	© 2020-2024 Adobe. All rights reserved.
OriginalFilename	Adobe Installer
ProductName	Adobe Installer
ProductVersion	`6.4.0.359`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: QEmU QemU` `Miscellaneous malware strings: virus` Contains domain names: JQ525L2MZD.com accelerate.amazonaws.com accounts.adobe.com adminconsole.adobe.com adobe.com amazonaws.com ccm.oobesaas.adobe.com ccmdl.adobe.com cdn-ffc.oobesaas.adobe.com cdn-qe-ffc.oobesaas.adobe.com cdn-stg-ffc.oobesaas.adobe.com corp.adobe.com customized-user-packages.s3-accelerate.amazonaws.com customized-user-packages.s3.amazonaws.com dev.corp.adobe.com ffc-ccm.oobesaas.adobe.com ffc-files.corp.adobe.com ffc.oobesaas.adobe.com files.corp.adobe.com helpx.adobe.com http://typekit.com http://www.adobe.com http://www.adobe.com/go/apps_install_hdesd_error http://www.adobe.com/go/apps_install_hdesd_error_br http://www.adobe.com/go/apps_install_hdesd_error_cn http://www.adobe.com/go/apps_install_hdesd_error_cz http://www.adobe.com/go/apps_install_hdesd_error_de http://www.adobe.com/go/apps_install_hdesd_error_dk http://www.adobe.com/go/apps_install_hdesd_error_es http://www.adobe.com/go/apps_install_hdesd_error_fi http://www.adobe.com/go/apps_install_hdesd_error_fr http://www.adobe.com/go/apps_install_hdesd_error_it http://www.adobe.com/go/apps_install_hdesd_error_jp http://www.adobe.com/go/apps_install_hdesd_error_kr http://www.adobe.com/go/apps_install_hdesd_error_nl http://www.adobe.com/go/apps_install_hdesd_error_no http://www.adobe.com/go/apps_install_hdesd_error_pl http://www.adobe.com/go/apps_install_hdesd_error_ru http://www.adobe.com/go/apps_install_hdesd_error_se http://www.adobe.com/go/apps_install_hdesd_error_tr http://www.adobe.com/go/apps_install_hdesd_error_tw http://www.adobe.com/go/conflicting_process_hdesd http://www.adobe.com/go/conflicting_process_hdesd_br http://www.adobe.com/go/conflicting_process_hdesd_cn http://www.adobe.com/go/conflicting_process_hdesd_cz http://www.adobe.com/go/conflicting_process_hdesd_de http://www.adobe.com/go/conflicting_process_hdesd_dk http://www.adobe.com/go/conflicting_process_hdesd_es http://www.adobe.com/go/conflicting_process_hdesd_fi http://www.adobe.com/go/conflicting_process_hdesd_fr http://www.adobe.com/go/conflicting_process_hdesd_it http://www.adobe.com/go/conflicting_process_hdesd_jp http://www.adobe.com/go/conflicting_process_hdesd_kr http://www.adobe.com/go/conflicting_process_hdesd_nl http://www.adobe.com/go/conflicting_process_hdesd_no http://www.adobe.com/go/conflicting_process_hdesd_pl http://www.adobe.com/go/conflicting_process_hdesd_ru http://www.adobe.com/go/conflicting_process_hdesd_se http://www.adobe.com/go/conflicting_process_hdesd_tr http://www.adobe.com/go/conflicting_process_hdesd_tw http://www.adobe.com/go/cust_support http://www.adobe.com/go/cust_support_br http://www.adobe.com/go/cust_support_cn http://www.adobe.com/go/cust_support_cz http://www.adobe.com/go/cust_support_de http://www.adobe.com/go/cust_support_dk http://www.adobe.com/go/cust_support_es http://www.adobe.com/go/cust_support_fi http://www.adobe.com/go/cust_support_fr http://www.adobe.com/go/cust_support_it http://www.adobe.com/go/cust_support_jp http://www.adobe.com/go/cust_support_kr http://www.adobe.com/go/cust_support_nl http://www.adobe.com/go/cust_support_no http://www.adobe.com/go/cust_support_pl http://www.adobe.com/go/cust_support_ru http://www.adobe.com/go/cust_support_se http://www.adobe.com/go/cust_support_tr http://www.adobe.com/go/cust_support_tw http://www.adobe.com/go/system_requirements_hdesd http://www.adobe.com/go/system_requirements_hdesd_br http://www.adobe.com/go/system_requirements_hdesd_cn http://www.adobe.com/go/system_requirements_hdesd_cz http://www.adobe.com/go/system_requirements_hdesd_de http://www.adobe.com/go/system_requirements_hdesd_dk http://www.adobe.com/go/system_requirements_hdesd_es http://www.adobe.com/go/system_requirements_hdesd_fi http://www.adobe.com/go/system_requirements_hdesd_fr http://www.adobe.com/go/system_requirements_hdesd_it http://www.adobe.com/go/system_requirements_hdesd_jp http://www.adobe.com/go/system_requirements_hdesd_kr http://www.adobe.com/go/system_requirements_hdesd_nl http://www.adobe.com/go/system_requirements_hdesd_no http://www.adobe.com/go/system_requirements_hdesd_pl http://www.adobe.com/go/system_requirements_hdesd_ru http://www.adobe.com/go/system_requirements_hdesd_se http://www.adobe.com/go/system_requirements_hdesd_tr http://www.adobe.com/go/system_requirements_hdesd_tw http://www.adobe.com/products/eulas/tou_typekit. http://www.w3.org http://www.w3.org/1999/xlink http://www.w3.org/2000/svg http://www.winimage.com http://www.winimage.com/zLibDll https://127.0.0.1 https://accounts.adobe.com https://accounts.adobe.com/security/privacy https://adminconsole.adobe.com https://cdn-ffc.oobesaas.adobe.com https://cdn-ffc.oobesaas.adobe.com/core/v1/update/description https://cdn-ffc.oobesaas.adobe.com/core/v1/validation https://cdn-ffc.oobesaas.adobe.com/core/v2/applications https://cdn-ffc.oobesaas.adobe.com/core/v3/applications https://cdn-ffc.oobesaas.adobe.com/core/v4/products/all? https://cdn-qe-ffc.oobesaas.adobe.com https://cdn-stg-ffc.oobesaas.adobe.com https://helpx.adobe.com https://helpx.adobe.com/br/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/cn/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/cz/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/de/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/dk/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/es/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/fi/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/fr/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/it/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/jp/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/kr/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/nl/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/no/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/pl/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/ru/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/se/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/tr/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/tw/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/x-productkb/global/desktop-app-usage-information-faq.html https://oobe.adobe.com https://oobe.adobe.com/ https://oobe.adobe.com/type3 https://prod-rel-ffc-ccm.oobesaas.adobe.com https://prod-rel-ffc-ccm.oobesaas.adobe.com/adobe-ffc-external https://qa.adminconsole.adobe.com https://qe-prstg-ffc.oobesaas.adobe.com https://qe-prstg-ffc.oobesaas.adobe.com/adobe-ffc-external https://sqe-prstg-ffc.oobesaas.adobe.com https://sqe-prstg-ffc.oobesaas.adobe.com/adobe-ffc-external https://stage.adminconsole.adobe.com https://tron-onesie-dev.corp.adobe.com https://tron-onesie.corp.adobe.com https://tron-prod-customized-user-packages.s3-accelerate.amazonaws.com https://tron-prod-customized-user-packages.s3.amazonaws.com https://tron-qe-user-packages.s3-accelerate.amazonaws.com https://tron-qe-user-packages.s3.amazonaws.com https://trondevuserpackages.s3-accelerate.amazonaws.com https://trondevuserpackages.s3.amazonaws.com https://tronstageuserpackages.s3-accelerate.amazonaws.com https://tronstageuserpackages.s3.amazonaws.com https://www.adobe.com https://www.adobe.com/ https://www.adobe.com/br/creativecloud/desktop-app.html https://www.adobe.com/creativecloud/desktop-app.html https://www.adobe.com/cz/creativecloud/desktop-app.html https://www.adobe.com/de/creativecloud/desktop-app.html https://www.adobe.com/dk/creativecloud/desktop-app.html https://www.adobe.com/es/creativecloud/desktop-app.html https://www.adobe.com/fi/creativecloud/desktop-app.html https://www.adobe.com/fr/creativecloud/desktop-app.html https://www.adobe.com/go/creative https://www.adobe.com/go/creative_br https://www.adobe.com/go/creative_cn https://www.adobe.com/go/creative_cz https://www.adobe.com/go/creative_de https://www.adobe.com/go/creative_dk https://www.adobe.com/go/creative_es https://www.adobe.com/go/creative_fi https://www.adobe.com/go/creative_fr https://www.adobe.com/go/creative_it https://www.adobe.com/go/creative_jp https://www.adobe.com/go/creative_kr https://www.adobe.com/go/creative_nl https://www.adobe.com/go/creative_no https://www.adobe.com/go/creative_pl https://www.adobe.com/go/creative_ru https://www.adobe.com/go/creative_se https://www.adobe.com/go/creative_tr https://www.adobe.com/go/creative_tw https://www.adobe.com/go/download-packager-utility https://www.adobe.com/go/download-packager-utility_br https://www.adobe.com/go/download-packager-utility_cn https://www.adobe.com/go/download-packager-utility_cz https://www.adobe.com/go/download-packager-utility_de https://www.adobe.com/go/download-packager-utility_dk https://www.adobe.com/go/download-packager-utility_es https://www.adobe.com/go/download-packager-utility_fi https://www.adobe.com/go/download-packager-utility_fr https://www.adobe.com/go/download-packager-utility_it https://www.adobe.com/go/download-packager-utility_jp https://www.adobe.com/go/download-packager-utility_kr https://www.adobe.com/go/download-packager-utility_nl https://www.adobe.com/go/download-packager-utility_no https://www.adobe.com/go/download-packager-utility_pl https://www.adobe.com/go/download-packager-utility_ru https://www.adobe.com/go/download-packager-utility_se https://www.adobe.com/go/download-packager-utility_tr https://www.adobe.com/go/download-packager-utility_tw https://www.adobe.com/it/creativecloud/desktop-app.html https://www.adobe.com/jp/creativecloud/desktop-app.html https://www.adobe.com/kr/creativecloud/desktop-app.html https://www.adobe.com/nl/creativecloud/desktop-app.html https://www.adobe.com/no/creativecloud/desktop-app.html https://www.adobe.com/pl/creativecloud/desktop-app.html https://www.adobe.com/ru/creativecloud/desktop-app.html https://www.adobe.com/se/creativecloud/desktop-app.html https://www.adobe.com/tr/creativecloud/desktop-app.html https://www.adobe.com/tw/creativecloud/desktop-app.html jquery.com jquery.org n.top-r.top onesie-dev.corp.adobe.com onesie.corp.adobe.com oobe.adobe.com oobesaas.adobe.com packages.s3-accelerate.amazonaws.com packages.s3.amazonaws.com prod-customized-user-packages.s3-accelerate.amazonaws.com prod-customized-user-packages.s3.amazonaws.com prod-rel-ffc-ccm.oobesaas.adobe.com prstg-ffc.oobesaas.adobe.com qa.adminconsole.adobe.com qe-ffc.oobesaas.adobe.com qe-prstg-ffc.oobesaas.adobe.com qe-user-packages.s3-accelerate.amazonaws.com qe-user-packages.s3.amazonaws.com rel-ffc-ccm.oobesaas.adobe.com s3-accelerate.amazonaws.com s3.amazonaws.com sqe-prstg-ffc.oobesaas.adobe.com stage-ffc-files.corp.adobe.com stage.adminconsole.adobe.com stg-ffc.oobesaas.adobe.com t.top-s.top top-r.top top-s.top tron-onesie-dev.corp.adobe.com tron-onesie.corp.adobe.com tron-prod-customized-user-packages.s3-accelerate.amazonaws.com tron-prod-customized-user-packages.s3.amazonaws.com tron-qe-user-packages.s3-accelerate.amazonaws.com tron-qe-user-packages.s3.amazonaws.com trondevuserpackages.s3-accelerate.amazonaws.com trondevuserpackages.s3.amazonaws.com tronstageuserpackages.s3-accelerate.amazonaws.com tronstageuserpackages.s3.amazonaws.com typekit.com user-packages.s3-accelerate.amazonaws.com user-packages.s3.amazonaws.com winimage.com www.adobe.com www.w3.org www.winimage.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA LoadLibraryExA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Can access the registry: SHGetValueW RegFlushKey RegCloseKey RegDeleteKeyExW RegCreateKeyExW RegSetValueExW RegOpenKeyExW RegEnumValueW RegQueryValueExW` `Possibly launches other programs: ShellExecuteW CreateProcessW` `Uses Microsoft's cryptographic API: CryptReleaseContext CryptGetHashParam CryptDestroyHash CryptHashData CryptCreateHash CryptAcquireContextW CryptProtectData CryptUnprotectData CryptStringToBinaryW CryptHashCertificate2 CryptImportPublicKeyInfoEx2` `Can create temporary files: CreateFileW GetTempPathW GetTempPathA CreateFileA` `Uses functions commonly found in keyloggers: GetForegroundWindow AttachThreadInput GetAsyncKeyState` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetCanonicalizeUrlW` `Functions related to the privilege level: OpenProcessToken DuplicateTokenEx AdjustTokenPrivileges` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess Process32NextW Process32FirstW` `Changes object ACLs: SetNamedSecurityInfoW` `Can take screenshots: GetDC BitBlt CreateCompatibleDC` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore`
Malicious	The PE's digital signature is invalid.	`Signer: Adobe Inc.` `Issuer: DigiCert EV Code Signing CA (SHA2)` `The file was modified after it was signed.`
Malicious	VirusTotal score: 43/72 (Scanned on 2024-12-25 18:03:11)	`ALYac: Application.Generic.3823830` `AVG: FileRepPup [PUP]` `AhnLab-V3: HackTool/Win.Crack.C5702621` `Antiy-AVL: HackTool/Win32.Crack` `Arcabit: Application.Generic.D3A58D6` `Avast: FileRepPup [PUP]` `Avira: SPR/Agent.fpgny` `BitDefender: Application.Generic.3823830` `Bkav: W32.Common.2CE23DE4` `CAT-QuickHeal: Trojan.Ghanarava.1735112563d1b094` `CTX: exe.hacktool.crack` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win32/HackTool.Crack.OH potentially unsafe` `Elastic: malicious (moderate confidence)` `Emsisoft: Application.Generic.3823830 (B)` `F-Secure: PrivacyRisk.SPR/Agent.fpgny` `FireEye: Application.Generic.3823830` `Fortinet: Riskware/Crack` `GData: Application.Generic.3823830` `Google: Detected` `Gridinsoft: Hack.Win32.Patcher.cl` `Ikarus: PUA.HackTool.Crack` `K7AntiVirus: Unwanted-Program ( 005b20d31 )` `K7GW: Unwanted-Program ( 005b20d31 )` `Kingsoft: Win32.Riskware.Crack.f` `Lionic: Hacktool.Win32.Crack.3!c` `McAfee: Artemis!75259D5534FE` `McAfeeD: ti!B3506F660A33` `MicroWorld-eScan: Application.Generic.3823830` `Microsoft: HackTool:Win32/Crack!MTB` `Sangfor: Hacktool.Win32.Crack.Vgpe` `Skyhigh: Artemis!Trojan` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `VBA32: Trojan.Agentb` `VIPRE: Application.Generic.3823830` `Varist: W32/ABApplication.QSSV-6885` `Webroot: W32.Malware.Gen` `Xcitium: ApplicUnwnt@#2x43ae5ciyq3e` `Yandex: Trojan.Agentb!vzdHIc+VVIU` `Zillya: Tool.Crack.Win32.5687` `Zoner: Trojan.Win32.177262`

Hashes

MD5	`75259d5534fe90d1e8830ceafad1b094`
SHA1	`8c77c5e2f34a2ee0264d9b9e2ca5b47ea5830f95`
SHA256	`b3506f660a3395674225893af2df056c338006d781c86f2fe05ef27130bd7c3c`
SHA3	`1f1b99d7e47fd9dc9333d82011d9095098b9e8bcc54f3716fefbce162ce0b344`
SSDeep	`98304:LDNC89EF0yd7wyYnVz02/ZZmbZFu78XfrLTI4O6x+:LDNCQMrdxB2/XmbZ888fR`
Imports Hash	`7cab4e0f5c800ca0f9f0244f2ca3e725`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2020-Sep-16 08:44:19
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x372400`
SizeOfInitializedData	`0x3dac00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002D147A (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x374000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x751000`
SizeOfHeaders	`0x400`
Checksum	`0x756adc`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0a836d19bd8dab940582e064a34e1c03`
SHA1	`8320a74de8aad6e235abb70829789799b0a85783`
SHA256	`1cf154722d123578d762c5a38db75e9c01f89292ee1e55f080e0f25df8dca491`
SHA3	`9c7454ee39dd7b6366bfbf6fbe3a40bcca54274167e170659c2b1ac2648a187d`
VirtualSize	`0x372380`
VirtualAddress	`0x1000`
SizeOfRawData	`0x372400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55694`

.rdata

MD5	`bc188332286cc4e986c1f301d24e39d2`
SHA1	`d2dc9850ce0307ee7bb20f9473148b356a21390f`
SHA256	`8f27c774ea27ba4498b1e7e232a715b88db617f3221f03c0c25c8d4bf3897306`
SHA3	`a1117136331aaf50e0b0547a35a6c4eff5416b965668a5f967566b63c581cc81`
VirtualSize	`0xe2b88`
VirtualAddress	`0x374000`
SizeOfRawData	`0xe2c00`
PointerToRawData	`0x372800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.28184`

.data

MD5	`a4655420de09f96153c77cb4b4556f40`
SHA1	`7fd4dbe0bd55496ad858a0e8110e17b4276549fc`
SHA256	`325f4ad30d8831c00b3d6c4e2237ba1d9f5309de7f10f63e67c9eb5868862d88`
SHA3	`4194aed67727857139f6f04028e17b4d3abf14e6d43635ca01d2481f788a8097`
VirtualSize	`0x280f4`
VirtualAddress	`0x457000`
SizeOfRawData	`0x21c00`
PointerToRawData	`0x455400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.6319`

.rsrc

MD5	`1d7b9390262e2ee6317a3a823a756292`
SHA1	`eb8077fb0fff37b44cbc600c322b082143832a58`
SHA256	`02f320e0a4b72fdb663d954c3513bec45eb141f9abb159128b6e20bfc28d6f95`
SHA3	`89c76b7a84045a013419ee5975ac5295a8597195ec2034f4a52c56c3cab7fd13`
VirtualSize	`0x29e453`
VirtualAddress	`0x480000`
SizeOfRawData	`0x29e600`
PointerToRawData	`0x477000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.46976`

.reloc

MD5	`5b1923c78768674aa063d7ef11edc3d8`
SHA1	`04e2cb4937985f4a507473a00d8a978b9e1d10ae`
SHA256	`24857317bfc65f1778eb2621705b323b474463b0d8c12144a506d360b590ec58`
SHA3	`f97bd126129e9eb441c305f05d051d42516c24e2f203d6bb82e1efb2d5787882`
VirtualSize	`0x31648`
VirtualAddress	`0x71f000`
SizeOfRawData	`0x31800`
PointerToRawData	`0x715600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.66356`

Imports

COMCTL32.dll	`InitCommonControlsEx`
SHLWAPI.dll	`PathIsUNCW` `PathIsRelativeW` `PathRemoveBackslashW` `PathIsNetworkPathW` `PathStripPathW` `UrlIsW` `SHGetValueW` `UrlEscapeW` `PathFindFileNameW` `PathRemoveFileSpecW` `PathRemoveExtensionW` `PathFileExistsW` `PathAddExtensionW` `PathIsFileSpecW` `PathAppendW` `PathIsDirectoryW` `PathRenameExtensionW` `PathIsSystemFolderW` `PathFileExistsA` `PathAddBackslashW` `PathIsRootW` `PathStripToRootW`
SHELL32.dll	`SHCreateDirectoryExW` `#51` `SHGetKnownFolderPath` `ShellExecuteW` `ShellExecuteExW` `SHGetSpecialFolderLocation` `SHBrowseForFolderW` `#680` `SHGetMalloc` `SHGetFolderLocation` `SHGetPathFromIDListW` `SHGetFolderPathW` `SHGetSpecialFolderPathW` `CommandLineToArgvW`
KERNEL32.dll	`FindNextFileW` `WaitForMultipleObjects` `CreateFileW` `CreateEventW` `SetEvent` `ResetEvent` `GetOverlappedResult` `ReadDirectoryChangesW` `MultiByteToWideChar` `WideCharToMultiByte` `GetFileSizeEx` `FindClose` `GetFileAttributesW` `SetFileAttributesW` `DeleteFileW` `GetLocalTime` `GetTimeFormatW` `GetDateFormatW` `GetCurrentProcess` `DeviceIoControl` `GetTempPathW` `GetVersionExW` `GetComputerNameExW` `FileTimeToSystemTime` `GetNativeSystemInfo` `RaiseException` `LoadLibraryW` `GetProcAddress` `CreateProcessW` `GetModuleHandleW` `FreeLibrary` `InitializeCriticalSectionEx` `DecodePointer` `MulDiv` `GetModuleFileNameW` `TerminateProcess` `RemoveDirectoryW` `OpenProcess` `CreateToolhelp32Snapshot` `Sleep` `Process32NextW` `Process32FirstW` `CopyFileW` `GetExitCodeProcess` `ReadFile` `SetLastError` `lstrlenW` `LocalAlloc` `GetDiskFreeSpaceExW` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `MoveFileExW` `GetFileSize` `lstrcpyW` `lstrcmpiW` `lstrcmpW` `GetDriveTypeW` `GetFullPathNameW` `HeapSize` `HeapReAlloc` `HeapDestroy` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `GetSystemDirectoryW` `SetDllDirectoryW` `GetStdHandle` `AttachConsole` `FreeConsole` `GetConsoleWindow` `AreFileApisANSI` `TryEnterCriticalSection` `HeapCreate` `WriteFile` `GetDiskFreeSpaceW` `OutputDebugStringA` `LockFile` `SetFilePointer` `LeaveCriticalSection` `SetEndOfFile` `UnlockFileEx` `UnmapViewOfFile` `HeapValidate` `GetTempPathA` `GetDiskFreeSpaceA` `GetFileAttributesA` `GetFileAttributesExW` `OutputDebugStringW` `FlushViewOfFile` `CreateFileA` `LoadLibraryA` `WaitForSingleObjectEx` `GetVersionExA` `DeleteFileA` `GetSystemInfo` `HeapCompact` `UnlockFile` `CreateFileMappingA` `LockFileEx` `SystemTimeToFileTime` `GetSystemTimeAsFileTime` `GetSystemTime` `FormatMessageA` `CreateFileMappingW` `MapViewOfFile` `QueryPerformanceCounter` `GetTickCount` `FlushFileBuffers` `SizeofResource` `LockResource` `LoadResource` `FindResourceW` `GlobalFree` `VerSetConditionMask` `FindFirstFileW` `GetUserDefaultLCID` `LCMapStringW` `DuplicateHandle` `ProcessIdToSessionId` `TerminateThread` `CreateThread` `FindResourceExW` `GetThreadTimes` `QueryFullProcessImageNameW` `GetUserDefaultLangID` `GetUserDefaultUILanguage` `SetNamedPipeHandleState` `CreateNamedPipeW` `ConnectNamedPipe` `CreateDirectoryW` `ReleaseSemaphore` `OpenSemaphoreW` `CreateSemaphoreW` `GetTimeZoneInformation` `VirtualFree` `VirtualAlloc` `QueryPerformanceFrequency` `GetCurrentThread` `SetFilePointerEx` `ResumeThread` `SetThreadPriority` `EnterCriticalSection` `CompareStringW` `GetCPInfo` `EncodePointer` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `GetStringTypeW` `GetExitCodeThread` `SwitchToThread` `GetModuleHandleExW` `QueueUserWorkItem` `IsProcessorFeaturePresent` `LoadLibraryExA` `VirtualQuery` `VirtualProtect` `GetCurrentProcessId` `GetCurrentThreadId` `OpenMutexW` `CloseHandle` `ReleaseMutex` `WaitForSingleObject` `CreateMutexW` `GetProcessHeap` `HeapAlloc` `HeapFree` `LocalFree` `GetLastError` `FormatMessageW` `GetLocaleInfoW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `InterlockedPopEntrySList` `InterlockedPushEntrySList` `FlushInstructionCache` `CreateTimerQueue` `SignalObjectAndWait` `GetThreadPriority` `GetLogicalProcessorInformation` `CreateTimerQueueTimer` `ChangeTimerQueueTimer` `DeleteTimerQueueTimer` `GetNumaHighestNodeNumber` `GetProcessAffinityMask` `SetThreadAffinityMask` `DeleteCriticalSection` `RegisterWaitForSingleObject` `UnregisterWait` `FreeLibraryAndExitThread` `GetModuleHandleA` `LoadLibraryExW` `InterlockedFlushSList` `QueryDepthSList` `UnregisterWaitEx` `RtlUnwind` `ExitThread` `GetFileInformationByHandle` `GetFileType` `PeekNamedPipe` `SystemTimeToTzSpecificLocalTime` `SetStdHandle` `WriteConsoleW` `ExitProcess` `GetConsoleCP` `GetConsoleMode` `IsValidLocale` `EnumSystemLocalesW` `ReadConsoleW` `FindFirstFileExW` `IsValidCodePage` `GetACP` `VerifyVersionInfoW` `GetOEMCP` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `InitializeCriticalSection` `SetEnvironmentVariableW` `GetFullPathNameA`
USER32.dll	`CharNextW` `BringWindowToTop` `TranslateAcceleratorW` `GetClassNameW` `SetCapture` `GetDlgItem` `GetParent` `RegisterWindowMessageW` `ReleaseCapture` `SetForegroundWindow` `InvalidateRect` `GetForegroundWindow` `GetSysColor` `AttachThreadInput` `IsChild` `DestroyAcceleratorTable` `ClientToScreen` `RedrawWindow` `InvalidateRgn` `IsWindow` `SetFocus` `ScreenToClient` `FillRect` `GetFocus` `GetWindow` `IsIconic` `BeginPaint` `EndPaint` `GetWindowTextW` `GetSystemMetrics` `GetMessageW` `DefWindowProcW` `GetWindowLongW` `DestroyWindow` `SetWindowPos` `CreateWindowExW` `SendMessageW` `RegisterClassExW` `GetActiveWindow` `DispatchMessageW` `CreateAcceleratorTableW` `SetWindowTextW` `CallWindowProcW` `GetWindowTextLengthW` `GetWindowThreadProcessId` `wsprintfW` `PostThreadMessageW` `TranslateMessage` `LoadCursorW` `SetWindowLongW` `PostQuitMessage` `GetDesktopWindow` `GetClassInfoExW` `GetDC` `MessageBoxW` `ShowWindow` `GetAsyncKeyState` `ReleaseDC` `PostMessageW` `UnregisterClassW` `GetClientRect` `EnumWindows` `MoveWindow` `GetShellWindow` `LoadImageW` `SystemParametersInfoW` `EnableMenuItem` `LoadIconW` `GetSystemMenu` `GetClassLongW` `AppendMenuW` `SetClassLongW` `GetWindowRect`
GDI32.dll	`DeleteDC` `GetObjectW` `DeleteObject` `CreateSolidBrush` `GetDeviceCaps` `SelectObject` `CreateCompatibleBitmap` `GetStockObject` `BitBlt` `CreateCompatibleDC`
ADVAPI32.dll	`SetEntriesInAclW` `SetNamedSecurityInfoW` `GetNamedSecurityInfoW` `GetTokenInformation` `CreateWellKnownSid` `LookupPrivilegeValueW` `OpenProcessToken` `RegFlushKey` `RegCloseKey` `RegDeleteKeyExW` `RegCreateKeyExW` `RegSetValueExW` `LookupAccountSidW` `RegOpenKeyExW` `RegEnumValueW` `EqualSid` `InitializeSecurityDescriptor` `FreeSid` `AllocateAndInitializeSid` `SetSecurityDescriptorDacl` `DuplicateTokenEx` `ConvertSidToStringSidW` `ImpersonateLoggedOnUser` `ConvertStringSidToSidW` `RevertToSelf` `CryptReleaseContext` `CryptGetHashParam` `CryptDestroyHash` `CryptHashData` `CryptCreateHash` `CryptAcquireContextW` `RegQueryValueExW` `GetUserNameW` `CredWriteW` `CredReadW` `CredDeleteW` `CredFree` `CredEnumerateW` `AdjustTokenPrivileges`
ole32.dll	`CoCreateGuid` `CoAddRefServerProcess` `OleRun` `CoUninitialize` `CoInitialize` `CLSIDFromString` `CreateStreamOnHGlobal` `CLSIDFromProgID` `CoGetClassObject` `CoCreateInstance` `StringFromGUID2` `OleInitialize` `OleUninitialize` `OleLockRunning` `CoTaskMemAlloc` `CoTaskMemFree` `CoReleaseServerProcess`
OLEAUT32.dll	`VariantChangeType` `SysAllocStringLen` `SysStringLen` `SysFreeString` `VariantInit` `SysAllocString` `OleCreateFontIndirect` `LoadTypeLib` `LoadRegTypeLib` `SysAllocStringByteLen` `VariantCopy` `SysStringByteLen` `DispCallFunc` `GetErrorInfo` `VariantClear`
bcrypt.dll	`BCryptCloseAlgorithmProvider` `BCryptVerifySignature` `BCryptGenerateSymmetricKey` `BCryptSetProperty` `BCryptDecrypt` `BCryptDestroyKey` `BCryptEncrypt` `BCryptDestroyHash` `BCryptOpenAlgorithmProvider` `BCryptCreateHash` `BCryptHashData` `BCryptFinishHash` `BCryptGetProperty`
CRYPT32.dll	`CertGetIssuerCertificateFromStore` `CertGetNameStringW` `CryptProtectData` `CryptUnprotectData` `CryptStringToBinaryW` `CertOpenStore` `CertFindCertificateInStore` `CertFreeCertificateContext` `CertCreateCertificateContext` `CryptHashCertificate2` `CryptImportPublicKeyInfoEx2` `CertVerifySubjectCertificateContext` `CertAddCertificateContextToStore` `CertCloseStore`
Secur32.dll	`GetUserNameExW`
WINTRUST.dll	`WTHelperProvDataFromStateData` `WTHelperGetProvCertFromChain` `WinVerifyTrust` `WTHelperGetProvSignerFromChain`
WININET.dll (delay-loaded)	`InternetCanonicalizeUrlW`

Delayed Imports

Attributes	`0x1`
Name	`WININET.dll`
ModuleHandle	`0x478b60`
DelayImportAddressTable	`0x478b34`
DelayImportNameTable	`0x453f20`
BoundDelayImportTable	`0x4541cc`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

104

Type	`CSS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4126`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07844`
MD5	`ee23e36c90c9fccd530504285d371ac3`
SHA1	`7a4e24d18ec723d38cd922e3845ff290f0299e15`
SHA256	`32616e0764c80efb4607a0dccfec7cf7862886c4ae80e6405dc3cc5c62cd0f82`
SHA3	`1ecb0ffcc01ce284f032a28c139d6705ad7f1668191756364a90e7751688f91d`

106

Type	`CSS`
Language	English - United States
Codepage	UNKNOWN
Size	`0xaf895`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.00713`
MD5	`4f3364af3e396f92a8826532bfb1a7e5`
SHA1	`7f7b613435ece78a358f2066287c2f2c3c6aa168`
SHA256	`45b9b77499356527e9047256db96a542a720bf075d67e9f6ba55d51fd562339e`
SHA3	`9b3b08caccd4a53ed1199b2255e0cf52124c837f6ea22bd76bbcecdc3013db2c`

153

Type	`CSS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x43d5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.93938`
MD5	`edacde36ff06bd26f1907ae092eac998`
SHA1	`c25e9052ee5b28ec28e2eceee40217302bf2caae`
SHA256	`257634b6fa84dce998b31d6497330f0a0661efbd270f58289fbe026ed95b6f2c`
SHA3	`c10f06708b8dd6772b2026aca86729f4d350c32e26b312349b057c1cd4ceab3a`

161

Type	`CSS`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa12`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.93153`
MD5	`1265d497504870d225452b3309b0e06b`
SHA1	`29a3b783e6f2f2cd3f6d08833b83c7848f8e3450`
SHA256	`4273a5d4ef990dead6cabe760c27b25f7fcf8a51177f1b31813ad8866a565330`
SHA3	`890b6622f9d83f9dd0bee5e9312cc6788c759803057d24ab70aee67fde7ff4d0`

130

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12240`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4162`
MD5	`1bb8044ff4251084057d822765d0db91`
SHA1	`d385d6acd37b5476e8ddb8720d8c68d62e8b982f`
SHA256	`9dcaf53f57cf46ca688405f77e50281e11be6a0697c62cd7980159e060b7ab11`
SHA3	`ba27b5e3230590182024328413b58d7d7680e517a04a21d4ec34a165549b5af9`

131

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x149dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44228`
MD5	`afec493069ec046c4a188a7a113d5270`
SHA1	`365b8d978c805249dcd2b5ce14e8526cb6dbcb61`
SHA256	`46acea90a64e2c4d20422e73c1207d90a50fb7595114a3fc211c00a8785475d0`
SHA3	`6ddc884074f21dc6e9cc010d429abf207c4efd2e83cbb92ce138bd56b1bfd259`

132

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x13e56`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44606`
MD5	`58c5914d353ca0c90740b6890cd25f81`
SHA1	`5f633b1e9f2abea21ccc579afcb9240600ad7f82`
SHA256	`56653c1abafabf9dfeb59d3377cb7a6d3fb94ae3ab0ddbaa40f6e6237948bafb`
SHA3	`ddb39b717c4b502a5d2b108d83c7256518b4cc5463e58077be06e8489636f4af`

133

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf0c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.4519`
MD5	`15e5d91b3d9caa7c507922d63d150489`
SHA1	`ad0e7f947d0706d5bd7b436fd762b9e563f3ebb6`
SHA256	`bd500676dd2671363045939568e7e83f2c90967358e333db560cdb59450e7f5f`
SHA3	`9dc9cf87b81c5ac0cd39097f709ab80c7cd0b87cd8367385eebf6340e399c857`

134

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x13976`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40598`
MD5	`7bdf0f028a69c6b2041373cf4ee26c08`
SHA1	`ba42be8cd93ccaf3aaa486e48e7a6a1b045dc783`
SHA256	`db7b3cf601126957c4727618eba69a2ac7e623b1b7b2d1f3fb31618cc8d5e870`
SHA3	`7718707823f39b669230d5ba3bd92046bd779e17e12a1a6fe4afd2941081be38`

135

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12c94`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43625`
MD5	`74483116e2661f30df30cf18663256a6`
SHA1	`d617176c2ccbaf0fa15ca3a0ca43f872f3addde5`
SHA256	`f52fcc05ab9c223b5a8d7cd5ecae097ab5d27440affdc2f58f3d087ea9e3f0e4`
SHA3	`d0099e7fd3f9eeb8ee26a845b9ee8439bab4501231e2496317c9f92be61b2575`

136

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee7c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.41949`
MD5	`2e8665cdd06a3e880028a4ac51d61a29`
SHA1	`4b748c523d95afbc6e4da1abb10bd445aa936af3`
SHA256	`05a5083241656d02aa9925a6264e6ce0c6da75b52ef615f9781ab446ccad6dbb`
SHA3	`721b2147b58a1c08a9d3b0ffecf7e708bc60069e79d2432c67ede89199bd003f`

137

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1347e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41289`
MD5	`b4565472557ae1cfdb2b50125c919125`
SHA1	`d6e784411194f88f4d1c5ab45708cc05fd179ff5`
SHA256	`01752cdc37581ed103fdd81f0178acccd903c177c5a048944748773ebea14827`
SHA3	`98739e0c704589ac31e87438ca9c3b69d07c460ed33ec48f372a6e55371d2fc6`

138

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.31773`
MD5	`4f92d0bc85d6e71c65ef06ab0fcc345e`
SHA1	`ddda0e1fd1821ac1d17c1d3635779f6f35e93ae4`
SHA256	`24923526d697ff0390e12d1159cdfb31d49b6824df28c011a12e603750405604`
SHA3	`9e571a931a4a055920a5c0140df1491e4a3c3fac40345baa655ef8a885027a03`

139

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd5ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.34838`
MD5	`13d904a95b358c9c2e38f46914197323`
SHA1	`7c3b7dc03a4492e5b6bbe313bcbaef46deb4e29d`
SHA256	`ea6d2c13153fbac89e5ad488b366877beb8f258faed0b95c028703a27c77a228`
SHA3	`6dda69d54077df525986c0cc07700e40731c4f94269bdc318c0599e2d95d22bb`

140

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x132ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41565`
MD5	`bba14709ba22f054c1ff54baf2330e8d`
SHA1	`81a23f482bc3bb6b87eea154eb845aba06dd53fa`
SHA256	`d7cf4faf1c898eeb95306539d5f19131bdd27f499732ca7cd5ba7a8984429416`
SHA3	`e62f43e48fb3f8c513770a5d858536c2a9e2a17c365dac209cc1bb1f9c99b535`

141

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12650`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44631`
MD5	`2e1da7ac92680e62f62a3c7991ef2eb3`
SHA1	`53cad822859ed07e97d32e28fbf18cf22c73e002`
SHA256	`78dc4f5be66c0be0d95e9dbafcf921c68af4b1a010f0cacb45c1da371bde1797`
SHA3	`9d4944eb15f7f79ae4e107fa5585e52b69edcd14f76e53416e088e9bc7d3ed32`

142

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12b1e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.59793`
MD5	`d7dc8891166a0ab5c20cf3b02856af4c`
SHA1	`9d702868d54701d602255b6bb415e341662c6b64`
SHA256	`a74be3b87409066d6e64f57cf1c2bc4b94dc5de3de7c434d04d01a348919808c`
SHA3	`9ed38cef4a0d54e70b8a5a4f63a034972589c7bc29e23e323fdc98349b547fed`

143

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x130d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58326`
MD5	`d060570a8a4b553218e7f95ddaf7a05d`
SHA1	`9b3fe9a80b0df98dc4e6db9d3e5d864f420e3a27`
SHA256	`ce55988c6393c32c0d51be4c6fb526193332da08a9712648360cea8444c404b8`
SHA3	`2662064e8380f0639b02b149806d646a8a029442a8273e416eb62c77f5851339`

144

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12df8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16869`
MD5	`2bc01d36c814c8e2b0acfdedc4a16ad4`
SHA1	`109b2e95e0613696f8ef46c40e49d61ca3b7038c`
SHA256	`1336a653884e637fede3aaa21d3c756199c0c6bf3faf306b23aed90ea51bde80`
SHA3	`cab2ad94d2f3cfa389558e405e1dd3ad25ff1de4bbedbd34b0060fd81c718621`

145

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128e6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58236`
MD5	`3820a7c8875eee1a697ab11a2947cf85`
SHA1	`923a81b52973c5ae205ef08c8275cef84ad6f55d`
SHA256	`ed4a9268ae296cd384f3911e627001e2e1bb5be7320644eb78a082f415e0447b`
SHA3	`d7e03d795c8f6555151242d6ad4c2f40029a68148cb72af4e4e6eed09017a5d9`

146

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12994`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43651`
MD5	`2b00f8e1147b9911e0f7bbecf097cd30`
SHA1	`0a2d44d16e7935a9080488cff731c6058b7b8db0`
SHA256	`dc2dbd5cb2ff0ac258495548d8e8a08e2a5b257d214cd6a56fd3aab767f1ebf8`
SHA3	`e4df7448e49a52e4d5d7492a52d5f4d3dd3e1f33fead3e14e21f00b0758db77e`

147

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43377`
MD5	`eae6a9f388e0769ff23ebc9bcc4f77be`
SHA1	`7d64e2c3196c21e2ea305bf765cd33f30a900ee8`
SHA256	`9bf5f62272dfa21072ae4778d91d8b5f8497252299c550cf1de6db2bed53f1da`
SHA3	`e55f6db5f1013fd3c8c98039ed012e3b3ca0a15730c11aa91b034746d0e27a3b`

148

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12b20`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43416`
MD5	`5e9ca81ccfb47c8ecb0e7aaf79bd18a8`
SHA1	`3551b889a231138399f8a89d9fa3a0dcf9627557`
SHA256	`e5f1268019cf2fbb639be557761f5fa934ca1a107b549ac0c8a534f673fb3cac`
SHA3	`ec06dfbfc179993aa997a24aa125ed0af923bdfc173f69e302260b165824c3ea`

149

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x13976`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40598`
MD5	`7bdf0f028a69c6b2041373cf4ee26c08`
SHA1	`ba42be8cd93ccaf3aaa486e48e7a6a1b045dc783`
SHA256	`db7b3cf601126957c4727618eba69a2ac7e623b1b7b2d1f3fb31618cc8d5e870`
SHA3	`7718707823f39b669230d5ba3bd92046bd779e17e12a1a6fe4afd2941081be38`

150

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x13e56`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44606`
MD5	`58c5914d353ca0c90740b6890cd25f81`
SHA1	`5f633b1e9f2abea21ccc579afcb9240600ad7f82`
SHA256	`56653c1abafabf9dfeb59d3377cb7a6d3fb94ae3ab0ddbaa40f6e6237948bafb`
SHA3	`ddb39b717c4b502a5d2b108d83c7256518b4cc5463e58077be06e8489636f4af`

110

Type	`GIF`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03149`
Detected Filetype	GIF graphic file
MD5	`325472601571f31e1bf00674c368d335`
SHA1	`2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a`
SHA256	`b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b`
SHA3	`afacd2b83f042f49e137cdd6d628d4da182929428180855ed51136a8479f5ea3`

127

Type	`GIF`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4b1a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.80744`
Detected Filetype	GIF graphic file
MD5	`7699a4c54b1f5515a64e93fe3f801321`
SHA1	`2e51f7e1a331d921eaf15bd7dc9721a742984d47`
SHA256	`9146e2390273ac868609dac1be7f1a0458b7d4f7ecdfe1eaec107b3211f33aa2`
SHA3	`a80cbe5dba69ca119a4eba793244fa4761114cddf68950c5d8997d4cfcdf714c`

128

Type	`GIF`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe622`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90998`
Detected Filetype	GIF graphic file
MD5	`f5dad4bc08409591d0420aaa18a044ea`
SHA1	`f497cd492156d0c8c056d9d0dee1f47ee7f012c6`
SHA256	`2b3ae69a0e9301661be037690ac9682f898e288b70ca40acbfbd0e3c3cb43bc0`
SHA3	`d376a236b12953459893fe6eef1847b45de0d081edc3901e26aefdbcfcbe6972`

103

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea25`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02855`
MD5	`a8f9eb478c7512c98ca1ad46dbcc298a`
SHA1	`454226dc42b911caafc9a1e56d8ad0000bbb7643`
SHA256	`1df6cbdc80c1df47d93d6e7516a2d7017362413a6b9d93634e143856695c3645`
SHA3	`a1e7f4cfbb12be517e571f35dd8df6c3fc397360e710744d1205ee0d63cb3fe3`

107

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x16dc5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.293`
MD5	`e1288116312e4728f98923c79b034b67`
SHA1	`8b6babff47b8a9793f37036fd1b1a3ad41d38423`
SHA256	`ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32`
SHA3	`e1b6e1b3ae5e3a3ac93bb9c9da498fee7d29f426ef3f03792bd906092d74bb4e`

108

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3984`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01521`
MD5	`ab3adf4aff09a1c562a29db05795c8ab`
SHA1	`f6c3f470aea0678945cb889f518a0e9a5ce44342`
SHA256	`d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b`
SHA3	`8227f7310b58a15213072a11b8d3ae3369397ffc69e8d886e61e2d67bbdc6cc5`

109

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe7a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00095`
MD5	`e13f16e89fff39422bbb2cb08a015d30`
SHA1	`e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9`
SHA256	`24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe`
SHA3	`f8f8cb9fe62508d7100c5a2370223b5910e57a8f5da179f216ef0e3d522ca9d2`

152

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x938a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.99644`
MD5	`d5e6dacf9aa3069e9241780cbc82d50d`
SHA1	`1b510f2e06b363b4b138afc409a811254f976dca`
SHA256	`4c3f64961a872731185c0db4d155c9db73f7885ec4596f15098857c5e1fe91f4`
SHA3	`a83bd288ca81db0233dbbb50123d20c55fa7aa3f8d3482c5d546437932ec0ba7`

163

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12624`
MD5	`d98f70ffd105672292755a37f173c2ec`
SHA1	`c0154add295ac052f234a0282a62b704cdd01998`
SHA256	`257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3`
SHA3	`5668cb9f75228a4931af663a5136a7e62e3c109a2495ea630288e93627b60b27`

111

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9f0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90522`
Detected Filetype	PNG graphic file
MD5	`c798f5f4b98fd335a77e600ce21e32dc`
SHA1	`3db71eb6d87c8a4fcc6fded25d420cf7ea79231d`
SHA256	`9b249680adc23b858b08a62ea83fd8373e3480ff6f9120195314897c6e5f2cea`
SHA3	`80a7403eebbf2998d93bc7f883d8af5ff7115226427056c2780b08357986d71a`

112

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ac2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94668`
Detected Filetype	PNG graphic file
MD5	`2ef18565aa93c7a0cb24a4852aba0911`
SHA1	`0cf3ae591cdd4ebf985454bcd99872d86791eccf`
SHA256	`6db5d7eb5148243202715c337ec751b8816c0e689fff4a97e57cd47fb283d92c`
SHA3	`8ecdfc154c5890d29a6982933c3289be5e52cacdcdbf3fa8a39f79709cba5532`

113

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x226`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.4944`
Detected Filetype	PNG graphic file
MD5	`8d2c84506f3f48a810eb7232dc000d6f`
SHA1	`f4a238c1f7c02c7c907368b939efba7512c6be5a`
SHA256	`c4620bc8b293dd89db628d2002ef9fe02055e2d1cff1f07e18a3e2e4942ab7f1`
SHA3	`cb22a78f6154f6ab8eb76dfa2d49e6fbed30d0e230c6dfcbd24c0c27e980751d`

114

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.7621`
Detected Filetype	PNG graphic file
MD5	`8f59e78c9d29fe27d2461e3694ca19da`
SHA1	`4215e6467068ebda3a7657f45933c8e3a6b8848d`
SHA256	`9e7705ea53ca1437f73e64b58d434ebd653dfbdf39898eb551bd637701cb357d`
SHA3	`d7e2b3911f929165b74c9f86f61e1c4a3fbfc6f59ab88ec902411055142bfcf4`

115

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x127`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.0091`
Detected Filetype	PNG graphic file
MD5	`7ae9fb845b9137ef10002fe9d0f5c643`
SHA1	`9f3fa2b29b1b40e1b6794e5d624524de297a8b59`
SHA256	`e9e5fc264337bf6845b2cf2720ddcde8936cb120328087917bf94c5911edd74a`
SHA3	`bdf59cbc940280f6de26d3cb8333a76ebb05d9fe8b6db6a1363e2c126680f65c`

116

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x213`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.42559`
Detected Filetype	PNG graphic file
MD5	`1b46e3cd914d5e0a8647eb648e3969cf`
SHA1	`37a8f941f9d5717cb7108f976f9e16438afe24f4`
SHA256	`4d9aea82fa1e55f787fcacb17c893a7ea730ef44bf1e6696f284629b92b210f0`
SHA3	`769375bd16c06dfebe6f4011b59ad9c657d249c119f39ba77fddc92e6e935b07`

119

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1d2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.3262`
Detected Filetype	PNG graphic file
MD5	`7978536150734ceffaf0720837e8b302`
SHA1	`7c11361af6e41d00beffaf4ef9e677506b32164d`
SHA256	`5d10637927b7a623428560eaf18fb8eaf439cd8731199c3b4d251b9846841183`
SHA3	`cb1d36d9fe251b457f6ce1095d09a0b2d8ad927adce3e4ddeed8cbb1768b6f9a`

120

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3fd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.70355`
Detected Filetype	PNG graphic file
MD5	`343b161e7996221bfbe4321a62628a29`
SHA1	`f072095a70ae958572d662958feb1200baea174f`
SHA256	`6385151b79e3ba406fb11027be016d42a8a0ce9d65012dbfc5d00a4fd5a1fc28`
SHA3	`78092f0e79709169693b63524e90ebc72fbe40a1f291dc429e99f36ffd03869d`

121

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.10146`
Detected Filetype	PNG graphic file
MD5	`d13cecc413374c4ddc22a9edacde8a11`
SHA1	`981295dd1f713584591716a6e753346b8a89215a`
SHA256	`b9c9ae215daf1bb5b6692f527375207aedc138891947e5f6c1c6b549c2ebf39a`
SHA3	`6600e2ff303330f12f991b77c7895f73f8b6792f68e793355924cc544260f72e`

122

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xfc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.68965`
Detected Filetype	PNG graphic file
MD5	`42fb1ea073a33e5da9653529f46f66b0`
SHA1	`bf1837615c2e9d12c9dcc2869d05d3f0106a9de9`
SHA256	`d708b7b1c4a46677c4a9b82f81ad79067b9bbb133da43e797bba9679b21ed929`
SHA3	`963423f4a76e8d551cd796ccaa77222bf7798ad9dccb949d7254788341414d92`

123

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x13d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.90778`
Detected Filetype	PNG graphic file
MD5	`9f7974bbcc96f12769c1856045eb7bc7`
SHA1	`fa0b9b9d709718839ea525ab838260a4e124fb1d`
SHA256	`e7fcff2549114496e8141f46a7606f740bbadf22c9ad818c40d9ff9b9ea12198`
SHA3	`00be844f5803151347c86ba7139619cb2be43d7ed575e082a7513ba4aa7cdd0c`

124

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.4941`
Detected Filetype	PNG graphic file
MD5	`5e46e67c30c83f2e9278cc8f658bc74d`
SHA1	`621a956fd3ebb761469220c2eff56ba8d1149b28`
SHA256	`5985fe4917d51a2271d6019805313a1c2d48fa6eeb29228c7a19664255920621`
SHA3	`27d8d3a0f5ca3b38de0de51721cb9d0c5135e562429a9f3988a41dfb6b83ce80`

125

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.63735`
Detected Filetype	PNG graphic file
MD5	`ee8599707751befddb2b94bc79525c15`
SHA1	`e118b48e25fe42d933377b03fb5a9a710e1c5caa`
SHA256	`c1f6844923f7c311d996d81eed6d8e769d52df6d95c898187d92997abbb2770b`
SHA3	`68b6bcf7d5da39b1e1a9f13c26c7629d7c196ba476b7504e848670c95bdeb95d`

126

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x187`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.26639`
Detected Filetype	PNG graphic file
MD5	`4071c682a19e2f47bb65e9aa485b8494`
SHA1	`222c3ee704f04256c07c341bbad49ecceb4acbd1`
SHA256	`5352b611b89eec98f0bd9017e420580f58fbe31cfed730d758c63dfbfeff8117`
SHA3	`9dfb3c7c7b470c99ae689571413a9362a0585862b0e599f5d27fd3faef38d931`

154

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xab5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.85493`
Detected Filetype	PNG graphic file
MD5	`26e9b0fe7397d9c072da92fcf6951b11`
SHA1	`4ee24ef82e7ee4fcc980e3caeca90b6e0d99b59f`
SHA256	`e4c2314a50cf372465c97d955645455ccad1911eed45ff2c2de5a310316ab15e`
SHA3	`abbaacfff7b25332262067240cae41c8b51f794208d5dfb16838816cad22b930`

155

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x28e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.55792`
Detected Filetype	PNG graphic file
MD5	`13b5f5e052334e0ad6d31845fc859e3d`
SHA1	`b71022382904d194a5d8f5cb3b1d0dd92e254b16`
SHA256	`87fd64c46642058fb6d7ae4ab2c71ba5df7ce12ffb8b9383edc7bb7a673f0306`
SHA3	`7c18ab7fa137ee7cebe82b3d14a18cfdc4985621167b70b98ceac49f4d2a6095`

156

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4f1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.71488`
Detected Filetype	PNG graphic file
MD5	`34b670a842dff811281e3e619a0434a5`
SHA1	`9f239be72c7aece20ae08623260dd660ecb6503c`
SHA256	`8794d5ae6dbc5264a3592195e6b1e081f74734a950b02a4325b8899b35f78d07`
SHA3	`50a6f68fc3eb5679ee2610eabf99cd3f2541f85b7a7c09eae96b444e8c85e802`

157

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x16c3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92856`
Detected Filetype	PNG graphic file
MD5	`14d2959a1591466fee33784d9cd5ef1e`
SHA1	`4b69e3889ec3852123c9d47b927c97bf4a3b260f`
SHA256	`99da78dbe5bd8d904dd16208405b90c3103b4586796cae32539c3baf6fa3c216`
SHA3	`ab162831ff06decc3158c9a5e5bd815f2685a9bc32bf36a5a7df1e0b35e591b7`

158

Type	`SVG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x121`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11754`
MD5	`4585f70294e7b625dcd1ea8c585067a5`
SHA1	`11c92ae523b0c588c5469814b0c3c7778cb3f133`
SHA256	`7e58a1cce147df03605a92ffda1b88ca26005c09d1eb9ae56f37accdebbfe348`
SHA3	`fb5634bf33386f084acc059d5657bb4fe50e5edbb842e7e23ece9015cd0b95b0`

159

Type	`SVG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.17012`
MD5	`3530c5040ac9af92cd0a7d347f764593`
SHA1	`b815ef3654ec2c677e8f8f68d8527b6d8142b4e9`
SHA256	`daf26ad61aee6152cf7c0e8f2d3936d0c220de2a3c329e6ce0fcc007cb64ca51`
SHA3	`ea43e9bf38779c4976d737f0d441a2c92e715f3f29f6c65ae27bb17fb536abe1`

160

Type	`SVG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2ed`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.47618`
MD5	`e7b1717b9eba236b9c12be7a980b5b40`
SHA1	`f1baa3f41ffa5dfff320b7e289964cec54f19a99`
SHA256	`2a48e8db0f3991de1088936f56c583fe615fae4b9e14f4ebe2b33d29138088f3`
SHA3	`73909a1b2562d86784d58c9051f0a40223a537eb6e5b65898b2fdc261fbd5ef9`

162

Type	`SVG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3be`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38116`
MD5	`332816d7725fc31725b678cff1cb6dcc`
SHA1	`876f938efb86c1bb1733b47ec279335de97576da`
SHA256	`8b5469642507c00b9130bf7ed17a1e4d221e2a93dfd4d2972163650c4e94d714`
SHA3	`5156a317aaef915a8c1cd77c79516274bcc157f6ae7638bb143904d90420ca4b`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa8c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.63008`
Detected Filetype	PNG graphic file
MD5	`51d4520d0056dd78ab6030f864ec38dd`
SHA1	`3abad058263f068ef1138e7b7f4f1e4f19c3e2bc`
SHA256	`e7696d6f343d7fce61790194f4cdbae5352802f91dc77abe11df52ff9667b694`
SHA3	`7ada1217fa1603e2c53a1104d7f0f6f505eb01db6ed4adbbc210549c0de2c076`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0532`
MD5	`c86c7954917a522e19993100c1f58b4e`
SHA1	`d65521b4fcbb0cd5ddf76c935faaae20c8ee36e2`
SHA256	`9e149fad424d365c899572aa296bf7f0508541cb5a4ad5794fc18e31ac9da756`
SHA3	`b4a748be55d5e5a9a469985dc7f67bffff924728dd64f6e140d2e7bd71d05d74`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.30056`
MD5	`e659557bc290ea500fb81a0e201e9aeb`
SHA1	`9703a758c26e6d9db6ac9211bbcb896e36671614`
SHA256	`5d788c89a6bb483a45d6419797eb379ac6a19ede3e72757faa260b0c03894523`
SHA3	`3df8af9e9746238ba20f3ee531243a968694268aea90f8ef464b74c11bd44eb5`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.41941`
MD5	`c4eb869be735c32ef365cbb40d78b7b2`
SHA1	`2accdbbcb10eeae85374ce61eefbfb9fcde4d2cb`
SHA256	`d27e623bf3e84226ae260a8afe0aa2beaffb1eb82fa76611a31c5b8945f41fbd`
SHA3	`4b0a7e48fc282a6b8167f2b5043ba14551c34fc2d032b5b5fe26dadcd6c33856`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63697`
MD5	`e29d96cbe83ff4d632d10de953f7f016`
SHA1	`5d4bbb1a0127fb0725b4d5e3b5fa064ec4906581`
SHA256	`fd3e7c56697c473a437e44106bcb3ce6270f37ae480f8fac3e4d1a69ff2dbf04`
SHA3	`49920c39781ff17440cbdd1903d6c8dc8068c84a1d12f90704c0a7627571bd59`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9739`
MD5	`0ff3165a66f0dde7b91977034c7584c2`
SHA1	`6fe7e5482ec702f275f13617ddbadce6377485ac`
SHA256	`4093f18b49c4b6b1fe693c6f815860f55e3a124cc2b9897b760d056ee42c4b57`
SHA3	`86db17ab2d6f00a29b69b08aa7297469393b264fbbc57d3c993ee6ef95a010fa`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8213`
Detected Filetype	Icon file
MD5	`4b784dc80c9a63e0229152169ca0cd19`
SHA1	`090d4dc9c6f9e84b6ae2593fb83bdd6e9f1df435`
SHA256	`8b3697e98e4a8ff04c68c3a54f2aedc687ac088b164eec09280675a13f63334b`
SHA3	`a9e1ce93528e2245f6969a8a3280aa22799afffd7eda755be68493ba3361f9f3`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x304`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38449`
MD5	`4f2f123614eadee3f06edcb127793a53`
SHA1	`ddad42447a8612fc9adc5dedb17d7e407202ddbf`
SHA256	`304ce618e9cba1a98250bc908ebeec25523aa34cd6cb6bb6fc037bd05bc8007e`
SHA3	`44f380f164889d41303e3e04f976a35596017ab11d157823a5ed54ecdb19bc17`

102

Type	`RT_HTML`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22b9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.39077`
MD5	`f4b7942d6563727bd614f10da0f38445`
SHA1	`84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9`
SHA256	`e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc`
SHA3	`b950c56923dd2edba931d47ac21e1ba6e83b66474fbc88d927dc487f7986915e`

151

Type	`RT_HTML`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1bc7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.18569`
MD5	`60e80c05a9d6aa602626fec33cd99e3c`
SHA1	`7aeaac92d57fbabe5da2c923eb0ad1bb22e647ab`
SHA256	`5bd6a4bc514b2e697a0f0e8b7b8c0be0af34a9e1c25a628b286a5cdf8e1837d3`
SHA3	`ea3afdab437025f274fdd8a6518da5d37eb2490d9921a70c9f676faf9c604987`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x813`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.1674`
MD5	`02dc00ac1a8debbcbd7922efa6508447`
SHA1	`cbe08af121822dc0e826f92059e62bd60ece375c`
SHA256	`f916797f99304665dd1312489b5e6e53b8180dab9b779e8eed6f7fcb9c8fb250`
SHA3	`0e9307e39489d1c3deabace748864140d23269e5d6fe0f4d718257a8f418053c`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.4.0.359
ProductVersion	6.4.0.359
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Adobe Inc.
FileDescription	Adobe Installer
FileVersion (#2)	6.4.0.359
InternalName	Adobe Installer
LegalCopyright	© 2020-2024 Adobe. All rights reserved.
OriginalFilename	Adobe Installer
ProductName	Adobe Installer
ProductVersion (#2)	6.4.0.359

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Sep-16 08:44:19
Version	`0.0`
SizeofData	`35`
AddressOfRawData	`0x4223e4`
PointerToRawData	`0x420be4`
Referenced File	Set-up.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Sep-16 08:44:19
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x422408`
PointerToRawData	`0x420c08`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Sep-16 08:44:19
Version	`0.0`
SizeofData	`1092`
AddressOfRawData	`0x42241c`
PointerToRawData	`0x420c1c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2020-Sep-16 08:44:19
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x822870`
EndAddressOfRawData	`0x822878`
AddressOfIndex	`0x87c5ac`
AddressOfCallbacks	`0x7781e0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa4`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x857060`
SEHandlerTable	`0x820990`
SEHandlerCount	`1685`

RICH Header

XOR Key	`0xb9906ccb`
Unmarked objects	`0`
ASM objects (VS2017 v14.15 compiler 26715)	`21`
C++ objects (VS2017 v14.15 compiler 26715)	`221`
199 (41118)	`1`
C objects (VS2019 Update 2 (16.2) compiler 27905)	`19`
ASM objects (VS2019 Update 2 (16.2) compiler 27905)	`25`
C++ objects (VS2019 Update 2 (16.2) compiler 27905)	`167`
C objects (VS2017 v14.15 compiler 26715)	`39`
C++ objects (28106)	`24`
C objects (VS2015 UPD1 build 23506)	`1`
C++ objects (VS2015 UPD1 build 23506)	`8`
C objects (CVTCIL) (VS2017 v14.15 compiler 26715)	`2`
Imports (VS2017 v14.15 compiler 26715)	`35`
Total imports	`565`
C++ objects (LTCG) (28106)	`342`
Resource objects (28106)	`1`
151	`1`
Linker (28106)	`1`