Manalyze report for a97dd0deec98b061a670ce3e8f625f03b8d5b0c47d4f45f2fc481d7269164107

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-24 15:26:51
Detected languages	English - United States
TLS Callbacks	6 callback(s) detected.
Debug artifacts	assistant_installer.exe.pdb
CompanyName	Opera Software
FileDescription	Opera GX Browser Assistant Installer
FileVersion	`129.0.5823.26`
InternalName	Opera GX
LegalCopyright	Copyright Opera Software 2026
ProductName	Opera GX Browser Assistant Installer
ProductVersion	`129.0.5823.26`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe` `Contains references to security software: autoupdate.exe` `Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System SYSTEM\CurrentControlSet\Control\SystemInformation` `May have dropper capabilities: CurrentVersion\Run` `Accesses the WMI: ROOT\CIMV2` `Contains domain names: .opera.com 2.opera.com autoupdate.opera.com blink.net chromium.org collector-2.opera.com crashpad.chromium.org crashstats-collector-2.opera.com https://autoupdate.opera.com https://autoupdate.opera.com/ https://crashpad.chromium.org https://crashpad.chromium.org/ https://crashpad.chromium.org/bug/new https://crashstats-collector-2.opera.com https://crashstats-collector-2.opera.com/ openssl.org opera.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable` `Unusual section name found: CPADinfo` `Unusual section name found: LZMADEC` `Unusual section name found: malloc_h`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA LoadLibraryExW LoadLibraryW` `Functions which can be used for anti-debugging purposes: FindWindowW SwitchToThread` `Can access the registry: RegCloseKey RegCreateKeyExW RegDeleteKeyExW RegDeleteValueW RegEnumKeyExW RegEnumValueW RegGetKeySecurity RegOpenKeyExW RegQueryInfoKeyW RegQueryValueExA RegQueryValueExW RegSetValueExW SHDeleteKeyW` `Possibly launches other programs: CreateProcessAsUserW CreateProcessWithTokenW CreateProcessW` `Uses Windows's Native API: NtDeleteKey NtQueryInformationThread NtQueryObject` `Can create temporary files: CreateFileW GetTempPathW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: WinHttpAddRequestHeaders WinHttpCloseHandle WinHttpConnect WinHttpCrackUrl WinHttpOpen WinHttpOpenRequest WinHttpQueryHeaders WinHttpReadData WinHttpReceiveResponse WinHttpSendRequest WinHttpSetTimeouts WinHttpWriteData` `Leverages the raw socket API to access the Internet: WSACloseEvent WSACreateEvent WSAEnumNetworkEvents WSAEnumProtocolsW WSAEventSelect WSAGetLastError WSAGetOverlappedResult WSARecv WSAResetEvent WSASend WSAStartup accept closesocket getsockname ioctlsocket recv shutdown` `Functions related to the privilege level: AdjustTokenPrivileges CheckTokenMembership DuplicateToken DuplicateTokenEx OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess ReadProcessMemory` `Changes object ACLs: SetNamedSecurityInfoW SetSecurityInfo`
Info	The PE is digitally signed.	`Signer: Opera Norway AS` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/70 (Scanned on 2026-04-02 08:45:03)	`All the AVs think this file is safe.`

Hashes

MD5	`298c1958c3cbec986530c916e78f0ed5`
SHA1	`0d668b77b72fa92afe2c4313afef659f47d14ad0`
SHA256	`a97dd0deec98b061a670ce3e8f625f03b8d5b0c47d4f45f2fc481d7269164107`
SHA3	`3ad30605c5fa97dd17664e139f81da537aa1fa73f84ab837c0726e0f9ce0da83`
SSDeep	`49152:/XEkAmPjIQDJi2UsRvwfhjQFwJFCDDSYmDUGeUlLi5M6OU:/XG2oQGDqm6V`
Imports Hash	`ff6289213c537080ef81faae958c3618`

DOS Header

e_magic	`MZ`
e_cblp	`0x78`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0`
e_ss	`0`
e_sp	`0`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x78`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`12`
TimeDateStamp	2026-Mar-24 15:26:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2f5000`
SizeOfInitializedData	`0x9ae00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000001A4510 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`0.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x3c6000`
SizeOfHeaders	`0x400`
Checksum	`0x3a28b9`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`bff02073e45475155d5bdab3b408d4fe`
SHA1	`e9dd46f4bc92fd19ad81c62a7f0dc7a1108cf7b2`
SHA256	`41730878d94950954847e84ab59275a747f9ce12f96c04b5c51c299396a09490`
SHA3	`3b7eb218ee797cb3626c724246da0d2cc32accfe8776d49b89823b84b4af51e3`
VirtualSize	`0x2f4e59`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2f5000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55281`

.rdata

MD5	`9eb71baa24ed3471569c02f26e257563`
SHA1	`d5a75970890c2a59aeb5f8fe1ee063c4a3828991`
SHA256	`8b2825411d4702357ee248e8659c1cdb685515f047b8b5983bfafb8eff321ccb`
SHA3	`00d989d9a67bade6eaf84c553082cd44a24b33329111063963414c58ff959eab`
VirtualSize	`0x5d630`
VirtualAddress	`0x2f6000`
SizeOfRawData	`0x5d800`
PointerToRawData	`0x2f5400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.70233`

.data

MD5	`194c5b208d0b0d0742d18080b5dec975`
SHA1	`83e39e92db89318abf805c5a8d27be3a16914164`
SHA256	`0979f215e83157a7081874fec683fe2d6264a1f1f192cacdeca92e8839164464`
SHA3	`c7577a81dca436801123782b7f75bd99b427978dbd13e57d96471775424eaa2f`
VirtualSize	`0x3ce10`
VirtualAddress	`0x354000`
SizeOfRawData	`0x10800`
PointerToRawData	`0x352c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.82319`

.pdata

MD5	`5a77aec4945cca371e19e425f5f0089f`
SHA1	`b8be388906659e6efad30bcd3ab36bf13b742162`
SHA256	`877d273191f51980ceccb9757699e035d883623dd4d73ee4db963168fec70e04`
SHA3	`66224b84e1177bffe412631cc7759697c3db270eb27ff19474b1fa1b467371e3`
VirtualSize	`0x16158`
VirtualAddress	`0x391000`
SizeOfRawData	`0x16200`
PointerToRawData	`0x363400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.1459`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x3a8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x379600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.tls

MD5	`4e0474aa0aa89fc1a973772dc4c01be5`
SHA1	`742764a126c482443614eb78262713594e7df82f`
SHA256	`a8723e516975785618a6bbc5da491ee15009996f346d054e39dae86fb6836506`
SHA3	`3ef3353144f7b0c037eb241580f56db1292a071ab619f3562fe6a596baeb0ee7`
VirtualSize	`0x291`
VirtualAddress	`0x3a9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x379800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.212523`

CPADinfo

MD5	`55023887715cb19bfb8d60a6a2898012`
SHA1	`dc9c4b03bda195d5499a6e937082357f18325b45`
SHA256	`fa1815fb0ba52430f907e1208090f42bdc0d8d867c7ec8958ba23a634c3d7618`
SHA3	`437b6ff820c01363ad9f9d0e9739d9336488940242d50861eb4bb6942ec97ae8`
VirtualSize	`0x40`
VirtualAddress	`0x3aa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x379c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.122276`

LZMADEC

MD5	`05e9eab8428a551a281ab278073669fa`
SHA1	`f0bfa89d3c11280e4ac954b1722650534a7738ba`
SHA256	`caf8ae633e0f04bd3d5bd49c4b30a5ab0bde47e1d3b1a3540d65dea6223c9329`
SHA3	`f19ad9e072a343bb8f0475b303385d46768c1386ffc78fef302b1bd9aebda716`
VirtualSize	`0x11f1`
VirtualAddress	`0x3ab000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x379e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.06198`

_RDATA

MD5	`7590b8ee1a235a7aa6c777a631d6b7bc`
SHA1	`38790ac8364cd8bc378925e9005970169f301357`
SHA256	`ffd8006a2ab3b8b845905e4e8a1c186d1b2ef076f74b4c17d4bf27cbef4a338a`
SHA3	`dd2c8fbef5e4c734bf76ab706d5b5f35e0efc19ca5f113c306403d0bb32d923f`
VirtualSize	`0x1f4`
VirtualAddress	`0x3ad000`
SizeOfRawData	`0x200`
PointerToRawData	`0x37b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.24096`

malloc_h

MD5	`8d715a3a272427dc247c4e359767f166`
SHA1	`93a065c36d88435c1736002ad9e152a3e522c6c5`
SHA256	`22cea9e13b17b0dc7e8aace59380f1e36934613c6bf153e6116ac12c115afd02`
SHA3	`b1d6e4934a4478b266d475236c3d591a74a4a398cf5fd325a4c2b18bbb1a636d`
VirtualSize	`0x10d`
VirtualAddress	`0x3ae000`
SizeOfRawData	`0x200`
PointerToRawData	`0x37b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.02478`

.rsrc

MD5	`271bcc432275d3d1af535683b812df63`
SHA1	`ccf20cd77a0d4f38f22d84ca561371d3f8416973`
SHA256	`fb378e7509410f49b9575adf5c274d1bc68c78b06db61cca70a9413dee585bf9`
SHA3	`00732b08d2eb11ee6e85efff1d3f953422765d3c1d63ee49eefc912a8ed3fc8c`
VirtualSize	`0x12c18`
VirtualAddress	`0x3af000`
SizeOfRawData	`0x12e00`
PointerToRawData	`0x37b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.39648`

.reloc

MD5	`fe22740e3b5162110a9a010171774218`
SHA1	`34a8e4ca0841a0d1c8d0e01440881fe45d48b45b`
SHA256	`9da9acebefae106ebdfb359331521a349b698f4531f05c9218e3dddd81ac4efc`
SHA3	`cf7543fc6a060fbb06d64fcc35ba33168efbb9dbe534bf596a628e94dae47e2c`
VirtualSize	`0x32a0`
VirtualAddress	`0x3c2000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x38e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42091`

Imports

ADVAPI32.dll	`AccessCheck` `AdjustTokenPrivileges` `AllocateAndInitializeSid` `BuildExplicitAccessWithNameW` `BuildSecurityDescriptorW` `BuildTrusteeWithSidW` `CheckTokenMembership` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `ConvertStringSidToSidW` `CreateProcessAsUserW` `CreateProcessWithTokenW` `DuplicateToken` `DuplicateTokenEx` `EqualSid` `FreeSid` `GetExplicitEntriesFromAclW` `GetLengthSid` `GetNamedSecurityInfoW` `GetSecurityDescriptorControl` `GetSecurityDescriptorDacl` `GetSecurityDescriptorGroup` `GetSecurityDescriptorOwner` `GetSecurityDescriptorSacl` `GetSidSubAuthority` `GetSidSubAuthorityCount` `GetTokenInformation` `GetUserNameW` `ImpersonateNamedPipeClient` `IsValidAcl` `IsValidSecurityDescriptor` `IsValidSid` `LookupPrivilegeValueW` `OpenProcessToken` `RegCloseKey` `RegCreateKeyExW` `RegDeleteKeyExW` `RegDeleteValueW` `RegEnumKeyExW` `RegEnumValueW` `RegGetKeySecurity` `RegOpenKeyExW` `RegQueryInfoKeyW` `RegQueryValueExA` `RegQueryValueExW` `RegSetValueExW` `RevertToSelf` `SetEntriesInAclW` `SetNamedSecurityInfoW` `SetSecurityInfo`
dbghelp.dll	`MiniDumpWriteDump` `SymCleanup` `SymFromAddr` `SymGetLineFromAddr64` `SymGetSearchPathW` `SymInitialize` `SymSetOptions` `SymSetSearchPathW`
OLEAUT32.dll	`SafeArrayCreate` `SafeArrayGetVartype` `SafeArrayPutElement` `SysAllocString` `SysAllocStringByteLen` `SysFreeString` `SysStringByteLen` `VariantChangeType` `VariantClear` `VariantInit` `VariantTimeToSystemTime`
SHELL32.dll	`CommandLineToArgvW` `#680` `SHChangeNotify` `SHGetFolderPathW` `SHGetKnownFolderPath` `ShellExecuteExW`
SHLWAPI.dll	`PathMatchSpecW` `SHDeleteKeyW`
USER32.dll	`AllowSetForegroundWindow` `CharUpperW` `CreateWindowExW` `DefWindowProcW` `DestroyWindow` `DispatchMessageW` `FindWindowW` `GetActiveWindow` `GetMessageW` `GetQueueStatus` `GetShellWindow` `GetWindowLongPtrW` `GetWindowThreadProcessId` `KillTimer` `MessageBoxW` `MsgWaitForMultipleObjectsEx` `PeekMessageW` `PostMessageW` `PostQuitMessage` `RegisterClassExW` `RegisterClassW` `SendNotifyMessageW` `SetTimer` `SetWindowLongPtrW` `TranslateMessage` `UnregisterClassW` `WaitForInputIdle`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueW`
WINMM.dll	`timeBeginPeriod` `timeEndPeriod` `timeGetTime`
WS2_32.dll	`WSACloseEvent` `WSACreateEvent` `WSAEnumNetworkEvents` `WSAEnumProtocolsW` `WSAEventSelect` `WSAGetLastError` `WSAGetOverlappedResult` `WSARecv` `WSAResetEvent` `WSASend` `WSAStartup` `accept` `closesocket` `getsockname` `ioctlsocket` `recv` `shutdown`
KERNEL32.dll	`AcquireSRWLockExclusive` `AddVectoredExceptionHandler` `AssignProcessToJobObject` `CancelIo` `CloseHandle` `CompareStringW` `ConnectNamedPipe` `CopyFileW` `CreateDirectoryW` `CreateEventW` `CreateFileMappingW` `CreateFileW` `CreateIoCompletionPort` `CreateMutexW` `CreateNamedPipeW` `CreatePipe` `CreateProcessW` `CreateSemaphoreW` `CreateThread` `DecodePointer` `DeleteCriticalSection` `DeleteFileW` `DeleteProcThreadAttributeList` `DeviceIoControl` `DisconnectNamedPipe` `DuplicateHandle` `EncodePointer` `EnterCriticalSection` `EnumSystemLocalesW` `ExitProcess` `ExpandEnvironmentStringsW` `FileTimeToSystemTime` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlsAlloc` `FlsFree` `FlsGetValue` `FlsSetValue` `FlushFileBuffers` `FlushViewOfFile` `FormatMessageA` `FormatMessageW` `FreeEnvironmentStringsW` `FreeLibrary` `GetACP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetConsoleMode` `GetConsoleOutputCP` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetDateFormatW` `GetDriveTypeW` `GetEnvironmentStringsW` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetFileAttributesExW` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileInformationByHandleEx` `GetFileSizeEx` `GetFileTime` `GetFileType` `GetFullPathNameW` `GetHandleInformation` `GetLastError` `GetLocalTime` `GetLocaleInfoW` `GetLogicalDrives` `GetLogicalProcessorInformation` `GetLogicalProcessorInformationEx` `GetLongPathNameW` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleExW` `GetModuleHandleW` `GetNativeSystemInfo` `GetOEMCP` `GetProcAddress` `GetProcessHandleCount` `GetProcessHeap` `GetProcessId` `GetProcessMitigationPolicy` `GetProcessTimes` `GetProductInfo` `GetQueuedCompletionStatus` `GetStartupInfoW` `GetStdHandle` `GetStringTypeW` `GetSystemDefaultLCID` `GetSystemDirectoryW` `GetSystemInfo` `GetSystemTimeAsFileTime` `GetSystemTimePreciseAsFileTime` `GetTempPathW` `GetThreadContext` `GetThreadId` `GetThreadLocale` `GetThreadPriority` `GetThreadPriorityBoost` `GetTickCount` `GetTimeFormatW` `GetTimeZoneInformation` `GetUserDefaultLCID` `GetVersionExW` `GetWindowsDirectoryW` `GlobalMemoryStatusEx` `HeapAlloc` `HeapDestroy` `HeapFree` `HeapReAlloc` `HeapSize` `InitOnceExecuteOnce` `InitializeConditionVariable` `InitializeCriticalSection` `InitializeCriticalSectionAndSpinCount` `InitializeCriticalSectionEx` `InitializeProcThreadAttributeList` `InitializeSListHead` `InitializeSRWLock` `IsDebuggerPresent` `IsProcessorFeaturePresent` `IsValidCodePage` `IsValidLocale` `IsWow64Process` `K32GetModuleInformation` `K32GetPerformanceInfo` `K32GetProcessMemoryInfo` `K32QueryWorkingSetEx` `LCMapStringW` `LeaveCriticalSection` `LoadLibraryExA` `LoadLibraryExW` `LoadLibraryW` `LocalAlloc` `LocalFree` `LockFileEx` `MapViewOfFile` `MoveFileExW` `MoveFileW` `MultiByteToWideChar` `OpenEventW` `OpenProcess` `OpenThread` `OutputDebugStringA` `OutputDebugStringW` `PeekNamedPipe` `PostQueuedCompletionStatus` `QueryFullProcessImageNameW` `QueryPerformanceCounter` `QueryPerformanceFrequency` `QueryThreadCycleTime` `RaiseException` `ReadConsoleW` `ReadFile` `ReadProcessMemory` `RegisterWaitForSingleObject` `ReleaseMutex` `ReleaseSRWLockExclusive` `ReleaseSemaphore` `RemoveDirectoryW` `RemoveVectoredExceptionHandler` `ReplaceFileW` `ResetEvent` `ResumeThread` `RtlCaptureContext` `RtlCaptureStackBackTrace` `RtlLookupFunctionEntry` `RtlPcToFileHeader` `RtlUnwind` `RtlUnwindEx` `RtlVirtualUnwind` `SetConsoleCtrlHandler` `SetEndOfFile` `SetEnvironmentVariableW` `SetEvent` `SetFileAttributesW` `SetFileCompletionNotificationModes` `SetFileInformationByHandle` `SetFilePointerEx` `SetHandleInformation` `SetInformationJobObject` `SetLastError` `SetNamedPipeHandleState` `SetProcessShutdownParameters` `SetStdHandle` `SetThreadInformation` `SetThreadPriority` `SetThreadPriorityBoost` `SetUnhandledExceptionFilter` `Sleep` `SleepConditionVariableSRW` `SleepEx` `SuspendThread` `SwitchToThread` `SystemTimeToFileTime` `SystemTimeToTzSpecificLocalTime` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `TransactNamedPipe` `TryAcquireSRWLockExclusive` `TzSpecificLocalTimeToSystemTime` `UnhandledExceptionFilter` `UnlockFileEx` `UnmapViewOfFile` `UnregisterWaitEx` `UpdateProcThreadAttribute` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualAlloc` `VirtualFree` `VirtualProtect` `VirtualQuery` `VirtualQueryEx` `WaitForMultipleObjects` `WaitForSingleObject` `WaitNamedPipeW` `WakeAllConditionVariable` `WakeConditionVariable` `WerRegisterRuntimeExceptionModule` `WideCharToMultiByte` `Wow64GetThreadContext` `WriteConsoleW` `WriteFile`
ole32.dll	`CoCreateInstance` `CoInitializeEx` `CoInitializeSecurity` `CoRegisterInitializeSpy` `CoRevokeInitializeSpy` `CoSetProxyBlanket` `CoTaskMemFree` `CoUninitialize`
ntdll.dll	`NtDeleteKey` `NtQueryInformationThread` `NtQueryObject` `RtlGetLastNtStatus`
USERENV.dll	`CreateEnvironmentBlock` `DestroyEnvironmentBlock`
Secur32.dll	`GetUserNameExW`
api-ms-win-core-winrt-l1-1-0.dll	`RoInitialize` `RoUninitialize`
WINHTTP.dll	`WinHttpAddRequestHeaders` `WinHttpCloseHandle` `WinHttpConnect` `WinHttpCrackUrl` `WinHttpOpen` `WinHttpOpenRequest` `WinHttpQueryHeaders` `WinHttpReadData` `WinHttpReceiveResponse` `WinHttpSendRequest` `WinHttpSetTimeouts` `WinHttpWriteData`
api-ms-win-power-base-l1-1-0.dll (delay-loaded)	`CallNtPowerInformation`

Delayed Imports

Attributes	`0x1`
Name	`api-ms-win-power-base-l1-1-0.dll`
ModuleHandle	`0x3647d0`
DelayImportAddressTable	`0x3647d8`
DelayImportNameTable	`0x344478`
BoundDelayImportTable	`0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

GetHandleVerifier

Ordinal	`1`
Address	`0x777c0`

141

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xaa7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90465`
Detected Filetype	PNG graphic file
MD5	`1d4e4d589b845704ab13a31f6d845738`
SHA1	`26474da0ccb797e8760f163e2ed93ec05ec5997e`
SHA256	`868dfa2ebd273c0468008ccdddb1b32e662f7da22d6bf51295ee2af8ed546014`
SHA3	`0029f87b041d25f842671a0765f9e6a24179f06fc8edf6f07e4eecedab58fc15`

142

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92612`
Detected Filetype	PNG graphic file
MD5	`6c117afc6c50638b35d21c6dad2f1ac8`
SHA1	`98d4c10d1e3dc348160c218eb2f4b359845bff1a`
SHA256	`6cf17d0611ac49eef36001fd9dad8c10d1dabf23ec5b268b82e552f47e084147`
SHA3	`2d1505a25cfa910a51b3d93222f2842acafb91edc84cd5af1cf17f266d27e1b4`

143

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94253`
Detected Filetype	PNG graphic file
MD5	`f0b79815b6abee33c7d412489f6ddeeb`
SHA1	`b3c01b51e5332f9ee4ceeef81c61659dcab79f99`
SHA256	`6ed7768ef99f0e3b58dc435e65412fc42346119b0d4b79c05a96ab67240d4890`
SHA3	`5f68b63a52463105dd6b5359572c51fb2a6b9fb16b9cd17564751fba4eaa004d`

144

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1574`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9532`
Detected Filetype	PNG graphic file
MD5	`ab66df84d95b0694c03d928aaae5fc6d`
SHA1	`48e8eae2f7f75113ac6c50bf27ef75d71eb83d99`
SHA256	`5f3de377e88941b5f8a065595b2da5f979a3692a43f40de6a5a490581415bc48`
SHA3	`546b5ec502cf208c322cb4b4d0538b8c41c609bd84d22687c291d6945bd0e063`

1

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72812`
MD5	`d4ff4e9e724f25f5265a3b0cd07d03d4`
SHA1	`9777e4e59ce089e4c8727910586b325f1cbfe12d`
SHA256	`8c5a126b0e59e2927158fe5008c375aeef5396adb797c682e07578d13c283a3f`
SHA3	`c75e4c8d4280cd1e4d3a7d59a7d7993be648ff029d47900a843807031484d03d`

2

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05033`
MD5	`717434e636786d3d0fb3f571f6109660`
SHA1	`2ed8ddea1a94e39f624dd752c1843648e5ad2aa6`
SHA256	`06db3222f267c74b72573a349de6a24bcfbb4bba9656d3dd6b50f4f64326e156`
SHA3	`11bf1f65e167fb701bcd216f1c0dfafb324c6d5c883989c59fcfcd08d93072a3`

3

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.80214`
MD5	`97f6acbd9fba8933adafe9cef8193ff7`
SHA1	`3fcce71b59dd9806e573170748858cc02c00c260`
SHA256	`91baaad720c63aaff01b902deda14e2c8b355c31159b71c481dc6fb67bcbb4cf`
SHA3	`d5b9de20cb7ea1c27b6a8500de4b0e2b8b436804b1d70a4ddbd8d77ce60ef340`

4

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63098`
MD5	`14a8d213994c484121f0f0d63746601d`
SHA1	`3ad42569021b69060eb157875531fa0310b48e86`
SHA256	`2d2aea139c8f41675322a459ce75295ac168eb0e925ed5a75c0981b3693069aa`
SHA3	`e684a3170b7471ffd03ac8607f9d5d56a3892db7d3d21bc5d4ab9383fbebcb92`

5

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55212`
MD5	`04a6442470e12c4f6931ecd090862ef9`
SHA1	`11704afd9e26ca32f68ede4e0c043405722ffba3`
SHA256	`a4319fd1d9a81d7a6dc9ef1818d85dc68ded85342754d2f5768e01d0edf46780`
SHA3	`37952f4114576bfe8616ef61541c8f81eddef30236d455ce5f74a30d98a8539f`

6

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.29146`
MD5	`db2dc0ce6ad8b8cdc5be830bf79a761b`
SHA1	`c9345712f79eed69677a5f165d115624da3de4cf`
SHA256	`ff8ccb25e747ead631922be99ebc2004a97295b0b606f40e83f15c2dc2bbbc81`
SHA3	`c0f08c34bfb83c0aebe052470d5b51b2367a2bb61bb911259c200931f6b0d42b`

7

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.17845`
MD5	`35fffe5c3ef617079a0237e67ada2472`
SHA1	`70900b1268464c03c8c5f7192456b7e6efceb1da`
SHA256	`860a680c92db087b12dd6bf2ef581979c08ac13ed9657403dab974f387420555`
SHA3	`dd8b7568bca263f759c9dffa79fc19cf647abcbfdc473b14d2ac11a86fd45e70`

8

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.995644`
MD5	`1b905e5ca2a21da398c9c73124428505`
SHA1	`6f922d03bc5d6ec61789deb9731141893edf55a0`
SHA256	`5edad8d3d744070cb51e4dfdb02053a15101c8c954f952e4dfe57a4d7659e5b2`
SHA3	`f07b653197b1cf5483179f834c56415c8e7f11f3e59af3a35753df6cd0a94520`

9

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.666526`
MD5	`75bec5efc67babcf530d51321d95ed7e`
SHA1	`38eb531d42adfab051bc81ef0590d60a21d77498`
SHA256	`3bd84b82f6e6a2cb156d881bdc1f29567d5712ad81d2da33b0ff9cd8a5a9981f`
SHA3	`665bc39673c1b61060b16e7572c6520c7d50080a166343540e56f4dd9e233502`

10

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84104`
MD5	`acd42b137b48d1f19ee65a10fc90814e`
SHA1	`d1f9068dee688563ae870c437900709795cc6dbe`
SHA256	`d87015c12fb89d2c54c2b1ea0b5f0feaf50bba50cddcf546668c62316597bf2f`
SHA3	`eafa118068102c848c31a6c914e40e8de8a682f2c36091294cb30b518fc5e6e5`

11

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.82478`
MD5	`3a50f5b7c71bbdc5512fbc3873192dcf`
SHA1	`bcedef446ec1d6f465f15aef66474e7adab95a48`
SHA256	`c7988ba08e9df9a1eee74d2ed9ecda968a384dd1ac105125b95dee98cc663c19`
SHA3	`6f3a01136cfd17eae5a4d0d5c60b8652742debf4ef5c0874d40fe007b4ed3432`

12

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.82478`
MD5	`68e0f3426f82d799afe0f96427beec21`
SHA1	`4ea992afa212b04e07fea303ecb328ff54e061cc`
SHA256	`744c1f78a1a9d3ec04ad6358c2bdbd89b8a1cfa9d850c1ee4ecfa4b3f256ff26`
SHA3	`745e989aef3ea85a98abbf63a7b4afe3fb525c099bc5dce78aa7f5af17b5f70e`

13

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.670417`
MD5	`6d9a8875e9bc6d3e9eae95b2b03257ce`
SHA1	`b7c15c9636773a47be134736c68bdd339922aeb9`
SHA256	`cbb310244272c36ea589f9257476e6c19b1eb6be0cd5193cd5901efd4d184c35`
SHA3	`744ffb0101cc0d94ee909ff8cdc163f79773c26af417370d25faffc4bc936155`

14

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.659108`
MD5	`fe9cc0eafbb8e74285bf641fb8e73244`
SHA1	`5ab52f22cb2de40638a657785c87df0ae3729fa7`
SHA256	`302d274cf49db7ebc8f97dd4320489781da8a44447cbb2a7346ccff84b1b944b`
SHA3	`2803d7cd35174ade40efc9c9f338db79b345777a589353be85b7c744e7a3a4fc`

15

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.65993`
MD5	`53fb50fe6ce1aa6722afa878db7289a8`
SHA1	`a31cf91b8df398a12b84c5fbd10494b2ff6b749d`
SHA256	`bc19a3937fe7fb79cf877d2bea8d1ab4ea30d1a05f4c60d42cf57142c81290e9`
SHA3	`6a4d76c847f3ef198074c93c4e25056a081fc8131151daa0473cd2a9394db239`

16

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.670417`
MD5	`12a2030014722c91cddfed04b83be533`
SHA1	`c462f3e4e6bc388726ba3d488506d366ea0c6999`
SHA256	`9534fac9229e10c53a85e5a6deb4224d12a7a3024b7ff9ccc1cb8717ffd7acaa`
SHA3	`11e87ce0be315125dcceaf8d8136b0ec09a3ed22b2fbc4724501aeaf38077e1c`

17

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.659108`
MD5	`94ea73b19eada640886c96389652ec8f`
SHA1	`aaaf2828cb9aed84f203efec44e302e5af20bafe`
SHA256	`faf155f58e17b8e1a98cc26aaa92597c62dc87ff98555cd708f6684eb8243d4c`
SHA3	`cb12ab171e7bf02f1c82573cf89cac99f83e304a66f3c4137bf54d4b742f4e7c`

18

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.65993`
MD5	`2dc824995511736d22408fb4dba702ba`
SHA1	`9aac0c12e6f517872128083df0f5b1105d6d8e7c`
SHA256	`f4bcc6750981e15e3fc8c751997156f4df9055cece8d16944e4dea2ce4bc911b`
SHA3	`56d609cc52f073b584c7138bb6349751b24e07fe66ba60fb56ea997b8bb1f078`

19

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.799151`
MD5	`6505e57c301902618e8f1d070667db1a`
SHA1	`c8a96d9801db8e9550741da0e8f4a55655253281`
SHA256	`787dc2d9d3f4034a91bd222034d01eafb01e1053ac3579a0fd033f141dcccb69`
SHA3	`92104dc773f9195f1795235be40b81774a87b52603a7e3089d48780829cf7bae`

20

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.65872`
MD5	`ea82e850caed8b7eda4b753fb9d8c03a`
SHA1	`699e1bb7f568456fcc41c9ed9ecc9089d640d6a1`
SHA256	`236462dd2d629d67ff18c41f41cfa739549aff2933f7df2bd51630790b4d424e`
SHA3	`7cc9d637e593f742566b68ce8dd23201f2097429a4f48d55993f87da0d726754`

21

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.46615`
MD5	`ff49a9a5c7e188634136611a03c441ed`
SHA1	`756344327134a9f9c1404185baaad435bf0a53fc`
SHA256	`3eba69eaec7cef56d2c964dee1f9c0226a365b3ae869a402690d548c82c16ba3`
SHA3	`a5bebb0afb2d86976c02d4f2befc5fa28d496be24ad98a8611055f9d67683c27`

22

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.08719`
MD5	`b490b06239b76334192a94969717671b`
SHA1	`3f19007fbd45bebdd6fe4235fb95517bf67911c1`
SHA256	`2a53b434f3ab8d37381a5461163027d2a256f0bda3ea8f65795ed6d2c66b4e30`
SHA3	`5217b671e39ef4e252e5fa4e6b4f1a05d89627e53702a0842d0c9504b7aa3ee6`

23

Type	`RT_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.07143`
MD5	`aac863f48e2b416af0febc82cd648345`
SHA1	`f4bec546c4c140e4436ca28d82148997a56f1ac0`
SHA256	`5b4c85e7d881d8c74760c07f9e4fe3d7427a72bed0e379aed6a78f7cbeca3199`
SHA3	`3c0698cb59f54d170bb85287b6fc265cf78e0a7a8b2502718f0c7899fdc95685`

33120

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83876`
Detected Filetype	Cursor file
MD5	`a2baa01ccdea3190e4998a54dbc202a4`
SHA1	`e8217df98038141ab4e449cb979b1c3bbea12da3`
SHA256	`c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710`
SHA3	`8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc`
Preview

33121

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Cursor file
MD5	`aff0f5e372bd49ceb9f615b9a04c97df`
SHA1	`e3205724d7ee695f027ab5ea8d8e1a453aaad0dd`
SHA256	`b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c`
SHA3	`9cb042121a5269b80d18c3c5a94c0e453890686aedade960097752377dfa9712`
Preview

33122

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`48e064acaba0088aa097b52394887587`
SHA1	`310b283d52aa218e77c0c08db694c970378b481d`
SHA256	`43f40dd5140804309a4c901ec3c85b54481316e67a6fe18beb9d5c0ce3a42c3a`
SHA3	`38753084b0ada40269914e80dbacf7656dc94764048bd5dff649b08b700f3ed5`
Preview

33123

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`1ae28d964ba1a2b1b73cd813a32d4b40`
SHA1	`8883cd93b8ef7c15928177de37711f95f9e4cd22`
SHA256	`ff47a48c11c234903a7d625cb8b62101909f735ad84266c98dd4834549452c39`
SHA3	`a85dadd416ce2d22aa291c0794c45766a0613b853c6e3b884a2b05fc791427b8`
Preview

33124

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.46809`
Detected Filetype	Cursor file
MD5	`d66ede131a0b66bc73b797f3ab01cae6`
SHA1	`049144cedcabc8443ba9b9d16c4a5f8fa6c2cbac`
SHA256	`f75e551324504a3c9caa453a4b0fd424884291acdb82f0549e7bb0b48ce01647`
SHA3	`bea99994e7901c76649ed73e68b2bf22bcf6c427b7665d2bbd09f70b80490229`
Preview

33125

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.46809`
Detected Filetype	Cursor file
MD5	`2933c67a462bd6238b86a9d44634158f`
SHA1	`7a818b5a1da0dbf5c9d3ec227eb5944a779f016a`
SHA256	`770a19a2be0c18daf7fb714c6f78e5fecde900b9fda29a6c4691c369253f6f0f`
SHA3	`3e59433bb9c9ef6b3f3dd6d6723238d79b0831e52aa016113d25b89e2085dac1`
Preview

33126

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`9edadd9eb5da2bb6aad56c666862c9c5`
SHA1	`3901ac1f5112ebee7a931141c73e76b60c984cf8`
SHA256	`7662c77c89bc776c64acfbc6ac7f22f56a631304205ac1a00d1d6c876ff1574d`
SHA3	`24753677cf5443d63f8406407477e81b9c98c7d2ee1ef92dca85d23fdd6e3e43`
Preview

33127

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`cc34525879592b62945fa5102955e7af`
SHA1	`1c1f341f0ff952d168ec070d95809224631c5f59`
SHA256	`c7f15e3e69f8bad21f5f9c9546b129828d66e90b38a8fe9cf33cf23846e62700`
SHA3	`1af1bcbf18cfdeb5e3d81c46ab15ef59bc0b1de5f5ff9dc32f491120f405f5c6`
Preview

33128

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`cb8d29dff5278e39030b2ad47022cf49`
SHA1	`a48b5853b494a9095f0899e23414db872433d366`
SHA256	`fd27224dee56e50f926e0c003d1bdb8c31db4d1f0a089280d0f55b79ff45c1e7`
SHA3	`3eca032eb883d63cd63778223e4ed5d3982bcbc58eed6534f0a70d84a7a624e5`
Preview

33129

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`874e41c97e9c38232490d3bea15ae8b3`
SHA1	`ae70b2c25c1566c2e13ac44e0057ef4f6daf8d91`
SHA256	`2c57fbd554735f2b8ff46f26b3d2d58a5a5e4152a02043e7fd6c552a43a3ceee`
SHA3	`b13a2c1efb8dad10ad85e8b4ce0067cbbea82053146cd5a81b0fecef2a15bf15`
Preview

33130

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`24d6779f223eda66e958315d638d0b62`
SHA1	`12525fd20006775a0366d61620ae851ae090dbfb`
SHA256	`1133ff27d25ac052e4a0570865c18ce0e07a3afbb89577bc52af61435a91b8cc`
SHA3	`feab5af24df559fd8b9b078058f0cd7af2d943e88736af167b57482cff6597bc`
Preview

33131

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`63e88d11b8e4a0868f5c2dcb5c944b1e`
SHA1	`19e86d2e68c188e8f8101e3c053bfa02ca714b97`
SHA256	`5907a1ab79be2dae328a84248db9750607aeb7b802af582f974a5ae59fb3c37c`
SHA3	`fe8a1640613ab39314806298ace08aae1c0f1d9f89c9aa23e7a270562db0dd0e`
Preview

33132

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`08ffff653a54f5518c6bbcbd1c4e82f4`
SHA1	`4a8832e7ebf39d3e0398d4332748b00d5964e6e0`
SHA256	`d19508d8742527d523aa3ef78e1091ce417bec079e9632181cdc8ff245c53ce9`
SHA3	`7650fb4c907b38dfe5785926961a8e754ad52af5bd6eef810c761e1cd02a1fb6`
Preview

33133

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.11924`
Detected Filetype	Cursor file
MD5	`384df7c4869187442684d2fb5292ac78`
SHA1	`ffa445392454d9a208a18fc2520b7ad60e5936df`
SHA256	`1dac0833fe30898ce2c1df2c70b09d62d51f8f765ae0ffd90b811067e875ae98`
SHA3	`1fbbe841170dac2994db17d7b74b60a56ffe6ab959f8e1bb6c5605c6bcf2c705`
Preview

33134

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`4e14da9e6db8978ffd0c5eb4b3e9e80a`
SHA1	`2a4d2df5f07e3a096a27db0f2297f46e7f8df507`
SHA256	`5fa51d73b8ea1316fb0c8f11c3740c6f755a8499a135e4e18ef6b823aad3ad70`
SHA3	`ea3bf238714cb012824de6f84f91faf385180340f7563976e327c4fef3750f5e`
Preview

33135

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`015d385990b99272d167c51c508f427e`
SHA1	`f4591544894c9e23e281d023fb2210a1274d1628`
SHA256	`7794cf070f4c99cd9ec27a43faa84daab8d19e765f0489c981a9ef28468a3899`
SHA3	`514c273141a62c18cd8fc7252db9af2dcfd0226ea3c3efe8ef3ed5ad3b16be99`
Preview

33136

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`9ee83aa87f2c8ba446b991fb305805f0`
SHA1	`c5b3271c02fd48848692cc701618ec1badc359e6`
SHA256	`4c9fe467bd0250366713a2a43f5162e5ec2e7cd566ea218f7a6545e0ad878184`
SHA3	`c5065128f9b38fcc3692787e5e4d29bcd359689a3fd3cda0bdc6e41ae32f4fd2`
Preview

33137

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`79bc23c45190436b2c51ff2941fa8720`
SHA1	`0a8234176fad8831709703a0a34337a08987a983`
SHA256	`b328fe22a904a2e7e1341a95dbf00e2fdffc9ab350bc64c5ee348d3007c2b479`
SHA3	`b897f30ec85dad865a74be84cd616e0066da486befd0983d87e2b6f5d66a6c6b`
Preview

33138

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`1e219dd609ce399df95ba7af59ef113f`
SHA1	`436a16dd20d5e3ec42342a4d005a664cd227f517`
SHA256	`8f51832638675f16ec5f251ab59251b3f85d84e5129025d44c45b3191b331c58`
SHA3	`9e44adcf523bb484f416a99197d947211027feae6b6665b457883e548218befd`
Preview

33139

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`690a20e696fc4e33ffb377a8ef54fb97`
SHA1	`972159605fa069921dbdee9b7a35879e6f1928a6`
SHA256	`6c2ef97bca5cdc6aa6de65b1f1ae8328bcb3494a16025eee870231d991e2cd56`
SHA3	`fd9d56519b5bf976a4ae748fe0c51dcd47ac27ce6a7c271fa2bbb3e00f473b22`
Preview

33140

Type	`RT_GROUP_CURSOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`459379b9418ad5b62b1bf409300acb32`
SHA1	`5363fc84172d6b624542a0b52edbbfe21e2443ae`
SHA256	`1085b7390dbd2b2006f85619521047c6ca58a8b274196eeed48e74ad8a1b746a`
SHA3	`2b8f3218d3da7e4ee463a712c6c3b8f5b58cc6799a84f5e582b6a40da38a2bfc`
Preview

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47454`
MD5	`0d06e5c66c1a17b5183f8df6fa148ed8`
SHA1	`b224409ef43319fc062cadbd067e7c4b31fd9e9a`
SHA256	`f58ec81e0c02c6024ff5953eb5abcdeeb7b06992a9660b399301c88ce7ee9652`
SHA3	`8374cae86235513d9f48257138873ae831db04ef7ba708a6db1f65d3986f767b`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2ee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.34432`
MD5	`f71fa71388aed6563efe645f0dbda677`
SHA1	`68eeea22f0e47a51e964e039b35a0d0983ec5032`
SHA256	`de45147e55311fac5d1d34377bae5e76e1626f36cb4fa149f32d3de2f4b6c1cc`
SHA3	`bc4769febf497a16763cf60288e65ee5f0704bec987f09b9aea8b9863e177903`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	129.0.5823.26
ProductVersion	129.0.5823.26
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Opera Software
FileDescription	Opera GX Browser Assistant Installer
FileVersion (#2)	129.0.5823.26
InternalName	Opera GX
LegalCopyright	Copyright Opera Software 2026
ProductName	Opera GX Browser Assistant Installer
ProductVersion (#2)	129.0.5823.26

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Mar-24 15:26:51
Version	`0.0`
SizeofData	`52`
AddressOfRawData	`0x34169c`
PointerToRawData	`0x340a9c`
Referenced File	assistant_installer.exe.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	2026-Mar-24 15:26:51
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x3416d0`
PointerToRawData	`0x340ad0`

TLS Callbacks

StartAddressOfRawData	`0x1403a9000`
EndAddressOfRawData	`0x1403a9290`
AddressOfIndex	`0x140364828`
AddressOfCallbacks	`0x1403443c8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_32BYTES`
Callbacks	`0x000000014008D410` `0x00000001401A3120` `0x00000001400C4AF0` `0x00000001401A31A0` `0x000000014003C890` `0x00000001400BFE20`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140354040`
GuardCFCheckFunctionPointer	`5372134088`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

Errors

Leave a comment

No comments yet.