Manalyze report for f3d3866aa26d254170e90d70201f0ed4

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Dec-01 13:53:50
Detected languages	Chinese - PRC
FileVersion	`1.8.4.6`
FileDescription	Windows 服务主进程
ProductName	易语言程序
ProductVersion	`1.8.4.6`
CompanyName	可怜的鸟鸟~~
LegalCopyright	可怜的鸟鸟~~ 版权所有
Comments	Windows 服务主进程

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual Basic v5.0 - v6.0` `MASM/TASM - sig1(h)` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: taskmgr.exe` `May have dropper capabilities: CurrentControlSet\Services CurrentVersion\Run` `Miscellaneous malware strings: BACKDOOR Backdoor EXPLOIT Exploit backdoor exploit`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to DES` `Uses constants related to TEA` `Uses known Diffie-Helman primes`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowA` `Code injection capabilities (PowerLoader): GetWindowLongA FindWindowA` `Can access the registry: RegOpenKeyExA RegSetValueExA RegCreateKeyA RegQueryValueA RegCreateKeyExA RegCloseKey` `Possibly launches other programs: WinExec ShellExecuteA` `Can create temporary files: CreateFileA GetTempPathA` `Uses functions commonly found in keyloggers: GetForegroundWindow CallNextHookEx` `Leverages the raw socket API to access the Internet: #101 #3 #115 #52 #17 #10 #12 #16 #116 #1 #5 #57` `Enumerates local disk drives: GetVolumeInformationA` `Manipulates other processes: OpenProcess Process32First Process32Next` `Can take screenshots: GetDC FindWindowA BitBlt CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 50/68 (Scanned on 2017-12-11 02:05:31)	`MicroWorld-eScan: Trojan.Generic.22698937` `CAT-QuickHeal: Trojan.Generic.2919` `McAfee: Artemis!F3D3866AA26D` `VIPRE: Trojan.Win32.Generic!BT` `K7GW: Trojan ( 00013a151 )` `K7AntiVirus: Trojan ( 00013a151 )` `TrendMicro: TROJ_GEN.R005C0DL217` `Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9879` `F-Prot: W32/S-47c1ea66!Eldorado` `Symantec: Trojan.Gen.6` `TotalDefense: Win32/Oflwr.A!crypt` `TrendMicro-HouseCall: TROJ_GEN.R005C0DL217` `Avast: Win32:Malware-gen` `ClamAV: Win.Trojan.Generic-6260335-1` `GData: Trojan.Generic.22698937` `Kaspersky: not-a-virus:NetTool.Win32.Portscan.lt` `BitDefender: Trojan.Generic.22698937` `NANO-Antivirus: Exploit.Win32.Equation.evsxnb` `AegisLab: Troj.Downloader.W32.FraudLoad.lx2b` `Rising: Trojan.ELang!1.64ED (CLASSIC)` `Ad-Aware: Trojan.Generic.22698937` `Sophos: Mal/Generic-S` `Comodo: Worm.Win32.Dropper.RA` `F-Secure: Trojan:W32/DelfInject.R` `Invincea: heuristic` `McAfee-GW-Edition: BehavesLike.Win32.Generic.tc` `Emsisoft: Trojan.Generic.22698937 (B)` `SentinelOne: static engine - malicious` `Cyren: W32/S-47c1ea66!Eldorado` `Jiangmin: Trojan.Script.acny` `Avira: TR/Eqtonex.DG` `Endgame: malicious (high confidence)` `Arcabit: Trojan.Generic.D15A5BB9` `ZoneAlarm: not-a-virus:NetTool.Win32.Portscan.lt` `Microsoft: Trojan:Win32/Eqtonex.C!dha` `ALYac: Trojan.Generic.22698937` `AVware: Trojan.Win32.Generic!BT` `MAX: malware (ai score=100)` `VBA32: Backdoor.ShadowBrokers` `Cylance: Unsafe` `Panda: Trj/GdSda.A` `ESET-NOD32: a variant of Win32/FlyStudio.OPD` `Tencent: Script.Trojan.Equationdrug.Eegx` `eGambit: Trojan.Generic` `Fortinet: Riskware/Qhost` `AVG: Win32:Malware-gen` `Cybereason: malicious.766345` `Paloalto: generic.ml` `CrowdStrike: malicious_confidence_90% (W)` `Qihoo-360: Win32/Trojan.ad7`

Hashes

MD5	`f3d3866aa26d254170e90d70201f0ed4`
SHA1	`7941c4c766345374c518cfa0a1dfc8d1a6df1134`
SHA256	`d8805817decabe61ea38c20dd6f84649f0813c9c74d24ac15451dd8d4a84991f`
SHA3	`5d005a47c9683ccf64677d23b498dbcd35c2fe64d8df92547f57a1c7f54d44e7`
SSDeep	`196608:zFyDPYoQpfmTIhLmB9Vy6XkFHrOCCd1CeO:ATrsO4LOCL`
Imports Hash	`1240e99caa36b3671cc1674f12492e4a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2017-Dec-01 13:53:50
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x71000`
SizeOfInitializedData	`0x8ef000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00052C70 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x72000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x987000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0ec44bce7e1140f22c732849f765c8bb`
SHA1	`2498b07d1c5435c3aef7c835a56503d7777a2a20`
SHA256	`76f02c436f5835521f81c9019e5c11174727ec3bda11a8d4ab7f3aef8341595d`
SHA3	`399be1d5ddbb2dee2d4a2e477b0be0c6cec54eaeb811e92d23f9fa7e9a67adc1`
VirtualSize	`0x70512`
VirtualAddress	`0x1000`
SizeOfRawData	`0x71000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.54426`

.rdata

MD5	`cd01f5634108089d93e231455dda7665`
SHA1	`8e81d2f87789c4106edfeba41eb85c32eccc65d1`
SHA256	`53ed9c07e70fd517f094dc78912083d417d034a7e1cfb37073fde95cf8db184d`
SHA3	`7d9e5655ba3c3860ca8efe07cbbaef26c13f453ac98041120ba62725f2f51e6b`
VirtualSize	`0x8c8fba`
VirtualAddress	`0x72000`
SizeOfRawData	`0x8c9000`
PointerToRawData	`0x72000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.12304`

.data

MD5	`ac1c95cf5a90706fc35a8003a836dd14`
SHA1	`6a493326487318a3b9e56b2a4ef6159d66a31ff3`
SHA256	`04c82e62aac956f5bc3c919b57b2f66fad2b6c98030820ec04a235ac92678756`
SHA3	`428fd6b7134a3522a1b5aae7dcd32d8c669844dd4d7c7aede74b72194ccf0a30`
VirtualSize	`0x35bea`
VirtualAddress	`0x93b000`
SizeOfRawData	`0x10000`
PointerToRawData	`0x93b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.81552`

.rsrc

MD5	`6445dc1501c321176a619db6ee24ccc6`
SHA1	`69153cd6313bf981803c9bf0f037c3e59e8e6bda`
SHA256	`aa4f48a18d03e9816fa4c4e74dbf52933e23b07e32533244f727e508c81e5808`
SHA3	`b2bde32a62078de7f38cccfbb548ea245f9c845d636290b81a3c2b6aaec01de3`
VirtualSize	`0x1564c`
VirtualAddress	`0x971000`
SizeOfRawData	`0x16000`
PointerToRawData	`0x94b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.38906`

Imports

WINMM.dll	`midiStreamOut` `midiOutPrepareHeader` `waveOutUnprepareHeader` `waveOutPrepareHeader` `waveOutWrite` `waveOutPause` `waveOutReset` `waveOutClose` `waveOutGetNumDevs` `waveOutOpen` `midiOutUnprepareHeader` `midiStreamOpen` `midiStreamStop` `midiOutReset` `midiStreamClose` `midiStreamRestart` `midiStreamProperty`
WS2_32.dll	`#101` `#3` `#115` `#52` `#17` `#10` `#12` `#16` `#116` `#1` `#5` `#57`
KERNEL32.dll	`SetLastError` `GetTimeZoneInformation` `GetVersion` `GetACP` `HeapSize` `RaiseException` `GetLocalTime` `GetSystemTime` `GetStartupInfoA` `GetOEMCP` `GetCPInfo` `GetProcessVersion` `SetErrorMode` `GlobalFlags` `GetCurrentThread` `GetFileTime` `TlsGetValue` `LocalReAlloc` `TlsSetValue` `TlsFree` `GlobalHandle` `TlsAlloc` `LocalAlloc` `lstrcmpA` `GlobalGetAtomNameA` `GlobalAddAtomA` `GlobalFindAtomA` `GlobalDeleteAtom` `lstrcmpiA` `SetEndOfFile` `UnlockFile` `LockFile` `FlushFileBuffers` `DuplicateHandle` `lstrcpynA` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `LocalFree` `InterlockedDecrement` `InterlockedIncrement` `OpenProcess` `TerminateProcess` `GetFileSize` `SetFilePointer` `CreateToolhelp32Snapshot` `Process32First` `Process32Next` `WideCharToMultiByte` `MultiByteToWideChar` `GetCurrentProcess` `GetWindowsDirectoryA` `GetSystemDirectoryA` `CreateSemaphoreA` `ResumeThread` `ReleaseSemaphore` `EnterCriticalSection` `LeaveCriticalSection` `GetProfileStringA` `WriteFile` `ReadFile` `GetLastError` `WaitForMultipleObjects` `CreateFileA` `SetEvent` `FindResourceA` `LoadResource` `LockResource` `RemoveDirectoryA` `GetModuleFileNameA` `GetCurrentThreadId` `ExitProcess` `GlobalSize` `GlobalFree` `DeleteCriticalSection` `InitializeCriticalSection` `lstrcatA` `WinExec` `lstrcpyA` `FindNextFileA` `GlobalReAlloc` `InterlockedExchange` `HeapFree` `HeapReAlloc` `GetProcessHeap` `HeapAlloc` `GetFullPathNameA` `FreeLibrary` `LoadLibraryA` `lstrlenA` `GetVersionExA` `WritePrivateProfileStringA` `CreateThread` `CreateEventA` `Sleep` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `GetTempPathA` `FindFirstFileA` `FindClose` `GetFileAttributesA` `DeleteFileA` `SetCurrentDirectoryA` `GetVolumeInformationA` `GetModuleHandleA` `GetProcAddress` `MulDiv` `GetCommandLineA` `GetTickCount` `WaitForSingleObject` `CloseHandle` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `GetEnvironmentStringsW` `SetHandleCount` `GetStdHandle` `GetFileType` `GetEnvironmentVariableA` `HeapDestroy` `HeapCreate` `VirtualFree` `SetEnvironmentVariableA` `LCMapStringA` `LCMapStringW` `VirtualAlloc` `IsBadWritePtr` `SetUnhandledExceptionFilter` `GetStringTypeA` `GetStringTypeW` `CompareStringA` `CompareStringW` `IsBadReadPtr` `IsBadCodePtr` `SetStdHandle` `RtlUnwind`
USER32.dll	`GetMenu` `SetMenu` `PeekMessageA` `IsIconic` `SetFocus` `GetActiveWindow` `GetWindow` `DestroyAcceleratorTable` `SetWindowRgn` `DefWindowProcA` `GetClassInfoA` `DeleteMenu` `GetSystemMenu` `IsZoomed` `PostQuitMessage` `CopyAcceleratorTableA` `GetKeyState` `TranslateAcceleratorA` `IsWindowEnabled` `ShowWindow` `LoadImageA` `EnumDisplaySettingsA` `ClientToScreen` `EnableMenuItem` `GetSubMenu` `GetDlgCtrlID` `CreateAcceleratorTableA` `CreateMenu` `ModifyMenuA` `AppendMenuA` `CreatePopupMenu` `GetMessagePos` `DrawIconEx` `ChildWindowFromPointEx` `CopyRect` `LoadBitmapA` `WinHelpA` `KillTimer` `SetTimer` `ReleaseCapture` `GetCapture` `SetCapture` `GetScrollRange` `SetScrollRange` `SetScrollPos` `InflateRect` `SetRect` `IntersectRect` `GetSysColorBrush` `DestroyIcon` `PtInRect` `OffsetRect` `IsWindowVisible` `EnableWindow` `RedrawWindow` `GetWindowLongA` `SetWindowLongA` `GetSysColor` `SetActiveWindow` `SetCursorPos` `LoadCursorA` `SetCursor` `GetDC` `FillRect` `IsRectEmpty` `ReleaseDC` `IsChild` `DestroyMenu` `SetForegroundWindow` `GetWindowRect` `EqualRect` `UpdateWindow` `ValidateRect` `InvalidateRect` `GetClientRect` `GetFocus` `GetParent` `GetTopWindow` `PostMessageA` `IsWindow` `SetParent` `DestroyCursor` `SendMessageA` `SetWindowPos` `MessageBoxA` `GetCursorPos` `GetSystemMetrics` `EmptyClipboard` `SetClipboardData` `OpenClipboard` `GetClipboardData` `CloseClipboard` `wsprintfA` `CreateIconFromResource` `CreateIconFromResourceEx` `RegisterClipboardFormatA` `SetRectEmpty` `DispatchMessageA` `GetMessageA` `WindowFromPoint` `DrawEdge` `DrawFrameControl` `LoadIconA` `TranslateMessage` `SystemParametersInfoA` `GetForegroundWindow` `GetDesktopWindow` `GetClassNameA` `GetWindowThreadProcessId` `FindWindowA` `GetDlgItem` `GetWindowTextA` `ScreenToClient` `UnregisterClassA` `DrawFocusRect` `GetWindowTextLengthA` `CharUpperA` `GetWindowDC` `BeginPaint` `EndPaint` `TabbedTextOutA` `DrawTextA` `GrayStringA` `DestroyWindow` `CreateDialogIndirectParamA` `EndDialog` `GetNextDlgTabItem` `GetWindowPlacement` `RegisterWindowMessageA` `GetLastActivePopup` `GetMessageTime` `RemovePropA` `CallWindowProcA` `GetPropA` `UnhookWindowsHookEx` `SetPropA` `GetClassLongA` `CallNextHookEx` `SetWindowsHookExA` `CreateWindowExA` `GetMenuItemID` `GetMenuItemCount` `RegisterClassA` `GetScrollPos` `AdjustWindowRectEx` `MapWindowPoints` `SendDlgItemMessageA` `ScrollWindowEx` `IsDialogMessageA` `SetWindowTextA` `MoveWindow` `CheckMenuItem` `SetMenuItemBitmaps` `GetMenuState` `GetMenuCheckMarkDimensions` `LoadStringA`
GDI32.dll	`Escape` `ExtTextOutA` `TextOutA` `RectVisible` `PtVisible` `GetViewportExtEx` `ExtSelectClipRgn` `CreateSolidBrush` `GetStockObject` `CreateFontIndirectA` `EndPage` `EndDoc` `DeleteDC` `StartDocA` `StartPage` `BitBlt` `CreateCompatibleDC` `Ellipse` `Rectangle` `LPtoDP` `DPtoLP` `GetTextMetricsA` `RoundRect` `GetTextExtentPoint32A` `GetDeviceCaps` `CreateRectRgnIndirect` `SetBkColor` `LineTo` `MoveToEx` `ExcludeClipRect` `GetClipBox` `ScaleWindowExtEx` `SetWindowExtEx` `CombineRgn` `CreateRectRgn` `FillRgn` `PatBlt` `CreatePen` `GetObjectA` `SelectObject` `CreateBitmap` `CreateDCA` `CreateCompatibleBitmap` `GetPolyFillMode` `GetStretchBltMode` `GetROP2` `GetBkColor` `GetBkMode` `GetTextColor` `CreateRoundRectRgn` `CreateEllipticRgn` `PathToRegion` `EndPath` `BeginPath` `GetWindowOrgEx` `GetViewportOrgEx` `GetWindowExtEx` `GetDIBits` `SetWindowOrgEx` `ScaleViewportExtEx` `SetViewportExtEx` `OffsetViewportOrgEx` `SetViewportOrgEx` `SetMapMode` `SetTextColor` `RealizePalette` `SelectPalette` `StretchBlt` `CreatePalette` `GetSystemPaletteEntries` `CreateDIBitmap` `DeleteObject` `SelectClipRgn` `CreatePolygonRgn` `GetCurrentObject` `GetClipRgn` `SetROP2` `SetPolyFillMode` `SetBkMode` `RestoreDC` `SaveDC` `SetStretchBltMode`
WINSPOOL.DRV	`OpenPrinterA` `DocumentPropertiesA` `ClosePrinter`
ADVAPI32.dll	`RegOpenKeyExA` `RegSetValueExA` `RegCreateKeyA` `RegQueryValueA` `RegCreateKeyExA` `RegCloseKey`
SHELL32.dll	`SHGetSpecialFolderPathA` `ShellExecuteA` `Shell_NotifyIconA`
ole32.dll	`CLSIDFromString` `OleUninitialize` `OleInitialize`
OLEAUT32.dll	`#161` `#163` `#186`
COMCTL32.dll	`#17` `ImageList_Destroy`
comdlg32.dll	`ChooseColorA` `GetFileTitleA` `GetSaveFileNameA` `GetOpenFileNameA`

Delayed Imports

1

Type	`TEXTINCLUDE`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0958`
MD5	`0174b80aba6359d1011cd22b880f1a72`
SHA1	`9be77da1b2e1d6f4c0c77630334cf0f2a5a17ce6`
SHA256	`7791d56b6792eb1836f2e46ea02d208ffb1343ae922d6c696ad04de2e2c09441`
SHA3	`63aab311030110ae8c92e8229c5b4b6e6d796612f10c3fcfb448b681b4b3577a`

2

Type	`TEXTINCLUDE`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x16`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.27761`
MD5	`983c1066b8da83907ccb829dc9c725e6`
SHA1	`e5e00901ed07ee44b324ec54a39dbc7f998d1872`
SHA256	`4b345f7ee4c62582d946797d37a7dd8498af15f4afda496999d1ac54c108714a`
SHA3	`9e6e95da2a15de691b8d8369e4c0d15e125f5ec30cad35137ef9d61533b893a1`

3

Type	`TEXTINCLUDE`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x151`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.2478`
MD5	`2ed134514e374e40a710bd61d5190a86`
SHA1	`60ffcba570e819f041c84d7f1f2c0624daeada18`
SHA256	`6b993c9dc325863302d0ea34e4287822286f7fdf8e023320b9a520b5c9dcfa47`
SHA3	`b81bcaa3dc85c917820ef48bd60ee97d74a58b23c9d9d54b91e34e4fd097929b`

1 (#2)

Type	`RT_CURSOR`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16959`
MD5	`dd516f96a352053618af66614c7ee23d`
SHA1	`ac9f852776d2a94c6676a83d55b52d8ae4f6e75f`
SHA256	`d27dd42f6f0db9536d3d59a42c61f4049f73c3373c00afa0554e3e7f85f9a92b`
SHA3	`c5e1a2860e8ca5ce99813b88a1e892ac55347b029506db40f0918be4a6550267`

2 (#2)

Type	`RT_CURSOR`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.61097`
MD5	`5e4306d342f15693f982320008298649`
SHA1	`2f48a547a1427833013f1ccc5d3119ab36c1cb11`
SHA256	`ba8a8cf5ecd16690d37ba7f41f107973656c617488a880538e1e33821929d3a3`
SHA3	`59e7368ccafa1b3b925e68b2a015f7d8153e999ed3daaec8d48008e2f70c984a`

3 (#2)

Type	`RT_CURSOR`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.02695`
MD5	`cab67e9ca149fb79ab4473998412b951`
SHA1	`2e793d35537bfb5d3f042ed0626d3b119d50519a`
SHA256	`fbeb3be87e80cb8e1d2af3d8140796c1bb80c6c7056f60897088ff9e355c3867`
SHA3	`0e72f5537421764effb2ed98e536358bb7e86eed7b0936e606e8d45559685684`

4

Type	`RT_CURSOR`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74274`
MD5	`9fa8a914823ac7e5370652146901f4f1`
SHA1	`eb3224109abb341b6e464d2606fdbed1a7160bc6`
SHA256	`f64ccc0582bc7c66af8b40049e485e8e241335261ec95ace909293ba50b2e4a3`
SHA3	`bb348af06514e27cd1fa21ad524dfd037edcd3b36ef4cc6ab24c4a8ec38995ff`

IEXT_IDB_STATEIMAGES

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x16c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01326`
MD5	`ded443f27639a176aaa4704438ec7e61`
SHA1	`d801573f4096cc54b22d6d1b7bdd105c9c75b877`
SHA256	`dfa96714879957a8228ff002d6330d5e72dc5fba242058435e17aba60ec87650`
SHA3	`55f782b0c7f52b52a89c67f4971fb8a7a4047f29a3f29bdc99ccc10d41435427`
Preview

1031

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x248`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.67246`
MD5	`4e68d48e0b5c427c7ab78cf473741530`
SHA1	`f1594c91aaddbea1e6f65d387f9bae32a1bc564c`
SHA256	`040a6280de380f6dfcf9335e7789c109fe6dca63b7875dfdf53b94e58444bc35`
SHA3	`1529b7b296eeadc4916f4556fe8f26a7af91b48effab377d02847269405bc4cc`
Preview

1038

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23563`
MD5	`4f5d3abeaf37aa12daf334577d763cf8`
SHA1	`e9eab315798bb74fc12b0950011265e0e994876e`
SHA256	`5df58f862fdad1191048c43102b19d2f0a2a072dca2d4a15e0ff410cff74d1e3`
SHA3	`2ad2879352c2e7e50fc772d46bc3a50999e43ed35d478082527c0b5a0b3b6a36`
Preview

1138

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06778`
MD5	`801d95f64abdf551c76057465d9855ba`
SHA1	`187cd89b980aa8bd7d67a0b56a95f48a3ffc08d5`
SHA256	`f8608530637848da94fd3bcd6080ea29d165c5d6aa96bb8d7244175652d44e7d`
SHA3	`c42e3989ce955d83fe60e08d28c83f4df3aa94af382f5f96a068f7948b80cf4d`
Preview

1139

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06778`
MD5	`cc4c8954ba21f7265d2e34af683822a7`
SHA1	`0cd5b70d6a36690e6b359917716ad20aaaeb1142`
SHA256	`0e0636237e784b7fdf6ee15903dd33ad0eac7f6de2411dc47de7426f61af573d`
SHA3	`7735bf1c6013300bb12ea4551b06952fc0289eff58ca65ee4cf0d686dbc0aded`
Preview

1140

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.82327`
MD5	`3fdb32df423939b6be9ef7ea2edc82de`
SHA1	`024376a1fe6db7d3f624a2e104b9281654682d23`
SHA256	`52b0d8794067fbb5b88c73f5875d3347d586fc6e92a79155d5f687c01afcdd2a`
SHA3	`592da405c94eaed47c9b7c84eec9728d98802a544cc0049b79e7de475ea29abe`
Preview

1141

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.87572`
MD5	`4fae4fdd7257306abf84838c723f521b`
SHA1	`76d5338f7be0ae0c5d479fa27f064858a35d4e7d`
SHA256	`f5214c0bb68205062476dae1ae48c7aac9b1a7b06af025247cdf1610a8b739b0`
SHA3	`d77023013488df3c8bdd13907dfd2a5775e5fded4b525514de4453fc2678d763`
Preview

1142

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7844`
MD5	`aa147e1a1b27e664ee25ba1b761eb97d`
SHA1	`56ee86aa9618a346803983cfab333a1bb81ebe36`
SHA256	`bb87a47da4781dac354f71427b0461f8a4234e4c18cc9a167cb54960c5ebb742`
SHA3	`d34d69d3d4c123206aae799fd1cbd17ea22f3d4fa1021d00e9b7e3f3f14da6a5`
Preview

1143

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.57855`
MD5	`d2d7419aa33ed86048015fbfe27359a4`
SHA1	`3b8b10ecb2068f21a9fc466a69164c28ae7a1571`
SHA256	`00b25fcbf267a0945d6fe3612dbdbad6640d1c99a9cb443f06d016bd44f51eab`
SHA3	`1c5f91189689ddb079d8274281229a45737f716b4253912ba94265c44abececb`
Preview

1144

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.53371`
MD5	`a06c1fd9091b6f3ccba80f3dcdabf19e`
SHA1	`21a3a87f764727c69c85728346b1d05d97869807`
SHA256	`5b7335372b1be5486f289d5e7ee01155c1d7fb8df76d8495bf15b7cee3f94585`
SHA3	`048b0c8d2d44b34fea51e6ff4e2ae4f5c73b5f7c1211741cdc4fe6796000ad22`
Preview

1145

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.41101`
MD5	`d9851b0845656cb1b1f5c586547b83bf`
SHA1	`fbcf280c7ec369d349b10d31ecbf261758e1ef14`
SHA256	`a6b89465e793bf0f0001f27440617590039a7fb34a16bcb551ce4b10b49eb7db`
SHA3	`7472827cfb2a9b2f7537971c617d231e75e471c3502299bde2184d23f55d22f3`
Preview

26567

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x5e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.09838`
MD5	`055505a1940f27993d40e136bc915615`
SHA1	`f6223d2c97df05fa6b6ca54b47c92438777eae79`
SHA256	`a9bb58f43df34b3dc05b79015210b5a1ca84f8ff97555cf7344ef8bb662e1a6d`
SHA3	`cf77404babde2509159cac5542bdbc409a869e1633222f15e62ccb39bb8ad59b`
Preview

30994

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.23666`
MD5	`8cf65be17e506ff24c2177078f88b56e`
SHA1	`3e397dc7597caeb844df0ea760b64231c8ce3dbf`
SHA256	`e7c0005285d1ab59732d5f99f77a9bdd6342b01cf44437ebd7a07611a227e272`
SHA3	`7da4c7aab356574679f0f9107740f01647864c846c04f699deef67577fd6aded`
Preview

30995

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x16c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.20022`
MD5	`a2153b6134d93fd17964b36be4821db4`
SHA1	`43d43980d7e6c1f080cc3eca82d84dc2ab8241b1`
SHA256	`4406c7739acdebe7be0510fb2cf7043ebec1f3dfd4fd876e1b6d0eb29fa79a14`
SHA3	`c6bfd5b740368d3cc00322a1d1ed6905cefec2b5a411b2100444a37e72f79fe6`
Preview

30996

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87621`
MD5	`5a9c81cdbf480cf01daa71ba0e233c5f`
SHA1	`28e04c01584654e1974347d1baa462b2784e9c47`
SHA256	`abdf36bde89a26349f5741c17c235dacea88d441d8662ba16a598dc50c3c4864`
SHA3	`99dec83590ac444359a5a6f8924dae5615d93f4df527e10a8a61319ce3a5beaf`
Preview

1 (#3)

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.12749`
MD5	`0cb42696bae18798cb7086367e1c8648`
SHA1	`c8c1ea6ee6ae4285986c9ef7e3df213a32d76150`
SHA256	`c70bbabb35024b71265ad0cbc6b6553146b8417e6469c7031b292f87ac7f027c`
SHA3	`6f2d62a1fa986d2ef581c9c32b9e13c28f1689842f0bb999dd64e6ad58ac8fd3`

2 (#3)

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.18858`
MD5	`f7689df1f1046fd3a9329c2bed028a7a`
SHA1	`5c81380f4db520c34783768d528a1223ccc10298`
SHA256	`bfd6b9443d835d48f4872879c901fd73a9cb1dcd85ceb44ab769410cf282b756`
SHA3	`d8707398afb787b830b3e9fdd416041d648fd4ba2e0988a16906f692a85b7dc1`

3 (#3)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.03558`
MD5	`6c916ebaa89749a0b8339761ad70067a`
SHA1	`6aa9e737e72faaa2219e271d03941803359eaff4`
SHA256	`26148d9e4d2a771b36d612720ff329ed4fc3dd529e7cc3b70b4018290551539d`
SHA3	`b880bbd365b248e0807eb45280f90680cb1d0f14d49fc81b06c99902c70b9fc5`

127

Type	`RT_MENU`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.4183`
MD5	`c01d4cd5bb1b57b835a1c2fba8e21e69`
SHA1	`be4bef44f1fce0552bee077b50211ebc04a5a777`
SHA256	`7dd1a3835eca622418f5fc87a53d3404b2b4766b8c0df00ee59ba679b35c70bc`
SHA3	`d1a9883d25af151238872bedfae8daade1eab0dcf9a4d516d8a000faab836a63`

1039

Type	`RT_MENU`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x284`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.27721`
MD5	`c8422eaddf07a9bee95c726c8426fcfc`
SHA1	`33056ecf914eebbd3029f658c22447e516747d4e`
SHA256	`7a7d7c4216cc704f4d47ea69d74851dab873624e47a6d40190e1a239db35715d`
SHA3	`c31c82b719ad6e62f6fc0e06e5fb0f61c126b8588ece4ee358543fe710229aeb`

150

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x98`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06278`
MD5	`44526224da99d6c18599dd024d03690c`
SHA1	`1ee6fbfe9206aaa8d4f0e3c00a79203d6832067b`
SHA256	`512c93356c834770fca27fb18e6271ede046e5679587c3448ef9be8fec2e3bba`
SHA3	`24a7af9dc861ffdfe9f1231bfd9c8b7a831cca871e5a2ddf8607965b46fcdbba`

286

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x17a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5561`
MD5	`7680df3f58cc47c46b99d84b10112194`
SHA1	`f4fe13962765e8c117f19f0e6bf01d64b0a23420`
SHA256	`2dc26197331d3f1e46b99f0fe7cc2e6868d25b655f12e960f57bd7e1056cb06c`
SHA3	`5ed31f740eb95cbef0eba3a691239cd02b9a4e3428bc1155ed660425320189e2`

554

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xfa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.78697`
MD5	`da7ba785cdcd261b11c0eb9e21645e33`
SHA1	`7e1d6e23f5ebd67f14e08b1435d8f0ef03c7ca97`
SHA256	`b9f9f75f7931892d9db0418d496c7d5845b7710ecffe2117250d99d61da59fd3`
SHA3	`5e23ddfcc02b150d79a0f5e731d5cd584648dbd3a857934ea42ea98dbe5ea4d4`

1037

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45041`
MD5	`4b9b12aa24c41c52fe6e59c420fe8708`
SHA1	`339dcf23d4e8361fc78919cb2a00f89353277a70`
SHA256	`d2c7f254d83c3122744bc35895a946a2e3c9f0c9545ccae2289fe10a8a214a1b`
SHA3	`3d9023d40c905b660f421967e6b40b087bd2d9c7f11f7042889d7c99f62bea2f`

1084

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x8ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.18397`
MD5	`3b69402c70fa480ec16568dd6b708e13`
SHA1	`e94831a62793cd4588263af60de9a78ffcf4eb8f`
SHA256	`09dd636320023e367b16b8992bdc09803f50eae040b33ab29df1d33e425568e1`
SHA3	`47aadf425b780072ffe63df8f37ab4465de00054aecd2c0f20c3acd844c82bae`

1124

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xb2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51845`
MD5	`26c2bcd4e5333a75a1408c4e59711022`
SHA1	`c7fdff5b229cdf7882e81300285081b469d80755`
SHA256	`096a66c479bf64312d10d27270bf793aca7e14a0a731ea8af8b2eaaa91114117`
SHA3	`a39b0d306ee4cd54d1854deadadbfd63440982b3e6037fdd8022e595a73fe519`

1134

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xcc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.73942`
MD5	`be90a3c4f4988eaa4f1498ba66e25c8c`
SHA1	`95ab8be47f1c29af2ccebccd4f0b98322012f4bd`
SHA256	`5bdbd189b596b2b6658d2e7d0e7e9bb203ca7749da598f0343abcd2cd0e7a1e6`
SHA3	`38b0804ccdf19b3a754ee8aa96f33333b2a6438318d18a7b48e49ae26d6059ed`

1150

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xb2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45225`
MD5	`5228e05f53b7eee70cdae8bfe4e116b7`
SHA1	`59952cfa6cf756626c57c641c85f752ea8997d80`
SHA256	`963d2d391d6ba60a6ac73c0041d23a862046afd9c446f4112b90ae290839a806`
SHA3	`258d162737232b01a90bfb86fb3de0d4cd3a935bb3e2f8a2a55d721037cf573d`

30721

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xe2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38941`
MD5	`085d5f15dba87cc77a4cad2d555d6c8c`
SHA1	`5299e0b15c862d118bed43251fd6ebde8d9f824d`
SHA256	`95681f43fb8cf9ff17d7a15cb0c12d9cb2b92282097283ec7388b18fe5d32f11`
SHA3	`c2751bef9db649f88eb88b6437728cbb74df17704c17242f5ebd14d96e6ee4aa`

30722

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x18c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74445`
MD5	`ccf1e3cf6acded3c2c63ee305170de36`
SHA1	`c2b9c6b8fe4980da2513c20e85f2b8d78c9b1afc`
SHA256	`d20fbeb2fa69c10f2516fc4f545597734464e68bf7388c2c3325343be22f25ca`
SHA3	`8a595d24997078113f7b966fce4dd7b3b0d5bf4f068341973b55389fbb8cb566`

3841

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.68399`
MD5	`27e992d5cd65b0ca3d129106cc1e542b`
SHA1	`f38d0d22b7abdb0dc389790027f8baa65342c931`
SHA256	`8b568f62cc221d621d3c624e7363d59c4bf36a72bda8e147eda5374c232a41a5`
SHA3	`7c0b2073f7d8639e08933edd26259d17c657a3a8bd10c220b28dc36bf991db1a`

3842

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.37932`
MD5	`da86a7575ac8286809dd9481ec498fd8`
SHA1	`603b9d5525180b1dd7f12747c6686548abc3eb32`
SHA256	`0b985f127b9074f92daf51979d1228e8d0657682ed064beed98015d6775e51d0`
SHA3	`dfe329fb5f9e5b8c99125d3a6e59c3b7c9d3f58ceb00eddf3a2efe5c901decd8`

3843

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x78`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07447`
MD5	`7c859626451a41d43bdb6e834b14377f`
SHA1	`da7c436fc04f4634e78d0e082ec2bd58df0d834f`
SHA256	`302aebc37216997e819a40d01fcf7bb9e167086ada2ebb0dd0e66ddfd01214b5`
SHA3	`579bfffbce971576d9259f238c3ba65c7dddab341ad697b96f24febf131b6a0c`

3857

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x1c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.10651`
MD5	`ae6a056cefffe26b23eac60d04989987`
SHA1	`647f69e40048510c7bc2a85c56c31d3c5c93520e`
SHA256	`de0534ff3bbef338455e8429094952e27f2d32d55251eb0d06ff038a0712847a`
SHA3	`011f50fe2cdebe31e0f64c965e4764d31c9e8b301d36c77187675702c95eae4c`

3858

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x12a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07121`
MD5	`7b9eb7d6204e8b40c165056d4f913aaa`
SHA1	`d6f0d252ab0d8a61a3b3bfa8d1d8f15b6b5980b4`
SHA256	`2ffbc578d90a3e38bdad4ec77d3af58a8658d50525c0181d367ecca3caa90343`
SHA3	`cfec62ae95d5501d7215671ed599e2836a1a68da564e36d75cec7714c40f0ffa`

3859

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x146`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.85681`
MD5	`8f0987ae2b73f266a0e1c3a542c98605`
SHA1	`5f255288183c4540cd3d17e77610727cc0abfec7`
SHA256	`d3d61705e766fd9a7fa182de39d008036d5806197e5f94069fb9639b7f8b3a7e`
SHA3	`b5960118e4788f9f9cfb34c06b009dcfb5aefd17cf426a2f83e57e021cf04bbd`

3865

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x40`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16865`
MD5	`4231654bdf85b678bb14449fdbfc7551`
SHA1	`52a66153e54242d310b717fe2ceb53985355fc63`
SHA256	`bd48ebe7d5151a7972cf4ef7398aa32197c09c043018152b275e194079e6cb36`
SHA3	`62e4d63095a5b69fbf08e4210c0c7595bbd3d9fd7762ff6ad7d68f6c43e9d3ce`

3866

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x64`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.15663`
MD5	`161e87eb73081d55a22eca8a7599cec9`
SHA1	`cbf8b9f13b16195df9f6f5fafebad37512189db1`
SHA256	`90acf703f238b79f43ed45dd995adb3a9aed92a4e2898a542960390a79986247`
SHA3	`86b3a428d12470b7143b3824c56db5fb856b417f42c299561be4c6307a73612c`

3867

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x1d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.71189`
MD5	`ffb2c960432dbc57036b37f0dc4f1801`
SHA1	`f4fc7c61b2081e62cd7dc0aa0bc87c6d9c4ae4fb`
SHA256	`4bcda3f9066ac6438067470cc7619e93d205234c739e6def0fd9b1c17d8da3e8`
SHA3	`9de813c33aad1aa2a1de01e596223e4a72af5427e781f518052a0e8c558ad1e6`

3868

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x114`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.40365`
MD5	`2d219af23f43c40235ddae8924570225`
SHA1	`3d5261d86f26957dedb0ec73ceece9ebee2321d4`
SHA256	`7f3e8f1e71164263cf0ea5b7483a0c96fb880d008edbf7f5fc8452b41d72cd74`
SHA3	`6e37f0ee58bc4fd6a882903d21d1c60f24396c49917488eb23b51c51012811b6`

3869

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x24`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.903812`
MD5	`3aeb0d04983923c5f3db08ff872ea9ea`
SHA1	`4464d409df76c913c59f2763bb0deb0eb2306e2b`
SHA256	`ae61f0cc506d48077e2c1df743ade849ee40e74ea228514f109782c78f402283`
SHA3	`98082029421f0596d00e3ce7c9599250fbb32c8ed767a6e8d132aeb329f4c377`

1032

Type	`RT_GROUP_CURSOR`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Cursor file
MD5	`aff0f5e372bd49ceb9f615b9a04c97df`
SHA1	`e3205724d7ee695f027ab5ea8d8e1a453aaad0dd`
SHA256	`b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c`
SHA3	`9cb042121a5269b80d18c3c5a94c0e453890686aedade960097752377dfa9712`
Preview

1033

Type	`RT_GROUP_CURSOR`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83876`
Detected Filetype	Cursor file
MD5	`a2baa01ccdea3190e4998a54dbc202a4`
SHA1	`e8217df98038141ab4e449cb979b1c3bbea12da3`
SHA256	`c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710`
SHA3	`8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc`
Preview

30977

Type	`RT_GROUP_CURSOR`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.25451`
Detected Filetype	Cursor file
MD5	`ab177b955c2f330b053b1fe0a5618dc6`
SHA1	`4195f1dd0f34a982c8e5c95ac43412cec1462715`
SHA256	`58531242c8bcc3c5858701ac8b7e50aa34a2fcedaad81ce5dc0aa99effb79a7d`
SHA3	`576c511275899104d47c90f4087757f5ed8cac33415255dd0e5b773058c61461`
Preview

DEFAULT_ICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`44dacdfcd4d74597aaba3723b44b316f`
SHA1	`bdb1c3619cfecac8eb58a135520a87d28492f34b`
SHA256	`c5ed0d15770e8cd7fb0d5796315496756f297460843dab62de0bea7c3cfea703`
SHA3	`267d218406fa9c7d687a86095c56afecc35257542ab3b1ad4debd279b04478a2`

1151

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

1152

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`7a9605cb416b1a091d889b9d9f37ec66`
SHA1	`866c01641d672b6cd69901c1e055f174f47b35bb`
SHA256	`6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164`
SHA3	`af43e622bf6c842d1ada2985f8e68920ff7b22d8a0b1a12871968c23b5065651`

1 (#4)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x254`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.80259`
MD5	`c6b04666dc5da80751f811738999e301`
SHA1	`e4d49702864647316c88aa08960ea4ef5c44ad01`
SHA256	`5ab1b4e1cee06c6b3b6278dedaf16d06794923de1037dfb28a3e43d1687c5bd6`
SHA3	`15b3497c0dabfc2f4508ca308dcca475d2ff186279fff0d2a36b3e21ab982488`

String Table contents

打开
保存为
所有文件 (.)
无标题
一未命名文件
隐藏(&H)
得不到出错信息。
试图执行系统不支持的操作。
必需的资源无法得到。
内存不足。
出现了未知的错误
无效的文件名。
打开文档失败。
保存文档失败。
将改动保存到 %1？
建立空文档失败。
该文件太大，无法打开。
无法启动打印作业。
启动帮助失败。
内部应用程序出错。
命令失败。
没有足够的内存执行操作。
系统注册项已被移除并且相应的 INI 文件（假如存在）也被删除。
不是所有的系统注册项（或 INI 文件）都被移除。
在系统中没有找到此程序需要的文件%s。
此程序连接到文件 %s 中丢失的输出 %s 。此机器可能有一个 %s 不兼容的版本。
请键入一个整数。
请键入一个数。
“请填入一个在%1和%2之间的整数。”
“请填入一个在%1和%2之间的数字。”
“请填入不多于%1个的字符。”
请选择一个按钮。
“请填入一个在0和255之间的整数。”
“请填入一个正整数。”
“请填入一个日期和/或时间值。”
“请填入一个货币值。”
非预期的文件格式。
无法找到该文件。
请验证给出的路径和文件名是否正确。
目的磁盘驱动器已满。
无法对 %1 进行读操作，它已经被其他人打开。
无法对 %1 进行写操作，因为它是只读文件或已经被其他人打开。
在对 %1 进行读操作时发生了一个非预期的错误。
在对 %1 进行写操作时发生了一个非预期的错误。
无法读只写特性。
无法写只读特性。
无法装入邮件系统支援。
邮件系统 DLL 无效。
传递邮件未能传递信息。
无错误发生。
在对 %1 进行访问时发生了一个不明错误。
没有找到 %1。
%1 中包含无效的路径。
无法打开 %1 因为太多文件已被打开。
对 %1 的存取被拒绝。
一个无效的文件柄与 %1 相关联。
无法删除 %1 因为它是当前目录。
该目录已满，无法创建 %1。
对 %1 进行查找失败。
在存取 %1 时一个硬件输入/输出错误被报告。
在存取 %1 时发生共享违例。
在存取 %1 时发生锁违例。
在存取 %1 时磁盘已满。
试图越过其尾端对 %1 进行读写。
无错误发生。
在对 %1 进行访问时发生了一个不明错误。
试图在对 %1 进行读操作的同时对其进行写操作。
试图越过其尾端对 %1 进行读写。
试图在对 %1 进行写操作的同时对其进行读操作。
%1 格式错。
%1 含有非预期的对象。
%1 包含错误的模式。
象素

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	1.8.4.6
ProductVersion	1.8.4.6
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Chinese - PRC
FileVersion (#2)	1.8.4.6
FileDescription	Windows 服务主进程
ProductName	易语言程序
ProductVersion (#2)	1.8.4.6
CompanyName	可怜的鸟鸟~~
LegalCopyright	可怜的鸟鸟~~ 版权所有
Comments	Windows 服务主进程

Resource LangID	Chinese - PRC

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x6d9323a`
Unmarked objects	`0`
12 (7291)	`5`
C++ objects (8047)	`9`
C objects (8047)	`6`
14 (7299)	`44`
19 (8022)	`44`
19 (8034)	`24`
Total imports	`669`
Imports (2179)	`3`
C objects (VS98 SP6 build 8804)	`210`
C++ objects (VS98 SP6 build 8804)	`112`
C++ objects (VS98 build 8168)	`74`
Unmarked objects (#2)	`48`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

f3d3866aa26d254170e90d70201f0ed4

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

2

3

1 (#2)

2 (#2)

3 (#2)

4

IEXT_IDB_STATEIMAGES

1031

1038

1138

1139

1140

1141

1142

1143

1144

1145

26567

30994

30995

30996

1 (#3)

2 (#3)

3 (#3)

127

1039

150

286

554

1037

1084

1124

1134

1150

30721

30722

3841

3842

3843

3857

3858

3859

3865

3866

3867

3868

3869

1032

1033

30977

DEFAULT_ICON

1151

1152

1 (#4)

String Table contents

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors