Manalyze report for cdb7bcd1dba461952a30e0230228b86b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Oct-02 06:48:01
Detected languages	Chinese - PRC English - United States
Debug artifacts	D:\Jenkins\.jenkins\workspace\master_lu\lds_install_and_uninstall\install_and_uninstall\Uninstall\Release\Uninstall.pdb
FileDescription	鲁大师卸载程序
FileVersion	`8.1022.6150.928`
InternalName	uninst.exe
LegalCopyright	Copyright (C) 2011-2022 www.ludashi.com
OriginalFilename	uninst.exe
ProductName	鲁大师
ProductVersion	`8.1022.6150.928`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig2(h)` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: regsvr32.exe` `Contains references to security software: 360sd.exe QQPCTray.exe avp.exe` `Accesses the WMI: ROOT\CIMV2` Contains domain names: adobe.com dl.ludashi.com http://dl.ludashi.com http://dl.ludashi.com/ludashi/ludashisetup.exe http://l.public.ludashi.com http://l.public.ludashi.com/pc/feedback/uninst http://l.public.ludashi.com/pc/ud/dogsun http://ns.adobe.com http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://s.ludashi.com http://s.ludashi.com/url2?pid http://s.ludashi.com/url3?pid http://www.ludashi.com http://www.ludashi.com/appstore/app_times.php http://www.ludashi.com/appstore/uninst_promote.ini http://www.ludashi.com/cms/service/jump.php?key http://www.ludashi.com/stat/pc.php?pid http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# l.public.ludashi.com ludashi.com ns.adobe.com openssl.org public.ludashi.com s.ludashi.com www.ludashi.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to Blowfish` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryW GetProcAddress LoadLibraryExA` `Functions which can be used for anti-debugging purposes: SwitchToThread CreateToolhelp32Snapshot FindWindowW` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegSetValueExW RegQueryInfoKeyW RegEnumKeyExW RegDeleteValueW RegDeleteKeyW RegCreateKeyExW RegQueryValueExW RegOpenKeyExW RegEnumValueW RegCloseKey RegQueryValueExA RegOpenKeyExA RegEnumKeyExA SHGetValueA SHGetValueW SHDeleteKeyW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Microsoft's cryptographic API: CryptImportKey CryptContextAddRef CryptDecrypt CryptEncrypt CryptGenRandom CryptSetKeyParam CryptDestroyKey CryptReleaseContext CryptAcquireContextW CryptStringToBinaryW CryptStringToBinaryA CryptBinaryToStringA CryptBinaryToStringW` `Can create temporary files: GetTempPathW CreateFileW CreateFileA GetTempPathA` `Has Internet access capabilities: InternetGetConnectedState URLDownloadToFileW URLDownloadToCacheFileW` `Functions related to the privilege level: DuplicateTokenEx AdjustTokenPrivileges OpenProcessToken` `Interacts with services: QueryServiceConfigW OpenServiceW OpenSCManagerW DeleteService CreateServiceW ControlService ChangeServiceConfigW QueryServiceLockStatusW QueryServiceConfig2W QueryServiceStatus QueryServiceStatusEx` `Enumerates local disk drives: GetDriveTypeW GetLogicalDriveStringsW` `Manipulates other processes: Process32NextW Process32FirstW OpenProcess EnumProcesses` `Can take screenshots: GetDC FindWindowW BitBlt CreateCompatibleDC`
Info	The PE is digitally signed.	`Signer: Chengdu Qilu Technology Co. Ltd.` `Issuer: DigiCert SHA2 Assured ID Code Signing CA`
Malicious	VirusTotal score: 8/71 (Scanned on 2022-10-26 13:53:51)	`Cylance: Unsafe` `K7AntiVirus: Adware ( 0058a1a01 )` `K7GW: Adware ( 0058a1a01 )` `ESET-NOD32: a variant of Win32/Qihoo360.O potentially unwanted` `Avast: Win32:Malware-gen` `Sophos: Qihoo 360-related low reputation certificate (PUA)` `Fortinet: Riskware/Qihoo360` `AVG: Win32:Malware-gen`

Hashes

MD5	`cdb7bcd1dba461952a30e0230228b86b`
SHA1	`2bcadb2421a334a4cb47973fcb0bdf7f0858b642`
SHA256	`8e5d49a673265dc01e73389c21d2984fab56bb1539d7814066cef7fe86e3bc18`
SHA3	`870dde8b15f0c9cf6170fa988c3114dc1038fddc6399fea9f912d38dc11e4fc7`
SSDeep	`24576:RxWKvdyQh/AvFMOU+w0scsjrwzML+TsnEEwiNrXcchsYGq7Rc0QJoCNOnuXdNgV:rWCth/S0LA4LU2NrXXhsnYWSuXd2V`
Imports Hash	`d32bad274ff769a085d05760702893fc`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x140`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2022-Oct-02 06:48:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x12c600`
SizeOfInitializedData	`0xa3200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000689B0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x12e000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x1d7000`
SizeOfHeaders	`0x400`
Checksum	`0x1df532`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a2084e349715afdb95242d2cfb486fcf`
SHA1	`7fca5d69129ef5c2819768076eb85f9cef59e8c3`
SHA256	`38f69d0851d121e55a3f5558cf3bd19c22e78f5a52f7c6802f343fcfb5fd262c`
SHA3	`4093c1a235568e401f52dbb24a5fc452e9f1c400943bc8816e025e2e2639d6f9`
VirtualSize	`0x12c4bf`
VirtualAddress	`0x1000`
SizeOfRawData	`0x12c600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.57957`

.rdata

MD5	`2f6d23bbdf5d288dd5e95c19c07dfe22`
SHA1	`ba0c3884c3d78657a58b5db74237c5551044af00`
SHA256	`dd7d4a52337a6f77087bc893b37be937eb0271932b928bcb969d603cebf9275b`
SHA3	`ae431806830a8466da73d4a61875b522f3df0cd9d9099864870245c845dc4b72`
VirtualSize	`0x3e1fa`
VirtualAddress	`0x12e000`
SizeOfRawData	`0x3e200`
PointerToRawData	`0x12ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.91457`

.data

MD5	`58e244e704e0bd9bcdd5fb25543c3fbc`
SHA1	`8b832ba72128fda26f8164d66cb90bbab5b15483`
SHA256	`1a7fba6122d9ffe62980588fecd6a6604d71d66e683f8d104e716199e112db20`
SHA3	`5e78b1952ca50487236119ccd482584c01c0625b436a230fc61acce139fd78c3`
VirtualSize	`0xa414`
VirtualAddress	`0x16d000`
SizeOfRawData	`0x6c00`
PointerToRawData	`0x16ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.87383`

.rsrc

MD5	`d4458c15b5ee686d2ffe6e81de2fd5f4`
SHA1	`cf3e99b8f423b0c3cf0af7f4a28d13b465e5ba79`
SHA256	`5331581f00f088782e873dd6b4566539ac60bf3049e61d581954926bdcb2185e`
SHA3	`186f67439d5eab411cc09d444e832e6ff58ce16137c889bd65a8fd1c70fde48a`
VirtualSize	`0x4e420`
VirtualAddress	`0x178000`
SizeOfRawData	`0x4e600`
PointerToRawData	`0x171800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.33539`

.reloc

MD5	`6eca3b491229bfda0bfd2339cf8a1bca`
SHA1	`eb99409aa0081d010f77c1c38ecfc21d93b6371e`
SHA256	`dda18bb9a0abe9578dd088ef95856355dabe0e8cb8b24a012c79d1ff99939724`
SHA3	`21535b874bb9d7680dce01790d5aa5ed1c5e97b601c55ac4dd2da264e560ee4e`
VirtualSize	`0xfd40`
VirtualAddress	`0x1c7000`
SizeOfRawData	`0xfe00`
PointerToRawData	`0x1bfe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.69603`

Imports

KERNEL32.dll	`lstrcmpiW` `LoadLibraryExW` `GetSystemDirectoryW` `SetCurrentDirectoryW` `GetCurrentDirectoryW` `SwitchToThread` `DosDateTimeToFileTime` `LocalFileTimeToFileTime` `DebugBreak` `InterlockedDecrement` `InterlockedIncrement` `DecodePointer` `CopyFileW` `GetTempPathW` `GetPrivateProfileIntW` `Sleep` `WritePrivateProfileStringW` `MoveFileExW` `FindNextFileW` `FindFirstFileW` `GetFileAttributesW` `SetFileAttributesW` `GetFullPathNameW` `GetTempFileNameW` `GetPrivateProfileStringW` `GetStartupInfoW` `CreateProcessW` `lstrlenW` `FindClose` `GetVersion` `WideCharToMultiByte` `DeleteFileW` `GetCurrentProcess` `GetModuleHandleW` `GetTickCount` `InitializeCriticalSectionAndSpinCount` `SetLastError` `GetCurrentThreadId` `RaiseException` `MultiByteToWideChar` `ReadFile` `GetFileSize` `UnlockFile` `FormatMessageW` `ReleaseMutex` `WriteConsoleW` `SetFilePointerEx` `ReadConsoleW` `SetStdHandle` `WaitForSingleObjectEx` `OutputDebugStringA` `SetConsoleCtrlHandler` `SetEnvironmentVariableW` `SetEnvironmentVariableA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `LockFile` `GetCommandLineA` `GetCPInfo` `GetOEMCP` `IsValidCodePage` `FindFirstFileExW` `FindFirstFileExA` `GetConsoleMode` `GetConsoleCP` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `MulDiv` `Process32NextW` `Process32FirstW` `CreateToolhelp32Snapshot` `GlobalFindAtomW` `CreateMutexW` `GlobalDeleteAtom` `GetCurrentProcessId` `OpenProcess` `GetLongPathNameW` `GlobalFree` `GlobalUnlock` `GlobalLock` `GlobalAlloc` `FindResourceExW` `FindResourceW` `GetModuleFileNameW` `LoadLibraryW` `CreateEventW` `SizeofResource` `LoadResource` `WaitForMultipleObjects` `WaitForSingleObject` `SetEvent` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `GetProcAddress` `FreeLibrary` `LockResource` `GetVersionExW` `GetLastError` `GetFileAttributesExW` `CreateFileW` `CreateFileMappingW` `GetDateFormatW` `GetStringTypeW` `GetFileType` `GetCurrentThread` `GetACP` `GetModuleFileNameA` `ExitProcess` `GetTimeZoneInformation` `GetModuleHandleExW` `FreeLibraryAndExitThread` `ResumeThread` `ExitThread` `CreateThread` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InterlockedFlushSList` `RtlUnwind` `FindNextFileA` `FindFirstFileA` `lstrlenA` `GetStdHandle` `SetEndOfFile` `GetFileInformationByHandle` `CompareFileTime` `FindCloseChangeNotification` `FindFirstChangeNotificationW` `SearchPathW` `CreateDirectoryW` `SetFileTime` `FlushFileBuffers` `lstrcmpiA` `lstrcmpA` `GetSystemWindowsDirectoryW` `FreeResource` `GetSystemTimeAsFileTime` `UnmapViewOfFile` `MapViewOfFile` `CloseHandle` `QueryPerformanceCounter` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `OpenFileMappingW` `LoadLibraryExA` `VirtualFree` `VirtualAlloc` `IsProcessorFeaturePresent` `ResetEvent` `FlushInstructionCache` `InterlockedPushEntrySList` `InterlockedPopEntrySList` `InitializeSListHead` `EncodePointer` `OutputDebugStringW` `IsDebuggerPresent` `GetDiskFreeSpaceExW` `GetDriveTypeW` `GetLogicalDriveStringsW` `DeviceIoControl` `GetShortPathNameW` `InterlockedCompareExchange` `InterlockedExchange` `LocalFree` `LocalAlloc` `ExpandEnvironmentStringsW` `GetLocalTime` `GetFileSizeEx` `MoveFileW` `RemoveDirectoryW` `GetWindowsDirectoryW` `DeleteFileA` `CreateFileA` `GetTempFileNameA` `GetTempPathA` `WriteFile` `GetExitCodeProcess` `TerminateProcess` `SetFilePointer` `GetProcessHeap` `HeapSize` `HeapFree` `HeapReAlloc` `HeapAlloc` `GetCommandLineW` `HeapDestroy`
USER32.dll	`IsWindow` `PostMessageW` `GetWindowThreadProcessId` `FindWindowExW` `SetForegroundWindow` `IsIconic` `ShowWindow` `GetWindowTextW` `GetClassInfoExW` `SendMessageW` `ReleaseDC` `SetRect` `RegisterClassExW` `UnregisterClassW` `CallWindowProcW` `SetCursor` `OffsetRect` `LoadCursorW` `PtInRect` `CopyRect` `DrawFocusRect` `BeginPaint` `EndPaint` `IsRectEmpty` `GetDC` `KillTimer` `SetTimer` `wsprintfW` `IsWindowVisible` `CreateWindowExW` `CharNextW` `PeekMessageW` `DispatchMessageW` `TranslateMessage` `GetMessageW` `FindWindowW` `InvalidateRect` `GetMonitorInfoW` `MonitorFromWindow` `LoadImageW` `GetWindow` `MapWindowPoints` `ScreenToClient` `SetWindowTextW` `GetSystemMetrics` `MoveWindow` `DestroyWindow` `PostQuitMessage` `RedrawWindow` `GetWindowTextLengthW` `DrawTextW` `SendNotifyMessageW` `RegisterWindowMessageW` `GetShellWindow` `WaitForInputIdle` `SystemParametersInfoW` `SetWindowRgn` `SetWindowPos` `BringWindowToTop` `DialogBoxParamW` `EndDialog` `LoadStringW` `IsDialogMessageW` `SendMessageTimeoutW` `UnregisterClassA` `UpdateLayeredWindow` `GetParent` `SetWindowLongW` `GetWindowLongW` `GetWindowRect` `GetClientRect` `DefWindowProcW`
GDI32.dll	`CreateFontW` `DeleteObject` `EnumFontFamiliesW` `CreateFontIndirectW` `GetDeviceCaps` `GetTextExtentPoint32W` `DeleteDC` `SetBkColor` `ExtTextOutW` `BitBlt` `CreateCompatibleBitmap` `CreateCompatibleDC` `SetViewportOrgEx` `CombineRgn` `CreateRectRgn` `SetBkMode` `SetTextColor` `RestoreDC` `SaveDC` `SelectObject`
ADVAPI32.dll	`CryptImportKey` `QueryServiceConfigW` `OpenServiceW` `OpenSCManagerW` `LockServiceDatabase` `DeleteService` `CreateServiceW` `ControlService` `CloseServiceHandle` `ChangeServiceConfig2W` `ChangeServiceConfigW` `RegSetValueExW` `RegQueryInfoKeyW` `RegEnumKeyExW` `RegDeleteValueW` `RegDeleteKeyW` `RegCreateKeyExW` `RegQueryValueExW` `RegOpenKeyExW` `RegEnumValueW` `RegCloseKey` `DuplicateTokenEx` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `OpenProcessToken` `QueryServiceLockStatusW` `CryptContextAddRef` `CryptDecrypt` `CryptEncrypt` `QueryServiceConfig2W` `CryptGenRandom` `CryptSetKeyParam` `CryptDestroyKey` `CryptReleaseContext` `CryptAcquireContextW` `RegQueryValueExA` `RegOpenKeyExA` `RegEnumKeyExA` `GetTokenInformation` `QueryServiceStatus` `GetUserNameW` `UnlockServiceDatabase` `StartServiceW` `QueryServiceStatusEx`
SHELL32.dll	`SHFileOperationW` `SHGetSpecialFolderLocation` `ShellExecuteExW` `SHGetFolderPathW` `CommandLineToArgvW` `SHGetSpecialFolderPathW` `SHCreateDirectoryExW` `#165` `SHGetPathFromIDListW` `ShellExecuteW`
ole32.dll	`CoInitializeEx` `CoInitializeSecurity` `StringFromGUID2` `OleRun` `CoCreateGuid` `CoInitialize` `CoTaskMemFree` `CoTaskMemRealloc` `CoSetProxyBlanket` `CoTaskMemAlloc` `CoCreateInstance` `CoUninitialize` `CreateStreamOnHGlobal`
OLEAUT32.dll	`VariantCopy` `SetErrorInfo` `VariantChangeType` `GetErrorInfo` `VariantInit` `SysStringLen` `VariantClear` `SysFreeString` `SysAllocStringByteLen` `SysStringByteLen` `SysAllocString` `VarUI4FromStr` `CreateErrorInfo`
SHLWAPI.dll	`StrCmpNIW` `StrTrimA` `StrStrIW` `StrCmpIW` `SHGetValueA` `PathAppendA` `PathIsDirectoryW` `PathCombineW` `PathFileExistsW` `PathFindFileNameW` `PathRemoveFileSpecW` `PathAppendW` `StrCmpW` `StrStrIA` `StrToIntExW` `SHGetValueW` `PathFindExtensionW` `PathIsRelativeW` `PathIsRootW` `SHSetValueA` `AssocQueryStringW` `SHSetValueW` `PathUnquoteSpacesW` `PathFindFileNameA` `PathRenameExtensionA` `SHDeleteValueW` `PathIsPrefixW` `SHDeleteKeyW` `wnsprintfW`
COMCTL32.dll	`_TrackMouseEvent` `InitCommonControlsEx`
gdiplus.dll	`GdipCloneBrush` `GdipDrawImagePointRectI` `GdipSetStringFormatTrimming` `GdipSetStringFormatLineAlign` `GdiplusStartup` `GdiplusShutdown` `GdipAlloc` `GdipFree` `GdipCloneImage` `GdipDisposeImage` `GdipGetImageWidth` `GdipGetImageHeight` `GdipCreateBitmapFromFile` `GdipCreateBitmapFromStreamICM` `GdipCreateBitmapFromFileICM` `GdipCreateFromHDC` `GdipDeleteGraphics` `GdipDrawImageRectRect` `GdipDrawImageRectRectI` `GdipSetStringFormatAlign` `GdipSetStringFormatFlags` `GdipDeleteStringFormat` `GdipCreateStringFormat` `GdipMeasureString` `GdipDrawString` `GdipCreateBitmapFromStream` `GdipDeleteBrush` `GdipCreateSolidFill` `GdipCreateImageAttributes` `GdipDisposeImageAttributes` `GdipSetImageAttributesColorMatrix` `GdipSetTextRenderingHint` `GdipCreateFontFamilyFromName` `GdipDeleteFontFamily` `GdipCreateFont` `GdipDeleteFont`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`
PSAPI.DLL	`EnumProcesses` `GetModuleFileNameExW`
IPHLPAPI.DLL	`GetAdaptersInfo`
WININET.dll	`InternetGetConnectedState`
urlmon.dll	`URLDownloadToFileW` `URLDownloadToCacheFileW`
SETUPAPI.dll	`SetupIterateCabinetW`
Secur32.dll	`GetUserNameExW`
CRYPT32.dll	`CryptStringToBinaryW` `CryptStringToBinaryA` `CertGetNameStringW` `CryptBinaryToStringA` `CryptBinaryToStringW`
WINTRUST.dll	`WinVerifyTrust` `WTHelperProvDataFromStateData`
Cabinet.dll	`#23` `#22` `#20`

Delayed Imports

102

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2d2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.11518`
Detected Filetype	PNG graphic file
MD5	`9f15edadbcb981153e455f02b1b3bd23`
SHA1	`0be0297958fcbe8f4916fba3195eef6018164e62`
SHA256	`33a0b64c154bdcd0eb8f41e783c358a9f15a09be0d8c953bf112024d1aa20bf6`
SHA3	`ccf1fa3880a9273f3bfbcfb905a5fdd02687eece5ef4079521252db9747fcdac`

103

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x800`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.46776`
Detected Filetype	PNG graphic file
MD5	`d9704103807676d00b0501e45475b082`
SHA1	`dd18e03ce7109d9412379cf3ca5f6b9fd24a18b3`
SHA256	`de9e4de6677eff770c278e121e796d98fb690b61239a043fd25c4d167b022f77`
SHA3	`6a8d7157ad315fd7b49a612ad921ef3ed47b2fb18be890099971ccffd19a41f5`

104

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x716`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.28185`
Detected Filetype	PNG graphic file
MD5	`aef918963c75dfdc6cb0a737a4f02324`
SHA1	`4a2251c5a59a1680345b751815c2a1d75390f0d0`
SHA256	`a9fcaa07f831713a640fe61c3614bfa3bb151d46453be88b94a461716fa971af`
SHA3	`3dbad88c34333ec785b4f6a9bf6b372c9bd7f6c1816b82e9daf0996067a0a521`

105

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x8c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.60281`
Detected Filetype	PNG graphic file
MD5	`d0b7ee0f74dac8c7d96001cadb2476c5`
SHA1	`7410cb806939a7484590522509ca62f928cf8666`
SHA256	`51b06d3fa8fafcf738346a23bede1a0d3261d5e91774a371f88da9cb60559af4`
SHA3	`800b800b871a62ee8e40bc1dc8ba75755980449fdbb7cc27e31117d3a62bc2b2`

106

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x740`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.31713`
Detected Filetype	PNG graphic file
MD5	`28ea9e9389effcbd4c18c153cb66b8e3`
SHA1	`eddc43a462f90a8197341dc46ff2f20ae9b1879e`
SHA256	`5afc0c6f0d978d7083cf9fbd199309ab0bf88a0dca28a476cb9e30bbcda7961e`
SHA3	`2d87217ebeb2940c862cee5596bd31961d599dc8f03bdb61e85fa9c04634a1c2`

107

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x64b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.94249`
Detected Filetype	PNG graphic file
MD5	`c862a34218b511107eea62d397a512e6`
SHA1	`5a946cf1dccdc1b152969f1d2c8eee76f86c63ec`
SHA256	`d7af42463781a038080739e566d5f38ab52e5bf21e4826a0ef5428474d4dd2cb`
SHA3	`cc2ab0614d371f856b45d01551743a533186d071a7cba8071effa18a0c821c7b`

109

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x5da`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83432`
Detected Filetype	PNG graphic file
MD5	`e72c19d0f55a1ca81433787eb179d9ec`
SHA1	`8ae92562da12443accec633742c00ae4a1b7b2c9`
SHA256	`f7eabdbec8e9722cd01c2f79af175c3fcbadd76564ff6989410bf675a26aa059`
SHA3	`210adf63d28396957eb74b3e558c1bc5ed84107c26b4329a5aeedf5ad1cde397`

110

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x8c2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.50214`
Detected Filetype	PNG graphic file
MD5	`3bf6a51fe573b9bb95b00fffd80c7f4e`
SHA1	`f7f670d2ff534e41093d7b741ef4ec24484d585f`
SHA256	`1ee4bbe7f81e524904757b488c340c87e0239a2e591e9fefa447cc9f8dbd3119`
SHA3	`15780cefa8799d26960cd3bb304832917805f0a4e032973b2fdbdc9b697dd86f`

111

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x707`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.35155`
Detected Filetype	PNG graphic file
MD5	`0e52b3f5bf166deb3302f1fcbc016f59`
SHA1	`84f9bb93bc47b168cffebd11fa80ac490ef52c18`
SHA256	`2fbe45a3e9b9c86a5327fbd81b5a0d34dba7805bf2c8f56896ab03f69a17c4d5`
SHA3	`ae8691b98d1770c43c19423b512b8b29d5c3687f523cf2120381b307e2c4e421`

112

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x215b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86417`
Detected Filetype	PNG graphic file
MD5	`933c66aa009fdeafac27b7940128baa5`
SHA1	`69189845b8ba53e3aea3e1a94974c3ceaa6cb644`
SHA256	`69adf883560fafbf79f71ff6ee822f17c14babe9b12ca5bc058ce4bb85d2b04d`
SHA3	`f4335fc337c05900829edcb4310bd31a776b57ba322689e50e6ad8f2946aaf6b`

113

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x225`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13707`
Detected Filetype	PNG graphic file
MD5	`93a00ea399bdfa7cc199383e1ae84beb`
SHA1	`070ea75f33a0f6d92a3c434fa3cf1abfd35788fa`
SHA256	`92b24e3e915be46f4fb6cdfd2ba5a69c53921d37482a4fa9c7194328ac135b7e`
SHA3	`a06950cae56f1c3b80b045f81dd986415caffca862a649873b1f1724f74d06cf`

114

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2c6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.92194`
Detected Filetype	PNG graphic file
MD5	`a793c057596fbd0d20f9eb722de9123a`
SHA1	`5e91552d93503db55d078f9cada868fcfeb6b4b2`
SHA256	`11be25b3f9eb873233b748eee36cf08cbbfe3cdb05d94f652e23be00e6cffac8`
SHA3	`85764c189ec95ab70fe7fd7f29f543baf4db9330412b4fce0d3776b559d7c824`

201

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.94107`
Detected Filetype	PNG graphic file
MD5	`4f85cc2f6dd5954a34a3585f88a0027d`
SHA1	`7a41391bba95809c0a9d284c959bb24636f8f6f2`
SHA256	`a80e2dc95ca672b27c9fc9968e2f1cea231c5fc98e88373765075b03bddf5339`
SHA3	`58efb3ed5c02822d99547d1cc95cfe1e6006e7f1353e0791b0eda81c9af9780c`

202

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x740`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.31713`
Detected Filetype	PNG graphic file
MD5	`28ea9e9389effcbd4c18c153cb66b8e3`
SHA1	`eddc43a462f90a8197341dc46ff2f20ae9b1879e`
SHA256	`5afc0c6f0d978d7083cf9fbd199309ab0bf88a0dca28a476cb9e30bbcda7961e`
SHA3	`2d87217ebeb2940c862cee5596bd31961d599dc8f03bdb61e85fa9c04634a1c2`

203

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x487`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.45507`
Detected Filetype	PNG graphic file
MD5	`4745485929ea8e6054b611fe2699685b`
SHA1	`24966f6bbc36280e0e9a27d89ad11f03d3eb9d7d`
SHA256	`5f8fc1386d4ea08d1ce042c74af704787c9c8b9f042bacd025c152c8dd833794`
SHA3	`9706681ec575fcdc04f504489fe36b09633bc2404cdd0fff5621469013b387fb`

204

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x64b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.94249`
Detected Filetype	PNG graphic file
MD5	`c862a34218b511107eea62d397a512e6`
SHA1	`5a946cf1dccdc1b152969f1d2c8eee76f86c63ec`
SHA256	`d7af42463781a038080739e566d5f38ab52e5bf21e4826a0ef5428474d4dd2cb`
SHA3	`cc2ab0614d371f856b45d01551743a533186d071a7cba8071effa18a0c821c7b`

206

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xca`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.3096`
Detected Filetype	PNG graphic file
MD5	`4e697e2482a95d705defc51510be7796`
SHA1	`60c2e22f76a7bcc26f72382d5c9b32859192b15a`
SHA256	`c0446cf7f1fc0f301700f02e4e5ee3efe64ec9d493b94ed0064890c40616b30e`
SHA3	`6a94392f15bd5dfe3e740e534adbc2c44cd2c628d06bec773a752c87188950f8`

207

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xc9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.39352`
Detected Filetype	PNG graphic file
MD5	`575635295311e0f02e638c71b750fc99`
SHA1	`cd5efc2c6a44fad8de1fb3718b38fadee9caa2e0`
SHA256	`44aa6a5a5792634480c2130f737c67fedefa51e6862e242dff4b8e2ba779faf5`
SHA3	`9befd3663fe377f4b23a04e2fd1abd0082566bf1327fe3fd8269e206d36c7331`

208

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xe7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.64857`
Detected Filetype	PNG graphic file
MD5	`67a948df2b4968730556085f787085a3`
SHA1	`65a74c6013920a14a7caebf34152f5111b67e618`
SHA256	`40004ef16a0b0e839922c96891acafcf7ceed2089225f67b5d14a4fb2b8a22a6`
SHA3	`a0104575b2534f31ebe452ef146dae4d72fd02547d862a3ad05aef8b89236562`

210

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x454`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.78388`
Detected Filetype	PNG graphic file
MD5	`817131076cfd6824c49e30d0eb335821`
SHA1	`1cea1beeeccc1116be76ffba220aaee41b60b17a`
SHA256	`69477b592b2c9ac27761b304e980904eab6f9f317e3611bac26078b91b223428`
SHA3	`34069d785ad66de6c171f4ac10913e5283cf9f70b5f84dcca6552f86f193c751`

211

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xd8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.46458`
Detected Filetype	PNG graphic file
MD5	`79d9e9552d0c3b3b41e4dcdd039a2927`
SHA1	`4db461ce4c0285a21246594f834468f5f8353799`
SHA256	`5525f61635ff98a3f0ac401803063153ed3d23132d0b43b75e5fc31f74d5f5d1`
SHA3	`0e2eee7bafd38423b46d6b3f07b4babc70ca92963aa76eaf62da61586f323f87`

212

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x481`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.52865`
Detected Filetype	PNG graphic file
MD5	`4b4e6e47ebfbc169c97bd4a71dcf57e4`
SHA1	`9a51944f3b179079dd59b7b6b857291c8be59572`
SHA256	`8d09a10e66bd24192fa00b0ac048562e0fc5d3e2d9bc78551a83acad47a11eb2`
SHA3	`30348ee3576c9fe1dcfba6a14df057da8b2f38f7bcb717d0da3fc2b61cc531bc`

213

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x4b1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.77838`
Detected Filetype	PNG graphic file
MD5	`cff8541d66c67c40b3c9c7b059953207`
SHA1	`f7168ec23c74a4fa56f3f1375ae7a3ff98770b35`
SHA256	`009bb5138dcef02de9ea71b68b6e6ce3a1ea71c522298bb3002280b59213e55c`
SHA3	`581d3a6bfe5b82b66284ccab64264f68bf288be04428edb064efd8edfbda9178`

214

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x102e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91634`
Detected Filetype	PNG graphic file
MD5	`6cc843f44fec0d199ca9af2ec3f13f30`
SHA1	`9662c85af0637ecb6ee7f390d157b293772cae00`
SHA256	`7ccfce7751546ed56f4734efad71181f8dd606e60ee90e9a37a41f841bafa062`
SHA3	`461204c1b07801c43616dcda9fe8ebd5372ee61e12b69e5914825f8d0fc667e1`

215

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x1765`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92753`
Detected Filetype	PNG graphic file
MD5	`54d849ef379eaaa96dd82f02589b062d`
SHA1	`3e32e6ae25db06a993874329153faf45022926bc`
SHA256	`cdf285416f1d143102fd36eee7614b78e80769f5223a7dcc7960af75a2c28726`
SHA3	`6a194eaf5d8089901d49a507d3194ecbc7c1f57276f578997d7ec9838f61c5fa`

217

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x32b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.64503`
Detected Filetype	PNG graphic file
MD5	`1cb53166b0d05c591f922593a9edd473`
SHA1	`d79e94a92c20dd5b1a6b0b76e877021ef24099f2`
SHA256	`b32ffa95d42daa936997f23d693a83e55adc9a9b3f2962c4a54d1ef0dabd5381`
SHA3	`d967d45f9fd250f06fcef10d5b8dd0c8870279903a61b28bb21044ca6ca45e7f`

218

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2da`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.62493`
Detected Filetype	PNG graphic file
MD5	`0c3d87104165cfbdb5341f7ddb1c3bd8`
SHA1	`e3910d11c55ae11ee59a101bdc9d12f6661fefa2`
SHA256	`8133ced1a59f2d79e6c0cb3187c8ca0b2c2fd58cc3f495af170e1c3400b3a8a4`
SHA3	`bfc22aa37686a9c077ecd50b15fbeacd59d2b94558a2b6364dc93e943b9774d5`

219

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x1892`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9529`
Detected Filetype	PNG graphic file
MD5	`ac39c0340d3ee106ff397d2c0dff8984`
SHA1	`cba3dab810f6330e62e0290aeef33ba5796736dc`
SHA256	`1bb8dabaa17bc6a893d29d51c42da522bf260bccd93a0f9d390a4208355c41d6`
SHA3	`565893a8d6a8790b323f8d66f51c7e607298ad486e60a30d09ef9995dc210716`

220

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x26e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95956`
Detected Filetype	PNG graphic file
MD5	`141f4d1951a681e0852cbea462fe47da`
SHA1	`e2e88b0622630c81633c95eeac85c5f5f20cdc79`
SHA256	`99a017c5300b2719c54ae97f5eb143af72b4d09d2e1f4784477c263b308d8703`
SHA3	`b5e71c5fcf2ab32e745b4113265e235754f2fdef12012e05851a30fcb8a3a795`

221

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x63e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86069`
Detected Filetype	PNG graphic file
MD5	`ca1a58896a782c496aca0128f54e9b90`
SHA1	`b20e1f8844dcf967ab5f792fd619bf0cac9f9b8c`
SHA256	`c66611846f8d03632d526efe672a249d76fafe340bf012b307d434ea4e9225bd`
SHA3	`4d58f676f1def5500b0a7e9dacfa144c47427af3029b71a37a35b3732e5a5981`

222

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xed2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92343`
Detected Filetype	PNG graphic file
MD5	`465471afffcbdc9a2c2c3a08aad46c5f`
SHA1	`d092df5bd8badb274322b466ca273da232784284`
SHA256	`4e9220034bb21e0673af7a036a57cc073b95b0074c3f0abc135555290a688cfe`
SHA3	`39344902ef08f5a15afdfa48be2c1fc411bd010fe0b2c91375f4240df63ea531`

223

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xbc5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.88015`
Detected Filetype	PNG graphic file
MD5	`201a0cd3cc4acce8846681a3edfcca60`
SHA1	`aa6424633023c7a3a33ac2c63b9bc0172214bb61`
SHA256	`3d94a8c24353eac37aba3c59c500f06b1709bb41aa5d3b079fcfecac0767b9ba`
SHA3	`8d8013f580b13a4b75328c546c667714b7b1cf0b12deab97e23a87cd546eb525`

224

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xf77`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92577`
Detected Filetype	PNG graphic file
MD5	`480905bf4bf3163704c65c1f8c23fa9d`
SHA1	`b968d12c41efd1a19ec18247be698ad525be2f94`
SHA256	`af2c877e446aefed679d17896488b4cad4e10dc2eb23e9057a679d20dcb8c9bc`
SHA3	`bee8f1ec5d554531ed47d9097b6ab844bbb833a1ef80a9db7b19f0dfcd7e4f09`

225

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x7b6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83663`
Detected Filetype	PNG graphic file
MD5	`6d6f65d39ce04d28bd7d18fcfabad217`
SHA1	`19531577888c840c73294574a1993a7e4c88f33e`
SHA256	`29edc052c5a829018798c2e32433c2b294c63a1455d62d29c044b8682a71422e`
SHA3	`b29d076acea44f167c030b88c8f1ce5c6cb6ce97d5dda08efdc02a46d604d296`

226

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xc93`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90397`
Detected Filetype	PNG graphic file
MD5	`28d88eafc3fe1b6218fb2be3939729e0`
SHA1	`3fd6f613fd5ed2f1462a3a6c3c15a8614ce3884b`
SHA256	`9d854a0f73fe5af216ac80ff13757f654fb367782b24c494b691e44fe36081f1`
SHA3	`9bd9715fd0563e89ea2f4a9bac370141c28293106097816d3f9adf573bbff178`

227

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x1cf2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95006`
Detected Filetype	PNG graphic file
MD5	`7ea7ec1aaa5f3e19890bffaed0fad89a`
SHA1	`32f508d71509930af13dd7d5ee465c50fef7a9cd`
SHA256	`ae3cdc118b9b7f0f755156aa5bd1567d3ed8d05888ae8c5c9b21c09688282534`
SHA3	`1be75b70ebaa40d1d0222fd2ce6c76ceda7c1e9871130db5634094734eb46116`

228

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x5c48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96617`
Detected Filetype	PNG graphic file
MD5	`e9ae4705424dd238f157789d92b582fa`
SHA1	`c225ccfb6b9853c1cb22e8679d3dbdcc44ed9398`
SHA256	`862f18922e774e9f03ae8bff6ccead8db42bb83b2afacc24b8b332d2cfffe463`
SHA3	`cbd4b520df02f72e73302af4d8c6895de3633419605c680df8618b623c036018`

229

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x3e6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.7041`
Detected Filetype	PNG graphic file
MD5	`196d5050f2f94fa8afd146108f3614e7`
SHA1	`7fe995f4f100c1ac71ca492bc40a250cce8f7d6c`
SHA256	`dadce0c8e3f433fe7c8b3531f373e3773d6dffbb8bc3a6d498ced08497d713cd`
SHA3	`50079dfbe4e99ae9b8c545f5e9c187bd33901d4b054457aa5e9ce5c6a5c833f8`

230

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x31b9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91691`
Detected Filetype	PNG graphic file
MD5	`16afe3ed1d52e1f31ca803197fc90ab9`
SHA1	`e7a4666d4d3e47230ab5b3acff89f4dba2e695e4`
SHA256	`595b4bc76f9071f70086a12cbcbb65ec0812bc13bc0fb2b7c2433e51d94163b9`
SHA3	`9408c8ca9a9fecfb9f2e165bb00c6f87d997d80ebf61f937526028e40adeaf4b`

231

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x61da`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95418`
Detected Filetype	PNG graphic file
MD5	`fe9d4244ce9bfa559212e8f8e82db1c4`
SHA1	`1c32a79250980528a764d47046e5bc2f0852937b`
SHA256	`824758071562e04562ea9aa195db472f0cb2ff5c91df652725d10db04a05fea4`
SHA3	`aac1ff10e49edbcc100fa5c98cf11f350878a85e6e4a60058db70aba6fd19356`

232

Type	`PNG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x40c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.02715`
Detected Filetype	PNG graphic file
MD5	`5c527299d0e7d89ae21d0a25e304c670`
SHA1	`a981471a58ef2acfe7cfef22c1d74df598f8a4d5`
SHA256	`dde0be2d028af30d175660f872d38341a481e014ba22d7faea4b676a8852e8ce`
SHA3	`e4afa42d3166211911c304371f7d27ad0aa34f8d379f523cf4f4a9ea9476e821`

209

Type	`SETUPCONFIG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xadd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9313`
Detected Filetype	7-Zip compressed file
MD5	`8a715ec0652bfe452e11654b30b41508`
SHA1	`19f15bca5d03626d396ac6e601be6c1f73e7451e`
SHA256	`5b15956ba10ffa3552c45964c8c2774321660bd38ffe58863150813739a07131`
SHA3	`25ad18c6aef47a9a16ecdd19e22912ba6e44d8e8e6d101f2950d3125aa3be82b`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.60307`
MD5	`7b89b00cfbed119862702bc04d3fbbad`
SHA1	`f0a29416b7f808cbfa1fa95c806a187ded10d144`
SHA256	`05f3fc3572aecd984e409c9afde6036d2c52061ab081453936f33e163127ba44`
SHA3	`d4012839268fe07ce1a8c5d4fd186f5dcfea2216b9fcd0b5bfaf9b5a49b65f4a`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.93728`
MD5	`3295bc8bbce95eb32c87dd88721a6ca4`
SHA1	`f7a4834b26da5ecf0ccb7ee688996bfc44edb03f`
SHA256	`a269e72aa92318faafe314cb529fe46e008fc0b26cdf3fab3a1def4622ab2d96`
SHA3	`9ba97528225bcb72e0ac587c3adb1bc17efa352f980bc92b55421b40b16e68fd`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.00118`
MD5	`50e807dc588813460f6389c732a3a34e`
SHA1	`b28d7ccbe10c53577a20f610cebb91aa85186593`
SHA256	`fa8535b160a274af66c2e12286c80fd49bf4e60cbaa499e8119ef597b02fb590`
SHA3	`64175e6d04e7251a0ee1ed06b54ace7d34a8d799c06f1d66338c63e3020a28d6`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.82184`
MD5	`8f74d91937072c0eee2319397adc9e6a`
SHA1	`f90f2677bd0baa3c66b12696d5a5a93298952102`
SHA256	`207caa8005635a0fd66bb2e3fe2949c998b90571b2723aa2d637d0e46e50808b`
SHA3	`6449619772c23fd33044e6a8b8968b83e9ffbb409ad624cadfc256e2686285a9`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.09451`
MD5	`8268f24c12a4c5498fbf5cb3ff14df01`
SHA1	`7257c58e2cb6567a27c0d47a26931db14eaf2cf5`
SHA256	`734e57cfb20aec3476370fbe13640bd8b266dcb558878ff1d0d3d647483cb088`
SHA3	`0c235791d2dc854db6623444607ff6c7ccbabdba2fac4d19d3b2ecc47b7c10ee`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22606`
MD5	`6f115e457021daf4721abef128d92e69`
SHA1	`95de07941a1191234e35da1314f35cc42cd7cee2`
SHA256	`0081377ce63398cfeb8d5b334129beadc2b422a6618632b3e3a2c35a237c9ae5`
SHA3	`4122aa7c06077a484b04dd61450ffac2802b04b9603ffddfd0424c8d08a16993`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.42117`
MD5	`cd776365dbf9afab2d2440a630084998`
SHA1	`d4983334bfa4aff0a05dcbaf01726c6540fda5d3`
SHA256	`440960fe06cb0ebf8ca56cac50ddf0a60ca269896c1c5643f99b333b5eada0ce`
SHA3	`c3622ffe3575c2917090e13b7dde76e3b266896f5fc03121c496764eb9c841eb`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.64564`
MD5	`caa9a8e8f1f26dbe20743334d3590a9b`
SHA1	`4621632e7e22a12c4e551d3d004dfd2c52b3c910`
SHA256	`fd5e2246d49a9385ed2656ccd112ca27657fbc3065fd03fc0adaff287488901e`
SHA3	`4d3f4db76bccdd0a7d7d68f68dea89941aadd98b02fb869b6e13e5f844a5a9f0`

101

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x40`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45491`
MD5	`c17739ee2ca612214933ae53c448c5b2`
SHA1	`15d5ae5c831c751020329b94a838807dec84f997`
SHA256	`66ab8e8fa818c5cf74d0340ca85582a6e3abbfd476c28090aa94f9932471fccf`
SHA3	`502d47affc3dde0a1da429e680fb85135f4864c8218888e31aa045ff65929a6a`

7 (#2)

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x26`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.20635`
MD5	`1727cd3fc34e0a9823b769608fc2caee`
SHA1	`5f48ade12909a4148e334bfba52de972b2acf80b`
SHA256	`a555a2198ac519c24b04a6bef371ee8497ab7a623b707dd506f910e63c9d4002`
SHA3	`29540f16579a13157848b262567a57e55c0e33510daa187dfd577dcef1fb291d`

128

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06388`
Detected Filetype	Icon file
MD5	`111a78da3cf9fa241bfd4bb4668051d1`
SHA1	`fa928b4443be40518655f7c2f90571620cfcbed2`
SHA256	`61702d4411f0861317b110d96855d77f33b85c370962b5d9b9325cecdfb81a65`
SHA3	`f36f5f23a6fc8cedb547983cf2694d173bd310f40b0864e1af676cd8ac4c123d`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69652`
MD5	`8d3f5bbc80bbc4758860745f444b01f2`
SHA1	`166ecc1232d69e669f347dcaec3d6e82e311a8f7`
SHA256	`a250f53bb41967ee56611c5090afdd2ecb89e8bfbbc59dcf1656a4bd26fc14d2`
SHA3	`2cda6c0529f3a3e75b77b6ad246140c44745b6f696097346c421bb0b7f00827a`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x41d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33204`
MD5	`c4091a9b3208a93cffc3cb1bf443a228`
SHA1	`00af26982909deb3b4aa167cf2558faf8e559b58`
SHA256	`4cc2b5bb8c7bd9943cc46e6ac6824e7a16ee2318a16a3d53e74ceeb8ddc8ad23`
SHA3	`58a76a9e293ecc997f952895f8c29cc67b8a5401d59c861eef35935ac995e31b`

String Table contents

鲁大师

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	8.1022.6150.928
ProductVersion	8.1022.6150.928
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	Chinese - PRC
FileDescription	鲁大师卸载程序
FileVersion (#2)	8.1022.6150.928
InternalName	uninst.exe
LegalCopyright	Copyright (C) 2011-2022 www.ludashi.com
OriginalFilename	uninst.exe
ProductName	鲁大师
ProductVersion (#2)	8.1022.6150.928

Resource LangID	Chinese - PRC

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Oct-02 06:48:01
Version	`0.0`
SizeofData	`144`
AddressOfRawData	`0x156c64`
PointerToRawData	`0x155664`
Referenced File	D:\Jenkins\.jenkins\workspace\master_lu\lds_install_and_uninstall\install_and_uninstall\Uninstall\Release\Uninstall.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Oct-02 06:48:01
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x156cf4`
PointerToRawData	`0x1556f4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Oct-02 06:48:01
Version	`0.0`
SizeofData	`968`
AddressOfRawData	`0x156d08`
PointerToRawData	`0x155708`

TLS Callbacks

StartAddressOfRawData	`0x5570e0`
EndAddressOfRawData	`0x5570e8`
AddressOfIndex	`0x5773ec`
AddressOfCallbacks	`0x52e8d0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x56f594`
SEHandlerTable	`0x555b60`
SEHandlerCount	`1089`

RICH Header

XOR Key	`0x5f92cad3`
Unmarked objects	`0`
241 (40116)	`18`
243 (40116)	`170`
242 (40116)	`31`
C++ objects (VS2017 v15.9.14-15 compiler 27032)	`6`
C objects (LTCG) (VS2017 v15.9.12-13 compiler 27031)	`2`
Unmarked objects (#2)	`1`
C++ objects (VS2017 v15.7.5 compiler 26433)	`21`
199 (41118)	`3`
ASM objects (VS 2015/2017 runtime 26706)	`25`
C objects (VS 2015/2017 runtime 26706)	`35`
C++ objects (VS 2015/2017 runtime 26706)	`77`
C objects (VS2008 SP1 build 30729)	`6`
Imports (VS2008 SP1 build 30729)	`41`
Total imports	`454`
C objects (VS2017 v15.9.12-13 compiler 27031)	`1`
C++ objects (VS2017 v15.9.12-13 compiler 27031)	`91`
Resource objects (VS2017 v15.9.12-13 compiler 27031)	`1`
151	`2`
Linker (VS2017 v15.9.12-13 compiler 27031)	`1`

cdb7bcd1dba461952a30e0230228b86b

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

102

103

104

105

106

107

109

110

111

112

113

114

201

202

203

204

206

207

208

210

211

212

213

214

215

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

209

1

2

3

4

5

6

7

8

101

7 (#2)

128

1 (#2)

1 (#3)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors