Manalyze report for 9cfa0d88f0b614d1ff6fc69b703a839a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Sep-27 11:37:59
Detected languages	English - United States
Debug artifacts	Set-up.pdb
CompanyName	Adobe Inc.
FileDescription	Adobe Installer
FileVersion	`5.0.0.354`
InternalName	Adobe Installer
LegalCopyright	© 2015-2019 Adobe. All rights reserved.
OriginalFilename	Adobe Installer
ProductName	Adobe Installer
ProductVersion	`5.0.0.354`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: QEmU QemU` `Accesses the WMI: ROOT\CIMV2` `Miscellaneous malware strings: virus` Contains domain names: acc.services.adobe.com accounts.adobe.com adobe.com adobelogin.com ccm.oobesaas.adobe.com ccmdl.adobe.com cdn-ffc.oobesaas.adobe.com cdn-qe-ffc.oobesaas.adobe.com cdn-stg-ffc.oobesaas.adobe.com corp.adobe.com dev1.adobelogin.com dev2.adobelogin.com ffc-ccm.oobesaas.adobe.com ffc-files.corp.adobe.com ffc.oobesaas.adobe.com files.corp.adobe.com helpx.adobe.com http://typekit.com http://www.adobe.com http://www.adobe.com/go/apps_install_hdesd_error http://www.adobe.com/go/apps_install_hdesd_error_br http://www.adobe.com/go/apps_install_hdesd_error_cn http://www.adobe.com/go/apps_install_hdesd_error_cz http://www.adobe.com/go/apps_install_hdesd_error_de http://www.adobe.com/go/apps_install_hdesd_error_dk http://www.adobe.com/go/apps_install_hdesd_error_es http://www.adobe.com/go/apps_install_hdesd_error_fi http://www.adobe.com/go/apps_install_hdesd_error_fr http://www.adobe.com/go/apps_install_hdesd_error_it http://www.adobe.com/go/apps_install_hdesd_error_jp http://www.adobe.com/go/apps_install_hdesd_error_kr http://www.adobe.com/go/apps_install_hdesd_error_nl http://www.adobe.com/go/apps_install_hdesd_error_no http://www.adobe.com/go/apps_install_hdesd_error_pl http://www.adobe.com/go/apps_install_hdesd_error_ru http://www.adobe.com/go/apps_install_hdesd_error_se http://www.adobe.com/go/apps_install_hdesd_error_tr http://www.adobe.com/go/apps_install_hdesd_error_tw http://www.adobe.com/go/conflicting_process_hdesd http://www.adobe.com/go/conflicting_process_hdesd_br http://www.adobe.com/go/conflicting_process_hdesd_cn http://www.adobe.com/go/conflicting_process_hdesd_cz http://www.adobe.com/go/conflicting_process_hdesd_de http://www.adobe.com/go/conflicting_process_hdesd_dk http://www.adobe.com/go/conflicting_process_hdesd_es http://www.adobe.com/go/conflicting_process_hdesd_fi http://www.adobe.com/go/conflicting_process_hdesd_fr http://www.adobe.com/go/conflicting_process_hdesd_it http://www.adobe.com/go/conflicting_process_hdesd_jp http://www.adobe.com/go/conflicting_process_hdesd_kr http://www.adobe.com/go/conflicting_process_hdesd_nl http://www.adobe.com/go/conflicting_process_hdesd_no http://www.adobe.com/go/conflicting_process_hdesd_pl http://www.adobe.com/go/conflicting_process_hdesd_ru http://www.adobe.com/go/conflicting_process_hdesd_se http://www.adobe.com/go/conflicting_process_hdesd_tr http://www.adobe.com/go/conflicting_process_hdesd_tw http://www.adobe.com/go/cust_support http://www.adobe.com/go/cust_support_br http://www.adobe.com/go/cust_support_cn http://www.adobe.com/go/cust_support_cz http://www.adobe.com/go/cust_support_de http://www.adobe.com/go/cust_support_dk http://www.adobe.com/go/cust_support_es http://www.adobe.com/go/cust_support_fi http://www.adobe.com/go/cust_support_fr http://www.adobe.com/go/cust_support_it http://www.adobe.com/go/cust_support_jp http://www.adobe.com/go/cust_support_kr http://www.adobe.com/go/cust_support_nl http://www.adobe.com/go/cust_support_no http://www.adobe.com/go/cust_support_pl http://www.adobe.com/go/cust_support_ru http://www.adobe.com/go/cust_support_se http://www.adobe.com/go/cust_support_tr http://www.adobe.com/go/cust_support_tw http://www.adobe.com/go/system_requirements_hdesd http://www.adobe.com/go/system_requirements_hdesd_br http://www.adobe.com/go/system_requirements_hdesd_cn http://www.adobe.com/go/system_requirements_hdesd_cz http://www.adobe.com/go/system_requirements_hdesd_de http://www.adobe.com/go/system_requirements_hdesd_dk http://www.adobe.com/go/system_requirements_hdesd_es http://www.adobe.com/go/system_requirements_hdesd_fi http://www.adobe.com/go/system_requirements_hdesd_fr http://www.adobe.com/go/system_requirements_hdesd_it http://www.adobe.com/go/system_requirements_hdesd_jp http://www.adobe.com/go/system_requirements_hdesd_kr http://www.adobe.com/go/system_requirements_hdesd_nl http://www.adobe.com/go/system_requirements_hdesd_no http://www.adobe.com/go/system_requirements_hdesd_pl http://www.adobe.com/go/system_requirements_hdesd_ru http://www.adobe.com/go/system_requirements_hdesd_se http://www.adobe.com/go/system_requirements_hdesd_tr http://www.adobe.com/go/system_requirements_hdesd_tw http://www.adobe.com/products/eulas/tou_typekit. http://www.w3.org http://www.w3.org/1999/xlink http://www.w3.org/2000/svg http://www.winimage.com http://www.winimage.com/zLibDll https://accounts.adobe.com https://accounts.adobe.com/security/privacy https://cdn-ffc.oobesaas.adobe.com https://cdn-ffc.oobesaas.adobe.com/core/v1/update/description https://cdn-ffc.oobesaas.adobe.com/core/v1/validation https://cdn-ffc.oobesaas.adobe.com/core/v2/applications https://cdn-ffc.oobesaas.adobe.com/core/v3/applications https://cdn-ffc.oobesaas.adobe.com/core/v4/products/all? https://cdn-qe-ffc.oobesaas.adobe.com https://cdn-stg-ffc.oobesaas.adobe.com https://helpx.adobe.com https://helpx.adobe.com/br/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/cn/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/cz/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/de/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/dk/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/es/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/fi/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/fr/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/it/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/jp/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/kr/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/nl/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/no/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/pl/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/ru/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/se/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/tr/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/tw/x-productkb/global/desktop-app-usage-information-faq.html https://helpx.adobe.com/x-productkb/global/desktop-app-usage-information-faq.html https://oobe.adobe.com https://oobe.adobe.com/ https://oobe.adobe.com/type3 https://prod-rel-ffc-ccm.oobesaas.adobe.com https://prod-rel-ffc-ccm.oobesaas.adobe.com/adobe-ffc-external https://qe-prstg-ffc.oobesaas.adobe.com https://qe-prstg-ffc.oobesaas.adobe.com/adobe-ffc-external https://sqe-prstg-ffc.oobesaas.adobe.com https://sqe-prstg-ffc.oobesaas.adobe.com/adobe-ffc-external https://www.adobe.com https://www.adobe.com/ https://www.adobe.com/br/creativecloud/desktop-app.html https://www.adobe.com/creativecloud/desktop-app.html https://www.adobe.com/cz/creativecloud/desktop-app.html https://www.adobe.com/de/creativecloud/desktop-app.html https://www.adobe.com/dk/creativecloud/desktop-app.html https://www.adobe.com/es/creativecloud/desktop-app.html https://www.adobe.com/fi/creativecloud/desktop-app.html https://www.adobe.com/fr/creativecloud/desktop-app.html https://www.adobe.com/go/creative https://www.adobe.com/go/creative_br https://www.adobe.com/go/creative_cn https://www.adobe.com/go/creative_cz https://www.adobe.com/go/creative_de https://www.adobe.com/go/creative_dk https://www.adobe.com/go/creative_es https://www.adobe.com/go/creative_fi https://www.adobe.com/go/creative_fr https://www.adobe.com/go/creative_it https://www.adobe.com/go/creative_jp https://www.adobe.com/go/creative_kr https://www.adobe.com/go/creative_nl https://www.adobe.com/go/creative_no https://www.adobe.com/go/creative_pl https://www.adobe.com/go/creative_ru https://www.adobe.com/go/creative_se https://www.adobe.com/go/creative_tr https://www.adobe.com/go/creative_tw https://www.adobe.com/it/creativecloud/desktop-app.html https://www.adobe.com/jp/creativecloud/desktop-app.html https://www.adobe.com/kr/creativecloud/desktop-app.html https://www.adobe.com/nl/creativecloud/desktop-app.html https://www.adobe.com/no/creativecloud/desktop-app.html https://www.adobe.com/pl/creativecloud/desktop-app.html https://www.adobe.com/ru/creativecloud/desktop-app.html https://www.adobe.com/se/creativecloud/desktop-app.html https://www.adobe.com/tr/creativecloud/desktop-app.html https://www.adobe.com/tw/creativecloud/desktop-app.html ims-na0-dev1.adobelogin.com ims-na0-dev2.adobelogin.com ims-na0-qa1.adobelogin.com ims-na0-qa2.adobelogin.com ims-na0-stg1.adobelogin.com ims-prod07.adobelogin.com jquery.com jquery.org n.top-r.top na0-dev1.adobelogin.com na0-dev2.adobelogin.com na0-qa1.adobelogin.com na0-qa2.adobelogin.com na0-stg1.adobelogin.com na0e-acc.services.adobe.com oobe.adobe.com oobesaas.adobe.com prod-rel-ffc-ccm.oobesaas.adobe.com prod07.adobelogin.com prstg-ffc.oobesaas.adobe.com qa1.adobelogin.com qa2.adobelogin.com qe-ffc.oobesaas.adobe.com qe-prstg-ffc.oobesaas.adobe.com rel-ffc-ccm.oobesaas.adobe.com services.adobe.com sqe-prstg-ffc.oobesaas.adobe.com stage-ffc-files.corp.adobe.com stg-ffc.oobesaas.adobe.com stg1.adobelogin.com t.top-s.top top-r.top top-s.top typekit.com winimage.com www.adobe.com www.w3.org www.winimage.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA LoadLibraryExA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Can access the registry: SHGetValueW RegCloseKey RegCreateKeyExW RegFlushKey RegSetValueExW RegOpenKeyExW RegQueryValueExW` `Possibly launches other programs: ShellExecuteW CreateProcessW` `Uses Microsoft's cryptographic API: CryptReleaseContext CryptGetHashParam CryptDestroyHash CryptHashData CryptCreateHash CryptAcquireContextW` `Can create temporary files: GetTempPathW CreateFileW GetTempPathA CreateFileA` `Uses functions commonly found in keyloggers: AttachThreadInput GetForegroundWindow GetAsyncKeyState` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetCanonicalizeUrlW` `Functions related to the privilege level: AdjustTokenPrivileges DuplicateTokenEx OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess Process32NextW Process32FirstW` `Changes object ACLs: SetNamedSecurityInfoW` `Can take screenshots: GetDC BitBlt CreateCompatibleDC`
Malicious	The PE's digital signature is invalid.	`Signer: Adobe Inc.` `Issuer: DigiCert EV Code Signing CA (SHA2)` `The file was modified after it was signed.`
Suspicious	VirusTotal score: 1/69 (Scanned on 2021-04-12 17:08:08)	`eGambit: PE.Heur.InvalidSig`

Hashes

MD5	`9cfa0d88f0b614d1ff6fc69b703a839a`
SHA1	`5ab4ba79a11b9cb127c023284162ae6987999ead`
SHA256	`582536081e67975055ccf8de5353502d7bda56f2aafcbefbb400f3d9012019c9`
SHA3	`b3f010d062e6b33e7bafbf4924497253386397bd41369837eb241bc3179d37dc`
SSDeep	`49152:Ta/KPtarzp3MFzvgd3aH09UJqOlNN26WICSRCYT11kVTdt0BihL67Sy5BpNTVcHe:TxMrzp3MqdazqgO6CekVnHe`
Imports Hash	`e351719b11ee3c2be9ffb6737edf115f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x138`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2019-Sep-27 11:37:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x1fba00`
SizeOfInitializedData	`0x316e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00197979 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1fd000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x517000`
SizeOfHeaders	`0x400`
Checksum	`0x513934`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3a0e4caf1c1798b48108c58c37663ed7`
SHA1	`ec75eaadd1cc7dffd8c6ed3195261344644706b6`
SHA256	`9ab16dfd5b4e7c72860a66ed420d4675a53b233d130f4d4a5b6ed665aa292be0`
SHA3	`b10b00614c71ddc2a8a3d101396c536b90cd44ac3488ddb41c1c7b6d83f23c83`
VirtualSize	`0x1fb856`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1fba00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.64207`

.rdata

MD5	`75918de8fcb06286a3b15628c3caca0e`
SHA1	`fa260994cba0ec7ad3e8b5be03953797ab56721f`
SHA256	`2cb573e0cc321cf336dd037bd541df1e536eee8e7abc03008d8153387eb3bd04`
SHA3	`60f00b1ef7bf30dc02cc71efb088f6afa2a17c47d8f43efd728dacf76ffe9222`
VirtualSize	`0x70d14`
VirtualAddress	`0x1fd000`
SizeOfRawData	`0x70e00`
PointerToRawData	`0x1fbe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.83805`

.data

MD5	`0d316314a00b515299a04cefe6a3fb73`
SHA1	`37d6d88139a54aef83055f24e28bc088b238dc57`
SHA256	`734e25b53e6ff7c8d2354440b6c13f484ad378973414923e01ab8347ed2d8d3d`
SHA3	`a5e43fc1abe0f9caa001f4579a1fc127518fac34e76f242115405557f49930a0`
VirtualSize	`0x1040c`
VirtualAddress	`0x26e000`
SizeOfRawData	`0x8400`
PointerToRawData	`0x26cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.97263`

.gfids

MD5	`2839160e92513157dfc008481e972810`
SHA1	`26e8e6a2dbdba5517ca1a4a37377e88cc08031c5`
SHA256	`f4fb94c3173d72969bc4e854a8178ff709374d8341bd77ada37e648f3c91a3cd`
SHA3	`1b5b8e6f5d91bacf213c43460dcad5c0fddae56fc70a1357942cc0cec5f2089c`
VirtualSize	`0xba8`
VirtualAddress	`0x27f000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x275000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.92358`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x280000`
SizeOfRawData	`0x200`
PointerToRawData	`0x275c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`b77e4012cc0f70fc8d382d21a9875cbe`
SHA1	`0fe7b42e03f5f63b992bd4e13021cb4567b7515a`
SHA256	`cfad91c14b27ac578dbc4918277c9373e084bfc6bc058ee6f605d20e7681bcfe`
SHA3	`450f682ca810794a306a17d79a9f528c496bf26b2c69a20f4b7bd222c188a2bb`
VirtualSize	`0x27a750`
VirtualAddress	`0x281000`
SizeOfRawData	`0x27a800`
PointerToRawData	`0x275e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.53311`

.reloc

MD5	`3cfee0c82ae51a47cccba0acdc87f6c7`
SHA1	`0c67d8cd7eca1aad26fbd20cfdd2156e7e1ae2ad`
SHA256	`8fca3798f1c70b2ec70c9bad8228b0aa8d90be0c9ce496115a498f211da54019`
SHA3	`19fcd1832040343e4ed937ac41cdb1e4ef8430b1dd37290de6aedbc185f45d4d`
VirtualSize	`0x1a2f8`
VirtualAddress	`0x4fc000`
SizeOfRawData	`0x1a400`
PointerToRawData	`0x4f0600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.68084`

Imports

SETUPAPI.dll	`CM_Get_DevNode_Status` `SetupDiEnumDeviceInfo` `SetupDiDestroyDeviceInfoList` `SetupDiGetClassDevsW` `SetupDiGetDeviceRegistryPropertyW` `SetupDiGetDeviceInstanceIdW`
COMCTL32.dll	`InitCommonControlsEx`
SHELL32.dll	`SHGetKnownFolderPath` `ShellExecuteW` `SHGetSpecialFolderPathW` `#51` `CommandLineToArgvW` `ShellExecuteExW` `SHCreateDirectoryExW` `SHGetFolderPathW` `SHGetPathFromIDListW` `SHGetFolderLocation` `SHGetSpecialFolderLocation` `SHBrowseForFolderW` `SHGetMalloc` `#680`
SHLWAPI.dll	`PathIsFileSpecW` `PathAddExtensionW` `PathRenameExtensionW` `PathRemoveBackslashW` `PathRemoveExtensionW` `UrlIsW` `SHGetValueW` `PathIsSystemFolderW` `PathAppendW` `PathFileExistsW` `PathFileExistsA` `PathIsDirectoryW` `PathRemoveFileSpecW` `PathStripToRootW` `PathIsNetworkPathW` `PathFindFileNameW` `PathIsRootW` `PathIsRelativeW` `PathStripPathW` `PathIsUNCW`
KERNEL32.dll	`WideCharToMultiByte` `GetCurrentProcess` `GetTempPathW` `CreateFileW` `GetVersionExW` `GetComputerNameExW` `FileTimeToSystemTime` `CloseHandle` `RaiseException` `LoadLibraryW` `GetProcAddress` `LocalFree` `CreateProcessW` `GetModuleHandleW` `FreeLibrary` `FindFirstFileW` `FindNextFileW` `TerminateProcess` `RemoveDirectoryW` `GetModuleFileNameW` `FindClose` `WaitForSingleObject` `OpenProcess` `SetFileAttributesW` `CreateToolhelp32Snapshot` `Sleep` `GetLastError` `Process32NextW` `DeleteFileW` `Process32FirstW` `CopyFileW` `GetExitCodeProcess` `ReadFile` `SetLastError` `lstrlenW` `LocalAlloc` `GetFileAttributesW` `FormatMessageW` `GetDiskFreeSpaceExW` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `MoveFileExW` `GetFileSize` `lstrcpyW` `lstrcmpiW` `lstrcmpW` `GetDriveTypeW` `InitializeCriticalSectionEx` `DecodePointer` `DeleteCriticalSection` `GetFullPathNameW` `HeapSize` `HeapReAlloc` `HeapDestroy` `EnterCriticalSection` `LeaveCriticalSection` `GetCurrentThreadId` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `MulDiv` `GetSystemDirectoryW` `SetDllDirectoryW` `GetStdHandle` `AttachConsole` `FreeConsole` `GetConsoleWindow` `CreateMutexW` `ReleaseMutex` `InitializeCriticalSectionAndSpinCount` `AreFileApisANSI` `TryEnterCriticalSection` `HeapCreate` `WriteFile` `InterlockedCompareExchange` `GetDiskFreeSpaceW` `OutputDebugStringA` `LockFile` `InitializeCriticalSection` `SetFilePointer` `GetFullPathNameA` `SetEndOfFile` `UnlockFileEx` `UnmapViewOfFile` `HeapValidate` `GetTempPathA` `HeapAlloc` `GetFileAttributesA` `GetFileAttributesExW` `OutputDebugStringW` `FlushViewOfFile` `CreateFileA` `LoadLibraryA` `WaitForSingleObjectEx` `GetVersionExA` `DeleteFileA` `GetSystemInfo` `HeapCompact` `UnlockFile` `CreateFileMappingA` `LockFileEx` `GetCurrentProcessId` `SystemTimeToFileTime` `GetSystemTimeAsFileTime` `GetSystemTime` `FormatMessageA` `CreateFileMappingW` `MapViewOfFile` `QueryPerformanceCounter` `GetTickCount` `FlushFileBuffers` `SizeofResource` `LockResource` `LoadResource` `FindResourceW` `MultiByteToWideChar` `VerSetConditionMask` `VerifyVersionInfoW` `GetUserDefaultLCID` `LCMapStringW` `DuplicateHandle` `ProcessIdToSessionId` `SetEvent` `TerminateThread` `GlobalFree` `CreateThread` `FindResourceExW` `ResetEvent` `GetThreadTimes` `QueryFullProcessImageNameW` `WaitForMultipleObjects` `GetFileSizeEx` `GetUserDefaultLangID` `GetUserDefaultUILanguage` `SetNamedPipeHandleState` `CreateNamedPipeW` `ConnectNamedPipe` `CreateDirectoryW` `SetFileTime` `LocalFileTimeToFileTime` `DosDateTimeToFileTime` `GetFileTime` `ReleaseSemaphore` `OpenSemaphoreW` `CreateSemaphoreW` `GetLocalTime` `GetTimeFormatW` `GetDateFormatW` `OpenMutexW` `GetTimeZoneInformation` `CreateSymbolicLinkW` `QueryPerformanceFrequency` `GetCurrentThread` `SetFilePointerEx` `ResumeThread` `SwitchToThread` `SignalObjectAndWait` `CreateTimerQueue` `VirtualFree` `VirtualAlloc` `FlushInstructionCache` `InterlockedPushEntrySList` `InterlockedPopEntrySList` `GetStartupInfoW` `IsDebuggerPresent` `InitializeSListHead` `IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetLocaleInfoW` `CompareStringW` `GetCPInfo` `HeapFree` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `GetStringTypeW` `EncodePointer` `LoadLibraryExA` `VirtualQuery` `VirtualProtect` `SetThreadPriority` `GetThreadPriority` `GetLogicalProcessorInformation` `CreateTimerQueueTimer` `ChangeTimerQueueTimer` `DeleteTimerQueueTimer` `GetNumaHighestNodeNumber` `GetProcessAffinityMask` `SetThreadAffinityMask` `RegisterWaitForSingleObject` `UnregisterWait` `FreeLibraryAndExitThread` `GetModuleHandleA` `LoadLibraryExW` `InterlockedFlushSList` `QueryDepthSList` `UnregisterWaitEx` `RtlUnwind` `GetFileType` `SetStdHandle` `ExitThread` `GetModuleHandleExW` `ExitProcess` `GetACP` `IsValidLocale` `EnumSystemLocalesW` `GetConsoleMode` `ReadConsoleW` `GetConsoleCP` `FindFirstFileExW` `IsValidCodePage` `GetOEMCP` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `CreateEventW` `SetEnvironmentVariableA` `WriteConsoleW` `GetProcessHeap` `GetDiskFreeSpaceA`
USER32.dll	`IsWindow` `InvalidateRgn` `DispatchMessageW` `RedrawWindow` `ClientToScreen` `DestroyAcceleratorTable` `IsChild` `AttachThreadInput` `ShowWindow` `RegisterClassExW` `SetWindowTextW` `ScreenToClient` `CreateWindowExW` `FillRect` `DestroyWindow` `GetFocus` `GetWindow` `GetSysColor` `GetActiveWindow` `PostMessageW` `CallWindowProcW` `GetForegroundWindow` `MoveWindow` `CreateAcceleratorTableW` `SetFocus` `CharNextW` `DefWindowProcW` `GetMessageW` `GetClassInfoExW` `GetWindowTextLengthW` `GetWindowThreadProcessId` `BringWindowToTop` `TranslateAcceleratorW` `TranslateMessage` `LoadCursorW` `GetClassNameW` `SetCapture` `SetWindowLongW` `GetClientRect` `GetDlgItem` `PostQuitMessage` `GetParent` `RegisterWindowMessageW` `ReleaseCapture` `SetForegroundWindow` `InvalidateRect` `IsIconic` `BeginPaint` `EndPaint` `GetWindowTextW` `GetWindowRect` `GetDC` `SetWindowPos` `MessageBoxW` `SendMessageW` `GetDesktopWindow` `ReleaseDC` `UnregisterClassW` `GetWindowLongW` `wsprintfW` `PostThreadMessageW` `EnumWindows` `GetShellWindow` `AllowSetForegroundWindow` `LoadImageW` `SystemParametersInfoW` `EnableMenuItem` `LoadIconW` `GetSystemMetrics` `GetSystemMenu` `GetClassLongW` `AppendMenuW` `GetAsyncKeyState` `SetClassLongW`
GDI32.dll	`BitBlt` `CreateSolidBrush` `DeleteObject` `DeleteDC` `GetStockObject` `CreateCompatibleDC` `GetDeviceCaps` `CreateCompatibleBitmap` `SelectObject` `GetObjectW`
ADVAPI32.dll	`SetEntriesInAclW` `SetNamedSecurityInfoW` `GetNamedSecurityInfoW` `GetTokenInformation` `CreateWellKnownSid` `LookupPrivilegeValueW` `RegCloseKey` `AdjustTokenPrivileges` `SystemFunction036` `RegCreateKeyExW` `RegFlushKey` `LookupAccountSidW` `RegSetValueExW` `RegOpenKeyExW` `EqualSid` `InitializeSecurityDescriptor` `FreeSid` `AllocateAndInitializeSid` `SetSecurityDescriptorDacl` `DuplicateTokenEx` `ConvertSidToStringSidW` `ImpersonateLoggedOnUser` `ConvertStringSidToSidW` `RevertToSelf` `CryptReleaseContext` `CryptGetHashParam` `CryptDestroyHash` `CryptHashData` `CryptCreateHash` `CryptAcquireContextW` `RegQueryValueExW` `GetUserNameW` `OpenProcessToken`
ole32.dll	`CoAddRefServerProcess` `OleRun` `CoReleaseServerProcess` `CoInitializeSecurity` `CoSetProxyBlanket` `CoUninitialize` `CoInitialize` `OleLockRunning` `CLSIDFromString` `OleInitialize` `CreateStreamOnHGlobal` `CLSIDFromProgID` `CoTaskMemAlloc` `OleUninitialize` `CoGetClassObject` `CoCreateInstance` `StringFromGUID2` `CoTaskMemFree` `CoCreateGuid` `CoInitializeEx`
OLEAUT32.dll	`VariantClear` `SysAllocStringLen` `SysStringLen` `SysAllocString` `OleCreateFontIndirect` `LoadTypeLib` `VariantInit` `LoadRegTypeLib` `VariantChangeType` `SysAllocStringByteLen` `VariantCopy` `SysStringByteLen` `DispCallFunc` `GetErrorInfo` `SysFreeString`
CRYPT32.dll	`CertGetIssuerCertificateFromStore` `CertGetNameStringW`
WINTRUST.dll	`WTHelperGetProvSignerFromChain` `WTHelperGetProvCertFromChain` `WinVerifyTrust` `WTHelperProvDataFromStateData`
WININET.dll (delay-loaded)	`InternetCanonicalizeUrlW`

Delayed Imports

Attributes	`0x1`
Name	`WININET.dll`
ModuleHandle	`0x2763b0`
DelayImportAddressTable	`0x276384`
DelayImportNameTable	`0x26b368`
BoundDelayImportTable	`0x26b614`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

104

Type	`CSS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4125`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07832`
MD5	`7c78973c915f36032696fdf7aec03a62`
SHA1	`8b97d334df0188ed2d423d295d8fb0decb0c2469`
SHA256	`bb9e634c550fa54e7b58f011a9182a52f36c93bc15e235c7d0d486617bd9a7c5`
SHA3	`7efca606655c6c2788668e8794cac72905cd5babf7d99bdcb4c4365ff1df49bb`

106

Type	`CSS`
Language	English - United States
Codepage	UNKNOWN
Size	`0xaf895`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.00713`
MD5	`4f3364af3e396f92a8826532bfb1a7e5`
SHA1	`7f7b613435ece78a358f2066287c2f2c3c6aa168`
SHA256	`45b9b77499356527e9047256db96a542a720bf075d67e9f6ba55d51fd562339e`
SHA3	`9b3b08caccd4a53ed1199b2255e0cf52124c837f6ea22bd76bbcecdc3013db2c`

153

Type	`CSS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x391d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.94648`
MD5	`79f054b8449aa81463934c8222096d13`
SHA1	`03b74f26bbd0f8b36218bd1a14c71e11021e20df`
SHA256	`7393c3701ead6b4f7d303f985ce8c81597b89a66644ee829e1ff229e3459ee66`
SHA3	`3f8e3cb8a0bdb275744328b5badcf35d59544aa2acf243db600e4069c5bede81`

161

Type	`CSS`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa12`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.93153`
MD5	`1265d497504870d225452b3309b0e06b`
SHA1	`29a3b783e6f2f2cd3f6d08833b83c7848f8e3450`
SHA256	`4273a5d4ef990dead6cabe760c27b25f7fcf8a51177f1b31813ad8866a565330`
SHA3	`890b6622f9d83f9dd0bee5e9312cc6788c759803057d24ab70aee67fde7ff4d0`

130

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x109bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4213`
MD5	`e31bb4d060dbc54389da6bb28563d32c`
SHA1	`74225ae9f23488dc0784796a7ab9ba0afcfd8a42`
SHA256	`03000343482070d46c57eac94a0422008bc9f7403bed7d437c83c7356a7221ad`
SHA3	`3d7bd5289d1d85ad6e638975af5d7d6541b6864c5eb59118f30f5ca9c447b519`

131

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12db6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44842`
MD5	`9abae2540cf158db926509755236a6f3`
SHA1	`0717f246fe2260d5bf026a64bf9cea0a4ef2d23c`
SHA256	`20017a15e1999f61a6e91258a487aec95bcd2235c47c099a72eec9845875a847`
SHA3	`633c9c12ba33ca2a7c9bf6a9082162364a9eeade113807aa7a154550ed779171`

132

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1235e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45081`
MD5	`a03338aa47822834bab1b873e5ea6b6b`
SHA1	`fda64860b184fa938bef4b4db326d5db42c6f8bd`
SHA256	`7e9554858298eed512392199932b11bbdf35f45f4f0a94819eea648d2ee9a974`
SHA3	`bccfb95b1d9330042676ed0f8b568908b0a765250160fd84cf7e908d902e2dc8`

133

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0xdd56`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.44195`
MD5	`46f90f2bf20372aff41576a85a3d5c07`
SHA1	`d46617ff1c90277dd295a50dbf10db192b111eb9`
SHA256	`e883101c2385259733a95661c50d4f54fc05c15e7b6fb20fc540ffa05c724620`
SHA3	`8797877543092c38ea7c80da6f9daa473fb47e715430968d52ab33baf2fa8812`

134

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11e7e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41337`
MD5	`323d374e53bc26a9ba7f4b0ede53451a`
SHA1	`7176ff5c48624d9695afddb2d26068182b11ccd9`
SHA256	`3145094aa8d5593bf12fa4ef0d2e9befd428f712f795b9cb2daf4303de1eb5d5`
SHA3	`44ddcf840893da189f9700b7c44a5d3e9940524dd368c051f2489637b2a4bca9`

135

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1120e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44267`
MD5	`d7d126ecb7ec9daa2abac72c0605c8cd`
SHA1	`52710fe5a1bebd523935528093f77a8ef08084af`
SHA256	`d883f3d468a2ee6fbde5d54eb0064f0a5d0fa3589705b3bce7af6d151e6c43e8`
SHA3	`53e8d36654feb4e21d97f516be734ef7780301ed61ab4ba904893d4cdb9452f1`

136

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0xdb92`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.41088`
MD5	`ac9ef9a0f0f693c6b3c98bdae4152974`
SHA1	`8fb5021c7b0d87ef6d76cd6473ddbfb213e281a6`
SHA256	`1c8c2b776d94410e9e4384341ea4d28a1a6d13cb78e3b09ba3a435932eac33c2`
SHA3	`cf49010337813c079fe7a168e3ffe11a65c70449e6bbd91638f67dbfac9736fd`

137

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11a44`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41933`
MD5	`2a7bc1a08c4afcecaf2d0fae356aa33c`
SHA1	`b492813337b0287136f350a3e82b24bb3b4e96ef`
SHA256	`faa5f77096e0353e121cddf209aedeed80e233650b54f3d49e70e21da3c7c048`
SHA3	`6c2c068c729f863b4209a013990a3ff306f32db8e719b3d930677fc21b2ed400`

138

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc3d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.29892`
MD5	`c3dfe388d15f76db61e34649860f2c06`
SHA1	`e98abbca8405d5d81f66b47c37a6fd003e25286e`
SHA256	`45946eb652decccfcc09f0c2deaaa78271206716b0092081ea68a990b3340890`
SHA3	`6f047142be0eca5de0b63cb780779c62461dcb8a0ebf97f455d7ca793894ca87`

139

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc540`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32983`
MD5	`198bcf721753622abbfbec3f374f7f78`
SHA1	`94720fcc96ada484e3cb1588c22a021393b75a60`
SHA256	`4b68ef2355b5b9fab918f45ee9d740c51202dede04a5159c443bf8372a3df606`
SHA3	`2c0d3529e1ec685a4da8c9726ae186d244c67d4cd11f33695a9183de95c0a41c`

140

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11924`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42375`
MD5	`0ef90b3fb6b8507939de44ed2772b486`
SHA1	`3508341a6da87932d975c6997ee1fc03c2772b8c`
SHA256	`1509a4be36c0f284c42f3b8eaa34724c95bb9520f4bc3c6ec2ec91114b76d9f9`
SHA3	`eea44767a07da5186a149db6699be6499d8eb3fa6f2a117759874b55872e07ce`

141

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10db6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45145`
MD5	`fdcbb2c4c40cd7f32320e5266c31ad42`
SHA1	`38edd00dd5780f733e88688639a9a0dd1547cf0a`
SHA256	`3ddde1b49d44a22beca31916d4b99140700b7bdf0cea63761ee9647edd24af8f`
SHA3	`88b18e4f58b283efbfca8cad924308b81f296244b7f8abb2e8566a89175cd96d`

142

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x111ce`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.60099`
MD5	`307498c47318ab3f997f82ff3e3f3f92`
SHA1	`4b72861a8628019542d109bc2075db8c2bd90bfb`
SHA256	`53d721b7396f364042c2305eb798f91db16f7618764d4926ec476279361b5e6e`
SHA3	`4fb3cb67d015c61c8aae1e431ba24ab63a64f17a9ffd8a1056630844bfbff59f`

143

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1170a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5889`
MD5	`a58e8b514896fbe480b4844ae9c159b6`
SHA1	`7f65da08358d54ee376288f62bd472eee48c02f8`
SHA256	`42785820709ac761a69ea21af5f4e5830ed726fc1529e927e0d6cea62ef081cd`
SHA3	`6c2ac2f830da9ebb921adec3da1b2000114a3ea327fe68c028f2f3a4328abacf`

144

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x114ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.17075`
MD5	`2257f58ce2081546af0814ab65799fbd`
SHA1	`ab00224506cd8f9117ee8a4c46743399dd3abc08`
SHA256	`e783a51b72b1a824844aeceda830e86c696a68511f61c7b4f9b427da075dfd15`
SHA3	`23382213acfe0a06cb537112a08eb8802c92db74da6c1f325cff47fc42001b1d`

145

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1103e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58628`
MD5	`8da725b12d2439c3077138a19b75552f`
SHA1	`7a771e7be1c736372c6fda2500ea87c173a97d68`
SHA256	`79a4bf4bf7e9a97f1d1d35e74d8dd157b13446398b12bfa7b0f9b192439fe535`
SHA3	`187b1c0701c713de13eb45d61d7cf1209115a358f8f84970728e92b2fedf939f`

146

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x110ca`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44276`
MD5	`88384495d0769cb643a07856b5c30add`
SHA1	`fb631d44a449c70ffdd34900112ecb83f2613596`
SHA256	`69b636f804cbcd8657aac8155fce124ca1b5adecd218e1ec177773444fe70864`
SHA3	`32c247f336367f3403bcce19f994c54314d74db48a89345ff6eed78b5141ca80`

147

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11044`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44013`
MD5	`b914c5e5d691c3a5df7f2115c645f463`
SHA1	`6620d7d8066fceacb56f9b90537056f704d4eec2`
SHA256	`63c71b79a745b321d914ab69ca6a5b4f56f5000f5dc66d599b2c017772a52cf0`
SHA3	`9a6326a8c6e6299ea30cbb6a0f849e8c83e05ea12ca3367e5ce0d6cd2cba5985`

148

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1121c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44111`
MD5	`b3aa226b7b879e870b500f194ef6b302`
SHA1	`0129a19bb4de248ff48990c68f1a874470c28d6e`
SHA256	`3eb28d256a5cbdbdbaa78a366e13b745906a59922f0cbc31b7c79e9d8e9a20e8`
SHA3	`e45b550a561ebfb479225c7773a63b2228eb1f86a49a369a5543dd433b98b8d3`

149

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11e7e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41337`
MD5	`323d374e53bc26a9ba7f4b0ede53451a`
SHA1	`7176ff5c48624d9695afddb2d26068182b11ccd9`
SHA256	`3145094aa8d5593bf12fa4ef0d2e9befd428f712f795b9cb2daf4303de1eb5d5`
SHA3	`44ddcf840893da189f9700b7c44a5d3e9940524dd368c051f2489637b2a4bca9`

150

Type	`DICTIONARY`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1235e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45081`
MD5	`a03338aa47822834bab1b873e5ea6b6b`
SHA1	`fda64860b184fa938bef4b4db326d5db42c6f8bd`
SHA256	`7e9554858298eed512392199932b11bbdf35f45f4f0a94819eea648d2ee9a974`
SHA3	`bccfb95b1d9330042676ed0f8b568908b0a765250160fd84cf7e908d902e2dc8`

110

Type	`GIF`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03149`
Detected Filetype	GIF graphic file
MD5	`325472601571f31e1bf00674c368d335`
SHA1	`2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a`
SHA256	`b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b`
SHA3	`afacd2b83f042f49e137cdd6d628d4da182929428180855ed51136a8479f5ea3`

127

Type	`GIF`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4b1a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.80744`
Detected Filetype	GIF graphic file
MD5	`7699a4c54b1f5515a64e93fe3f801321`
SHA1	`2e51f7e1a331d921eaf15bd7dc9721a742984d47`
SHA256	`9146e2390273ac868609dac1be7f1a0458b7d4f7ecdfe1eaec107b3211f33aa2`
SHA3	`a80cbe5dba69ca119a4eba793244fa4761114cddf68950c5d8997d4cfcdf714c`

128

Type	`GIF`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe622`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90998`
Detected Filetype	GIF graphic file
MD5	`f5dad4bc08409591d0420aaa18a044ea`
SHA1	`f497cd492156d0c8c056d9d0dee1f47ee7f012c6`
SHA256	`2b3ae69a0e9301661be037690ac9682f898e288b70ca40acbfbd0e3c3cb43bc0`
SHA3	`d376a236b12953459893fe6eef1847b45de0d081edc3901e26aefdbcfcbe6972`

103

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0xde28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.03742`
MD5	`38c26016189d4d1b68fa10c54050e53c`
SHA1	`081bd6a4e2e0831750e2fb8ad5af07cc9f8b112e`
SHA256	`8720e510401d8830f4324b4ab2f9e50acc91afab981e43e90688afac9eabc3e5`
SHA3	`e207fd1bd859875f6498b00bba9e52ca89ff64b2b4513c36091345999ca16a01`

107

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x16dc5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.293`
MD5	`e1288116312e4728f98923c79b034b67`
SHA1	`8b6babff47b8a9793f37036fd1b1a3ad41d38423`
SHA256	`ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32`
SHA3	`e1b6e1b3ae5e3a3ac93bb9c9da498fee7d29f426ef3f03792bd906092d74bb4e`

108

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3984`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01521`
MD5	`ab3adf4aff09a1c562a29db05795c8ab`
SHA1	`f6c3f470aea0678945cb889f518a0e9a5ce44342`
SHA256	`d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b`
SHA3	`8227f7310b58a15213072a11b8d3ae3369397ffc69e8d886e61e2d67bbdc6cc5`

109

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe7a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00095`
MD5	`e13f16e89fff39422bbb2cb08a015d30`
SHA1	`e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9`
SHA256	`24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe`
SHA3	`f8f8cb9fe62508d7100c5a2370223b5910e57a8f5da179f216ef0e3d522ca9d2`

152

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7358`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00884`
MD5	`d533ddf54f159dc1f63336a26cfd896d`
SHA1	`e1e9eeb5ad93e33acf98742f49612fb2364df8b2`
SHA256	`2ccaac5eab4669abbd1bc5f9fd9736cfbebe3e7307dbefe9040cbc3a65ad4919`
SHA3	`f82502110fe406f4b7f3100fa6d1ed00792f6f63b0dd405cb9434d089a01a62e`

163

Type	`JS`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12624`
MD5	`d98f70ffd105672292755a37f173c2ec`
SHA1	`c0154add295ac052f234a0282a62b704cdd01998`
SHA256	`257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3`
SHA3	`5668cb9f75228a4931af663a5136a7e62e3c109a2495ea630288e93627b60b27`

111

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9f0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90522`
Detected Filetype	PNG graphic file
MD5	`c798f5f4b98fd335a77e600ce21e32dc`
SHA1	`3db71eb6d87c8a4fcc6fded25d420cf7ea79231d`
SHA256	`9b249680adc23b858b08a62ea83fd8373e3480ff6f9120195314897c6e5f2cea`
SHA3	`80a7403eebbf2998d93bc7f883d8af5ff7115226427056c2780b08357986d71a`

112

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ac2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94668`
Detected Filetype	PNG graphic file
MD5	`2ef18565aa93c7a0cb24a4852aba0911`
SHA1	`0cf3ae591cdd4ebf985454bcd99872d86791eccf`
SHA256	`6db5d7eb5148243202715c337ec751b8816c0e689fff4a97e57cd47fb283d92c`
SHA3	`8ecdfc154c5890d29a6982933c3289be5e52cacdcdbf3fa8a39f79709cba5532`

113

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x226`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.4944`
Detected Filetype	PNG graphic file
MD5	`8d2c84506f3f48a810eb7232dc000d6f`
SHA1	`f4a238c1f7c02c7c907368b939efba7512c6be5a`
SHA256	`c4620bc8b293dd89db628d2002ef9fe02055e2d1cff1f07e18a3e2e4942ab7f1`
SHA3	`cb22a78f6154f6ab8eb76dfa2d49e6fbed30d0e230c6dfcbd24c0c27e980751d`

114

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.7621`
Detected Filetype	PNG graphic file
MD5	`8f59e78c9d29fe27d2461e3694ca19da`
SHA1	`4215e6467068ebda3a7657f45933c8e3a6b8848d`
SHA256	`9e7705ea53ca1437f73e64b58d434ebd653dfbdf39898eb551bd637701cb357d`
SHA3	`d7e2b3911f929165b74c9f86f61e1c4a3fbfc6f59ab88ec902411055142bfcf4`

115

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x127`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.0091`
Detected Filetype	PNG graphic file
MD5	`7ae9fb845b9137ef10002fe9d0f5c643`
SHA1	`9f3fa2b29b1b40e1b6794e5d624524de297a8b59`
SHA256	`e9e5fc264337bf6845b2cf2720ddcde8936cb120328087917bf94c5911edd74a`
SHA3	`bdf59cbc940280f6de26d3cb8333a76ebb05d9fe8b6db6a1363e2c126680f65c`

116

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x213`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.42559`
Detected Filetype	PNG graphic file
MD5	`1b46e3cd914d5e0a8647eb648e3969cf`
SHA1	`37a8f941f9d5717cb7108f976f9e16438afe24f4`
SHA256	`4d9aea82fa1e55f787fcacb17c893a7ea730ef44bf1e6696f284629b92b210f0`
SHA3	`769375bd16c06dfebe6f4011b59ad9c657d249c119f39ba77fddc92e6e935b07`

119

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1d2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.3262`
Detected Filetype	PNG graphic file
MD5	`7978536150734ceffaf0720837e8b302`
SHA1	`7c11361af6e41d00beffaf4ef9e677506b32164d`
SHA256	`5d10637927b7a623428560eaf18fb8eaf439cd8731199c3b4d251b9846841183`
SHA3	`cb1d36d9fe251b457f6ce1095d09a0b2d8ad927adce3e4ddeed8cbb1768b6f9a`

120

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3fd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.70355`
Detected Filetype	PNG graphic file
MD5	`343b161e7996221bfbe4321a62628a29`
SHA1	`f072095a70ae958572d662958feb1200baea174f`
SHA256	`6385151b79e3ba406fb11027be016d42a8a0ce9d65012dbfc5d00a4fd5a1fc28`
SHA3	`78092f0e79709169693b63524e90ebc72fbe40a1f291dc429e99f36ffd03869d`

121

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.10146`
Detected Filetype	PNG graphic file
MD5	`d13cecc413374c4ddc22a9edacde8a11`
SHA1	`981295dd1f713584591716a6e753346b8a89215a`
SHA256	`b9c9ae215daf1bb5b6692f527375207aedc138891947e5f6c1c6b549c2ebf39a`
SHA3	`6600e2ff303330f12f991b77c7895f73f8b6792f68e793355924cc544260f72e`

122

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xfc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.68965`
Detected Filetype	PNG graphic file
MD5	`42fb1ea073a33e5da9653529f46f66b0`
SHA1	`bf1837615c2e9d12c9dcc2869d05d3f0106a9de9`
SHA256	`d708b7b1c4a46677c4a9b82f81ad79067b9bbb133da43e797bba9679b21ed929`
SHA3	`963423f4a76e8d551cd796ccaa77222bf7798ad9dccb949d7254788341414d92`

123

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x13d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.90778`
Detected Filetype	PNG graphic file
MD5	`9f7974bbcc96f12769c1856045eb7bc7`
SHA1	`fa0b9b9d709718839ea525ab838260a4e124fb1d`
SHA256	`e7fcff2549114496e8141f46a7606f740bbadf22c9ad818c40d9ff9b9ea12198`
SHA3	`00be844f5803151347c86ba7139619cb2be43d7ed575e082a7513ba4aa7cdd0c`

124

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.4941`
Detected Filetype	PNG graphic file
MD5	`5e46e67c30c83f2e9278cc8f658bc74d`
SHA1	`621a956fd3ebb761469220c2eff56ba8d1149b28`
SHA256	`5985fe4917d51a2271d6019805313a1c2d48fa6eeb29228c7a19664255920621`
SHA3	`27d8d3a0f5ca3b38de0de51721cb9d0c5135e562429a9f3988a41dfb6b83ce80`

125

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.63735`
Detected Filetype	PNG graphic file
MD5	`ee8599707751befddb2b94bc79525c15`
SHA1	`e118b48e25fe42d933377b03fb5a9a710e1c5caa`
SHA256	`c1f6844923f7c311d996d81eed6d8e769d52df6d95c898187d92997abbb2770b`
SHA3	`68b6bcf7d5da39b1e1a9f13c26c7629d7c196ba476b7504e848670c95bdeb95d`

126

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x187`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.26639`
Detected Filetype	PNG graphic file
MD5	`4071c682a19e2f47bb65e9aa485b8494`
SHA1	`222c3ee704f04256c07c341bbad49ecceb4acbd1`
SHA256	`5352b611b89eec98f0bd9017e420580f58fbe31cfed730d758c63dfbfeff8117`
SHA3	`9dfb3c7c7b470c99ae689571413a9362a0585862b0e599f5d27fd3faef38d931`

154

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xab5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.85493`
Detected Filetype	PNG graphic file
MD5	`26e9b0fe7397d9c072da92fcf6951b11`
SHA1	`4ee24ef82e7ee4fcc980e3caeca90b6e0d99b59f`
SHA256	`e4c2314a50cf372465c97d955645455ccad1911eed45ff2c2de5a310316ab15e`
SHA3	`abbaacfff7b25332262067240cae41c8b51f794208d5dfb16838816cad22b930`

155

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x28e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.55792`
Detected Filetype	PNG graphic file
MD5	`13b5f5e052334e0ad6d31845fc859e3d`
SHA1	`b71022382904d194a5d8f5cb3b1d0dd92e254b16`
SHA256	`87fd64c46642058fb6d7ae4ab2c71ba5df7ce12ffb8b9383edc7bb7a673f0306`
SHA3	`7c18ab7fa137ee7cebe82b3d14a18cfdc4985621167b70b98ceac49f4d2a6095`

156

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4f1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.71488`
Detected Filetype	PNG graphic file
MD5	`34b670a842dff811281e3e619a0434a5`
SHA1	`9f239be72c7aece20ae08623260dd660ecb6503c`
SHA256	`8794d5ae6dbc5264a3592195e6b1e081f74734a950b02a4325b8899b35f78d07`
SHA3	`50a6f68fc3eb5679ee2610eabf99cd3f2541f85b7a7c09eae96b444e8c85e802`

157

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x16c3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92856`
Detected Filetype	PNG graphic file
MD5	`14d2959a1591466fee33784d9cd5ef1e`
SHA1	`4b69e3889ec3852123c9d47b927c97bf4a3b260f`
SHA256	`99da78dbe5bd8d904dd16208405b90c3103b4586796cae32539c3baf6fa3c216`
SHA3	`ab162831ff06decc3158c9a5e5bd815f2685a9bc32bf36a5a7df1e0b35e591b7`

158

Type	`SVG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x121`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11754`
MD5	`4585f70294e7b625dcd1ea8c585067a5`
SHA1	`11c92ae523b0c588c5469814b0c3c7778cb3f133`
SHA256	`7e58a1cce147df03605a92ffda1b88ca26005c09d1eb9ae56f37accdebbfe348`
SHA3	`fb5634bf33386f084acc059d5657bb4fe50e5edbb842e7e23ece9015cd0b95b0`

159

Type	`SVG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.17012`
MD5	`3530c5040ac9af92cd0a7d347f764593`
SHA1	`b815ef3654ec2c677e8f8f68d8527b6d8142b4e9`
SHA256	`daf26ad61aee6152cf7c0e8f2d3936d0c220de2a3c329e6ce0fcc007cb64ca51`
SHA3	`ea43e9bf38779c4976d737f0d441a2c92e715f3f29f6c65ae27bb17fb536abe1`

160

Type	`SVG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2ed`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.47618`
MD5	`e7b1717b9eba236b9c12be7a980b5b40`
SHA1	`f1baa3f41ffa5dfff320b7e289964cec54f19a99`
SHA256	`2a48e8db0f3991de1088936f56c583fe615fae4b9e14f4ebe2b33d29138088f3`
SHA3	`73909a1b2562d86784d58c9051f0a40223a537eb6e5b65898b2fdc261fbd5ef9`

162

Type	`SVG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3be`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38116`
MD5	`332816d7725fc31725b678cff1cb6dcc`
SHA1	`876f938efb86c1bb1733b47ec279335de97576da`
SHA256	`8b5469642507c00b9130bf7ed17a1e4d221e2a93dfd4d2972163650c4e94d714`
SHA3	`5156a317aaef915a8c1cd77c79516274bcc157f6ae7638bb143904d90420ca4b`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa8c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.63008`
Detected Filetype	PNG graphic file
MD5	`51d4520d0056dd78ab6030f864ec38dd`
SHA1	`3abad058263f068ef1138e7b7f4f1e4f19c3e2bc`
SHA256	`e7696d6f343d7fce61790194f4cdbae5352802f91dc77abe11df52ff9667b694`
SHA3	`7ada1217fa1603e2c53a1104d7f0f6f505eb01db6ed4adbbc210549c0de2c076`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0532`
MD5	`c86c7954917a522e19993100c1f58b4e`
SHA1	`d65521b4fcbb0cd5ddf76c935faaae20c8ee36e2`
SHA256	`9e149fad424d365c899572aa296bf7f0508541cb5a4ad5794fc18e31ac9da756`
SHA3	`b4a748be55d5e5a9a469985dc7f67bffff924728dd64f6e140d2e7bd71d05d74`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.30056`
MD5	`e659557bc290ea500fb81a0e201e9aeb`
SHA1	`9703a758c26e6d9db6ac9211bbcb896e36671614`
SHA256	`5d788c89a6bb483a45d6419797eb379ac6a19ede3e72757faa260b0c03894523`
SHA3	`3df8af9e9746238ba20f3ee531243a968694268aea90f8ef464b74c11bd44eb5`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.41941`
MD5	`c4eb869be735c32ef365cbb40d78b7b2`
SHA1	`2accdbbcb10eeae85374ce61eefbfb9fcde4d2cb`
SHA256	`d27e623bf3e84226ae260a8afe0aa2beaffb1eb82fa76611a31c5b8945f41fbd`
SHA3	`4b0a7e48fc282a6b8167f2b5043ba14551c34fc2d032b5b5fe26dadcd6c33856`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63697`
MD5	`e29d96cbe83ff4d632d10de953f7f016`
SHA1	`5d4bbb1a0127fb0725b4d5e3b5fa064ec4906581`
SHA256	`fd3e7c56697c473a437e44106bcb3ce6270f37ae480f8fac3e4d1a69ff2dbf04`
SHA3	`49920c39781ff17440cbdd1903d6c8dc8068c84a1d12f90704c0a7627571bd59`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9739`
MD5	`0ff3165a66f0dde7b91977034c7584c2`
SHA1	`6fe7e5482ec702f275f13617ddbadce6377485ac`
SHA256	`4093f18b49c4b6b1fe693c6f815860f55e3a124cc2b9897b760d056ee42c4b57`
SHA3	`86db17ab2d6f00a29b69b08aa7297469393b264fbbc57d3c993ee6ef95a010fa`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8213`
Detected Filetype	Icon file
MD5	`4b784dc80c9a63e0229152169ca0cd19`
SHA1	`090d4dc9c6f9e84b6ae2593fb83bdd6e9f1df435`
SHA256	`8b3697e98e4a8ff04c68c3a54f2aedc687ac088b164eec09280675a13f63334b`
SHA3	`a9e1ce93528e2245f6969a8a3280aa22799afffd7eda755be68493ba3361f9f3`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x304`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39542`
MD5	`8bb31ed93d57ca71c48553e28906fad2`
SHA1	`8b38e8fcca0ffdd43c64bddbd150f1379e503fe0`
SHA256	`64c40d783f02291d6d8a30998dc7ad1ec7c343984cd2bd4e2920324a6d885b44`
SHA3	`af7e2ff9445f263b988c7df5feabfbf5ece656c931cf83ad20d3e610b5f4cd88`

102

Type	`RT_HTML`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22b9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.39077`
MD5	`f4b7942d6563727bd614f10da0f38445`
SHA1	`84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9`
SHA256	`e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc`
SHA3	`b950c56923dd2edba931d47ac21e1ba6e83b66474fbc88d927dc487f7986915e`

151

Type	`RT_HTML`
Language	English - United States
Codepage	UNKNOWN
Size	`0x13b7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.18685`
MD5	`d78782451d45883772a196d3897eb164`
SHA1	`aa2f7252c3db9b9c9a91ccbeb4cbbc03295a905a`
SHA256	`05f00418cca67ed5b176e9ff4fe39d8d542bdb8fb11b119f9e021d2dac36bb36`
SHA3	`aa743cd1c6662c5042dbe0593c5c7f456ac1e08db0cc25237910ce4ba35ffc88`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x813`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.1674`
MD5	`02dc00ac1a8debbcbd7922efa6508447`
SHA1	`cbe08af121822dc0e826f92059e62bd60ece375c`
SHA256	`f916797f99304665dd1312489b5e6e53b8180dab9b779e8eed6f7fcb9c8fb250`
SHA3	`0e9307e39489d1c3deabace748864140d23269e5d6fe0f4d718257a8f418053c`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.0.0.354
ProductVersion	5.0.0.354
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Adobe Inc.
FileDescription	Adobe Installer
FileVersion (#2)	5.0.0.354
InternalName	Adobe Installer
LegalCopyright	© 2015-2019 Adobe. All rights reserved.
OriginalFilename	Adobe Installer
ProductName	Adobe Installer
ProductVersion (#2)	5.0.0.354

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Sep-27 11:37:59
Version	`0.0`
SizeofData	`35`
AddressOfRawData	`0x2529b4`
PointerToRawData	`0x2517b4`
Referenced File	Set-up.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Sep-27 11:37:59
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2529d8`
PointerToRawData	`0x2517d8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Sep-27 11:37:59
Version	`0.0`
SizeofData	`1244`
AddressOfRawData	`0x2529ec`
PointerToRawData	`0x2517ec`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2019-Sep-27 11:37:59
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x680000`
EndAddressOfRawData	`0x680008`
AddressOfIndex	`0x679ca8`
AddressOfCallbacks	`0x5fdc50`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x66e070`
SEHandlerTable	`0x6517f0`
SEHandlerCount	`1092`

RICH Header

XOR Key	`0x9e69c8eb`
Unmarked objects	`0`
241 (40116)	`21`
243 (40116)	`200`
242 (40116)	`32`
C++ objects (23013)	`4`
199 (41118)	`1`
ASM objects (23907)	`25`
C objects (23907)	`39`
C++ objects (23907)	`136`
C objects (65501)	`9`
C++ objects (VS2015 UPD2 build 23918)	`24`
C objects (VS2015 UPD1 build 23506)	`1`
C++ objects (VS2015 UPD1 build 23506)	`8`
208 (65501)	`2`
Imports (65501)	`35`
Total imports	`530`
265 (VS2015 UPD2 build 23918)	`200`
Resource objects (VS2015 UPD2 build 23918)	`1`
151	`1`
Linker (VS2015 UPD2 build 23918)	`1`