Manalyze report for ebde2d40b9f589fb9ff4fc73bfffd8f5

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-May-09 17:51:06
Detected languages	English - United States French - France Portuguese - Brazil Russian - Russia Spanish - Spain (International sort)
Debug artifacts	D:\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb
CompanyName	AVAST Software
Edition	22
FileDescription	Avast Installer
FileVersion	`2.1.78.0`
InternalName	microstub
LegalCopyright	Copyright (c) 2022 AVAST Software
OriginalFilename	microstub.exe
ProductName	Avast
ProductVersion	`2.1.78.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: analytics.com avast.com google-analytics.com iavs9x.u.avast.com stats.avast.com u.avast.com v7event.stats.avast.com www.google-analytics.com`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: FindWindowW` `Possibly launches other programs: CreateProcessW` `Uses Microsoft's cryptographic API: CryptDestroyHash CryptHashData CryptCreateHash CryptGenRandom CryptGetHashParam CryptReleaseContext CryptAcquireContextA CryptStringToBinaryW` `Functions related to the privilege level: OpenProcessToken` `Can take screenshots: FindWindowW GetDC`
Info	The PE is digitally signed.	`Signer: Avast Software s.r.o.` `Issuer: DigiCert SHA2 Assured ID Code Signing CA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`ebde2d40b9f589fb9ff4fc73bfffd8f5`
SHA1	`456cf475bbfa19f7e5847f84a4fa5ef43a13b343`
SHA256	`2bc3d4e33ac887bb936b766e352bb1246d5cd7ce6fb9cb1a0e38c86e86b46fde`
SHA3	`8615d46d25d1971f399d3901c989e6f00c3b3976678adeab5a9ec4cd545f08fb`
SSDeep	`3072:7Ks2murv7P87bIW89bUnOF+Pzb2bXk1/EBW3i59+Y9f2BSvupDhpbNDvPTzBDhsD:7Turvj0MUnP2bXe/EA3hYQou/pxkteZU`
Imports Hash	`2dd4b46d2351922b9a878b5379b8391d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2022-May-09 17:51:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x21200`
SizeOfInitializedData	`0x1ea00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001020 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x23000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x44000`
SizeOfHeaders	`0x400`
Checksum	`0x455bc`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e588cf50f8fc3f7d8f410fabc5d2e7bb`
SHA1	`ba3fdcfc6251eaaaa7d6ba73ae4f6016b78ad845`
SHA256	`bccfb30e985a9521776cbfb30dc2eccc4e56ffd8c3b58723a50d02ffa4c6fc09`
SHA3	`ea4930e160fa197e072cea10e89610c5f4f4261c43bba095cce6da770325719f`
VirtualSize	`0x2104a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x21200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55357`

.rdata

MD5	`2b5b128d931f492198376ae96a3dac28`
SHA1	`ee315178d0b9caf2a3e022cfbb85990a8899b698`
SHA256	`fab6f253993fe4c2fae17ef1baf0aef5c78d9c2fb5dc03e156b56397491b9a0b`
SHA3	`1537a3b335e74dea66c1e8cb90e1bb720b98c9c4794c638c7fdcc46d0926da9a`
VirtualSize	`0x9f72`
VirtualAddress	`0x23000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x21600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.42473`

.data

MD5	`11a6880b01ed9861f9c897d1a8b95caa`
SHA1	`976e1f0c39bbf5e00769ca76a3a9f1f8dfef4766`
SHA256	`8ef52918ba4d6167ac8aba5d040b85067c9b1cd1b2d2ce66577d49b562a5a397`
SHA3	`b9ac791269909ff9b3e2a8392569897100d60a4f19ee83f272d41cc70d3382cf`
VirtualSize	`0x15b0`
VirtualAddress	`0x2d000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x2b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.78749`

.didat

MD5	`a03a3e3378306bc4a03dec36cec07d60`
SHA1	`06364db2b4082300e82c62bffbcb76e84164a65f`
SHA256	`39aa1ed2b979413972f37bffd746df676b6c8b0f5ab42742ba75f9087e0f0862`
SHA3	`762fc749fa03e5933fb3ac6efbd52bd617e1315f6114a8296f935972b6e560f0`
VirtualSize	`0x3c`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.561758`

.rsrc

MD5	`dd2928051c3986b3a3fdbe334bb41bf9`
SHA1	`542ddc2dcfcc31d588250a4e3968fb61e70e4b98`
SHA256	`41f0d65648c1a7cc944960814c81864a5c6ecd83d239ec4602668ed6fe856fce`
SHA3	`bc0e186767eecc9fe712b1dfbd0f97404572003ecb25b1218e828f3ff3816907`
VirtualSize	`0x112b0`
VirtualAddress	`0x30000`
SizeOfRawData	`0x11400`
PointerToRawData	`0x2c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.1826`

.reloc

MD5	`263488a666f079f2ec8c0bbdcc67561b`
SHA1	`44ca43e9ec6be7a865a4ba039213ab5aed799733`
SHA256	`9cd2fce84e673f2a49a32dcb2733a791b66a59ecd0ba66ff97315768aef432e7`
SHA3	`41ab095f2e160c73b25bf89d9446ac8dcc1994f3bc14e210e77563a60b6577dd`
VirtualSize	`0x1c64`
VirtualAddress	`0x42000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x3d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50255`

Imports

WindowsCodecs.dll	`WICConvertBitmapSource`
KERNEL32.dll	`SetLastError` `Sleep` `GetFileSizeEx` `WriteFile` `SetEndOfFile` `SetFilePointerEx` `LocalFree` `CloseHandle` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingW` `EnumResourceNamesW` `GetWindowsDirectoryW` `CreateDirectoryW` `CreateFileW` `CreateThread` `GetSystemTimeAsFileTime` `GetNativeSystemInfo` `lstrcatA` `lstrlenA` `GetVersionExA` `GetCurrentProcess` `GetExitCodeProcess` `ResumeThread` `ReleaseMutex` `WaitForSingleObject` `CreateMutexW` `CreateProcessW` `GetPrivateProfileIntW` `GetPrivateProfileStringW` `GetDiskFreeSpaceExW` `CopyFileW` `MoveFileExW` `CreateHardLinkW` `GetProcAddress` `HeapAlloc` `GetProcessHeap` `HeapSetInformation` `ExitProcess` `IsProcessorFeaturePresent` `lstrcpyW` `GetModuleHandleW` `GetSystemDirectoryW` `SetDllDirectoryW` `WriteConsoleW` `FlushFileBuffers` `GetConsoleMode` `GetConsoleCP` `SetStdHandle` `LCMapStringW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCPInfo` `GetOEMCP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `GetLastError` `HeapFree` `InterlockedExchangeAdd` `GetVersionExW` `FindResourceW` `LoadLibraryW` `SizeofResource` `LoadResource` `GlobalFree` `GlobalUnlock` `GlobalLock` `FindClose` `GetFileType` `GlobalAlloc` `FreeLibrary` `LockResource` `InterlockedExchange` `RaiseException` `GetSystemInfo` `VirtualProtect` `VirtualQuery` `LoadLibraryExA` `DecodePointer` `GetVersion` `HeapDestroy` `HeapReAlloc` `HeapSize` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `DeviceIoControl` `GetVolumeNameForVolumeMountPointW` `GetVolumePathNameW` `MultiByteToWideChar` `WideCharToMultiByte` `EnterCriticalSection` `LeaveCriticalSection` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `CreateEventW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `TerminateProcess` `OutputDebugStringW` `RtlUnwind` `EncodePointer` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `GetCommandLineA` `GetCommandLineW` `GetStdHandle` `GetModuleFileNameW` `GetModuleHandleExW` `GetACP` `GetStringTypeW`
USER32.dll	`ReleaseDC` `GetMessageW` `TranslateMessage` `SendMessageW` `AllowSetForegroundWindow` `PostMessageW` `wsprintfA` `LoadStringW` `MessageBoxExW` `wsprintfW` `SystemParametersInfoW` `IsDialogMessageW` `LoadImageW` `DestroyIcon` `FindWindowW` `FillRect` `InvalidateRect` `EndPaint` `BeginPaint` `DefWindowProcW` `GetDC` `SetForegroundWindow` `GetSystemMetrics` `KillTimer` `SetTimer` `SetFocus` `SetWindowPos` `DestroyWindow` `CreateWindowExW` `RegisterClassExW` `PostQuitMessage` `DispatchMessageW`
GDI32.dll	`CreatePatternBrush` `GetObjectW` `CreateDIBSection` `SelectObject` `GetTextExtentPoint32W` `DeleteObject` `CreateSolidBrush` `CreateFontIndirectW`
ADVAPI32.dll	`CryptDestroyHash` `CryptHashData` `CryptCreateHash` `CryptGenRandom` `CryptGetHashParam` `CryptReleaseContext` `CryptAcquireContextA` `GetSidSubAuthorityCount` `GetSidSubAuthority` `IsValidSid` `GetTokenInformation` `OpenProcessToken` `ConvertStringSecurityDescriptorToSecurityDescriptorA`
ole32.dll	`CreateStreamOnHGlobal` `CoCreateInstance` `CoInitializeEx`
COMCTL32.dll	`#17`
CRYPT32.dll	`CryptStringToBinaryW`
SHELL32.dll (delay-loaded)	`SHGetFolderPathW`

Delayed Imports

Attributes	`0x1`
Name	`SHELL32.dll`
ModuleHandle	`0x2d9b8`
DelayImportAddressTable	`0x2f000`
DelayImportNameTable	`0x2bd2c`
BoundDelayImportTable	`0x2be60`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

200

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf2a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.75001`
Detected Filetype	PNG graphic file
MD5	`f900a99b68412c8e69882e2a2c73aee9`
SHA1	`a47808da534366368f7fce2cb9f80ef00d7ba973`
SHA256	`0a1f6c1412a7b5e2d25f7a0ec9645b8045731c98f97a35f7749061c46e49b124`
SHA3	`5d7a5cff0b09acae9d93d51caaab3e4f0d73dfb385a267b86439494c0e3c06f8`

201

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe8c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.72235`
Detected Filetype	PNG graphic file
MD5	`48f5691d5c63abdb04ad80f3ae716a6e`
SHA1	`38d9f25aac8e878a8e2e212c68d2279ea3fe05f4`
SHA256	`e3e4e1205b2a57bd7a853fdac646949399a40aff47a376784965d8cd3af1469a`
SHA3	`6f7d3fb1e52ddbf0dd1b2fec8dfa5816bb84a32aa93b051cda76bd4b01c1a7fe`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2140`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90423`
Detected Filetype	PNG graphic file
MD5	`8351e0d88d5cae1c49cc4beaeb0aa49f`
SHA1	`dd40c77477c9f87c06b0d2d640c7f85217a9cdcf`
SHA256	`e088ff27968782c2c9804b37380ce2e55f5f78671ada111109a19eb46a14d1be`
SHA3	`89466a4613de462fb2682e636d05c9f13f22f5c874da0d82e895275586a495a1`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.20257`
MD5	`ca3cd3e33ffd5d65c33f9b4ae1e78ccb`
SHA1	`0876e5f7227fe4de7542e4f5cb4ee426404ae7c4`
SHA256	`b3d281a615da53baac99c3724f9568fcf633e2e9032938f0992022aef759a771`
SHA3	`f0153c3d1d3085c9ce6a259b579a3599cabb0907bc728d9f12e4e134106a1467`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15857`
MD5	`38683a5df31b218319eb0135e6ce6702`
SHA1	`28d4910f5f9c6f3cb22f46455e7f051fca0e4004`
SHA256	`d16245f873e133aa5b9fa08fd652eb1bf2872e1f4792880dc561634337781ec9`
SHA3	`f30ca5fcfcacf767ff75553023f24050f30fa9cb1f0dd399dae4103a89a95774`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91719`
MD5	`80d67f5f6858ee236ddcba6c9cc1d000`
SHA1	`c16843aac28e0cd27a3b2525a199b4a2414274b0`
SHA256	`c1d61d7ef3e341ece493feb184a63a52f6e3602be09455e1ad6e7891f9b71f7a`
SHA3	`66dabe682ae2b7f369d96f44cfb3eef5fb60063d5f9bc45f784ece852892cb55`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.77184`
MD5	`72a96c5238813eabefdc58c73ec16e05`
SHA1	`729247fc2cd149434a5db0c2145ae5794009d993`
SHA256	`5d826dd0a9daa9a0ad098c8e1a4820d2afb81607e8877a5d66ffbd15c3c9c365`
SHA3	`17dd409276166a11d8a8b3914c27e75e8ec085c312ae2fb5eae94cd017672e9e`

63

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x74`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.29127`
MD5	`000048c603bec9371e40f0c92f4d2cb1`
SHA1	`79468e36c3b30bd04d0b47876a74f0b4d65c51d8`
SHA256	`bc1cef839f1c60b8c9714f26080ab2944ce1f66bc0efdb741a996d590c01f9cc`
SHA3	`942ed849756a0dbf6e60b7bda5ca55b12248c7b49ee734e90248c1c7716498ff`

76

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x160`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18649`
MD5	`c1f5db727de22cccf2ac7ca90dce13c8`
SHA1	`3f8d88160aa0173563605d80bb11085578f876f7`
SHA256	`80592fa53129f0bb9a50cedb54a7a491355dc7614451099732f033009e1bba42`
SHA3	`3a93b7af07f4e28c6a03734defb6da9c9c8403071f9d460744e69ed35a3c6493`

126

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.57629`
MD5	`dd489d0654dc79e3f5307e2c4c84cb92`
SHA1	`a06821e3f4dd0eddca56928700a3aa0f92d1498c`
SHA256	`aed1e5c6415caf2f5d0c280d8c0bddb42c96b916bc93ea73477794f628bf67a9`
SHA3	`91538c2d47ee6ab90b71242277581dea8183b757988ef7f7910906ba39022024`

132

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85598`
MD5	`345f9bbddf0139fa5103f92f8a5c4d26`
SHA1	`9949b8488cc7982d0a3e60ff46e29e642abf51c6`
SHA256	`010c9937c238278266e7e8b525118e4884fe14f3099c1006aa71a6f19ae1fe0a`
SHA3	`020739ee28f9aad076ca3dd92eca9ec2e5607d7466cbe003ddfef4d01d063378`

133

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x88`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.5242`
MD5	`d52f562ef0054850c388e9f0ff7dcb0b`
SHA1	`eed50830a79e51efa2c805638ed01fd2d4fa2feb`
SHA256	`89560428da3a2a98a5ab0153c0e7f4cf0006aa2e334a26a804c926dc39f51c4e`
SHA3	`f48fa6b9413464ac349277de63fc7769e3fbb9031630161bba78bd8b1acc94ae`

138

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x136`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82216`
MD5	`e70db2668035b156671598a69c174066`
SHA1	`d2a28335775f7ba4b9d6ecaa867fc33356458bec`
SHA256	`d01fe04d0677628b1699c1e2fb4381a592e8f4c5461605c8b9a122df9a63ac41`
SHA3	`a07317ca0f072fcff6fc18560656c9251f3093a1fe0944cf680e7cf2ef092792`

139

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x160`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85024`
MD5	`3219112e0e794f248de41da2cfe43831`
SHA1	`bd9ad65a8aaabdfb63c27bbce6dc54d1311b7093`
SHA256	`c625dec281cb195aee6e141ce84bdfbeaff8a30e747e9a1409794265a21d99a7`
SHA3	`4413fc33254527ebe11f79ad2d7f10ec7ad16d84f2ce93024dfd770f20ccc7d6`

144

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88741`
MD5	`6073794afbcdd6d97b53a4994b3dc7f9`
SHA1	`1a0371a34276f9c3ec2c7ad72487e554291fbd20`
SHA256	`8a3628bea73519c32dd6dfcb2db101089ab3f1ad88d80226e7547497d00b856d`
SHA3	`bfa6d9ac02ced91640c6f8810d96bb654e590090c9409357dd6378e9360936af`

145

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79818`
MD5	`f57e7ec64be62413f005c27235d61066`
SHA1	`3dd9d3863aa5e0a0013342a98c795957048c3682`
SHA256	`4c00c419adab278251601592a7ee8ee37c9a2a07e1389850f7d1c743cc5185f9`
SHA3	`31265212580438736a25b9833b28f9294642e0f30a98ec2d2cd05d5568910121`

146

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67003`
MD5	`b5bcac9bf045466e93927e72f713319a`
SHA1	`e4c6a5728d05f3a45ef3ff221e506472b473cd9d`
SHA256	`f75878d34445661ce6797606f67c85f6cd97c036b73aa655ba44bd32b92d1f87`
SHA3	`8be40700bbb3f548ea41a8aa791dda2ead6981db57d0e3c86c8f1283ccaa811f`

201 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.859`
MD5	`38a4eb2477c15efb6ff6dc34bfadb102`
SHA1	`9bc93cce9a4a873aa6269ed9476b344935fb5bcd`
SHA256	`c04a488619471ffe3cb9b588f0b9020c858c63255acc2dcd50f247063e1bd055`
SHA3	`9c5aa3aeed2b312a6dd2a61d9ff3481afbaf23e58d06713636c22e2524c884e0`

202

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71631`
MD5	`72e141a91974b12f4e1fae7982166e20`
SHA1	`b7b5acfd756c6f97b8e44df7f9b4fdeb38587c81`
SHA256	`b0a786938bb3aa3badb45ea98d6b40f1ef78d2e248eab36342f524d3ca9032e1`
SHA3	`b3afaa02c5e7f12fd7a1d8b5231dc1c903d2c229c73ed54284fcda902b49da6a`

207

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80503`
MD5	`6da8b25d4999decb680c93b0b0343af7`
SHA1	`7d8b573b9be95f303d3ba0e11a0964fc61eb2c05`
SHA256	`0aecc6a421c1f33f4ab71e0fd7c0bcefa28d606a498b8fd6f4c17d6e60c38270`
SHA3	`99bed249ebed16571b3553781a6a73f08ffd0d13ec59be490132f6083bf3f421`

208

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x200`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90796`
MD5	`ad9bd6e79b149bdd4d1ddc73f37a3c39`
SHA1	`36d772719f2953d590f20c37a741d1fe12dbdfee`
SHA256	`b2ce73341e39918e16f902c4b17ce7ca75e35a4bdb942065474ae080fbe8ee4c`
SHA3	`c3bdfe90013c47e57dc6ad1b9e8806192bf853dddf262f5cccbfe0d3c83c1aa9`

626

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.89081`
MD5	`48d5838ec069dbaab1ef7b5a7a367dbd`
SHA1	`63ec9a3811e8ad3c06eff0edb13389f4a046fc5c`
SHA256	`e15dca615fd5ed231a4ec5cb66d72b4a33040f620f25adeba25e58072ec8e245`
SHA3	`e15ade2a705342a15bccc8f6618d568fd92fff671c13b25a90bbeb38338c38ef`

626 (#2)

Type	`RT_STRING`
Language	French - France
Codepage	UNKNOWN
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.92234`
MD5	`80a9d81eb2f86f393226f1b45669d220`
SHA1	`2eb8807e0ef7176986064539eb389dc611dc2b5d`
SHA256	`f6794275ddfb8b492502d7007c9a76836afd4611fcb893914435ed0d47c000f6`
SHA3	`0ed838e14ac52a89f10307f3b9ad0fe3e9e7bb112b7afb57b33a4ed04fa4c268`

626 (#3)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.89081`
MD5	`48d5838ec069dbaab1ef7b5a7a367dbd`
SHA1	`63ec9a3811e8ad3c06eff0edb13389f4a046fc5c`
SHA256	`e15dca615fd5ed231a4ec5cb66d72b4a33040f620f25adeba25e58072ec8e245`
SHA3	`e15ade2a705342a15bccc8f6618d568fd92fff671c13b25a90bbeb38338c38ef`

626 (#4)

Type	`RT_STRING`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.89081`
MD5	`48d5838ec069dbaab1ef7b5a7a367dbd`
SHA1	`63ec9a3811e8ad3c06eff0edb13389f4a046fc5c`
SHA256	`e15dca615fd5ed231a4ec5cb66d72b4a33040f620f25adeba25e58072ec8e245`
SHA3	`e15ade2a705342a15bccc8f6618d568fd92fff671c13b25a90bbeb38338c38ef`

626 (#5)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.89081`
MD5	`48d5838ec069dbaab1ef7b5a7a367dbd`
SHA1	`63ec9a3811e8ad3c06eff0edb13389f4a046fc5c`
SHA256	`e15dca615fd5ed231a4ec5cb66d72b4a33040f620f25adeba25e58072ec8e245`
SHA3	`e15ade2a705342a15bccc8f6618d568fd92fff671c13b25a90bbeb38338c38ef`

627

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84801`
MD5	`f530661155221c3607f11513c51067f2`
SHA1	`8b250353a2a4e6c032cfe1c4a5174cf39124dbe6`
SHA256	`ff74596017c3d87e7c4ecbf01317d9d6f71ce3b403a00852b45d8a4123a2ead7`
SHA3	`1c17c9864f14f178f68f96e3fbce18d3d6adf038734fd3884fd533b83f1ca979`

627 (#2)

Type	`RT_STRING`
Language	French - France
Codepage	UNKNOWN
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83753`
MD5	`164141bacb0485ed44b153be69f1f3b7`
SHA1	`722b63dffd7234877288e5b8e345f9a8520b0f96`
SHA256	`464ddd83d7ab10c88ff7d171a63344e78e480ff105b2e42c3726498c1821c642`
SHA3	`2562e21d8eb6f28e6552a8f386040e6aef47d3303cc03bc40c3a5fbad32578d4`

627 (#3)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84801`
MD5	`f530661155221c3607f11513c51067f2`
SHA1	`8b250353a2a4e6c032cfe1c4a5174cf39124dbe6`
SHA256	`ff74596017c3d87e7c4ecbf01317d9d6f71ce3b403a00852b45d8a4123a2ead7`
SHA3	`1c17c9864f14f178f68f96e3fbce18d3d6adf038734fd3884fd533b83f1ca979`

627 (#4)

Type	`RT_STRING`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84801`
MD5	`f530661155221c3607f11513c51067f2`
SHA1	`8b250353a2a4e6c032cfe1c4a5174cf39124dbe6`
SHA256	`ff74596017c3d87e7c4ecbf01317d9d6f71ce3b403a00852b45d8a4123a2ead7`
SHA3	`1c17c9864f14f178f68f96e3fbce18d3d6adf038734fd3884fd533b83f1ca979`

627 (#5)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84801`
MD5	`f530661155221c3607f11513c51067f2`
SHA1	`8b250353a2a4e6c032cfe1c4a5174cf39124dbe6`
SHA256	`ff74596017c3d87e7c4ecbf01317d9d6f71ce3b403a00852b45d8a4123a2ead7`
SHA3	`1c17c9864f14f178f68f96e3fbce18d3d6adf038734fd3884fd533b83f1ca979`

628

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x82`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.50185`
MD5	`1484676497709f4761aaa06b829a8112`
SHA1	`5326e2f190e8f2afabe1559aef0799f091067b72`
SHA256	`01a3c7d3db724768f838416c0613ef5c3d5814d784180298b90bfb551d4bdfdd`
SHA3	`178fbf0d3e781640d03df8cac6f51a3d4b1d45ba00db1ffd92ee3e1b2912ee41`

628 (#2)

Type	`RT_STRING`
Language	French - France
Codepage	UNKNOWN
Size	`0x64`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.19317`
MD5	`91c02a7c733e8885902ffa96ff8ee1b4`
SHA1	`809e97202a962ee21f3f7c285c1cb1fa30bf49dc`
SHA256	`55cd4e0a812fd890c7e27eeaf372153049a250559ce5480102320b879564212e`
SHA3	`8875f07ca2793b2255c540da2238e40e3da50659f92d24a1d45d134a7c41639f`

628 (#3)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.15993`
MD5	`c2069384c7200c6a3fd751910aa531d1`
SHA1	`01be8663bc4fd37d35470a6a18f62a175ab362f3`
SHA256	`94921af4dc0baacfe0d31e3ac548311bd5f20608aaab093c5ce288894a921a10`
SHA3	`df79c65dd7fd6fe4c87890b999dfefa910042d45d4ac65c10242006be98354a2`

628 (#4)

Type	`RT_STRING`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.15993`
MD5	`c2069384c7200c6a3fd751910aa531d1`
SHA1	`01be8663bc4fd37d35470a6a18f62a175ab362f3`
SHA256	`94921af4dc0baacfe0d31e3ac548311bd5f20608aaab093c5ce288894a921a10`
SHA3	`df79c65dd7fd6fe4c87890b999dfefa910042d45d4ac65c10242006be98354a2`

628 (#5)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.15993`
MD5	`c2069384c7200c6a3fd751910aa531d1`
SHA1	`01be8663bc4fd37d35470a6a18f62a175ab362f3`
SHA256	`94921af4dc0baacfe0d31e3ac548311bd5f20608aaab093c5ce288894a921a10`
SHA3	`df79c65dd7fd6fe4c87890b999dfefa910042d45d4ac65c10242006be98354a2`

629

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55775`
MD5	`208bdd82e96aef8b17ea3cc8f7f4b218`
SHA1	`29ff56a1538d3fae9579db6970104e4f103c054e`
SHA256	`d9b2f8a676bf8da147515859d5c07322ce407111d019f527cdfcafa25d37f089`
SHA3	`dfb859b2ecdd050d5fefd5764d726b91037c138aae09555cfccd53b23355ddec`

629 (#2)

Type	`RT_STRING`
Language	French - France
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.09503`
MD5	`7c5fd6983f20c3703048715fc3a36c7f`
SHA1	`a7f5c88618eaa1c3a150ad4026323d8a920acbc6`
SHA256	`092afc15c8a0e56288fd45beb5e90f47057b4c6a9871ea5b318f263c06617f12`
SHA3	`c7ec876182627fa6f84f9e6cb7cb67a66e967aee4e19e84a65244fdd059c0569`

629 (#3)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.10036`
MD5	`e6be5d00fa1f945f13f121ac3d8b7173`
SHA1	`7fd4f1453986f2522304253e18b77c90452ae41d`
SHA256	`3d53389af164f9d12e32167236006c6b49fcd1f311033a4143ed94c0dfbe3e93`
SHA3	`c6d189a0d94487a964357e286ff186fe2c5c4581762ad237c8e991a573bf9c99`

629 (#4)

Type	`RT_STRING`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.10036`
MD5	`e6be5d00fa1f945f13f121ac3d8b7173`
SHA1	`7fd4f1453986f2522304253e18b77c90452ae41d`
SHA256	`3d53389af164f9d12e32167236006c6b49fcd1f311033a4143ed94c0dfbe3e93`
SHA3	`c6d189a0d94487a964357e286ff186fe2c5c4581762ad237c8e991a573bf9c99`

629 (#5)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.10036`
MD5	`e6be5d00fa1f945f13f121ac3d8b7173`
SHA1	`7fd4f1453986f2522304253e18b77c90452ae41d`
SHA256	`3d53389af164f9d12e32167236006c6b49fcd1f311033a4143ed94c0dfbe3e93`
SHA3	`c6d189a0d94487a964357e286ff186fe2c5c4581762ad237c8e991a573bf9c99`

630

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.65288`
MD5	`f822912679adbbcdca8346120c79a9e6`
SHA1	`2cbc1698522a5c2b83fd2061a7cb90c486f4b91b`
SHA256	`16e5d7c076fdb0c06261541cb1f00c85b803e7b2d80e972ee1511e9dc2c8d524`
SHA3	`18b07b28b23ee5cef6910f338f29a279457348ec84fc0ba043f890bb3a6723a9`

630 (#2)

Type	`RT_STRING`
Language	French - France
Codepage	UNKNOWN
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.92234`
MD5	`9b149a024bf7b4ea5e7bce3d0b6fef7d`
SHA1	`d25905ad1fb44b82d80edd9b14bded07b0e32ac3`
SHA256	`45a20caa3113dedd7cd503dadf4d8c7031204de6eb212fd5d0fbfd21095fae31`
SHA3	`880debfabe8a2e9a707efd79f5bdde0d2dd9d4f2ea868bac21cf0f9e6b0c4bae`

630 (#3)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.89081`
MD5	`e64436938a32c89cc368e8167be82f0c`
SHA1	`df133910b202cbb0802c3c54ff26ecab08f3ad01`
SHA256	`f8596049503525d421b57e0a3f49787e15f7f2ef7b12c84290b99e32effd23e3`
SHA3	`17327d65b06b8c1181f71a3d0c91820fa6a3378762097e467fee13ac152ce466`

630 (#4)

Type	`RT_STRING`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.89081`
MD5	`e64436938a32c89cc368e8167be82f0c`
SHA1	`df133910b202cbb0802c3c54ff26ecab08f3ad01`
SHA256	`f8596049503525d421b57e0a3f49787e15f7f2ef7b12c84290b99e32effd23e3`
SHA3	`17327d65b06b8c1181f71a3d0c91820fa6a3378762097e467fee13ac152ce466`

630 (#5)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.89081`
MD5	`e64436938a32c89cc368e8167be82f0c`
SHA1	`df133910b202cbb0802c3c54ff26ecab08f3ad01`
SHA256	`f8596049503525d421b57e0a3f49787e15f7f2ef7b12c84290b99e32effd23e3`
SHA3	`17327d65b06b8c1181f71a3d0c91820fa6a3378762097e467fee13ac152ce466`

631

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x160`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81914`
MD5	`b12f98d42aece43c9f537967ac3ac3ea`
SHA1	`5b920dec9a7898ee29e6f755cc47d8351f6f3b6b`
SHA256	`f7f8a69294817af9c6f2ffde78ec70bc26be14c610572ad99bec969b7748064f`
SHA3	`8c72f0ca7ee4914d820919b841b78a6b2ef29ee76620af92b1c07e020d54ea16`

631 (#2)

Type	`RT_STRING`
Language	French - France
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.09503`
MD5	`855cad23105d92115054eaf330b5a09f`
SHA1	`f629f5edd7726dc010163f8e3e10cc2604a9b780`
SHA256	`f26c686933fa1ceafd5ab176cd3216b4ca09cd318e68539e5006a4e328043dd4`
SHA3	`6d39024ce237dc62841dc83383cba56651917b75c48c84472541c2eb3ef27484`

631 (#3)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.10036`
MD5	`f0c5b008addba14974c52b861799b4f5`
SHA1	`26b0def168cede21d1877bf040883f53a0271eec`
SHA256	`10f26b1a3529352d4882a1b08ffe0efd1d2c19b28d2092913349f1eed6f71379`
SHA3	`75a5220094de7768f93a2de32eb8f8b1dd10650a120fb75ad59b14f871b91440`

631 (#4)

Type	`RT_STRING`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.10036`
MD5	`f0c5b008addba14974c52b861799b4f5`
SHA1	`26b0def168cede21d1877bf040883f53a0271eec`
SHA256	`10f26b1a3529352d4882a1b08ffe0efd1d2c19b28d2092913349f1eed6f71379`
SHA3	`75a5220094de7768f93a2de32eb8f8b1dd10650a120fb75ad59b14f871b91440`

631 (#5)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x5c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.10036`
MD5	`f0c5b008addba14974c52b861799b4f5`
SHA1	`26b0def168cede21d1877bf040883f53a0271eec`
SHA256	`10f26b1a3529352d4882a1b08ffe0efd1d2c19b28d2092913349f1eed6f71379`
SHA3	`75a5220094de7768f93a2de32eb8f8b1dd10650a120fb75ad59b14f871b91440`

632

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x75c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15663`
MD5	`76f115928e2ae82d53fc5fdd3977a535`
SHA1	`5f119a00c57fabcea8ae37999e3508d6521a6735`
SHA256	`d009cc7b34de4ccd1b825d91cc90810fdd3ed9d264d1f66ad266c8825ef8be0b`
SHA3	`da8f1fd6cfa3a3982c7c74a4bc914371e76e0b8ad538b0f472c914c166510927`

632 (#2)

Type	`RT_STRING`
Language	French - France
Codepage	UNKNOWN
Size	`0x944`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23595`
MD5	`32b72da934a2ca58b175ac198834963b`
SHA1	`e0a1a7208de90c2dbabfc599b8438c1766636669`
SHA256	`392d48aab2660be340c240d2ac015e435d92bd1afa3fb526d017ec8208c87181`
SHA3	`6548f2813968113e85f51cb849f9805f02380b17aa3862506a98fabd5c8f5931`

632 (#3)

Type	`RT_STRING`
Language	Portuguese - Brazil
Codepage	UNKNOWN
Size	`0x86e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21906`
MD5	`60bd82ef54a872503ab87c8486902f58`
SHA1	`d5b92c48159592eb5933c0e28c40c3fc231aa870`
SHA256	`3dd61cbc1e4832e2650fbb0a1d5fb44c340a25cab1d7b4ae7c3ad60c058bc205`
SHA3	`2f4712b91afd5410c59204f57abd3da096b3b571a5386b259bc522fdced870a5`

632 (#4)

Type	`RT_STRING`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x806`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.83154`
MD5	`f0fe01264404eb5bf6346fda8b6f481d`
SHA1	`9cfcb62f98e3ee95be45241bf99b784d2491ee69`
SHA256	`2c12e89e773baf53921a04e3599a62c1c1ba0a8b4a1334022f6c7a64d6a5689f`
SHA3	`c2b0c4ca805f2177d52bd2322f39eae33b274f071b34b576e03f53131695399b`

632 (#5)

Type	`RT_STRING`
Language	Spanish - Spain (International sort)
Codepage	UNKNOWN
Size	`0x8b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18001`
MD5	`f1a3ad5e47ef5ff74c6a8c462ca015d5`
SHA1	`cebf37f9da2aa3b5beee30c8929224963a6fc813`
SHA256	`855959d4d9ed980eff756adf66bc7c28c7ab4929a0e112dc624080969feb977e`
SHA3	`d49e2c22b5650e480540486c2aa412a4dc6dba7376b5cc6894e3638c9f644730`

EDAT_ECOO

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x15`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67926`
MD5	`8a40df0c626fc725819523f204c42309`
SHA1	`810a48519772084c8d83dd2c0a30cad14166d3c5`
SHA256	`3c35ecdc6d5089ddc2e18658cc9effe56f3b38e94e070c1bb29f98a9393a5fef`
SHA3	`b899d070aa4234347efcf3ae26472acb70ea9a81e59916e8733ce14300fb441e`

100

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.61013`
Detected Filetype	Icon file
MD5	`48306161b73e6401cd05359aa7e1b0d9`
SHA1	`a2f3e3f995cfa055f167e73764fbe4b753ae493e`
SHA256	`231a25d7a166d8fb2802728b5d39ad49cb7164bcbc8943b6e5b3e1325968ae98`
SHA3	`a61083312512aebbfc2a3d87dd0fed56b744916843d5206428607239772c0ad9`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41981`
MD5	`6efbf05380afa0b42da45e4d47cde72d`
SHA1	`7393ad442a0fddc3c01241c51968989e167211c6`
SHA256	`e4dea30d5b828bb673f85bd84fbb1478b039d6e2991f0ad1140109eeb4c5e090`
SHA3	`ae24dc3ba53ffdd7ee2c0c78bcb91b74fe56c36d491afba71ce2f6692e92d03b`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x437`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32507`
MD5	`dfdf22478dbe23bf33b65a6e90fbf948`
SHA1	`36eb53578b6c6c322702016fa993458f5a6a060c`
SHA256	`4afc053684a3a3a3b3716d5fe02e98c16b4e000cdbc30b88896425b872987e07`
SHA3	`fba24993b4289ecdd27af187dd2697e67a6f0f514d2fa648df5450f1c628b6df`

String Table contents

Avast Antivirus
Avast Antivirus Installer
Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
{08CF729B-3FA8-477D-B80C-42CA25A49937}
avastSfxProgressClass
UA-58120669-3
{08CF729B-3FA8-477D-B80C-42CA25A49938}
Avast Microstub/2.1
iavs9x.u.avast.com
iavs9x.u.avast.com
iavs9x-xp/avast_free_antivirus_setup_online.exe
iavs9x-xp/avast_pro_antivirus_setup_online.exe
iavs9x-xp/avast_internet_security_setup_online.exe
/iavs9x-xp/avast_premier_antivirus_setup_online.exe
iavs9x/avast_free_antivirus_setup_online.exe
/iavs9x/avast_pro_antivirus_setup_online.exe
/iavs9x/avast_internet_security_setup_online.exe
iavs9x/avast_premium_security_setup_online.exe
iavs9x/avast_omni_setup_online.exe
iavs9x/avast_one_essential_setup_online.exe
iavs9x/avast_one_setup_online.exe
iavs9x/avast_free_antivirus_setup_online_x64.exe
/iavs9x/avast_pro_antivirus_setup_online_x64.exe
/iavs9x/avast_internet_security_setup_online_x64.exe
iavs9x/avast_premium_security_setup_online_x64.exe
iavs9x/avast_omni_setup_online_x64.exe
iavs9x/avast_one_essential_setup_online_x64.exe
iavs9x/avast_one_setup_online_x64.exe
avast_free_antivirus_setup_online.exe
avast_pro_antivirus_setup_online.exe
avast_internet_security_setup_online.exe
avast_premium_security_setup_online.exe
avast_business_antivirus_setup_online.exe
avast_business_antivirus_setup_online.exe
avast_omni_setup_online.exe
avast_one_essential_setup_online.exe
avast_one_setup_online.exe
avast_free_antivirus_setup_online_x64.exe
avast_pro_antivirus_setup_online_x64.exe
avast_internet_security_setup_online_x64.exe
avast_premium_security_setup_online_x64.exe
avast_business_antivirus_setup_online_x64.exe
avast_business_antivirus_setup_online_x64.exe
avast_omni_setup_online_x64.exe
avast_one_essential_setup_online_x64.exe
avast_one_setup_online_x64.exe
Avast Free Antivirus
Avast Antivirus Gratuit
Avast Free Antivirus
Avast Free Antivirus
Avast Free Antivirus
Avast One Essential
Avast One Essentiel
Avast One Essential
Avast One Essential
Avast One Essential
Avast One
Ready to install Avast Free Antivirus?
Avast One
Avast Antivirus Gratuit
Avast One
Avast Free Antivirus
Avast One
Avast Free Antivirus
Avast One
Avast Free Antivirus
Ready to install Avast One Essential?
Ready to install Avast One?
Avast One Essentiel
Avast One
Avast One Essential
Avast One
Avast One Essential
Avast One
Avast One Essential
Avast One
Feel free to surf the web or grab a coffee.
We'll let you know when we're done.
Avast Antivirus Gratuit
Avast Free Antivirus
Avast Free Antivirus
Avast Free Antivirus
Feel free to surf the web or grab a coffee.
We'll let you know when we're done.
Feel free to surf the web or grab a coffee.
We'll let you know when we're done.
Avast One Essentiel
Avast One
Avast One Essential
Avast One
Avast One Essential
Avast One
Avast One Essential
Avast One
Install
Cancel
Connect to the internet to install %s
You need an active internet connection to install %s. Please connect to your network and try again.
Avast is being installed. Do not shutdown.
We are sorry but Avast Antivirus cannot run on your computer because your processor does not support SSE2 instruction set.
We are sorry but Avast Antivirus requires at least Windows XP SP3.
We are sorry but there is not enough free space available! Free some space and run the installer again.
We are sorry but there seems to be a problem connecting to Avast servers! Check your Internet connection and run the installer again.
We are sorry but the installer must be run at high integrity level!

Tip: Do not run under built-in Administrator user or use different browser to dowload an installer.
We are sorry but the Avast Antivirus installer cannot run on arm64 devices.

Tip: Check our website if there is a supported version.
Installer
Annuler
Pour installer %s, vous devez vous connecter à Internet
Pour installer %s, vous devez disposer d'une connexion Internet active. Veuillez vous connecter à votre réseau et réessayer.
Avast est en cours d'installation. N'éteignez pas l'ordinateur.
Malheureusement, votre ordinateur ne peut pas exécuter Avast Antivirus car son processeur ne prend pas en charge le jeu d'instructions SSE2.
Malheureusement, Avast Antivirus requiert au moins Windows XP SP3.
Malheureusement, vous n'avez pas assez d'espace libre ! Libérez de l'espace et relancez le programme d'installation.
Il semble y avoir un problème de connexion avec les serveurs d'Avast. Vérifiez votre connexion Internet et relancez le programme d'installation.
Malheureusement, le programme d'installation doit être exécuté à un niveau d'intégrité élevé.

Conseil : Ne pas l'exécuter sous l'utilisateur Administrateur intégré ou utiliser un autre navigateur pour télécharger le programme d'installation.
Nous sommes désolés mais le programme d'installation d'Avast Antivirus ne peut pas fonctionner sur les appareils ARM64.

Astuce : Vérifiez sur notre site web s'il existe une version compatible.
Instalar
Cancelar
Conecte-se à internet para instalar o %s
Você precisa de uma conexão de internet ativa para instalar o %s. Conecte-se à sua rede e tente de novo.
O Avast está sendo instalado. Não desligue.
Infelizmente seu computador não pode executar o Avast Antivirus porque seu processador não é compatível com o conjunto de instruções SSE2.
Lamentamos, mas o Avast Antivirus necessita pelo menos do Windows XP SP3.
Infelizmente não há espaço em disco suficiente! Libere espaço para executar o programa de instalação novamente.
Lamentamos, mas parece que há um problema para conectar os servidores Avast! Verifique sua conexão de internet e execute o programa de instalação novamente.
Lamentamos, mas o programa de instalação deve ser executado em um alto nível de integridade!

Dica: Não o execute sob um usuário Administrador integrado e nem use um navegador diferente para baixar o programa de instalação.
Lamentamos, mas o instalador do Avast Antivirus não pode ser executado em dispositivos arm64.

Dica: Veja se há uma versão compatível em nosso site.
Установить
Отменить
Подключитесь к Интернету, чтобы установить %s
Чтобы установить %s, требуется исправное подключение к Интернету. Подключитесь к своей сети и повторите попытку.
Устанавливается антивирус Avast. Не выключайте систему.
К сожалению, невозможно запустить Avast Antivirus на вашем компьютере, поскольку ваш процессор не поддерживает набор инструкций SSE2.
К сожалению, для работы Avast Antivirus требуется как минимум Windows XP SP3.
К сожалению, недостаточно свободного места! Освободите место и снова запустите установщик.
К сожалению, похоже, возникла проблема с подключением к серверам Avast! Проверьте подключение к Интернету и снова запустите установщик.
К сожалению, установщик нужно запускать с высоким уровнем целостности!

Совет: не запускайте его из встроенной учётной записи администратора или используйте другой браузер для загрузки установщика.
К сожалению, установщик Avast Antivirus не работает на устройствах arm64.

Совет: проверьте на нашем сайте, есть ли поддерживаемая версия.
Instalar
Cancelar
Conéctese a Internet para instalar %s
Necesita una conexión a Internet activa para instalar %s. Por favor, conéctese a su red e inténtelo de nuevo.
Avast se está instalando. No apague.
Lo sentimos, Avast Antivirus no se puede ejecutar en su equipo porque su procesador no es compatible con el conjunto de instrucciones SSE2.
Lo sentimos, Avast Antivirus requiere al menos Windows XP SP3.
Lo sentimos, no queda espacio disponible suficiente. Libere algo de espacio y vuelva a ejecutar el programa de instalación.
Lo sentimos, parece que hay un problema para conectar a los servidores de Avast. Compruebe su conexión a Internet y vuelva a ejecutar el programa de instalación.
Lo sentimos, el programa de instalación debe ejecutarse con nivel de integridad elevado.

Consejo: no lo ejecute bajo el usuario Administrador integrado ni utilice un navegador diferente para descargar el programa de instalación.
Lo sentimos, el programa de instalación de Avast Antivirus no se puede ejecutar en dispositivos arm64.

Consejo: compruebe en nuestro sitio web si existe una versión compatible.

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.1.78.0
ProductVersion	2.1.78.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	AVAST Software
Edition	22
FileDescription	Avast Installer
FileVersion (#2)	2.1.78.0
InternalName	microstub
LegalCopyright	Copyright (c) 2022 AVAST Software
OriginalFilename	microstub.exe
ProductName	Avast
ProductVersion (#2)	2.1.78.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-May-09 17:51:06
Version	`0.0`
SizeofData	`100`
AddressOfRawData	`0x2a9a8`
PointerToRawData	`0x28fa8`
Referenced File	D:\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-May-09 17:51:06
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2aa0c`
PointerToRawData	`0x2900c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-May-09 17:51:06
Version	`0.0`
SizeofData	`1016`
AddressOfRawData	`0x2aa20`
PointerToRawData	`0x29020`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2022-May-09 17:51:06
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x42ae28`
EndAddressOfRawData	`0x42ae30`
AddressOfIndex	`0x42da54`
AddressOfCallbacks	`0x423328`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x42d008`
SEHandlerTable	`0x42a920`
SEHandlerCount	`34`
GuardCFCheckFunctionPointer	`4338416`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x860db1f8`
Unmarked objects	`0`
241 (40116)	`11`
243 (40116)	`126`
242 (40116)	`24`
C objects (VS 2015/2017 runtime 26706)	`18`
ASM objects (VS 2015/2017 runtime 26706)	`21`
C objects (27045)	`2`
C++ objects (VS 2015/2017 runtime 26706)	`48`
Total imports	`210`
Imports (VS2008 SP1 build 30729)	`17`
C++ objects (VS2008 SP1 build 30729)	`1`
C++ objects (27045)	`13`
Resource objects (27045)	`1`
151	`2`
Linker (27045)	`1`