[{"_id":{"$oid":"69184e000999409cf96ec559"},"Summary":{"Architecture":"IMAGE_FILE_MACHINE_I386","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","Compilation_Date":"2025-Nov-08 09:48:44","Detected_Languages":{"Language":"English","Country":"United States"},"Debug_Artifacts":"C:\\Users\\lengo\\Desktop\\Spamming Work\\Duy\\PyApp\\workplace\\curl\\Dll1\\Release\\Dll1.pdb"},"DOS Header":{"e_magic":"MZ","e_cblp":"0x0090","e_cp":"0x0003","e_crlc":"0x0000","e_cparhdr":"0x0004","e_minalloc":"0x0000","e_maxalloc":"0xFFFF","e_ss":"0x0000","e_sp":"0x00B8","e_csum":"0x0000","e_ip":"0x0000","e_cs":"0x0000","e_ovno":"0x0000","e_oemid":"0x0000","e_oeminfo":"0x0000","e_lfanew":"0x00000110"},"PE Header":{"Signature":"PE","Machine":"IMAGE_FILE_MACHINE_I386","NumberofSections":5,"TimeDateStamp":"2025-Nov-08 09:48:44","PointerToSymbolTable":0,"NumberOfSymbols":0,"SizeOfOptionalHeader":224,"Characteristics":["IMAGE_FILE_32BIT_MACHINE","IMAGE_FILE_DLL","IMAGE_FILE_EXECUTABLE_IMAGE"]},"Image Optional Header":{"Magic":"PE32","LinkerVersion":"14.0","SizeOfCode":"0x00006E00","SizeOfInitializedData":"0x00005E00","SizeOfUninitializedData":"0x00000000","AddressOfEntryPoint":"0x00006EAF (Section: .text)","BaseOfCode":"0x00001000","BaseOfData":"0x00008000","ImageBase":"0x10000000","SectionAlignment":"0x00001000","FileAlignment":"0x00000200","OperatingSystemVersion":"6.0","ImageVersion":"0.0","SubsystemVersion":"6.0","Win32VersionValue":"0","SizeOfImage":"0x00010000","SizeOfHeaders":"0x00000400","Checksum":"0x00000000","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","DllCharacteristics":"IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE IMAGE_DLLCHARACTERISTICS_NX_COMPAT","SizeofStackReserve":"0x00100000","SizeofStackCommit":"0x00001000","SizeofHeapReserve":"0x00100000","SizeofHeapCommit":"0x00001000","LoaderFlags":"0x00000000","NumberOfRvaAndSizes":"16"},"Sections":{"Sections":{"Section1":{"Name":".text","VirtualSize":"0x00006C92","VirtualAddress":"0x00001000","SizeOfRawData":"0x00006E00","PointerToRawData":"0x00000400","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"Entropy":6.38822},"Section2":{"Name":".rdata","VirtualSize":"0x00004B34","VirtualAddress":"0x00008000","SizeOfRawData":"0x00004C00","PointerToRawData":"0x00007200","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"Entropy":5.27572},"Section3":{"Name":".data","VirtualSize":"0x00000730","VirtualAddress":"0x0000D000","SizeOfRawData":"0x00000400","PointerToRawData":"0x0000BE00","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"],"Entropy":4.04237},"Section4":{"Name":".rsrc","VirtualSize":"0x000000F8","VirtualAddress":"0x0000E000","SizeOfRawData":"0x00000200","PointerToRawData":"0x0000C200","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"Entropy":2.51196},"Section5":{"Name":".reloc","VirtualSize":"0x0000060C","VirtualAddress":"0x0000F000","SizeOfRawData":"0x00000800","PointerToRawData":"0x0000C400","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_DISCARDABLE","IMAGE_SCN_MEM_READ"],"Entropy":5.58572}}},"Imports":{"KERNEL32.dll":["CreateDirectoryW","WriteFile","TerminateProcess","GetModuleFileNameW","WaitForSingleObject","CreateFileW","GetFileAttributesW","Sleep","CloseHandle","CreateProcessW","GetExitCodeProcess","UnhandledExceptionFilter","IsDebuggerPresent","InitializeSListHead","GetSystemTimeAsFileTime","GetCurrentThreadId","GetCurrentProcessId","QueryPerformanceCounter","GetCurrentProcess","SetUnhandledExceptionFilter","IsProcessorFeaturePresent"],"SHELL32.dll":["SHFileOperationW","ShellExecuteExW"],"ole32.dll":["CoCreateInstance","CoInitialize","CoUninitialize"],"OLEAUT32.dll":["VariantInit","SysFreeString","SysAllocString","VariantClear"],"MSVCP140.dll":["??1_Lockit@std@@QAE@XZ","??0_Lockit@std@@QAE@H@Z","?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ","?_Id_cnt@id@locale@std@@0HA","?_Xout_of_range@std@@YAXPBD@Z","?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z","?_Xlength_error@std@@YAXPBD@Z","?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ","??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ","?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ","?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z","??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z","unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z","?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z","?_Setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z","??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ","??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z","in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z","out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z","??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ","??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ","?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ","?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ","?_Showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ","?_Uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ","?_Xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z","?_Xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z","?_Setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z","?_Sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ","?_Imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z","??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ","??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z","??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ","?_Always_noconv@codecvt_base@std@@QBE_NXZ","?_Xbad_alloc@std@@YAXXZ"],"VCRUNTIME140.dll":["memmove","__CxxFrameHandler3","__std_exception_destroy","__std_exception_copy","__std_terminate","memcpy","memset","_CxxThrowException","__std_type_info_destroy_list","_except_handler4_common"],"api-ms-win-crt-stdio-l1-1-0.dll":["fputc","_fseeki64","_get_stream_buffer_pointers","fread","fflush","fclose","ungetc","fgetc","setvbuf","fgetpos","fwrite","fsetpos"],"api-ms-win-crt-runtime-l1-1-0.dll":["_cexit","_invoke_watson","_initterm","_initterm_e","_seh_filter_dll","_configure_narrow_argv","_initialize_narrow_environment","_initialize_onexit_table","_register_onexit_function","_execute_onexit_table","_crt_atexit"],"api-ms-win-crt-filesystem-l1-1-0.dll":["_lock_file","_wstat64i32","_unlock_file"],"api-ms-win-crt-convert-l1-1-0.dll":["strtol"],"api-ms-win-crt-string-l1-1-0.dll":["isspace","_stricmp"],"api-ms-win-crt-heap-l1-1-0.dll":["_callnewh","malloc","free"]},"Exports":{"ax":{"Ordinal":1,"Address":"0x00002580"}},"Resources":{"Type":"RT_MANIFEST","Language":"English - United States","Codepage":"UNKNOWN","Size":145,"TimeDateStamp":"1980-Jan-01 00:00:00","Entropy":4.8858},"Debug Info":{"IMAGE_DEBUG_TYPE_CODEVIEW":{"Characteristics":0,"TimeDateStamp":"2025-Nov-08 09:48:44","Version":0,"SizeofData":108,"AddressOfRawData":45628,"PointerToRawData":42044,"ReferencedFile":"C:\\Users\\lengo\\Desktop\\Spamming Work\\Duy\\PyApp\\workplace\\curl\\Dll1\\Release\\Dll1.pdb"},"IMAGE_DEBUG_TYPE_VC_FEATURE":{"Characteristics":0,"TimeDateStamp":"2025-Nov-08 09:48:44","Version":0,"SizeofData":20,"AddressOfRawData":45736,"PointerToRawData":42152},"IMAGE_DEBUG_TYPE_POGO":{"Characteristics":0,"TimeDateStamp":"2025-Nov-08 09:48:44","Version":0,"SizeofData":708,"AddressOfRawData":45756,"PointerToRawData":42172},"IMAGE_DEBUG_TYPE_ILTCG":{"Characteristics":0,"TimeDateStamp":"2025-Nov-08 09:48:44","Version":0,"SizeofData":0,"AddressOfRawData":0,"PointerToRawData":0}},"Load Configuration":{"Size":192,"TimeDateStamp":"1970-Jan-01 00:00:00","Version":"0.0","GlobalFlagsClear":"(EMPTY)","GlobalFlagsSet":"(EMPTY)","CriticalSectionDefaultTimeout":0,"DeCommitFreeBlockThreshold":0,"DeCommitTotalFreeThreshold":0,"LockPrefixTable":0,"MaximumAllocationSize":0,"VirtualMemoryThreshold":0,"ProcessAffinityMask":0,"ProcessHeapFlags":"(EMPTY)","CSDVersion":0,"Reserved1":0,"EditList":0,"SecurityCookie":268488768,"SEHandlerTable":268480912,"SEHandlerCount":10},"RICH Header":{"xor_key":"0x3271BA7A","unmarked_objects":0,"imports_vs2008_sp1":12,"asm_objects":1,"c_objects":10,"c_plus_plus_objects":18,"imports_general":4,"c_objects_ltcg":1,"exports":1,"resource_objects":1,"linker":1,"total_imports":140,"interesting_strings":["g550.onrender.com","githostaduviep-g550.onrender.com","https://githostaduviep-g550.onrender.com","onrender.com"],"common_functions":["CreateProcessW","WinHttpQueryDataAvailable","WinHttpReceiveResponse","WinHttpConnect","WinHttpSendRequest","WinHttpOpen","WinHttpCloseHandle","WinHttpReadData","WinHttpOpenRequest"],"internet_access_capabilities":["WinHttpQueryDataAvailable","WinHttpReceiveResponse","WinHttpConnect","WinHttpSendRequest","WinHttpOpen","WinHttpCloseHandle","WinHttpReadData","WinHttpOpenRequest"],"exploit_mitigation_techniques":{"stack_canary":"enabled","safe_seh":"enabled (10 registered handlers)","aslr":"enabled","dep":"enabled","cfg":"disabled"},"virus_total_score":{"total_scanned":"21/71","scanned_date":"2025-11-11 16:31:18","antivirus_detections":["AhnLab-V3: Malware/Win.Generic.C5813078","CrowdStrike: win/malicious_confidence_100% (W)","Cynet: Malicious (score: 100)","DeepInstinct: MALICIOUS","ESET-NOD32: Win32/TrojanDownloader.Agent.IKA trojan","Google: Detected","Ikarus: Trojan-Downloader.Win32.Agent","K7AntiVirus: Trojan-Downloader ( 005d8a0f1 )","K7GW: Trojan-Downloader ( 005d8a0f1 )","Kaspersky: Trojan.Win32.Agentb.tmwb","Lionic: Trojan.Win32.Agentb.X!c","McAfeeD: ti!CF9CDD5D2628","Microsoft: Trojan:Win32/Egairtigado!rfn","Rising: Trojan.Agent!8.B1E (LESS:bWQ1OsuPiB2h+9kL)","Sophos: Mal/Generic-S","Symantec: Trojan.Gen.MBT","Tencent: Win32.Trojan-Downloader.Oader.Ocnw","TrellixENS: Artemis!40784DCA35FA","TrendMicro: Backdoor.Win32.ASYNCRAT.YXFKJZ","TrendMicro-HouseCall: Backdoor.Win32.ASYNCRAT.YXFKJZ","alibabacloud: Trojan[downloader]:Win/Agentb.ttxe"]}},"file_path":["/home/apogean/projects/malware/windows/samples/dll_sample.dll"],"md5":"40784dca35fa06d4c4cb932e101e56ab"},{"_id":{"$oid":"693190fba91f83988d51bb0f"},"Summary":{"Architecture":"IMAGE_FILE_MACHINE_I386","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","Compilation Date":"2088-Mar-06 18:36:34","Debug Artifacts":"C:\\Users\\sulum\\OneDrive\\Desktop\\datacenter\\stubCsharp\\obj\\Release\\Client.pdb","Comments":"RMM Client","CompanyName":"","FileDescription":"Client","FileVersion":"1.0.0.0","InternalName":"Client.exe","LegalCopyright":"","LegalTrademarks":"","OriginalFilename":"Client.exe","ProductName":"Client","ProductVersion":"1.0.0.0","Assembly Version":"1.0.0.0"},"DOS Header":{"e_magic":"MZ","e_cblp":"0x0090","e_cp":"0x0003","e_crlc":"0x0000","e_cparhdr":"0x0004","e_minalloc":"0x0000","e_maxalloc":"0xFFFF","e_ss":"0x0000","e_sp":"0x00B8","e_csum":"0x0000","e_ip":"0x0000","e_cs":"0x0000","e_ovno":"0x0000","e_oemid":"0x0000","e_oeminfo":"0x0000","e_lfanew":"0x00000080"},"PE Header":{"raw_response":"{\n \"Signature\": \"PE\",\n \"Machine\": \"IMAGE_FILE_MACHINE_I386\",\n \"NumberofSections\": 3,\n \"TimeDateStamp\": \"2088-Mar-06 18:36:34\",\n \"PointerToSymbolTable\": 0,\n \"NumberOfSymbols\": 0,\n \"SizeOfOptionalHeader\": 0x00E0,\n \"Characteristics\": [\n \"IMAGE_FILE_EXECUTABLE_IMAGE\",\n \"IMAGE_FILE_LARGE_ADDRESS_AWARE\"\n ]\n}"},"Image Optional Header":{"Magic":"PE32","LinkerVersion":"48.0","SizeOfCode":"0x00037000","SizeOfInitializedData":"0x00000A00","SizeOfUninitializedData":"0x00000000","AddressOfEntryPoint":"0x00038F5E","BaseOfCode":"0x00002000","BaseOfData":"0x0003A000","ImageBase":"0x00400000","SectionAlignment":"0x00002000","FileAlignment":"0x00000200","OperatingSystemVersion":"4.0","ImageVersion":"0.0","SubsystemVersion":"6.0","Win32VersionValue":"0","SizeOfImage":"0x0003E000","SizeOfHeaders":"0x00000200","Checksum":"0x00000000","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","DllCharacteristics":"IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE | IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA | IMAGE_DLLCHARACTERISTICS_NO_SEH | IMAGE_DLLCHARACTERISTICS_NX_COMPAT | IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE","SizeofStackReserve":"0x00100000","SizeofStackCommit":"0x00001000","SizeofHeapReserve":"0x00100000","SizeofHeapCommit":"0x00001000","LoaderFlags":"0x00000000","NumberOfRvaAndSizes":16},"Sections":{".text":{"VirtualSize":"0x00036FD0","VirtualAddress":"0x00002000","SizeOfRawData":"0x00037000","PointerToRawData":"0x00000200","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":"0","NumberOfRelocations":"0","Characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"Entropy":"5.55645"},".rsrc":{"VirtualSize":"0x000006AC","VirtualAddress":"0x0003A000","SizeOfRawData":"0x00000800","PointerToRawData":"0x00037200","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":"0","NumberOfRelocations":"0","Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"Entropy":"4.50595"},".reloc":{"VirtualSize":"0x0000000C","VirtualAddress":"0x0003C000","SizeOfRawData":"0x00000200","PointerToRawData":"0x00037A00","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":"0","NumberOfRelocations":"0","Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_DISCARDABLE","IMAGE_SCN_MEM_READ"],"Entropy":"0.10191"}},"Imports":{"entity1":"mscoree.dll","entity2":"_CorExeMain"},"Resources":[{"Type":"RT_RCDATA","Language":"UNKNOWN","Codepage":"Latin 1 / Western European","Size":30,"TimeDateStamp":"1980-Jan-01 00:00:00","Entropy":2.48173},{"Type":"RT_RCDATA","Language":"UNKNOWN","Codepage":"Latin 1 / Western European","Size":10,"TimeDateStamp":"1980-Jan-01 00:00:00","Entropy":1.37095},{"Type":"RT_RCDATA","Language":"UNKNOWN","Codepage":"Latin 1 / Western European","Size":76,"TimeDateStamp":"1980-Jan-01 00:00:00","Entropy":2.87727},{"Type":"RT_VERSION","Language":"UNKNOWN","Codepage":"Latin 1 / Western European","Size":768,"TimeDateStamp":"1980-Jan-01 00:00:00","Entropy":3.16411},{"Type":"RT_MANIFEST","Language":"UNKNOWN","Codepage":"Latin 1 / Western European","Size":490,"TimeDateStamp":"1980-Jan-01 00:00:00","Entropy":5.00112}],"Version Info":{"raw_response":"{\n \"Resource\": {\n \"LangID\": \"UNKNOWN\",\n \"VS_VERSION_INFO\": {\n \"Signature\": 0xFEEF04BD,\n \"StructVersion\": 0x00010000,\n \"FileVersion\": {\n \"Major\": 1,\n \"Minor\": 0,\n \"Build\": 0,\n \"Revision\": 0\n },\n \"ProductVersion\": {\n \"Major\": 1,\n \"Minor\": 0,\n \"Build\": 0,\n \"Revision\": 0\n },\n \"FileFlags\": 0,\n \"FileOs\": [\n \"VOS_DOS_WINDOWS32\",\n \"VOS_NT_WINDOWS32\",\n \"VOS__WINDOWS32\"\n ],\n \"FileType\": \"VFT_APP\",\n \"Language\": \"UNKNOWN\",\n \"Comments\": \"\",\n \"CompanyName\": \"\",\n \"FileDescription\": \"Client\",\n \"FileVersion_2\": \"1.0.0.0\",\n \"InternalName\": \"Client.exe\",\n \"LegalCopyright\": \"\",\n \"LegalTrademarks\": \"\",\n \"OriginalFilename\": \"Client.exe\",\n \"ProductName\": \"Client\",\n \"ProductVersion_2\": \"1.0.0.0\",\n \"Assembly_Version\": \"1.0.0.0\"\n }\n }\n}"},"Debug Info":{"raw_response":"{\n \"IMAGE_DEBUG_TYPE_CODEVIEW\": {\n \"Characteristics\": 0,\n \"TimeDateStamp\": \"2068-May-04 18:04:16\",\n \"Version\": 0.0,\n \"SizeofData\": 101,\n \"AddressOfRawData\": 0x00038EA4,\n \"PointerToRawData\": 0x000370A4,\n \"ReferencedFile\": \"C:\\\\Users\\\\sulum\\\\OneDrive\\\\Desktop\\\\datacenter\\\\stubCsharp\\\\obj\\\\Release\\\\Client.pdb\"\n },\n \"UNKNOWN\": {\n \"Characteristics\": 0,\n \"TimeDateStamp\": \"1970-Jan-01 00:00:00\",\n \"Version\": 0.0,\n \"SizeofData\": 0,\n \"AddressOfRawData\": 0x00000000,\n \"PointerToRawData\": 0x00000000\n },\n \"SUSPICIOUS_STRINGS\": [\n {\n \"Type\": \"System_or_Monitoring_Tool\",\n \"Strings\": [\n \"rundll32.exe\",\n \"schtask\"\n ]\n },\n {\n \"Type\": \"Security_Software\",\n \"Strings\": [\n \"rshell.exe\"\n ]\n },\n {\n \"Type\": \"Dropper_Capabilities\",\n \"Strings\": [\n \"CurrentVersion\\\\Run\"\n ]\n },\n {\n \"Type\": \"Miscellaneous_Malware_Strings\",\n \"Strings\": [\n \"cmd.Exe\"\n ]\n },\n {\n \"Type\": \"Domain_Names\",\n \"Strings\": [\n \"ftp://server09.mentality.cloud\",\n \"ftp://server09.mentality.cloud/public_html/sqlite3.dll\",\n \"http://ip-api.com\",\n \"ip-api.com\"\n ]\n }\n ],\n \"EXPLOIT_MITIGATION_TECHNIQUES\": {\n \"Stack_Canary\": \"disabled\",\n \"SafeSEH\": \"disabled\",\n \"ASLR\": \"enabled\",\n \"DEP\": \"enabled\",\n \"CFG\": \"disabled\"\n }\n}"}},{"_id":{"$oid":"697df9f5c45b753179b2cedc"},"Summary":{"Architecture":"IMAGE_FILE_MACHINE_I386","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","Compilation Date":"2088-Mar-06 18:36:34","Debug Artifacts":"C:\\Users\\sulum\\OneDrive\\Desktop\\datacenter\\stubCsharp\\obj\\Release\\Client.pdb","Comments":"RMM Client","CompanyName":"","FileDescription":"Client","FileVersion":"1.0.0.0","InternalName":"Client.exe","LegalCopyright":"","LegalTrademarks":"","OriginalFilename":"Client.exe","ProductName":"Client","ProductVersion":"1.0.0.0","Assembly Version":"1.0.0.0"},"DOS Header":{"e_magic":"MZ","e_cblp":"0x0090","e_cp":"0x0003","e_crlc":"0x0000","e_cparhdr":"0x0004","e_minalloc":"0x0000","e_maxalloc":"0xFFFF","e_ss":"0x0000","e_sp":"0x00B8","e_csum":"0x0000","e_ip":"0x0000","e_cs":"0x0000","e_ovno":"0x0000","e_oemid":"0x0000","e_oeminfo":"0x0000","e_lfanew":"0x00000080"},"PE Header":{"raw_response":"{\n \"Signature\": \"PE\",\n \"Machine\": \"IMAGE_FILE_MACHINE_I386\",\n \"NumberofSections\": 3,\n \"TimeDateStamp\": \"2088-Mar-06 18:36:34\",\n \"PointerToSymbolTable\": 0,\n \"NumberOfSymbols\": 0,\n \"SizeOfOptionalHeader\": 0x00E0,\n \"Characteristics\": [\n \"IMAGE_FILE_EXECUTABLE_IMAGE\",\n \"IMAGE_FILE_LARGE_ADDRESS_AWARE\"\n ]\n}"},"Image Optional Header":{"Magic":"PE32","LinkerVersion":"48.0","SizeOfCode":"0x00037000","SizeOfInitializedData":"0x00000A00","SizeOfUninitializedData":"0x00000000","AddressOfEntryPoint":"0x00038F5E","BaseOfCode":"0x00002000","BaseOfData":"0x0003A000","ImageBase":"0x00400000","SectionAlignment":"0x00002000","FileAlignment":"0x00000200","OperatingSystemVersion":"4.0","ImageVersion":"0.0","SubsystemVersion":"6.0","Win32VersionValue":"0","SizeOfImage":"0x0003E000","SizeOfHeaders":"0x00000200","Checksum":"0x00000000","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","DllCharacteristics":"IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE | IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA | IMAGE_DLLCHARACTERISTICS_NO_SEH | IMAGE_DLLCHARACTERISTICS_NX_COMPAT | IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE","SizeofStackReserve":"0x00100000","SizeofStackCommit":"0x00001000","SizeofHeapReserve":"0x00100000","SizeofHeapCommit":"0x00001000","LoaderFlags":"0x00000000","NumberOfRvaAndSizes":16},"Sections":{".text":{"VirtualSize":"0x00036FD0","VirtualAddress":"0x00002000","SizeOfRawData":"0x00037000","PointerToRawData":"0x00000200","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":"0","NumberOfRelocations":"0","Characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"Entropy":"5.55645"},".rsrc":{"VirtualSize":"0x000006AC","VirtualAddress":"0x0003A000","SizeOfRawData":"0x00000800","PointerToRawData":"0x00037200","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":"0","NumberOfRelocations":"0","Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"Entropy":"4.50595"},".reloc":{"VirtualSize":"0x0000000C","VirtualAddress":"0x0003C000","SizeOfRawData":"0x00000200","PointerToRawData":"0x00037A00","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":"0","NumberOfRelocations":"0","Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_DISCARDABLE","IMAGE_SCN_MEM_READ"],"Entropy":"0.10191"}},"Imports":{"entity1":"mscoree.dll","entity2":"_CorExeMain"},"Resources":[{"Type":"RT_RCDATA","Language":"UNKNOWN","Codepage":"Latin 1 / Western European","Size":30,"TimeDateStamp":"1980-Jan-01 00:00:00","Entropy":2.48173},{"Type":"RT_RCDATA","Language":"UNKNOWN","Codepage":"Latin 1 / Western European","Size":10,"TimeDateStamp":"1980-Jan-01 00:00:00","Entropy":1.37095},{"Type":"RT_RCDATA","Language":"UNKNOWN","Codepage":"Latin 1 / Western European","Size":76,"TimeDateStamp":"1980-Jan-01 00:00:00","Entropy":2.87727},{"Type":"RT_VERSION","Language":"UNKNOWN","Codepage":"Latin 1 / Western European","Size":768,"TimeDateStamp":"1980-Jan-01 00:00:00","Entropy":3.16411},{"Type":"RT_MANIFEST","Language":"UNKNOWN","Codepage":"Latin 1 / Western European","Size":490,"TimeDateStamp":"1980-Jan-01 00:00:00","Entropy":5.00112}],"Version Info":{"raw_response":"{\n \"Resource\": {\n \"LangID\": \"UNKNOWN\",\n \"VS_VERSION_INFO\": {\n \"Signature\": 0xFEEF04BD,\n \"StructVersion\": 0x00010000,\n \"FileVersion\": {\n \"Major\": 1,\n \"Minor\": 0,\n \"Build\": 0,\n \"Revision\": 0\n },\n \"ProductVersion\": {\n \"Major\": 1,\n \"Minor\": 0,\n \"Build\": 0,\n \"Revision\": 0\n },\n \"FileFlags\": 0,\n \"FileOs\": [\n \"VOS_DOS_WINDOWS32\",\n \"VOS_NT_WINDOWS32\",\n \"VOS__WINDOWS32\"\n ],\n \"FileType\": \"VFT_APP\",\n \"Language\": \"UNKNOWN\",\n \"Comments\": \"\",\n \"CompanyName\": \"\",\n \"FileDescription\": \"Client\",\n \"FileVersion_2\": \"1.0.0.0\",\n \"InternalName\": \"Client.exe\",\n \"LegalCopyright\": \"\",\n \"LegalTrademarks\": \"\",\n \"OriginalFilename\": \"Client.exe\",\n \"ProductName\": \"Client\",\n \"ProductVersion_2\": \"1.0.0.0\",\n \"Assembly_Version\": \"1.0.0.0\"\n }\n }\n}"},"Debug Info":{"raw_response":"Here is the valid JSON output extracted from the input:\n\n```json\n{\n \"IMAGE_DEBUG_TYPE_CODEVIEW\": {\n \"Characteristics\": 0,\n \"TimeDateStamp\": \"2068-May-04 18:04:16\",\n \"Version\": 0.0,\n \"SizeofData\": 101,\n \"AddressOfRawData\": 0x00038EA4,\n \"PointerToRawData\": 0x000370A4,\n \"Referenced File\": \"C:\\\\Users\\\\sulum\\\\OneDrive\\\\Desktop\\\\datacenter\\\\stubCsharp\\\\obj\\\\Release\\\\Client.pdb\"\n },\n \"UNKNOWN\": {\n \"Characteristics\": 0,\n \"TimeDateStamp\": \"1970-Jan-01 00:00:00\",\n \"Version\": 0.0,\n \"SizeofData\": 0,\n \"AddressOfRawData\": 0x00000000,\n \"PointerToRawData\": 0x00000000\n },\n \"SUSPICIOUS\": {\n \"SystemOrMonitoringTools\": [\n \"rundll32.exe\",\n \"schtask\"\n ],\n \"SecuritySoftware\": [\n \"rshell.exe\"\n ],\n \"DropperCapabilities\": [\n \"CurrentVersion\\\\Run\"\n ],\n \"MiscellaneousMalwareStrings\": [\n \"cmd.Exe\"\n ],\n \"DomainNames\": [\n \"ftp://server09.mentality.cloud\",\n \"ftp://server09.mentality.cloud/public_html/sqlite3.dll\",\n \"http://ip-api.com\",\n \"ip-api.com\"\n ]\n },\n \"ExploitMitigationTechniques\": {\n \"StackCanary\": \"disabled\",\n \"SafeSEH\": \"disabled\",\n \"ASLR\": \"enabled\",\n \"DEP\": \"enabled\",\n \"CFG\": \"disabled\"\n }\n}\n```"}},{"_id":{"$oid":"69e716f959a6632dae07ddfc"},"sha256":"e37c838dc5eaa1b302ffbd8721c6a5f52a068e8f78bbec63b19b950462fe6cf8","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /home/apogean/projects/malware/windows/all_runs/2\nDate: 2026-04-26 23:28:59\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n-------------------------------------------------------------------------------\n/home/apogean/projects/malware/windows/all_runs/2\n-------------------------------------------------------------------------------\n\nSummary:\n--------\nArchitecture: IMAGE_FILE_MACHINE_I386\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nCompilation Date: 2026-Feb-13 01:35:27\nDebug artifacts: kZZhV.pdb\nComments: Zihin Sarayi - Hafiza Sarayi Olusturucu\nCompanyName: \nFileDescription: MindPalace\nFileVersion: 1.0.0.0\nInternalName: kZZhV.exe\nLegalCopyright: Copyright 2026\nLegalTrademarks: \nOriginalFilename: kZZhV.exe\nProductName: MindPalace\nProductVersion: 1.0.0.0\nAssembly Version: 1.0.0.0\n\nDOS Header:\n-----------\ne_magic: MZ\ne_cblp: 0x0090\ne_cp: 0x0003\ne_crlc: 0x0000\ne_cparhdr: 0x0004\ne_minalloc: 0x0000\ne_maxalloc: 0xFFFF\ne_ss: 0x0000\ne_sp: 0x00B8\ne_csum: 0x0000\ne_ip: 0x0000\ne_cs: 0x0000\ne_ovno: 0x0000\ne_oemid: 0x0000\ne_oeminfo: 0x0000\ne_lfanew: 0x00000080\n\nPE Header:\n----------\nSignature: PE\nMachine: IMAGE_FILE_MACHINE_I386\nNumberofSections: 3\nTimeDateStamp: 2026-Feb-13 01:35:27\nPointerToSymbolTable: 0x00000000\nNumberOfSymbols: 0\nSizeOfOptionalHeader: 0x00E0\nCharacteristics: IMAGE_FILE_32BIT_MACHINE\n IMAGE_FILE_EXECUTABLE_IMAGE\n IMAGE_FILE_LINE_NUMS_STRIPPED\n IMAGE_FILE_LOCAL_SYMS_STRIPPED\n\nImage Optional Header:\n----------------------\nMagic: PE32\nLinkerVersion: 48.0\nSizeOfCode: 0x00182A00\nSizeOfInitializedData: 0x00000800\nSizeOfUninitializedData: 0x00000000\nAddressOfEntryPoint: 0x0018490E (Section: .text)\nBaseOfCode: 0x00002000\nBaseOfData: 0x00186000\nImageBase: 0x00400000\nSectionAlignment: 0x00002000\nFileAlignment: 0x00000200\nOperatingSystemVersion: 4.0\nImageVersion: 0.0\nSubsystemVersion: 4.0\nWin32VersionValue: 0\nSizeOfImage: 0x0018A000\nSizeOfHeaders: 0x00000200\nChecksum: 0x00000000\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nDllCharacteristics: IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE\n IMAGE_DLLCHARACTERISTICS_NO_SEH\n IMAGE_DLLCHARACTERISTICS_NX_COMPAT\n IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE\nSizeofStackReserve: 0x00100000\nSizeofStackCommit: 0x00001000\nSizeofHeapReserve: 0x00100000\nSizeofHeapCommit: 0x00001000\nLoaderFlags: 0x00000000\nNumberOfRvaAndSizes: 15\n\nSections:\n---------\n.text:\n VirtualSize: 0x00182914\n VirtualAddress: 0x00002000\n SizeOfRawData: 0x00182A00\n PointerToRawData: 0x00000200\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 7.89677\n\n.rsrc:\n VirtualSize: 0x000005E8\n VirtualAddress: 0x00186000\n SizeOfRawData: 0x00000600\n PointerToRawData: 0x00182C00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 4.19379\n\n.reloc:\n VirtualSize: 0x0000000C\n VirtualAddress: 0x00188000\n SizeOfRawData: 0x00000200\n PointerToRawData: 0x00183200\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_DISCARDABLE\n IMAGE_SCN_MEM_READ\n Entropy: 0.10191\n\n\nImports:\n--------\nmscoree.dll: _CorExeMain\n\nResources:\n----------\n1:\n Type: RT_VERSION\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 860\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.33583\n\n1 (#2):\n Type: RT_MANIFEST\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 490\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.00112\n\n\nVersion Info:\n-------------\nResource LangID: UNKNOWN\nVS_VERSION_INFO:\n Signature: 0xFEEF04BD\n StructVersion: 0x00010000\n FileVersion: 1.0.0.0\n ProductVersion: 1.0.0.0\n FileFlags: (EMPTY)\n FileOs: VOS_DOS_WINDOWS32\n VOS_NT_WINDOWS32\n VOS__WINDOWS32\n FileType: VFT_APP\n Language: UNKNOWN\n Comments: Zihin Sarayi - Hafiza Sarayi Olusturucu\n CompanyName: \n FileDescription: MindPalace\n FileVersion (#2): 1.0.0.0\n InternalName: kZZhV.exe\n LegalCopyright: Copyright 2026\n LegalTrademarks: \n OriginalFilename: kZZhV.exe\n ProductName: MindPalace\n ProductVersion (#2): 1.0.0.0\n Assembly Version: 1.0.0.0\n\n\nDebug Info:\n-----------\nIMAGE_DEBUG_TYPE_CODEVIEW:\n Characteristics: 0\n TimeDateStamp: 1970-Jan-01 00:00:00\n Version: 0.0\n SizeofData: 34\n AddressOfRawData: 0x00184897\n PointerToRawData: 0x00182A97\n Referenced File: kZZhV.pdb\n\n\nMatching compiler(s):\n Microsoft Visual C# v7.0 / Basic .NET\n\nCryptographic algorithms detected in the binary:\n Uses constants related to MD5\n\nThe following exploit mitigation techniques have been detected\n Stack Canary: disabled\n SafeSEH: disabled\n ASLR: enabled\n DEP: enabled\n CFG: disabled\n\n\n\n[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.\n[!] Error: [Yara compiler] yara_rules/clamav.yara (999960) : syntax error, unexpected '{', expecting text string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (1089890) : syntax error, unexpected string identifier, expecting '}'\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2064551) : unreferenced string \"$a7\"\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2510733) : invalid hex string \"$a0\": uneven number of digits in hex string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2597376) : invalid hex string \"$a5\": syntax error\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2983072) : invalid hex string \"$a0\": invalid character in hex string\n[!] Error: Could not compile yara rules (6 error(s)).\n[!] Error: ClamAV rules haven't been generated yet!\n[!] Error: Please run yara_rules/update_clamav_signatures.py to create them, and refer to the documentation for additional information.\n","json_output":{"Summary":{"architecture":"IMAGE_FILE_MACHINE_I386","subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","compilation_date":"2026-Feb-13 01:35:27","debug_artifacts":"kZZhV.pdb","comments":"Zihin Sarayi - Hafiza Sarayi Olusturucu","company_name":"","file_description":"MindPalace","file_version":"1.0.0.0","internal_name":"kZZhV.exe","legal_copyright":"Copyright 2026","legal_trademarks":"","original_filename":"kZZhV.exe","product_name":"MindPalace","product_version":"1.0.0.0","assembly_version":"1.0.0.0"},"DOS Header":{"e_magic":"MZ","e_cblp":"0x0090","e_cp":"0x0003","e_crlc":"0x0000","e_cparhdr":"0x0004","e_minalloc":"0x0000","e_maxalloc":"0xFFFF","e_ss":"0x0000","e_sp":"0x00B8","e_csum":"0x0000","e_ip":"0x0000","e_cs":"0x0000","e_ovno":"0x0000","e_oemid":"0x0000","e_oeminfo":"0x0000","e_lfanew":"0x00000080"},"PE Header":{"Signature":"PE","Machine":"IMAGE_FILE_MACHINE_I386","NumberofSections":3,"TimeDateStamp":"2026-Feb-13 01:35:27","PointerToSymbolTable":"0x00000000","NumberOfSymbols":0,"SizeOfOptionalHeader":"0x00E0","Characteristics":["IMAGE_FILE_32BIT_MACHINE","IMAGE_FILE_EXECUTABLE_IMAGE","IMAGE_FILE_LINE_NUMS_STRIPPED","IMAGE_FILE_LOCAL_SYMS_STRIPPED"]},"Image Optional Header":{"Magic":"PE32","LinkerVersion":"48.0","SizeOfCode":"0x00182A00","SizeOfInitializedData":"0x00000800","SizeOfUninitializedData":"0x00000000","AddressOfEntryPoint":"0x0018490E","Section":".text","BaseOfCode":"0x00002000","BaseOfData":"0x00186000","ImageBase":"0x00400000","SectionAlignment":"0x00002000","FileAlignment":"0x00000200","OperatingSystemVersion":"4.0","ImageVersion":"0.0","SubsystemVersion":"4.0","Win32VersionValue":"0","SizeOfImage":"0x0018A000","SizeOfHeaders":"0x00000200","Checksum":"0x00000000","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","DllCharacteristics":["IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE","IMAGE_DLLCHARACTERISTICS_NO_SEH","IMAGE_DLLCHARACTERISTICS_NX_COMPAT","IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE"],"SizeofStackReserve":"0x00100000","SizeofStackCommit":"0x00001000","SizeofHeapReserve":"0x00100000","SizeofHeapCommit":"0x00001000","LoaderFlags":"0x00000000","NumberOfRvaAndSizes":"15"},"Sections":{"sections":[{"name":".text","virtual_size":"0x00182914","virtual_address":"0x00002000","size_of_raw_data":"0x00182A00","pointer_to_raw_data":"0x00000200","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"entropy":7.89677},{"name":".rsrc","virtual_size":"0x000005E8","virtual_address":"0x00186000","size_of_raw_data":"0x00000600","pointer_to_raw_data":"0x00182C00","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"entropy":4.19379},{"name":".reloc","virtual_size":"0x0000000C","virtual_address":"0x00188000","size_of_raw_data":"0x00000200","pointer_to_raw_data":"0x00183200","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_DISCARDABLE","IMAGE_SCN_MEM_READ"],"entropy":0.10191}]},"Imports":{"file_info":{"internal_name":"kZZhV.exe","file_description":"MindPalace","original_filename":"kZZhV.exe","product_name":"MindPalace","company_name":"","legal_copyright":"Copyright 2026","legal_trademarks":"","file_version":"1.0.0.0","product_version":"1.0.0.0","assembly_version":"1.0.0.0","comments":"Zihin Sarayi - Hafiza Sarayi Olusturucu"},"resources":[{"type":"RT_VERSION","language":"UNKNOWN","codepage":"UNKNOWN","size":860,"timedatestamp":"1980-Jan-01 00:00:00","entropy":3.33583},{"type":"RT_MANIFEST","language":"UNKNOWN","codepage":"UNKNOWN","size":490,"timedatestamp":"1980-Jan-01 00:00:00","entropy":5.00112}],"debug_info":{"type":"IMAGE_DEBUG_TYPE_CODEVIEW","characteristics":0,"timedatestamp":"1970-Jan-01 00:00:00","version":"0.0","sizeofdata":34,"addressofrawdata":"0x00184897","pointertorawdata":"0x00182A97","referenced_file":"kZZhV.pdb"},"compiler":"Microsoft Visual C# v7.0 / Basic .NET","crypto":["MD5"],"mitigations":{"stack_canary":false,"safe_seh":false,"aslr":true,"dep":true,"cfg":false}},"Exports":{},"Resources":{"entities":[{"type":"RT_VERSION","language":"UNKNOWN","codepage":"UNKNOWN","size":860,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":3.33583},{"type":"RT_MANIFEST","language":"UNKNOWN","codepage":"UNKNOWN","size":490,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":5.00112}],"version_info":{"resource_lang_id":"UNKNOWN","signature":"0xFEEF04BD","struct_version":"0x00010000","file_version":"1.0.0.0","product_version":"1.0.0.0","file_flags":"(EMPTY)","file_os":["VOS_DOS_WINDOWS32","VOS_NT_WINDOWS32","VOS__WINDOWS32"],"file_type":"VFT_APP","language":"UNKNOWN","comments":"Zihin Sarayi - Hafiza Sarayi Olusturucu","company_name":"","file_description":"MindPalace","internal_name":"kZZhV.exe","legal_copyright":"Copyright 2026","legal_trademarks":"","original_filename":"kZZhV.exe","product_name":"MindPalace","assembly_version":"1.0.0.0"}},"Debug Info":{"IMAGE_DEBUG_TYPE_CODEVIEW":{"Characteristics":0,"TimeDateStamp":"1970-Jan-01 00:00:00","Version":"0.0","SizeofData":34,"AddressOfRawData":"0x00184897","PointerToRawData":"0x00182A97","ReferencedFile":"kZZhV.pdb"},"MatchingCompilers":["Microsoft Visual C# v7.0 / Basic .NET"],"CryptographicAlgorithms":["MD5"],"ExploitMitigationTechniques":{"StackCanary":false,"SafeSEH":false,"ASLR":true,"DEP":true,"CFG":false}},"Load Configuration":{},"RICH Header":{},"Interesting strings found in the binary":{},"file_path":"/home/apogean/projects/malware/windows/all_runs/2"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_uk15fdqw/output.txt"},"timestamp":"2026-04-26 23:29:18"},{"_id":{"$oid":"69e917a859a6632dae07de0f"},"md5":"9a5ff998dbf0f6923d0b454d89800fb4","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /home/apogean/projects/malware/windows/all_runs/360e6f2288b6c8364159e80330b9af83f2d561929d206bc1e1e5f1585432b28f.exe\nDate: 2026-04-23 00:49:03\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n-------------------------------------------------------------------------------\n/home/apogean/projects/malware/windows/all_runs/360e6f2288b6c8364159e80330b9af83f2d561929d206bc1e1e5f1585432b28f.exe\n-------------------------------------------------------------------------------\n\nSummary:\n--------\nArchitecture: IMAGE_FILE_MACHINE_I386\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nCompilation Date: 2088-Mar-06 18:36:34\nDebug artifacts: C:\\Users\\sulum\\OneDrive\\Desktop\\datacenter\\stubCsharp\\obj\\Release\\Client.pdb\nComments: RMM Client\nCompanyName: \nFileDescription: Client\nFileVersion: 1.0.0.0\nInternalName: Client.exe\nLegalCopyright: \nLegalTrademarks: \nOriginalFilename: Client.exe\nProductName: Client\nProductVersion: 1.0.0.0\nAssembly Version: 1.0.0.0\n\nDOS Header:\n-----------\ne_magic: MZ\ne_cblp: 0x0090\ne_cp: 0x0003\ne_crlc: 0x0000\ne_cparhdr: 0x0004\ne_minalloc: 0x0000\ne_maxalloc: 0xFFFF\ne_ss: 0x0000\ne_sp: 0x00B8\ne_csum: 0x0000\ne_ip: 0x0000\ne_cs: 0x0000\ne_ovno: 0x0000\ne_oemid: 0x0000\ne_oeminfo: 0x0000\ne_lfanew: 0x00000080\n\nPE Header:\n----------\nSignature: PE\nMachine: IMAGE_FILE_MACHINE_I386\nNumberofSections: 3\nTimeDateStamp: 2088-Mar-06 18:36:34\nPointerToSymbolTable: 0x00000000\nNumberOfSymbols: 0\nSizeOfOptionalHeader: 0x00E0\nCharacteristics: IMAGE_FILE_EXECUTABLE_IMAGE\n IMAGE_FILE_LARGE_ADDRESS_AWARE\n\nImage Optional Header:\n----------------------\nMagic: PE32\nLinkerVersion: 48.0\nSizeOfCode: 0x00037000\nSizeOfInitializedData: 0x00000A00\nSizeOfUninitializedData: 0x00000000\nAddressOfEntryPoint: 0x00038F5E (Section: .text)\nBaseOfCode: 0x00002000\nBaseOfData: 0x0003A000\nImageBase: 0x00400000\nSectionAlignment: 0x00002000\nFileAlignment: 0x00000200\nOperatingSystemVersion: 4.0\nImageVersion: 0.0\nSubsystemVersion: 6.0\nWin32VersionValue: 0\nSizeOfImage: 0x0003E000\nSizeOfHeaders: 0x00000200\nChecksum: 0x00000000\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nDllCharacteristics: IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE\n IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA\n IMAGE_DLLCHARACTERISTICS_NO_SEH\n IMAGE_DLLCHARACTERISTICS_NX_COMPAT\n IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE\nSizeofStackReserve: 0x00100000\nSizeofStackCommit: 0x00001000\nSizeofHeapReserve: 0x00100000\nSizeofHeapCommit: 0x00001000\nLoaderFlags: 0x00000000\nNumberOfRvaAndSizes: 16\n\nSections:\n---------\n.text:\n VirtualSize: 0x00036FD0\n VirtualAddress: 0x00002000\n SizeOfRawData: 0x00037000\n PointerToRawData: 0x00000200\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 5.55645\n\n.rsrc:\n VirtualSize: 0x000006AC\n VirtualAddress: 0x0003A000\n SizeOfRawData: 0x00000800\n PointerToRawData: 0x00037200\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 4.50595\n\n.reloc:\n VirtualSize: 0x0000000C\n VirtualAddress: 0x0003C000\n SizeOfRawData: 0x00000200\n PointerToRawData: 0x00037A00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_DISCARDABLE\n IMAGE_SCN_MEM_READ\n Entropy: 0.10191\n\n\nImports:\n--------\nmscoree.dll: _CorExeMain\n\nResources:\n----------\n1:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 30\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.48173\n\n2:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 10\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 1.37095\n\n3:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 76\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.87727\n\n1 (#2):\n Type: RT_VERSION\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 768\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.16411\n\n1 (#3):\n Type: RT_MANIFEST\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 490\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.00112\n\n\nVersion Info:\n-------------\nResource LangID: UNKNOWN\nVS_VERSION_INFO:\n Signature: 0xFEEF04BD\n StructVersion: 0x00010000\n FileVersion: 1.0.0.0\n ProductVersion: 1.0.0.0\n FileFlags: (EMPTY)\n FileOs: VOS_DOS_WINDOWS32\n VOS_NT_WINDOWS32\n VOS__WINDOWS32\n FileType: VFT_APP\n Language: UNKNOWN\n Comments: RMM Client\n CompanyName: \n FileDescription: Client\n FileVersion (#2): 1.0.0.0\n InternalName: Client.exe\n LegalCopyright: \n LegalTrademarks: \n OriginalFilename: Client.exe\n ProductName: Client\n ProductVersion (#2): 1.0.0.0\n Assembly Version: 1.0.0.0\n\n\nDebug Info:\n-----------\nIMAGE_DEBUG_TYPE_CODEVIEW:\n Characteristics: 0\n TimeDateStamp: 2068-May-04 18:04:16\n Version: 0.0\n SizeofData: 101\n AddressOfRawData: 0x00038EA4\n PointerToRawData: 0x000370A4\n Referenced File: C:\\Users\\sulum\\OneDrive\\Desktop\\datacenter\\stubCsharp\\obj\\Release\\Client.pdb\n\nUNKNOWN:\n Characteristics: 0\n TimeDateStamp: 1970-Jan-01 00:00:00\n Version: 0.0\n SizeofData: 0\n AddressOfRawData: 0x00000000\n PointerToRawData: 0x00000000\n\n\n[ SUSPICIOUS ] Strings found in the binary may indicate undesirable behavior:\n Contains references to system / monitoring tools:\n rundll32.exe\n schtask\n Contains references to security software:\n rshell.exe\n May have dropper capabilities:\n CurrentVersion\\Run\n Miscellaneous malware strings:\n cmd.Exe\n Contains domain names:\n ftp://server09.mentality.cloud\n ftp://server09.mentality.cloud/public_html/sqlite3.dll\n http://ip-api.com\n ip-api.com\n\nThe following exploit mitigation techniques have been detected\n Stack Canary: disabled\n SafeSEH: disabled\n ASLR: enabled\n DEP: enabled\n CFG: disabled\n\n\n\n[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.\n[!] Error: [Yara compiler] yara_rules/clamav.yara (999960) : syntax error, unexpected '{', expecting text string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (1089890) : syntax error, unexpected string identifier, expecting '}'\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2064551) : unreferenced string \"$a7\"\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2510733) : invalid hex string \"$a0\": uneven number of digits in hex string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2597376) : invalid hex string \"$a5\": syntax error\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2983072) : invalid hex string \"$a0\": invalid character in hex string\n[!] Error: Could not compile yara rules (6 error(s)).\n[!] Error: ClamAV rules haven't been generated yet!\n[!] Error: Please run yara_rules/update_clamav_signatures.py to create them, and refer to the documentation for additional information.\n","json_output":{"Summary":{"architecture":"IMAGE_FILE_MACHINE_I386","subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","compilation_date":"2088-Mar-06 18:36:34","debug_artifacts":"C:\\Users\\sulum\\OneDrive\\Desktop\\datacenter\\stubCsharp\\obj\\Release\\Client.pdb","comments":"RMM Client","company_name":"","file_description":"Client","file_version":"1.0.0.0","internal_name":"Client.exe","legal_copyright":"","legal_trademarks":"","original_filename":"Client.exe","product_name":"Client","product_version":"1.0.0.0","assembly_version":"1.0.0.0"},"DOS Header":{"e_magic":"MZ","e_cblp":"0x0090","e_cp":"0x0003","e_crlc":"0x0000","e_cparhdr":"0x0004","e_minalloc":"0x0000","e_maxalloc":"0xFFFF","e_ss":"0x0000","e_sp":"0x00B8","e_csum":"0x0000","e_ip":"0x0000","e_cs":"0x0000","e_ovno":"0x0000","e_oemid":"0x0000","e_oeminfo":"0x0000","e_lfanew":"0x00000080"},"PE Header":{"Signature":"PE","Machine":"IMAGE_FILE_MACHINE_I386","NumberofSections":3,"TimeDateStamp":"2088-Mar-06 18:36:34","PointerToSymbolTable":"0x00000000","NumberOfSymbols":0,"SizeOfOptionalHeader":"0x00E0","Characteristics":["IMAGE_FILE_EXECUTABLE_IMAGE","IMAGE_FILE_LARGE_ADDRESS_AWARE"]},"Image Optional Header":{"Magic":"PE32","LinkerVersion":"48.0","SizeOfCode":"0x00037000","SizeOfInitializedData":"0x00000A00","SizeOfUninitializedData":"0x00000000","AddressOfEntryPoint":"0x00038F5E","EntryPointSection":".text","BaseOfCode":"0x00002000","BaseOfData":"0x0003A000","ImageBase":"0x00400000","SectionAlignment":"0x00002000","FileAlignment":"0x00000200","OperatingSystemVersion":"4.0","ImageVersion":"0.0","SubsystemVersion":"6.0","Win32VersionValue":"0","SizeOfImage":"0x0003E000","SizeOfHeaders":"0x00000200","Checksum":"0x00000000","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","DllCharacteristics":["IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE","IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA","IMAGE_DLLCHARACTERISTICS_NO_SEH","IMAGE_DLLCHARACTERISTICS_NX_COMPAT","IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE"],"SizeofStackReserve":"0x00100000","SizeofStackCommit":"0x00001000","SizeofHeapReserve":"0x00100000","SizeofHeapCommit":"0x00001000","LoaderFlags":"0x00000000","NumberOfRvaAndSizes":"16"},"Sections":{"sections":[{"name":".text","virtual_size":"0x00036FD0","virtual_address":"0x00002000","size_of_raw_data":"0x00037000","pointer_to_raw_data":"0x00000200","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"entropy":5.55645},{"name":".rsrc","virtual_size":"0x000006AC","virtual_address":"0x0003A000","size_of_raw_data":"0x00000800","pointer_to_raw_data":"0x00037200","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"entropy":4.50595},{"name":".reloc","virtual_size":"0x0000000C","virtual_address":"0x0003C000","size_of_raw_data":"0x00000200","pointer_to_raw_data":"0x00037A00","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_DISCARDABLE","IMAGE_SCN_MEM_READ"],"entropy":0.10191}]},"Imports":{"final_response":{"mscoree.dll":"_CorExeMain"},"resources":[{"id":1,"type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":30,"timedatestamp":"1980-Jan-01 00:00:00","entropy":2.48173},{"id":2,"type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":10,"timedatestamp":"1980-Jan-01 00:00:00","entropy":1.37095},{"id":3,"type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":76,"timedatestamp":"1980-Jan-01 00:00:00","entropy":2.87727},{"id":"1 (#2)","type":"RT_VERSION","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":768,"timedatestamp":"1980-Jan-01 00:00:00","entropy":3.16411},{"id":"1 (#3)","type":"RT_MANIFEST","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":490,"timedatestamp":"1980-Jan-01 00:00:00","entropy":5.00112}],"version_info":{"resource_langid":"UNKNOWN","vs_version_info":{"signature":"0xFEEF04BD","structversion":"0x00010000","fileversion":"1.0.0.0","productversion":"1.0.0.0","fileflags":"(EMPTY)","fileos":["VOS_DOS_WINDOWS32","VOS_NT_WINDOWS32","VOS__WINDOWS32"],"filetype":"VFT_APP","language":"UNKNOWN","comments":"RMM Client","companyname":"","filedescription":"Client","fileversion_2":"1.0.0.0","internalname":"Client.exe","legalcopyright":"","legaltrademarks":"","originalfilename":"Client.exe","productname":"Client","productversion_2":"1.0.0.0","assembly_version":"1.0.0.0"}},"debug_info":[{"type":"IMAGE_DEBUG_TYPE_CODEVIEW","characteristics":0,"timedatestamp":"2068-May-04 18:04:16","version":"0.0","sizeofdata":101,"addressofrawdata":"0x00038EA4","pointertorawdata":"0x000370A4","referenced_file":"C:\\Users\\sulum\\OneDrive\\Desktop\\datacenter\\stubCsharp\\obj\\Release\\Client.pdb"},{"type":"UNKNOWN","characteristics":0,"timedatestamp":"1970-Jan-01 00:00:00","version":"0.0","sizeofdata":0,"addressofrawdata":"0x00000000","pointertorawdata":"0x00000000"}],"suspicious_strings":{"system_monitoring_tools":["rundll32.exe","schtask"],"security_software":["rshell.exe"],"dropper_capabilities":["CurrentVersion\\Run"],"miscellaneous_malware_strings":["cmd.Exe"],"domain_names":["ftp://server09.mentality.cloud","ftp://server09.mentality.cloud/public_html/sqlite3.dll","http://ip-api.com","ip-api.com"]},"exploit_mitigation_techniques":{"stack_canary":"disabled","safe_seh":"disabled","aslr":"enabled","dep":"enabled","cfg":"disabled"}},"Exports":{},"Resources":{"entities":[{"id":1,"type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":30,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":2.48173},{"id":2,"type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":10,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":1.37095},{"id":3,"type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":76,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":2.87727},{"id":"1 (#2)","type":"RT_VERSION","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":768,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":3.16411},{"id":"1 (#3)","type":"RT_MANIFEST","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":490,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":5.00112}],"version_info":{"resource_lang_id":"UNKNOWN","vs_version_info":{"signature":"0xFEEF04BD","struct_version":"0x00010000","file_version":"1.0.0.0","product_version":"1.0.0.0","file_flags":"(EMPTY)","file_os":["VOS_DOS_WINDOWS32","VOS_NT_WINDOWS32","VOS__WINDOWS32"],"file_type":"VFT_APP","language":"UNKNOWN","comments":"RMM Client","company_name":"","file_description":"Client","file_version_2":"1.0.0.0","internal_name":"Client.exe","legal_copyright":"","legal_trademarks":"","original_filename":"Client.exe","product_name":"Client","product_version_2":"1.0.0.0","assembly_version":"1.0.0.0"}}},"Debug Info":{"debug_info":[{"type":"IMAGE_DEBUG_TYPE_CODEVIEW","characteristics":0,"time_date_stamp":"2068-May-04 18:04:16","version":"0.0","size_of_data":101,"address_of_raw_data":"0x00038EA4","pointer_to_raw_data":"0x000370A4","referenced_file":"C:\\Users\\sulum\\OneDrive\\Desktop\\datacenter\\stubCsharp\\obj\\Release\\Client.pdb"},{"type":"UNKNOWN","characteristics":0,"time_date_stamp":"1970-Jan-01 00:00:00","version":"0.0","size_of_data":0,"address_of_raw_data":"0x00000000","pointer_to_raw_data":"0x00000000"}],"suspicious_strings":{"system_monitoring_tools":["rundll32.exe","schtask"],"security_software_references":["rshell.exe"],"dropper_capabilities":["CurrentVersion\\Run"],"malware_strings":["cmd.Exe"],"domain_names":["ftp://server09.mentality.cloud","ftp://server09.mentality.cloud/public_html/sqlite3.dll","http://ip-api.com","ip-api.com"]},"exploit_mitigations":{"stack_canary":"disabled","safe_seh":"disabled","aslr":"enabled","dep":"enabled","cfg":"disabled"}},"Load Configuration":{},"RICH Header":{},"Interesting strings found in the binary":{},"file_path":"/home/apogean/projects/malware/windows/all_runs/360e6f2288b6c8364159e80330b9af83f2d561929d206bc1e1e5f1585432b28f.exe"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_rs4a4k_u/output.txt"},"timestamp":"2026-04-23 00:49:24"},{"_id":{"$oid":"69e9bbc859a6632dae07de21"},"sha256":"360e6f2288b6c8364159e80330b9af83f2d561929d206bc1e1e5f1585432b28f","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /home/apogean/projects/malware/windows/all_runs/now_you_see_me_again.exe\nDate: 2026-04-29 20:29:21\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n-------------------------------------------------------------------------------\n/home/apogean/projects/malware/windows/all_runs/now_you_see_me_again.exe\n-------------------------------------------------------------------------------\n\nSummary:\n--------\nArchitecture: IMAGE_FILE_MACHINE_I386\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nCompilation Date: 2088-Mar-06 18:36:34\nDebug artifacts: C:\\Users\\sulum\\OneDrive\\Desktop\\datacenter\\stubCsharp\\obj\\Release\\Client.pdb\nComments: RMM Client\nCompanyName: \nFileDescription: Client\nFileVersion: 1.0.0.0\nInternalName: Client.exe\nLegalCopyright: \nLegalTrademarks: \nOriginalFilename: Client.exe\nProductName: Client\nProductVersion: 1.0.0.0\nAssembly Version: 1.0.0.0\n\nDOS Header:\n-----------\ne_magic: MZ\ne_cblp: 0x0090\ne_cp: 0x0003\ne_crlc: 0x0000\ne_cparhdr: 0x0004\ne_minalloc: 0x0000\ne_maxalloc: 0xFFFF\ne_ss: 0x0000\ne_sp: 0x00B8\ne_csum: 0x0000\ne_ip: 0x0000\ne_cs: 0x0000\ne_ovno: 0x0000\ne_oemid: 0x0000\ne_oeminfo: 0x0000\ne_lfanew: 0x00000080\n\nPE Header:\n----------\nSignature: PE\nMachine: IMAGE_FILE_MACHINE_I386\nNumberofSections: 3\nTimeDateStamp: 2088-Mar-06 18:36:34\nPointerToSymbolTable: 0x00000000\nNumberOfSymbols: 0\nSizeOfOptionalHeader: 0x00E0\nCharacteristics: IMAGE_FILE_EXECUTABLE_IMAGE\n IMAGE_FILE_LARGE_ADDRESS_AWARE\n\nImage Optional Header:\n----------------------\nMagic: PE32\nLinkerVersion: 48.0\nSizeOfCode: 0x00037000\nSizeOfInitializedData: 0x00000A00\nSizeOfUninitializedData: 0x00000000\nAddressOfEntryPoint: 0x00038F5E (Section: .text)\nBaseOfCode: 0x00002000\nBaseOfData: 0x0003A000\nImageBase: 0x00400000\nSectionAlignment: 0x00002000\nFileAlignment: 0x00000200\nOperatingSystemVersion: 4.0\nImageVersion: 0.0\nSubsystemVersion: 6.0\nWin32VersionValue: 0\nSizeOfImage: 0x0003E000\nSizeOfHeaders: 0x00000200\nChecksum: 0x00000000\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nDllCharacteristics: IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE\n IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA\n IMAGE_DLLCHARACTERISTICS_NO_SEH\n IMAGE_DLLCHARACTERISTICS_NX_COMPAT\n IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE\nSizeofStackReserve: 0x00100000\nSizeofStackCommit: 0x00001000\nSizeofHeapReserve: 0x00100000\nSizeofHeapCommit: 0x00001000\nLoaderFlags: 0x00000000\nNumberOfRvaAndSizes: 16\n\nSections:\n---------\n.text:\n VirtualSize: 0x00036FD0\n VirtualAddress: 0x00002000\n SizeOfRawData: 0x00037000\n PointerToRawData: 0x00000200\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 5.55645\n\n.rsrc:\n VirtualSize: 0x000006AC\n VirtualAddress: 0x0003A000\n SizeOfRawData: 0x00000800\n PointerToRawData: 0x00037200\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 4.50595\n\n.reloc:\n VirtualSize: 0x0000000C\n VirtualAddress: 0x0003C000\n SizeOfRawData: 0x00000200\n PointerToRawData: 0x00037A00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_DISCARDABLE\n IMAGE_SCN_MEM_READ\n Entropy: 0.10191\n\n\nImports:\n--------\nmscoree.dll: _CorExeMain\n\nResources:\n----------\n1:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 30\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.48173\n\n2:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 10\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 1.37095\n\n3:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 76\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.87727\n\n1 (#2):\n Type: RT_VERSION\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 768\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.16411\n\n1 (#3):\n Type: RT_MANIFEST\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 490\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.00112\n\n\nVersion Info:\n-------------\nResource LangID: UNKNOWN\nVS_VERSION_INFO:\n Signature: 0xFEEF04BD\n StructVersion: 0x00010000\n FileVersion: 1.0.0.0\n ProductVersion: 1.0.0.0\n FileFlags: (EMPTY)\n FileOs: VOS_DOS_WINDOWS32\n VOS_NT_WINDOWS32\n VOS__WINDOWS32\n FileType: VFT_APP\n Language: UNKNOWN\n Comments: RMM Client\n CompanyName: \n FileDescription: Client\n FileVersion (#2): 1.0.0.0\n InternalName: Client.exe\n LegalCopyright: \n LegalTrademarks: \n OriginalFilename: Client.exe\n ProductName: Client\n ProductVersion (#2): 1.0.0.0\n Assembly Version: 1.0.0.0\n\n\nDebug Info:\n-----------\nIMAGE_DEBUG_TYPE_CODEVIEW:\n Characteristics: 0\n TimeDateStamp: 2068-May-04 18:04:16\n Version: 0.0\n SizeofData: 101\n AddressOfRawData: 0x00038EA4\n PointerToRawData: 0x000370A4\n Referenced File: C:\\Users\\sulum\\OneDrive\\Desktop\\datacenter\\stubCsharp\\obj\\Release\\Client.pdb\n\nUNKNOWN:\n Characteristics: 0\n TimeDateStamp: 1970-Jan-01 00:00:00\n Version: 0.0\n SizeofData: 0\n AddressOfRawData: 0x00000000\n PointerToRawData: 0x00000000\n\n\n[ SUSPICIOUS ] Strings found in the binary may indicate undesirable behavior:\n Contains references to system / monitoring tools:\n rundll32.exe\n schtask\n Contains references to security software:\n rshell.exe\n May have dropper capabilities:\n CurrentVersion\\Run\n Miscellaneous malware strings:\n cmd.Exe\n Contains domain names:\n ftp://server09.mentality.cloud\n ftp://server09.mentality.cloud/public_html/sqlite3.dll\n http://ip-api.com\n ip-api.com\n\nThe following exploit mitigation techniques have been detected\n Stack Canary: disabled\n SafeSEH: disabled\n ASLR: enabled\n DEP: enabled\n CFG: disabled\n\n\n\n[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.\n[!] Error: [Yara compiler] yara_rules/clamav.yara (999960) : syntax error, unexpected '{', expecting text string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (1089890) : syntax error, unexpected string identifier, expecting '}'\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2064551) : unreferenced string \"$a7\"\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2510733) : invalid hex string \"$a0\": uneven number of digits in hex string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2597376) : invalid hex string \"$a5\": syntax error\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2983072) : invalid hex string \"$a0\": invalid character in hex string\n[!] Error: Could not compile yara rules (6 error(s)).\n[!] Error: ClamAV rules haven't been generated yet!\n[!] Error: Please run yara_rules/update_clamav_signatures.py to create them, and refer to the documentation for additional information.\n","json_output":{"Summary":{"architecture":"IMAGE_FILE_MACHINE_I386","subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","compilation_date":"2088-Mar-06 18:36:34","debug_artifacts":"C:\\Users\\sulum\\OneDrive\\Desktop\\datacenter\\stubCsharp\\obj\\Release\\Client.pdb","comments":"RMM Client","company_name":"","file_description":"Client","file_version":"1.0.0.0","internal_name":"Client.exe","legal_copyright":"","legal_trademarks":"","original_filename":"Client.exe","product_name":"Client","product_version":"1.0.0.0","assembly_version":"1.0.0.0"},"DOS Header":{"e_magic":"MZ","e_cblp":"0x0090","e_cp":"0x0003","e_crlc":"0x0000","e_cparhdr":"0x0004","e_minalloc":"0x0000","e_maxalloc":"0xFFFF","e_ss":"0x0000","e_sp":"0x00B8","e_csum":"0x0000","e_ip":"0x0000","e_cs":"0x0000","e_ovno":"0x0000","e_oemid":"0x0000","e_oeminfo":"0x0000","e_lfanew":"0x00000080"},"PE Header":{"signature":"PE","machine":"IMAGE_FILE_MACHINE_I386","numberOfSections":3,"timeDateStamp":"2088-Mar-06 18:36:34","pointerToSymbolTable":"0x00000000","numberOfSymbols":0,"sizeOfOptionalHeader":"0x00E0","characteristics":["IMAGE_FILE_EXECUTABLE_IMAGE","IMAGE_FILE_LARGE_ADDRESS_AWARE"]},"Image Optional Header":{"Magic":"PE32","LinkerVersion":"48.0","SizeOfCode":"0x00037000","SizeOfInitializedData":"0x00000A00","SizeOfUninitializedData":"0x00000000","AddressOfEntryPoint":"0x00038F5E","EntryPointSection":".text","BaseOfCode":"0x00002000","BaseOfData":"0x0003A000","ImageBase":"0x00400000","SectionAlignment":"0x00002000","FileAlignment":"0x00000200","OperatingSystemVersion":"4.0","ImageVersion":"0.0","SubsystemVersion":"6.0","Win32VersionValue":"0","SizeOfImage":"0x0003E000","SizeOfHeaders":"0x00000200","Checksum":"0x00000000","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","DllCharacteristics":["IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE","IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA","IMAGE_DLLCHARACTERISTICS_NO_SEH","IMAGE_DLLCHARACTERISTICS_NX_COMPAT","IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE"],"SizeofStackReserve":"0x00100000","SizeofStackCommit":"0x00001000","SizeofHeapReserve":"0x00100000","SizeofHeapCommit":"0x00001000","LoaderFlags":"0x00000000","NumberOfRvaAndSizes":"16"},"Sections":{"sections":[{"name":".text","virtual_size":"0x00036FD0","virtual_address":"0x00002000","size_of_raw_data":"0x00037000","pointer_to_raw_data":"0x00000200","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"entropy":5.55645},{"name":".rsrc","virtual_size":"0x000006AC","virtual_address":"0x0003A000","size_of_raw_data":"0x00000800","pointer_to_raw_data":"0x00037200","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"entropy":4.50595},{"name":".reloc","virtual_size":"0x0000000C","virtual_address":"0x0003C000","size_of_raw_data":"0x00000200","pointer_to_raw_data":"0x00037A00","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_DISCARDABLE","IMAGE_SCN_MEM_READ"],"entropy":0.10191}]},"Imports":{"entities":{"file_info":{"entry_point":"mscoree.dll: _CorExeMain","resources":[{"id":1,"type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":30,"timestamp":"1980-01-01T00:00:00","entropy":2.48173},{"id":2,"type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":10,"timestamp":"1980-01-01T00:00:00","entropy":1.37095},{"id":3,"type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":76,"timestamp":"1980-01-01T00:00:00","entropy":2.87727},{"id":"1 (#2)","type":"RT_VERSION","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":768,"timestamp":"1980-01-01T00:00:00","entropy":3.16411},{"id":"1 (#3)","type":"RT_MANIFEST","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":490,"timestamp":"1980-01-01T00:00:00","entropy":5.00112}],"version_info":{"lang_id":"UNKNOWN","signature":"0xFEEF04BD","struct_version":"0x00010000","file_version":"1.0.0.0","product_version":"1.0.0.0","file_flags":"(EMPTY)","file_os":["VOS_DOS_WINDOWS32","VOS_NT_WINDOWS32","VOS__WINDOWS32"],"file_type":"VFT_APP","language":"UNKNOWN","comments":"RMM Client","company_name":"","file_description":"Client","internal_name":"Client.exe","legal_copyright":"","legal_trademarks":"","original_filename":"Client.exe","product_name":"Client","assembly_version":"1.0.0.0"},"debug_info":[{"type":"IMAGE_DEBUG_TYPE_CODEVIEW","characteristics":0,"timestamp":"2068-05-04T18:04:16","version":"0.0","sizeof_data":101,"address_of_raw_data":"0x00038EA4","pointer_to_raw_data":"0x000370A4","referenced_file":"C:\\Users\\sulum\\OneDrive\\Desktop\\datacenter\\stubCsharp\\obj\\Release\\Client.pdb"},{"type":"UNKNOWN","characteristics":0,"timestamp":"1970-01-01T00:00:00","version":"0.0","sizeof_data":0,"address_of_raw_data":"0x00000000","pointer_to_raw_data":"0x00000000"}]},"suspicious_strings":{"system_monitoring_tools":["rundll32.exe","schtask"],"security_software":["rshell.exe"],"dropper_capabilities":["CurrentVersion\\Run"],"malware_strings":["cmd.Exe"],"domain_names":["ftp://server09.mentality.cloud","ftp://server09.mentality.cloud/public_html/sqlite3.dll","http://ip-api.com","ip-api.com"]},"exploit_mitigations":{"stack_canary":"disabled","safe_seh":"disabled","aslr":"enabled","dep":"enabled","cfg":"disabled"}}},"Exports":{},"Resources":{"entities":[{"id":1,"type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":30,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":2.48173},{"id":2,"type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":10,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":1.37095},{"id":3,"type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":76,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":2.87727},{"id":"1 (#2)","type":"RT_VERSION","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":768,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":3.16411},{"id":"1 (#3)","type":"RT_MANIFEST","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":490,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":5.00112}],"version_info":{"resource_lang_id":"UNKNOWN","vs_version_info":{"signature":"0xFEEF04BD","struct_version":"0x00010000","file_version":"1.0.0.0","product_version":"1.0.0.0","file_flags":"(EMPTY)","file_os":["VOS_DOS_WINDOWS32","VOS_NT_WINDOWS32","VOS__WINDOWS32"],"file_type":"VFT_APP","language":"UNKNOWN","comments":"RMM Client","company_name":"","file_description":"Client","file_version_2":"1.0.0.0","internal_name":"Client.exe","legal_copyright":"","legal_trademarks":"","original_filename":"Client.exe","product_name":"Client","product_version_2":"1.0.0.0","assembly_version":"1.0.0.0"}}},"Debug Info":{"debug_info":[{"type":"IMAGE_DEBUG_TYPE_CODEVIEW","characteristics":0,"time_date_stamp":"2068-May-04 18:04:16","version":"0.0","size_of_data":101,"address_of_raw_data":"0x00038EA4","pointer_to_raw_data":"0x000370A4","referenced_file":"C:\\Users\\sulum\\OneDrive\\Desktop\\datacenter\\stubCsharp\\obj\\Release\\Client.pdb"},{"type":"UNKNOWN","characteristics":0,"time_date_stamp":"1970-Jan-01 00:00:00","version":"0.0","size_of_data":0,"address_of_raw_data":"0x00000000","pointer_to_raw_data":"0x00000000"}],"suspicious_strings":{"system_monitoring_tools":["rundll32.exe","schtask"],"security_software_references":["rshell.exe"],"dropper_capabilities":["CurrentVersion\\Run"],"malware_strings":["cmd.Exe"],"domain_names":["ftp://server09.mentality.cloud","ftp://server09.mentality.cloud/public_html/sqlite3.dll","http://ip-api.com","ip-api.com"]},"exploit_mitigations":{"stack_canary":"disabled","safe_seh":"disabled","aslr":"enabled","dep":"enabled","cfg":"disabled"}},"Load Configuration":{},"RICH Header":{},"Interesting strings found in the binary":{},"file_path":"/home/apogean/projects/malware/windows/all_runs/now_you_see_me_again.exe"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_xey_u5_3/output.txt"},"timestamp":"2026-04-29 20:29:55"},{"_id":{"$oid":"69edc3cf59a6632dae07de33"},"sha256":"2aa5ce3561dc657a157460383c7c9b8db54ac8a6969627009c8d1062316a6130","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /tmp/sdm_unpack_12ohn_ul/2aa5ce3561dc657a157460383c7c9b8db54ac8a6969627009c8d1062316a6130_2aa5ce3561dc/001_upx_unpacked.exe\nDate: 2026-05-15 14:31:39\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n-------------------------------------------------------------------------------\n/tmp/sdm_unpack_12ohn_ul/2aa5ce3561dc657a157460383c7c9b8db54ac8a6969627009c8d1062316a6130_2aa5ce3561dc/001_upx_unpacked.exe\n-------------------------------------------------------------------------------\n\nSummary:\n--------\nArchitecture: IMAGE_FILE_MACHINE_I386\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nCompilation Date: 2025-Nov-28 09:36:05\nDetected languages: English - United Kingdom\n\nDOS Header:\n-----------\ne_magic: MZ\ne_cblp: 0x0090\ne_cp: 0x0003\ne_crlc: 0x0000\ne_cparhdr: 0x0004\ne_minalloc: 0x0000\ne_maxalloc: 0xFFFF\ne_ss: 0x0000\ne_sp: 0x00B8\ne_csum: 0x0000\ne_ip: 0x0000\ne_cs: 0x0000\ne_ovno: 0x0000\ne_oemid: 0x0000\ne_oeminfo: 0x0000\ne_lfanew: 0x00000120\n\nPE Header:\n----------\nSignature: PE\nMachine: IMAGE_FILE_MACHINE_I386\nNumberofSections: 5\nTimeDateStamp: 2025-Nov-28 09:36:05\nPointerToSymbolTable: 0x00000000\nNumberOfSymbols: 0\nSizeOfOptionalHeader: 0x00E0\nCharacteristics: IMAGE_FILE_32BIT_MACHINE\n IMAGE_FILE_EXECUTABLE_IMAGE\n IMAGE_FILE_LARGE_ADDRESS_AWARE\n\nImage Optional Header:\n----------------------\nMagic: PE32\nLinkerVersion: 14.0\nSizeOfCode: 0x0009AC00\nSizeOfInitializedData: 0x00090000\nSizeOfUninitializedData: 0x00000000\nAddressOfEntryPoint: 0x000204F7 (Section: .text)\nBaseOfCode: 0x00001000\nBaseOfData: 0x0009C000\nImageBase: 0x00400000\nSectionAlignment: 0x00001000\nFileAlignment: 0x00000200\nOperatingSystemVersion: 5.1\nImageVersion: 0.0\nSubsystemVersion: 5.1\nWin32VersionValue: 0\nSizeOfImage: 0x00131000\nSizeOfHeaders: 0x00000400\nChecksum: 0x00000000\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nDllCharacteristics: IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE\n IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE\nSizeofStackReserve: 0x00400000\nSizeofStackCommit: 0x00001000\nSizeofHeapReserve: 0x00400000\nSizeofHeapCommit: 0x00001000\nLoaderFlags: 0x00000000\nNumberOfRvaAndSizes: 16\n\nSections:\n---------\n.text:\n VirtualSize: 0x0009AA37\n VirtualAddress: 0x00001000\n SizeOfRawData: 0x0009AC00\n PointerToRawData: 0x00000400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 6.66568\n\n.rdata:\n VirtualSize: 0x0002FB92\n VirtualAddress: 0x0009C000\n SizeOfRawData: 0x0002FC00\n PointerToRawData: 0x0009B000\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 5.61024\n\n.data:\n VirtualSize: 0x0000705C\n VirtualAddress: 0x000CC000\n SizeOfRawData: 0x00004800\n PointerToRawData: 0x000CAC00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n Entropy: 0.584577\n\n.rsrc:\n VirtualSize: 0x000545C4\n VirtualAddress: 0x000D4000\n SizeOfRawData: 0x00054600\n PointerToRawData: 0x000CF400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 7.8804\n\n.reloc:\n VirtualSize: 0x000075CC\n VirtualAddress: 0x00129000\n SizeOfRawData: 0x00007600\n PointerToRawData: 0x00123A00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_DISCARDABLE\n IMAGE_SCN_MEM_READ\n Entropy: 6.7982\n\n\nImports:\n--------\nKERNEL32.DLL: DuplicateHandle\n CreateThread\n WaitForSingleObject\n HeapAlloc\n GetProcessHeap\n HeapFree\n Sleep\n GetCurrentThreadId\n MultiByteToWideChar\n MulDiv\n GetVersionExW\n IsWow64Process\n GetSystemInfo\n FreeLibrary\n LoadLibraryA\n GetProcAddress\n SetErrorMode\n GetModuleFileNameW\n WideCharToMultiByte\n lstrcpyW\n lstrlenW\n GetModuleHandleW\n QueryPerformanceCounter\n VirtualFreeEx\n OpenProcess\n VirtualAllocEx\n WriteProcessMemory\n ReadProcessMemory\n CreateFileW\n SetFilePointerEx\n SetEndOfFile\n ReadFile\n WriteFile\n FlushFileBuffers\n TerminateProcess\n CreateToolhelp32Snapshot\n Process32FirstW\n Process32NextW\n SetFileTime\n GetFileAttributesW\n FindFirstFileW\n FindClose\n GetLongPathNameW\n GetShortPathNameW\n DeleteFileW\n IsDebuggerPresent\n CopyFileExW\n MoveFileW\n CreateDirectoryW\n RemoveDirectoryW\n SetSystemPowerState\n QueryPerformanceFrequency\n LoadResource\n LockResource\n SizeofResource\n OutputDebugStringW\n GetTempPathW\n GetTempFileNameW\n DeviceIoControl\n GetLocalTime\n CompareStringW\n GetCurrentThread\n LeaveCriticalSection\n GetStdHandle\n CreatePipe\n InterlockedExchange\n TerminateThread\n LoadLibraryExW\n FindResourceExW\n CopyFileW\n VirtualFree\n FormatMessageW\n GetExitCodeProcess\n GetPrivateProfileStringW\n WritePrivateProfileStringW\n GetPrivateProfileSectionW\n WritePrivateProfileSectionW\n GetPrivateProfileSectionNamesW\n FileTimeToLocalFileTime\n FileTimeToSystemTime\n SystemTimeToFileTime\n LocalFileTimeToFileTime\n GetDriveTypeW\n GetDiskFreeSpaceExW\n GetDiskFreeSpaceW\n GetVolumeInformationW\n SetVolumeLabelW\n CreateHardLinkW\n SetFileAttributesW\n CreateEventW\n SetEvent\n GetEnvironmentVariableW\n SetEnvironmentVariableW\n GlobalLock\n GlobalUnlock\n GlobalAlloc\n GetFileSize\n GlobalFree\n GlobalMemoryStatusEx\n Beep\n GetSystemDirectoryW\n HeapReAlloc\n HeapSize\n GetComputerNameW\n GetWindowsDirectoryW\n GetCurrentProcessId\n GetProcessIoCounters\n CreateProcessW\n GetProcessId\n SetPriorityClass\n LoadLibraryW\n VirtualAlloc\n GetCurrentDirectoryW\n lstrcmpiW\n DecodePointer\n GetLastError\n RaiseException\n InitializeCriticalSectionAndSpinCount\n DeleteCriticalSection\n InterlockedDecrement\n InterlockedIncrement\n ResetEvent\n WaitForSingleObjectEx\n IsProcessorFeaturePresent\n UnhandledExceptionFilter\n SetUnhandledExceptionFilter\n GetCurrentProcess\n CloseHandle\n GetFullPathNameW\n EnterCriticalSection\n GetStartupInfoW\n GetSystemTimeAsFileTime\n InitializeSListHead\n RtlUnwind\n SetLastError\n TlsAlloc\n TlsGetValue\n TlsSetValue\n TlsFree\n EncodePointer\n ExitProcess\n GetModuleHandleExW\n ExitThread\n ResumeThread\n FreeLibraryAndExitThread\n GetACP\n GetDateFormatW\n GetTimeFormatW\n LCMapStringW\n GetStringTypeW\n GetFileType\n SetStdHandle\n GetConsoleCP\n GetConsoleMode\n ReadConsoleW\n GetTimeZoneInformation\n FindFirstFileExW\n IsValidCodePage\n GetOEMCP\n GetCPInfo\n GetCommandLineA\n GetCommandLineW\n GetEnvironmentStringsW\n FreeEnvironmentStringsW\n SetEnvironmentVariableA\n SetCurrentDirectoryW\n FindNextFileW\n WriteConsoleW\nADVAPI32.dll: GetAce\n RegEnumValueW\n RegDeleteValueW\n RegDeleteKeyW\n RegEnumKeyExW\n RegSetValueExW\n RegOpenKeyExW\n RegCloseKey\n RegQueryValueExW\n RegConnectRegistryW\n InitializeSecurityDescriptor\n InitializeAcl\n AdjustTokenPrivileges\n OpenThreadToken\n OpenProcessToken\n LookupPrivilegeValueW\n DuplicateTokenEx\n CreateProcessAsUserW\n CreateProcessWithLogonW\n GetLengthSid\n CopySid\n LogonUserW\n AllocateAndInitializeSid\n CheckTokenMembership\n FreeSid\n GetTokenInformation\n RegCreateKeyExW\n GetSecurityDescriptorDacl\n GetAclInformation\n GetUserNameW\n AddAce\n SetSecurityDescriptorDacl\n InitiateSystemShutdownExW\nCOMCTL32.dll: ImageList_ReplaceIcon\n ImageList_Destroy\n ImageList_Remove\n ImageList_SetDragCursorImage\n ImageList_BeginDrag\n ImageList_DragEnter\n ImageList_DragLeave\n ImageList_EndDrag\n ImageList_DragMove\n InitCommonControlsEx\n ImageList_Create\nCOMDLG32.dll: GetSaveFileNameW\n GetOpenFileNameW\nGDI32.dll: EndPath\n DeleteObject\n GetTextExtentPoint32W\n ExtCreatePen\n StrokeAndFillPath\n GetDeviceCaps\n SetPixel\n CloseFigure\n LineTo\n AngleArc\n MoveToEx\n Ellipse\n CreateCompatibleBitmap\n CreateCompatibleDC\n PolyDraw\n BeginPath\n Rectangle\n SetViewportOrgEx\n GetObjectW\n SetBkMode\n RoundRect\n SetBkColor\n CreatePen\n SelectObject\n StretchBlt\n CreateSolidBrush\n SetTextColor\n CreateFontW\n GetTextFaceW\n GetStockObject\n CreateDCW\n GetPixel\n DeleteDC\n GetDIBits\n StrokePath\nIPHLPAPI.DLL: IcmpSendEcho\n IcmpCloseHandle\n IcmpCreateFile\nMPR.dll: WNetGetConnectionW\n WNetCancelConnection2W\n WNetUseConnectionW\n WNetAddConnection2W\nole32.dll: CoTaskMemAlloc\n CoTaskMemFree\n CLSIDFromString\n ProgIDFromCLSID\n CLSIDFromProgID\n OleSetMenuDescriptor\n MkParseDisplayName\n OleSetContainedObject\n CoCreateInstance\n IIDFromString\n StringFromGUID2\n CreateStreamOnHGlobal\n OleInitialize\n OleUninitialize\n CoInitialize\n CoUninitialize\n GetRunningObjectTable\n CoGetInstanceFromFile\n CoGetObject\n CoInitializeSecurity\n CoCreateInstanceEx\n CoSetProxyBlanket\nOLEAUT32.dll: CreateStdDispatch\n CreateDispTypeInfo\n UnRegisterTypeLib\n UnRegisterTypeLibForUser\n RegisterTypeLibForUser\n RegisterTypeLib\n LoadTypeLibEx\n VariantCopyInd\n SysReAllocString\n SysFreeString\n VariantChangeType\n SafeArrayDestroyData\n SafeArrayUnaccessData\n SafeArrayAccessData\n SafeArrayAllocData\n SafeArrayAllocDescriptorEx\n SafeArrayCreateVector\n SysStringLen\n QueryPathOfRegTypeLib\n SysAllocString\n VariantInit\n VariantClear\n DispCallFunc\n VariantTimeToSystemTime\n VarR8FromDec\n SafeArrayGetVartype\n SafeArrayDestroyDescriptor\n VariantCopy\n OleLoadPicture\nPSAPI.DLL: GetProcessMemoryInfo\nSHELL32.dll: DragFinish\n DragQueryPoint\n ShellExecuteExW\n DragQueryFileW\n SHEmptyRecycleBinW\n SHGetPathFromIDListW\n SHBrowseForFolderW\n SHCreateShellItem\n SHGetDesktopFolder\n SHGetSpecialFolderLocation\n SHGetFolderPathW\n SHFileOperationW\n ExtractIconExW\n Shell_NotifyIconW\n ShellExecuteW\nUSER32.dll: IsCharAlphaW\n IsCharAlphaNumericW\n IsCharLowerW\n IsCharUpperW\n GetMenuStringW\n GetSubMenu\n GetCaretPos\n IsZoomed\n MonitorFromPoint\n GetMonitorInfoW\n SetWindowLongW\n SetLayeredWindowAttributes\n FlashWindow\n GetClassLongW\n TranslateAcceleratorW\n IsDialogMessageW\n GetSysColor\n InflateRect\n DrawFocusRect\n DrawTextW\n FrameRect\n DrawFrameControl\n FillRect\n PtInRect\n DestroyAcceleratorTable\n CreateAcceleratorTableW\n SetCursor\n GetWindowDC\n GetSystemMetrics\n GetActiveWindow\n CharNextW\n wsprintfW\n RedrawWindow\n DrawMenuBar\n DestroyMenu\n SetMenu\n GetWindowTextLengthW\n CreateMenu\n IsDlgButtonChecked\n DefDlgProcW\n CallWindowProcW\n ReleaseCapture\n SetCapture\n TranslateMessage\n PeekMessageW\n GetInputState\n UnregisterHotKey\n CharLowerBuffW\n MonitorFromRect\n LoadImageW\n mouse_event\n ExitWindowsEx\n SetActiveWindow\n FindWindowExW\n EnumThreadWindows\n SetMenuDefaultItem\n InsertMenuItemW\n IsMenu\n GetKeyboardLayoutNameW\n GetCursorPos\n DeleteMenu\n CheckMenuRadioItem\n GetMenuItemID\n GetMenuItemCount\n SetMenuItemInfoW\n GetMenuItemInfoW\n SetForegroundWindow\n IsIconic\n FindWindowW\n SystemParametersInfoW\n GetMessageW\n SendInput\n GetAsyncKeyState\n SetKeyboardState\n GetKeyboardState\n GetKeyState\n VkKeyScanW\n LoadStringW\n DialogBoxParamW\n MessageBeep\n EndDialog\n SendDlgItemMessageW\n GetDlgItem\n SetWindowTextW\n CopyRect\n EndPaint\n BeginPaint\n GetClientRect\n GetMenu\n DestroyWindow\n EnumWindows\n GetDesktopWindow\n IsWindow\n IsWindowEnabled\n IsWindowVisible\n EnableWindow\n InvalidateRect\n GetWindowLongW\n ReleaseDC\n GetDC\n GetWindowThreadProcessId\n AttachThreadInput\n GetFocus\n GetWindowTextW\n SendMessageTimeoutW\n EnumChildWindows\n CharUpperBuffW\n GetClassNameW\n GetParent\n GetDlgCtrlID\n SendMessageW\n MapVirtualKeyW\n PostMessageW\n GetWindowRect\n SetUserObjectSecurity\n CloseDesktop\n CloseWindowStation\n OpenDesktopW\n ClientToScreen\n RegisterHotKey\n GetCursorInfo\n SetWindowPos\n CopyImage\n AdjustWindowRectEx\n SetRect\n SetClipboardData\n EmptyClipboard\n CountClipboardFormats\n CloseClipboard\n GetClipboardData\n IsClipboardFormatAvailable\n OpenClipboard\n TrackPopupMenuEx\n BlockInput\n SetProcessWindowStation\n GetProcessWindowStation\n OpenWindowStationW\n GetUserObjectSecurity\n MessageBoxW\n DefWindowProcW\n MoveWindow\n SetFocus\n PostQuitMessage\n KillTimer\n CreatePopupMenu\n RegisterWindowMessageW\n SetTimer\n ShowWindow\n CreateWindowExW\n RegisterClassExW\n LoadIconW\n LoadCursorW\n GetSysColorBrush\n GetForegroundWindow\n MessageBoxA\n DestroyIcon\n LockWindowUpdate\n keybd_event\n DispatchMessageW\n ScreenToClient\nUSERENV.dll: DestroyEnvironmentBlock\n LoadUserProfileW\n CreateEnvironmentBlock\n UnloadUserProfile\nUxTheme.dll: IsThemeActive\nVERSION.dll: GetFileVersionInfoW\n VerQueryValueW\n GetFileVersionInfoSizeW\nWININET.dll: HttpOpenRequestW\n InternetCloseHandle\n InternetOpenW\n InternetSetOptionW\n InternetCrackUrlW\n HttpQueryInfoW\n InternetQueryOptionW\n InternetConnectW\n HttpSendRequestW\n FtpOpenFileW\n FtpGetFileSize\n InternetOpenUrlW\n InternetReadFile\n InternetQueryDataAvailable\nWINMM.dll: timeGetTime\n waveOutSetVolume\n mciSendStringW\nWSOCK32.dll: gethostbyname\n recv\n send\n socket\n inet_ntoa\n setsockopt\n ntohs\n WSACleanup\n WSAStartup\n sendto\n htons\n __WSAFDIsSet\n select\n accept\n listen\n bind\n inet_addr\n ioctlsocket\n recvfrom\n WSAGetLastError\n closesocket\n gethostname\n connect\n\nResources:\n----------\n1:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 296\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.66371\n\n2:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 296\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.05883\n\n3:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 296\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.25499\n\n4:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 744\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.65355\n\n5:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 296\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.43704\n\n6:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 3752\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.16139\n\n7:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 2216\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.07494\n\n8:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1384\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.18302\n\n9:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 9640\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.52312\n\n10:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 4264\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.65168\n\n11:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.39178\n\n166:\n Type: RT_MENU\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 80\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.68292\n\n7 (#2):\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1428\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.34702\n\n8 (#2):\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1674\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.2804\n\n9 (#2):\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1168\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.28849\n\n10 (#2):\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1532\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.28373\n\n11 (#2):\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1628\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.26322\n\n12:\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1126\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.25812\n\n313:\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 344\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.08572\n\nSCRIPT:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 309386\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.99935\n\n99:\n Type: RT_GROUP_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 118\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.8695\n Detected Filetype: Icon file\n\n162:\n Type: RT_GROUP_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.02322\n Detected Filetype: Icon file\n\n164:\n Type: RT_GROUP_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 1.84274\n Detected Filetype: Icon file\n\n169:\n Type: RT_GROUP_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.02322\n Detected Filetype: Icon file\n\n1 (#2):\n Type: RT_VERSION\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 220\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.77862\n\n1 (#3):\n Type: RT_MANIFEST\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1007\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.40026\n\n\nVersion Info:\n-------------\nResource LangID: English - United Kingdom\nVS_VERSION_INFO:\n Signature: 0xFEEF04BD\n StructVersion: 0x00010000\n FileVersion: 0.0.0.0\n ProductVersion: 0.0.0.0\n FileFlags: (EMPTY)\n FileOs: VOS_DOS_WINDOWS32\n VOS_NT_WINDOWS32\n VOS__WINDOWS32\n FileType: VFT_APP\n Language: English - United Kingdom\n\n\nTLS Callbacks:\n--------------\nStartAddressOfRawData: 0x004C868C\nEndAddressOfRawData: 0x004C8694\nAddressOfIndex: 0x004D0740\nAddressOfCallbacks: 0x0049C8F8\nSizeOfZeroFill: 0x00000000\nCharacteristics: IMAGE_SCN_ALIGN_4BYTES\nCallbacks: (EMPTY)\n\nLoad Configuration:\n-------------------\nSize: 160\nTimeDateStamp: 1970-Jan-01 00:00:00\nVersion: 0.0\nGlobalFlagsClear: (EMPTY)\nGlobalFlagsSet: (EMPTY)\nCriticalSectionDefaultTimeout: 0\nDeCommitFreeBlockThreshold: 0x00000000\nDeCommitTotalFreeThreshold: 0x00000000\nLockPrefixTable: 0x00000000\nMaximumAllocationSize: 0x00000000\nVirtualMemoryThreshold: 0x00000000\nProcessAffinityMask: 0x00000000\nProcessHeapFlags: (EMPTY)\nCSDVersion: 0\nReserved1: 0x0000\nEditList: 0x00000000\nSecurityCookie: 0x004CC014\nSEHandlerTable: 0x00000000\nSEHandlerCount: 0\n\nRICH Header:\n------------\nXOR Key: 0xFDEDA6DE\nUnmarked objects: 0\n241 (40116): 35\n243 (40116): 157\n242 (40116): 35\n199 (41118): 1\nC++ objects (VS 2015/2017 runtime 26706): 45\nC objects (VS 2015/2017 runtime 26706): 18\nASM objects (VS 2015/2017 runtime 26706): 21\nC objects (VS2008 SP1 build 30729): 9\nImports (VS2008 SP1 build 30729): 37\nTotal imports: 553\nC++ objects (POGO O) (27045): 80\nASM objects (27045): 1\nResource objects (27045): 1\n151: 1\nLinker (27045): 1\n\nMatching compiler(s):\n Microsoft Visual C++ 6.0 - 8.0\n\n[ SUSPICIOUS ] Strings found in the binary may indicate undesirable behavior:\n Is an AutoIT compiled script:\n AutoIt Error\n reserved for AutoIt internal use\n\nCryptographic algorithms detected in the binary:\n Uses constants related to CRC32\n Uses known Mersenne Twister constants\n\n[ MALICIOUS ] The PE contains functions mostly used by malware.\n [!] The program may be hiding some of its imports:\n LoadLibraryA\n GetProcAddress\n LoadLibraryExW\n LoadLibraryW\n Functions which can be used for anti-debugging purposes:\n CreateToolhelp32Snapshot\n FindWindowW\n Code injection capabilities:\n OpenProcess\n VirtualAllocEx\n WriteProcessMemory\n VirtualAlloc\n Code injection capabilities (PowerLoader):\n FindWindowW\n GetWindowLongW\n Can access the registry:\n RegEnumValueW\n RegDeleteValueW\n RegDeleteKeyW\n RegEnumKeyExW\n RegSetValueExW\n RegOpenKeyExW\n RegCloseKey\n RegQueryValueExW\n RegCreateKeyExW\n RegisterHotKey\n Possibly launches other programs:\n CreateProcessW\n CreateProcessAsUserW\n CreateProcessWithLogonW\n ShellExecuteW\n Can create temporary files:\n CreateFileW\n GetTempPathW\n Uses functions commonly found in keyloggers:\n GetAsyncKeyState\n AttachThreadInput\n MapVirtualKeyW\n GetForegroundWindow\n Has Internet access capabilities:\n InternetCloseHandle\n InternetOpenW\n InternetSetOptionW\n InternetCrackUrlW\n InternetQueryOptionW\n InternetConnectW\n InternetOpenUrlW\n InternetReadFile\n InternetQueryDataAvailable\n Functions related to the privilege level:\n AdjustTokenPrivileges\n OpenProcessToken\n DuplicateTokenEx\n CheckTokenMembership\n Enumerates local disk drives:\n GetDriveTypeW\n GetVolumeInformationW\n Manipulates other processes:\n OpenProcess\n WriteProcessMemory\n ReadProcessMemory\n Process32FirstW\n Process32NextW\n Can take screenshots:\n CreateCompatibleDC\n FindWindowW\n GetDC\n Reads the contents of the clipboard:\n GetClipboardData\n Can shut the system down or lock the screen:\n InitiateSystemShutdownExW\n ExitWindowsEx\n\nThe PE's resources present abnormal characteristics.\n Resource SCRIPT is possibly compressed or encrypted.\n\nThe following exploit mitigation techniques have been detected\n Stack Canary: enabled\n SafeSEH: enabled (0 registered handlers)\n ASLR: enabled\n DEP: disabled\n CFG: disabled\n\n\n\n[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.\n[!] Error: [Yara compiler] yara_rules/clamav.yara (999960) : syntax error, unexpected '{', expecting text string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (1089890) : syntax error, unexpected string identifier, expecting '}'\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2064551) : unreferenced string \"$a7\"\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2510733) : invalid hex string \"$a0\": uneven number of digits in hex string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2597376) : invalid hex string \"$a5\": syntax error\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2983072) : invalid hex string \"$a0\": invalid character in hex string\n[!] Error: Could not compile yara rules (6 error(s)).\n[!] Error: ClamAV rules haven't been generated yet!\n[!] Error: Please run yara_rules/update_clamav_signatures.py to create them, and refer to the documentation for additional information.\n","json_output":{"Summary":{"architecture":"IMAGE_FILE_MACHINE_I386","subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","compilation_date":"2025-11-28T09:36:05","detected_languages":["English - United Kingdom"]},"DOS Header":{"e_magic":"MZ","e_cblp":"0x0090","e_cp":"0x0003","e_crlc":"0x0000","e_cparhdr":"0x0004","e_minalloc":"0x0000","e_maxalloc":"0xFFFF","e_ss":"0x0000","e_sp":"0x00B8","e_csum":"0x0000","e_ip":"0x0000","e_cs":"0x0000","e_ovno":"0x0000","e_oemid":"0x0000","e_oeminfo":"0x0000","e_lfanew":"0x00000120"},"PE Header":{"Signature":"PE","Machine":"IMAGE_FILE_MACHINE_I386","NumberofSections":5,"TimeDateStamp":"2025-Nov-28 09:36:05","PointerToSymbolTable":"0x00000000","NumberOfSymbols":0,"SizeOfOptionalHeader":"0x00E0","Characteristics":["IMAGE_FILE_32BIT_MACHINE","IMAGE_FILE_EXECUTABLE_IMAGE","IMAGE_FILE_LARGE_ADDRESS_AWARE"]},"Image Optional Header":{"Magic":"PE32","LinkerVersion":"14.0","SizeOfCode":"0x0009AC00","SizeOfInitializedData":"0x00090000","SizeOfUninitializedData":"0x00000000","AddressOfEntryPoint":"0x000204F7","EntryPointSection":".text","BaseOfCode":"0x00001000","BaseOfData":"0x0009C000","ImageBase":"0x00400000","SectionAlignment":"0x00001000","FileAlignment":"0x00000200","OperatingSystemVersion":"5.1","ImageVersion":"0.0","SubsystemVersion":"5.1","Win32VersionValue":"0","SizeOfImage":"0x00131000","SizeOfHeaders":"0x00000400","Checksum":"0x00000000","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","DllCharacteristics":["IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE","IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE"],"SizeofStackReserve":"0x00400000","SizeofStackCommit":"0x00001000","SizeofHeapReserve":"0x00400000","SizeofHeapCommit":"0x00001000","LoaderFlags":"0x00000000","NumberOfRvaAndSizes":"16"},"Sections":{"sections":[{"name":".text","virtual_size":"0x0009AA37","virtual_address":"0x00001000","size_of_raw_data":"0x0009AC00","pointer_to_raw_data":"0x00000400","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"entropy":6.66568},{"name":".rdata","virtual_size":"0x0002FB92","virtual_address":"0x0009C000","size_of_raw_data":"0x0002FC00","pointer_to_raw_data":"0x0009B000","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"entropy":5.61024},{"name":".data","virtual_size":"0x0000705C","virtual_address":"0x000CC000","size_of_raw_data":"0x00004800","pointer_to_raw_data":"0x000CAC00","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"],"entropy":0.584577},{"name":".rsrc","virtual_size":"0x000545C4","virtual_address":"0x000D4000","size_of_raw_data":"0x00054600","pointer_to_raw_data":"0x000CF400","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"entropy":7.8804},{"name":".reloc","virtual_size":"0x000075CC","virtual_address":"0x00129000","size_of_raw_data":"0x00007600","pointer_to_raw_data":"0x00123A00","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_DISCARDABLE","IMAGE_SCN_MEM_READ"],"entropy":6.7982}]},"Imports":{"entities":{"dlls":["KERNEL32.DLL","ADVAPI32.dll","COMCTL32.dll","COMDLG32.dll","GDI32.dll","IPHLPAPI.DLL","MPR.dll","ole32.dll","OLEAUT32.dll","PSAPI.DLL","SHELL32.dll","USER32.dll","USERENV.dll","UxTheme.dll","VERSION.dll","WININET.dll","WINMM.dll","WSOCK32.dll"],"resources":[{"id":1,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"entropy":3.66371},{"id":2,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"entropy":2.05883},{"id":3,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"entropy":2.25499},{"id":4,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":744,"entropy":3.65355},{"id":5,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"entropy":3.43704},{"id":6,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":3752,"entropy":4.16139},{"id":7,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":2216,"entropy":4.07494},{"id":8,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1384,"entropy":2.18302},{"id":9,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":9640,"entropy":4.52312},{"id":10,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":4264,"entropy":4.65168},{"id":11,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1128,"entropy":4.39178},{"id":166,"type":"RT_MENU","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":80,"entropy":2.68292},{"id":"7 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1428,"entropy":3.34702},{"id":"8 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1674,"entropy":3.2804},{"id":"9 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1168,"entropy":3.28849},{"id":"10 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1532,"entropy":3.28373},{"id":"11 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1628,"entropy":3.26322},{"id":12,"type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1126,"entropy":3.25812},{"id":313,"type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":344,"entropy":3.08572},{"id":"SCRIPT","type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":309386,"entropy":7.99935},{"id":99,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":118,"entropy":2.8695,"detected_filetype":"Icon file"},{"id":162,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":20,"entropy":2.02322,"detected_filetype":"Icon file"},{"id":164,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":20,"entropy":1.84274,"detected_filetype":"Icon file"},{"id":169,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":20,"entropy":2.02322,"detected_filetype":"Icon file"},{"id":"1 (#2)","type":"RT_VERSION","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":220,"entropy":2.77862},{"id":"1 (#3)","type":"RT_MANIFEST","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1007,"entropy":5.40026}],"version_info":{"resource_langid":"English - United Kingdom","signature":"0xFEEF04BD","struct_version":"0x00010000","file_version":"0.0.0.0","product_version":"0.0.0.0","file_flags":"(EMPTY)","file_os":["VOS_DOS_WINDOWS32","VOS_NT_WINDOWS32","VOS__WINDOWS32"],"file_type":"VFT_APP","language":"English - United Kingdom"},"tls_callbacks":{"start_address_of_raw_data":"0x004C868C","end_address_of_raw_data":"0x004C8694","address_of_index":"0x004D0740","address_of_callbacks":"0x0049C8F8","size_of_zero_fill":"0x00000000","characteristics":"IMAGE_SCN_ALIGN_4BYTES","callbacks":"(EMPTY)"},"load_configuration":{"size":160,"time_date_stamp":"1970-Jan-01 00:00:00","version":"0.0","global_flags_clear":"(EMPTY)","global_flags_set":"(EMPTY)","critical_section_default_timeout":0,"de_commit_free_block_threshold":"0x00000000","de_commit_total_free_threshold":"0x00000000","lock_prefix_table":"0x00000000","maximum_allocation_size":"0x00000000","virtual_memory_threshold":"0x00000000","process_affinity_mask":"0x00000000","process_heap_flags":"(EMPTY)","csd_version":0,"reserved1":"0x0000","edit_list":"0x00000000","security_cookie":"0x004CC014","se_handler_table":"0x00000000","se_handler_count":0},"rich_header":{"xor_key":"0xFDEDA6DE","unmarked_objects":0,"objects":{"151":1,"241 (40116)":35,"243 (40116)":157,"242 (40116)":35,"199 (41118)":1,"C++ objects (VS 2015/2017 runtime 26706)":45,"C objects (VS 2015/2017 runtime 26706)":18,"ASM objects (VS 2015/2017 runtime 26706)":21,"C objects (VS2008 SP1 build 30729)":9,"Imports (VS2008 SP1 build 30729)":37,"Total imports":553,"C++ objects (POGO O) (27045)":80,"ASM objects (27045)":1,"Resource objects (27045)":1,"Linker (27045)":1},"matching_compilers":["Microsoft Visual C++ 6.0 - 8.0"]},"strings":["AutoIt Error","reserved for AutoIt internal use"],"cryptographic_algorithms":["Uses constants related to CRC32","Uses known Mersenne Twister constants"],"malicious_indicators":["LoadLibraryA","GetProcAddress","LoadLibraryExW","LoadLibraryW","CreateToolhelp32Snapshot","FindWindowW","OpenProcess","VirtualAllocEx","WriteProcessMemory","VirtualAlloc","RegEnumValueW","RegDeleteValueW","RegDeleteKeyW","RegEnumKeyExW","RegSetValueExW","RegOpenKeyExW","RegCloseKey","RegQueryValueExW","RegCreateKeyExW","RegisterHotKey","CreateProcessW","CreateProcessAsUserW","CreateProcessWithLogonW","ShellExecuteW","CreateFileW","GetTempPathW","GetAsyncKeyState","AttachThreadInput","MapVirtualKeyW","GetForegroundWindow","InternetCloseHandle","InternetOpenW","InternetSetOptionW","InternetCrackUrlW","InternetQueryOptionW","InternetConnectW","InternetOpenUrlW","InternetReadFile","InternetQueryDataAvailable","AdjustTokenPrivileges","OpenProcessToken","DuplicateTokenEx","CheckTokenMembership","GetDriveTypeW","GetVolumeInformationW","ReadProcessMemory","Process32FirstW","Process32NextW","CreateCompatibleDC","GetDC","GetClipboardData","InitiateSystemShutdownExW","ExitWindowsEx"],"exploit_mitigation_techniques":{"stack_canary":"enabled","safe_seh":"enabled (0 registered handlers)","aslr":"enabled","dep":"disabled","cfg":"disabled"}}},"Exports":{},"Resources":{"entities":[{"id":1,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"timestamp":"1980-Jan-01 00:00:00","entropy":3.66371},{"id":2,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"timestamp":"1980-Jan-01 00:00:00","entropy":2.05883},{"id":3,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"timestamp":"1980-Jan-01 00:00:00","entropy":2.25499},{"id":4,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":744,"timestamp":"1980-Jan-01 00:00:00","entropy":3.65355},{"id":5,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"timestamp":"1980-Jan-01 00:00:00","entropy":3.43704},{"id":6,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":3752,"timestamp":"1980-Jan-01 00:00:00","entropy":4.16139},{"id":7,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":2216,"timestamp":"1980-Jan-01 00:00:00","entropy":4.07494},{"id":8,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1384,"timestamp":"1980-Jan-01 00:00:00","entropy":2.18302},{"id":9,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":9640,"timestamp":"1980-Jan-01 00:00:00","entropy":4.52312},{"id":10,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":4264,"timestamp":"1980-Jan-01 00:00:00","entropy":4.65168},{"id":11,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1128,"timestamp":"1980-Jan-01 00:00:00","entropy":4.39178},{"id":166,"type":"RT_MENU","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":80,"timestamp":"1980-Jan-01 00:00:00","entropy":2.68292},{"id":"7 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1428,"timestamp":"1980-Jan-01 00:00:00","entropy":3.34702},{"id":"8 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1674,"timestamp":"1980-Jan-01 00:00:00","entropy":3.2804},{"id":"9 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1168,"timestamp":"1980-Jan-01 00:00:00","entropy":3.28849},{"id":"10 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1532,"timestamp":"1980-Jan-01 00:00:00","entropy":3.28373},{"id":"11 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1628,"timestamp":"1980-Jan-01 00:00:00","entropy":3.26322},{"id":12,"type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1126,"timestamp":"1980-Jan-01 00:00:00","entropy":3.25812},{"id":313,"type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":344,"timestamp":"1980-Jan-01 00:00:00","entropy":3.08572},{"id":"SCRIPT","type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":309386,"timestamp":"1980-Jan-01 00:00:00","entropy":7.99935},{"id":99,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":118,"timestamp":"1980-Jan-01 00:00:00","entropy":2.8695,"detected_filetype":"Icon file"},{"id":162,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":20,"timestamp":"1980-Jan-01 00:00:00","entropy":2.02322,"detected_filetype":"Icon file"},{"id":164,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":20,"timestamp":"1980-Jan-01 00:00:00","entropy":1.84274,"detected_filetype":"Icon file"},{"id":169,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":20,"timestamp":"1980-Jan-01 00:00:00","entropy":2.02322,"detected_filetype":"Icon file"},{"id":"1 (#2)","type":"RT_VERSION","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":220,"timestamp":"1980-Jan-01 00:00:00","entropy":2.77862},{"id":"1 (#3)","type":"RT_MANIFEST","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1007,"timestamp":"1980-Jan-01 00:00:00","entropy":5.40026}]},"Debug Info":{},"Load Configuration":{"Size":160,"TimeDateStamp":"1970-Jan-01 00:00:00","Version":"0.0","GlobalFlagsClear":"","GlobalFlagsSet":"","CriticalSectionDefaultTimeout":0,"DeCommitFreeBlockThreshold":0,"DeCommitTotalFreeThreshold":0,"LockPrefixTable":0,"MaximumAllocationSize":0,"VirtualMemoryThreshold":0,"ProcessAffinityMask":0,"ProcessHeapFlags":"","CSDVersion":0,"Reserved1":0,"EditList":0,"SecurityCookie":5038100,"SEHandlerTable":0,"SEHandlerCount":0},"RICH Header":{"xor_key":"0xFDEDA6DE","unmarked_objects":0,"object_counts":{"151":1,"241_40116":35,"243_40116":157,"242_40116":35,"199_41118":1,"cpp_objects_vs_2015_2017_runtime_26706":45,"c_objects_vs_2015_2017_runtime_26706":18,"asm_objects_vs_2015_2017_runtime_26706":21,"c_objects_vs2008_sp1_build_30729":9,"imports_vs2008_sp1_build_30729":37,"total_imports":553,"cpp_objects_pogo_o_27045":80,"asm_objects_27045":1,"resource_objects_27045":1,"linker_27045":1},"matching_compilers":["Microsoft Visual C++ 6.0 - 8.0"],"suspicious_strings":{"autoit_compiled_script":["AutoIt Error","reserved for AutoIt internal use"]},"cryptographic_algorithms":["Uses constants related to CRC32","Uses known Mersenne Twister constants"],"malicious_indicators":{"hidden_imports":["LoadLibraryA","GetProcAddress","LoadLibraryExW","LoadLibraryW"],"anti_debugging_functions":["CreateToolhelp32Snapshot","FindWindowW"],"code_injection_capabilities":["OpenProcess","VirtualAllocEx","WriteProcessMemory","VirtualAlloc"],"powerloader_code_injection":["FindWindowW","GetWindowLongW"],"registry_access_functions":["RegEnumValueW","RegDeleteValueW","RegDeleteKeyW","RegEnumKeyExW","RegSetValueExW","RegOpenKeyExW","RegCloseKey","RegQueryValueExW","RegCreateKeyExW","RegisterHotKey"],"program_launching_functions":["CreateProcessW","CreateProcessAsUserW","CreateProcessWithLogonW","ShellExecuteW"],"temporary_file_creation":["CreateFileW","GetTempPathW"],"keylogger_functions":["GetAsyncKeyState","AttachThreadInput","MapVirtualKeyW","GetForegroundWindow"],"internet_access_capabilities":["InternetCloseHandle","InternetOpenW","InternetSetOptionW","InternetCrackUrlW","InternetQueryOptionW","InternetConnectW","InternetOpenUrlW","InternetReadFile","InternetQueryDataAvailable"],"privilege_level_functions":["AdjustTokenPrivileges","OpenProcessToken","DuplicateTokenEx","CheckTokenMembership"],"disk_drive_enumeration":["GetDriveTypeW","GetVolumeInformationW"],"process_manipulation":["OpenProcess","WriteProcessMemory","ReadProcessMemory","Process32FirstW","Process32NextW"],"screenshot_capabilities":["CreateCompatibleDC","FindWindowW","GetDC"],"clipboard_reading":["GetClipboardData"],"system_shutdown_lock":["InitiateSystemShutdownExW","ExitWindowsEx"]},"abnormal_resource_characteristics":["Resource SCRIPT is possibly compressed or encrypted"],"exploit_mitigation_techniques":{"stack_canary":"enabled","safe_seh":"enabled (0 registered handlers)","aslr":"enabled","dep":"disabled","cfg":"disabled"}},"Interesting strings found in the binary":{},"file_path":"/tmp/sdm_unpack_12ohn_ul/2aa5ce3561dc657a157460383c7c9b8db54ac8a6969627009c8d1062316a6130_2aa5ce3561dc/001_upx_unpacked.exe"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_j57fwxw4/output.txt"},"timestamp":"2026-05-15 14:33:42"},{"_id":{"$oid":"69edf0bc59a6632dae07de45"},"sha256":"02aa8cabeea2a0120a31adbf0886f821d10953fc6d4d9cd1959568093c48b04d","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /home/apogean/projects/malware/windows/all_runs/secondary_sample_try\nDate: 2026-04-29 18:18:53\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n-------------------------------------------------------------------------------\n/home/apogean/projects/malware/windows/all_runs/secondary_sample_try\n-------------------------------------------------------------------------------\n\nSummary:\n--------\nArchitecture: IMAGE_FILE_MACHINE_I386\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nCompilation Date: 2023-Oct-16 21:40:53\nComments: \nCompanyName: Google LLC\nFileDescription: Note-taking and task management application\nFileVersion: 5.9.1.204\nInternalName: GoogleKeep.exe\nLegalCopyright: © Google LLC\nLegalTrademarks: Google, Keep\nOriginalFilename: GoogleKeep.exe\nProductName: Google Keep\nProductVersion: 5.9.1.204\nAssembly Version: 5.9.1.204\n\nDOS Header:\n-----------\ne_magic: MZ\ne_cblp: 0x0090\ne_cp: 0x0003\ne_crlc: 0x0000\ne_cparhdr: 0x0004\ne_minalloc: 0x0000\ne_maxalloc: 0xFFFF\ne_ss: 0x0000\ne_sp: 0x00B8\ne_csum: 0x0000\ne_ip: 0x0000\ne_cs: 0x0000\ne_ovno: 0x0000\ne_oemid: 0x0000\ne_oeminfo: 0x0000\ne_lfanew: 0x00000080\n\nPE Header:\n----------\nSignature: PE\nMachine: IMAGE_FILE_MACHINE_I386\nNumberofSections: 3\nTimeDateStamp: 2023-Oct-16 21:40:53\nPointerToSymbolTable: 0x00000000\nNumberOfSymbols: 0\nSizeOfOptionalHeader: 0x00E0\nCharacteristics: IMAGE_FILE_32BIT_MACHINE\n IMAGE_FILE_EXECUTABLE_IMAGE\n\nImage Optional Header:\n----------------------\nMagic: PE32\nLinkerVersion: 8.0\nSizeOfCode: 0x0000A800\nSizeOfInitializedData: 0x00001A00\nSizeOfUninitializedData: 0x00000000\nAddressOfEntryPoint: 0x0000C72E (Section: .text)\nBaseOfCode: 0x00002000\nBaseOfData: 0x0000E000\nImageBase: 0x00400000\nSectionAlignment: 0x00002000\nFileAlignment: 0x00000200\nOperatingSystemVersion: 4.0\nImageVersion: 0.0\nSubsystemVersion: 4.0\nWin32VersionValue: 0\nSizeOfImage: 0x00012000\nSizeOfHeaders: 0x00000200\nChecksum: 0x00000000\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nDllCharacteristics: IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE\n IMAGE_DLLCHARACTERISTICS_NO_SEH\n IMAGE_DLLCHARACTERISTICS_NX_COMPAT\n IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE\nSizeofStackReserve: 0x00100000\nSizeofStackCommit: 0x00001000\nSizeofHeapReserve: 0x00100000\nSizeofHeapCommit: 0x00001000\nLoaderFlags: 0x00000000\nNumberOfRvaAndSizes: 16\n\nSections:\n---------\n.text:\n VirtualSize: 0x0000A734\n VirtualAddress: 0x00002000\n SizeOfRawData: 0x0000A800\n PointerToRawData: 0x00000200\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 5.50576\n\n.rsrc:\n VirtualSize: 0x00001708\n VirtualAddress: 0x0000E000\n SizeOfRawData: 0x00001800\n PointerToRawData: 0x0000AA00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 6.55153\n\n.reloc:\n VirtualSize: 0x0000000C\n VirtualAddress: 0x00010000\n SizeOfRawData: 0x00000200\n PointerToRawData: 0x0000C200\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_DISCARDABLE\n IMAGE_SCN_MEM_READ\n Entropy: 0.0815394\n\n\nImports:\n--------\nmscoree.dll: _CorExeMain\n\nResources:\n----------\n1:\n Type: RT_ICON\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 3476\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.05814\n Detected Filetype: PNG graphic file\n\n1 (#2):\n Type: RT_GROUP_ICON\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 1.15402\n Detected Filetype: Icon file\n\n1 (#3):\n Type: RT_VERSION\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 924\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.39908\n\n1 (#4):\n Type: RT_MANIFEST\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 1171\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.22615\n\n\nVersion Info:\n-------------\nResource LangID: UNKNOWN\nVS_VERSION_INFO:\n Signature: 0xFEEF04BD\n StructVersion: 0x00010000\n FileVersion: 5.9.1.204\n ProductVersion: 5.9.1.204\n FileFlags: (EMPTY)\n FileOs: VOS_DOS_WINDOWS32\n VOS_NT_WINDOWS32\n VOS__WINDOWS32\n FileType: VFT_APP\n Language: UNKNOWN\n Comments: \n CompanyName: Google LLC\n FileDescription: Note-taking and task management application\n FileVersion (#2): 5.9.1.204\n InternalName: GoogleKeep.exe\n LegalCopyright: © Google LLC\n LegalTrademarks: Google, Keep\n OriginalFilename: GoogleKeep.exe\n ProductName: Google Keep\n ProductVersion (#2): 5.9.1.204\n Assembly Version: 5.9.1.204\n\n\nMatching compiler(s):\n Microsoft Visual C# v7.0 / Basic .NET\n .NET executable -> Microsoft\n\n[ SUSPICIOUS ] Strings found in the binary may indicate undesirable behavior:\n Contains references to system / monitoring tools:\n schtask\n Looks for VMWare presence:\n vmware\n Looks for Sandboxie presence:\n SbieDll.dll\n Accesses the WMI:\n root\\Security\n\nThe following exploit mitigation techniques have been detected\n Stack Canary: disabled\n SafeSEH: disabled\n ASLR: enabled\n DEP: enabled\n CFG: disabled\n\n[ MALICIOUS ] The program tries to mislead users about its origins.\n The PE pretends to be from Google but is not signed!\n\n\n\n[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.\n[!] Error: [Yara compiler] yara_rules/clamav.yara (999960) : syntax error, unexpected '{', expecting text string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (1089890) : syntax error, unexpected string identifier, expecting '}'\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2064551) : unreferenced string \"$a7\"\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2510733) : invalid hex string \"$a0\": uneven number of digits in hex string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2597376) : invalid hex string \"$a5\": syntax error\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2983072) : invalid hex string \"$a0\": invalid character in hex string\n[!] Error: Could not compile yara rules (6 error(s)).\n[!] Error: ClamAV rules haven't been generated yet!\n[!] Error: Please run yara_rules/update_clamav_signatures.py to create them, and refer to the documentation for additional information.\n","json_output":{"Summary":{"architecture":"IMAGE_FILE_MACHINE_I386","subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","compilation_date":"2023-Oct-16 21:40:53","company_name":"Google LLC","file_description":"Note-taking and task management application","file_version":"5.9.1.204","internal_name":"GoogleKeep.exe","legal_copyright":"© Google LLC","legal_trademarks":"Google, Keep","original_filename":"GoogleKeep.exe","product_name":"Google Keep","product_version":"5.9.1.204","assembly_version":"5.9.1.204"},"DOS Header":{"e_magic":"MZ","e_cblp":144,"e_cp":3,"e_crlc":0,"e_cparhdr":4,"e_minalloc":0,"e_maxalloc":65535,"e_ss":0,"e_sp":184,"e_csum":0,"e_ip":0,"e_cs":0,"e_ovno":0,"e_oemid":0,"e_oeminfo":0,"e_lfanew":128},"PE Header":{"Signature":"PE","Machine":"IMAGE_FILE_MACHINE_I386","NumberofSections":3,"TimeDateStamp":"2023-Oct-16 21:40:53","PointerToSymbolTable":"0x00000000","NumberOfSymbols":0,"SizeOfOptionalHeader":"0x00E0","Characteristics":["IMAGE_FILE_32BIT_MACHINE","IMAGE_FILE_EXECUTABLE_IMAGE"]},"Image Optional Header":{"Magic":"PE32","LinkerVersion":"8.0","SizeOfCode":"0x0000A800","SizeOfInitializedData":"0x00001A00","SizeOfUninitializedData":"0x00000000","AddressOfEntryPoint":"0x0000C72E","BaseOfCode":"0x00002000","BaseOfData":"0x0000E000","ImageBase":"0x00400000","SectionAlignment":"0x00002000","FileAlignment":"0x00000200","OperatingSystemVersion":"4.0","ImageVersion":"0.0","SubsystemVersion":"4.0","Win32VersionValue":"0","SizeOfImage":"0x00012000","SizeOfHeaders":"0x00000200","Checksum":"0x00000000","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","DllCharacteristics":["IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE","IMAGE_DLLCHARACTERISTICS_NO_SEH","IMAGE_DLLCHARACTERISTICS_NX_COMPAT","IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE"],"SizeofStackReserve":"0x00100000","SizeofStackCommit":"0x00001000","SizeofHeapReserve":"0x00100000","SizeofHeapCommit":"0x00001000","LoaderFlags":"0x00000000","NumberOfRvaAndSizes":"16"},"Sections":{"sections":[{"name":".text","virtual_size":"0x0000A734","virtual_address":"0x00002000","size_of_raw_data":"0x0000A800","pointer_to_raw_data":"0x00000200","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"entropy":5.50576},{"name":".rsrc","virtual_size":"0x00001708","virtual_address":"0x0000E000","size_of_raw_data":"0x00001800","pointer_to_raw_data":"0x0000AA00","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"entropy":6.55153},{"name":".reloc","virtual_size":"0x0000000C","virtual_address":"0x00010000","size_of_raw_data":"0x00000200","pointer_to_raw_data":"0x0000C200","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_DISCARDABLE","IMAGE_SCN_MEM_READ"],"entropy":0.0815394}]},"Imports":{"entities":{"file":{"name":"GoogleKeep.exe","version":"5.9.1.204","description":"Note-taking and task management application","company":"Google LLC","copyright":"© Google LLC","trademarks":"Google, Keep","internal_name":"GoogleKeep.exe","original_filename":"GoogleKeep.exe","product_name":"Google Keep","assembly_version":"5.9.1.204"},"resources":[{"type":"RT_ICON","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":3476,"timestamp":"1980-Jan-01 00:00:00","entropy":7.05814,"filetype":"PNG graphic file"},{"type":"RT_GROUP_ICON","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":20,"timestamp":"1980-Jan-01 00:00:00","entropy":1.15402,"filetype":"Icon file"},{"type":"RT_VERSION","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":924,"timestamp":"1980-Jan-01 00:00:00","entropy":3.39908},{"type":"RT_MANIFEST","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":1171,"timestamp":"1980-Jan-01 00:00:00","entropy":5.22615}],"compiler":["Microsoft Visual C# v7.0 / Basic .NET",".NET executable -> Microsoft"],"suspicious_strings":["schtask","vmware","SbieDll.dll","root\\Security"],"mitigations":{"stack_canary":false,"safe_seh":false,"aslr":true,"dep":true,"cfg":false},"malicious_indicators":["The PE pretends to be from Google but is not signed!"]}},"Exports":{},"Resources":{"entities":[{"type":"RT_ICON","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":3476,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":7.05814,"detected_filetype":"PNG graphic file"},{"type":"RT_GROUP_ICON","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":20,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":1.15402,"detected_filetype":"Icon file"},{"type":"RT_VERSION","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":924,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":3.39908},{"type":"RT_MANIFEST","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":1171,"time_date_stamp":"1980-Jan-01 00:00:00","entropy":5.22615}],"version_info":{"resource_lang_id":"UNKNOWN","signature":"0xFEEF04BD","struct_version":"0x00010000","file_version":"5.9.1.204","product_version":"5.9.1.204","file_flags":"(EMPTY)","file_os":["VOS_DOS_WINDOWS32","VOS_NT_WINDOWS32","VOS__WINDOWS32"],"file_type":"VFT_APP","language":"UNKNOWN","comments":"","company_name":"Google LLC","file_description":"Note-taking and task management application","internal_name":"GoogleKeep.exe","legal_copyright":"© Google LLC","legal_trademarks":"Google, Keep","original_filename":"GoogleKeep.exe","product_name":"Google Keep","assembly_version":"5.9.1.204"},"compiler_info":["Microsoft Visual C# v7.0 / Basic .NET",".NET executable -> Microsoft"],"suspicious_strings":["schtask","vmware","SbieDll.dll","root\\Security"],"exploit_mitigation":{"stack_canary":false,"safe_seh":false,"aslr":true,"dep":true,"cfg":false},"malicious_indicators":["The PE pretends to be from Google but is not signed!"]},"Debug Info":{},"Load Configuration":{},"RICH Header":{},"Interesting strings found in the binary":{},"file_path":"/home/apogean/projects/malware/windows/all_runs/secondary_sample_try"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_wf9fp3on/output.txt"},"timestamp":"2026-04-29 18:19:08"},{"_id":{"$oid":"69edf1ce59a6632dae07de55"},"sha256":"6ba13af0263cd61f957f2ce738120c8a419e1eb157e489bc79f1d57ad8277324","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /home/apogean/projects/malware/windows/all_runs/3\nDate: 2026-04-27 00:20:32\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n-------------------------------------------------------------------------------\n/home/apogean/projects/malware/windows/all_runs/3\n-------------------------------------------------------------------------------\n\nSummary:\n--------\nArchitecture: IMAGE_FILE_MACHINE_AMD64\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nCompilation Date: 2016-Aug-20 04:34:21\nDetected languages: English - United States\nDebug artifacts: wextract.pdb\nCompanyName: Microsoft Corporation\nFileDescription: Win32 Cabinet Self-Extractor \nFileVersion: 11.00.22688.1 (WinBuild.160101.0800)\nInternalName: Wextract \nLegalCopyright: © Microsoft Corporation. All rights reserved.\nOriginalFilename: WEXTRACT.EXE .MUI\nProductName: Internet Explorer\nProductVersion: 11.00.22688.1\n\nDOS Header:\n-----------\ne_magic: MZ\ne_cblp: 0x0090\ne_cp: 0x0003\ne_crlc: 0x0000\ne_cparhdr: 0x0004\ne_minalloc: 0x0000\ne_maxalloc: 0xFFFF\ne_ss: 0x0000\ne_sp: 0x00B8\ne_csum: 0x0000\ne_ip: 0x0000\ne_cs: 0x0000\ne_ovno: 0x0000\ne_oemid: 0x0000\ne_oeminfo: 0x0000\ne_lfanew: 0x000000E8\n\nPE Header:\n----------\nSignature: PE\nMachine: IMAGE_FILE_MACHINE_AMD64\nNumberofSections: 6\nTimeDateStamp: 2016-Aug-20 04:34:21\nPointerToSymbolTable: 0x00000000\nNumberOfSymbols: 0\nSizeOfOptionalHeader: 0x00F0\nCharacteristics: IMAGE_FILE_EXECUTABLE_IMAGE\n IMAGE_FILE_LARGE_ADDRESS_AWARE\n\nImage Optional Header:\n----------------------\nMagic: PE32+\nLinkerVersion: 14.0\nSizeOfCode: 0x00007C00\nSizeOfInitializedData: 0x0026D800\nSizeOfUninitializedData: 0x00000000\nAddressOfEntryPoint: 0x0000000000008200 (Section: .text)\nBaseOfCode: 0x00001000\nImageBase: 0x0000000140000000\nSectionAlignment: 0x00001000\nFileAlignment: 0x00000200\nOperatingSystemVersion: A.0\nImageVersion: A.0\nSubsystemVersion: 6.0\nWin32VersionValue: 0\nSizeOfImage: 0x0027B000\nSizeOfHeaders: 0x00000400\nChecksum: 0x0027F3E6\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nDllCharacteristics: IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE\n IMAGE_DLLCHARACTERISTICS_GUARD_CF\n IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA\n IMAGE_DLLCHARACTERISTICS_NX_COMPAT\n IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE\nSizeofStackReserve: 0x0000000000080000\nSizeofStackCommit: 0x0000000000002000\nSizeofHeapReserve: 0x0000000000100000\nSizeofHeapCommit: 0x0000000000001000\nLoaderFlags: 0x00000000\nNumberOfRvaAndSizes: 16\n\nSections:\n---------\n.text:\n VirtualSize: 0x00007B80\n VirtualAddress: 0x00001000\n SizeOfRawData: 0x00007C00\n PointerToRawData: 0x00000400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 6.09647\n\n.rdata:\n VirtualSize: 0x000022C8\n VirtualAddress: 0x00009000\n SizeOfRawData: 0x00002400\n PointerToRawData: 0x00008000\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 4.72784\n\n.data:\n VirtualSize: 0x00001F00\n VirtualAddress: 0x0000C000\n SizeOfRawData: 0x00000400\n PointerToRawData: 0x0000A400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n Entropy: 3.18898\n\n.pdata:\n VirtualSize: 0x00000408\n VirtualAddress: 0x0000E000\n SizeOfRawData: 0x00000600\n PointerToRawData: 0x0000A800\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 3.15637\n\n.rsrc:\n VirtualSize: 0x0026A616\n VirtualAddress: 0x0000F000\n SizeOfRawData: 0x0026A800\n PointerToRawData: 0x0000AE00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 7.74936\n\n.reloc:\n VirtualSize: 0x00000020\n VirtualAddress: 0x0027A000\n SizeOfRawData: 0x00000200\n PointerToRawData: 0x00275600\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_DISCARDABLE\n IMAGE_SCN_MEM_READ\n Entropy: 0.406847\n\n\nImports:\n--------\nADVAPI32.dll: GetTokenInformation\n RegDeleteValueA\n RegOpenKeyExA\n RegQueryInfoKeyA\n FreeSid\n OpenProcessToken\n RegSetValueExA\n RegCreateKeyExA\n LookupPrivilegeValueA\n AllocateAndInitializeSid\n RegQueryValueExA\n EqualSid\n RegCloseKey\n AdjustTokenPrivileges\nKERNEL32.dll: _lopen\n _llseek\n CompareStringA\n GetLastError\n GetFileAttributesA\n GetSystemDirectoryA\n LoadLibraryA\n DeleteFileA\n GlobalAlloc\n GlobalFree\n CloseHandle\n WritePrivateProfileStringA\n IsDBCSLeadByte\n GetWindowsDirectoryA\n SetFileAttributesA\n GetProcAddress\n GlobalLock\n LocalFree\n RemoveDirectoryA\n FreeLibrary\n _lclose\n CreateDirectoryA\n GetPrivateProfileIntA\n GetPrivateProfileStringA\n GlobalUnlock\n ReadFile\n SizeofResource\n WriteFile\n GetDriveTypeA\n LoadLibraryExA\n SetFileTime\n SetFilePointer\n FindResourceA\n CreateMutexA\n GetVolumeInformationA\n WaitForSingleObject\n GetCurrentDirectoryA\n FreeResource\n GetVersion\n SetCurrentDirectoryA\n GetTempPathA\n LocalFileTimeToFileTime\n CreateFileA\n SetEvent\n TerminateThread\n GetVersionExA\n LockResource\n GetSystemInfo\n CreateThread\n ResetEvent\n LoadResource\n ExitProcess\n GetModuleHandleW\n CreateProcessA\n FormatMessageA\n GetTempFileNameA\n DosDateTimeToFileTime\n CreateEventA\n GetExitCodeProcess\n ExpandEnvironmentStringsA\n LocalAlloc\n lstrcmpA\n FindNextFileA\n GetCurrentProcess\n FindFirstFileA\n GetModuleFileNameA\n GetShortPathNameA\n Sleep\n GetStartupInfoW\n RtlCaptureContext\n RtlLookupFunctionEntry\n RtlVirtualUnwind\n UnhandledExceptionFilter\n SetUnhandledExceptionFilter\n TerminateProcess\n QueryPerformanceCounter\n GetCurrentProcessId\n GetCurrentThreadId\n GetSystemTimeAsFileTime\n GetTickCount\n EnumResourceLanguagesA\n GetDiskFreeSpaceA\n MulDiv\n FindClose\nGDI32.dll: GetDeviceCaps\nUSER32.dll: ShowWindow\n MsgWaitForMultipleObjects\n SetWindowPos\n GetDC\n GetWindowRect\n DispatchMessageA\n GetSystemMetrics\n CallWindowProcA\n SetWindowTextA\n MessageBoxA\n SendDlgItemMessageA\n SendMessageA\n GetDlgItem\n DialogBoxIndirectParamA\n GetWindowLongPtrA\n SetWindowLongPtrA\n SetForegroundWindow\n ReleaseDC\n EnableWindow\n CharNextA\n LoadStringA\n CharPrevA\n EndDialog\n MessageBeep\n ExitWindowsEx\n SetDlgItemTextA\n CharUpperA\n GetDesktopWindow\n PeekMessageA\n GetDlgItemTextA\nmsvcrt.dll: ?terminate@@YAXXZ\n _commode\n _fmode\n _acmdln\n __C_specific_handler\n memset\n __setusermatherr\n _ismbblead\n _cexit\n _exit\n exit\n __set_app_type\n __getmainargs\n _amsg_exit\n _XcptFilter\n memcpy_s\n _vsnprintf\n _initterm\n memcpy\nCOMCTL32.dll: #17\nCabinet.dll: #20\n #21\n #23\n #22\nVERSION.dll: VerQueryValueA\n GetFileVersionInfoSizeA\n GetFileVersionInfoA\n\nResources:\n----------\n3001:\n Type: AVI\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 11802\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 3.52241\n Detected Filetype: AVI Resource Interchange File Format\n Detected Filetype (#2): Windows animated cursor\n\n1:\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 278568\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 6.16766\n\n2:\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 278568\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 6.16766\n\n3:\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 17448\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 6.135\n\n2001:\n Type: RT_DIALOG\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 754\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 3.25575\n\n2002:\n Type: RT_DIALOG\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 432\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 3.16025\n\n2003:\n Type: RT_DIALOG\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 358\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 2.99713\n\n2004:\n Type: RT_DIALOG\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 448\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 3.11992\n\n2005:\n Type: RT_DIALOG\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 304\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 2.97326\n\n2006:\n Type: RT_DIALOG\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 288\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 2.97672\n\n63:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 140\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 2.48958\n\n76:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 1312\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 3.2674\n\n77:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 1484\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 3.29977\n\n80:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 1200\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 3.27174\n\n83:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 1098\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 3.2912\n\n85:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 974\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 3.13591\n\nADMQCMD:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 7\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 2.80735\n\nCABINET:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 1932347\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 7.99986\n Detected Filetype: CAB Installer file\n\nEXTRACTOPT:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 4\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 0.811278\n\nFILESIZES:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 36\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 2.6383\n\nFINISHMSG:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 7\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 2.80735\n\nLICENSE:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 7\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 2.80735\n\nPACKINSTSPACE:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 4\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 0\n\nPOSTRUNPROGRAM:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 45\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 4.37171\n\nREBOOT:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 4\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 0\n\nRUNPROGRAM:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 24\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 3.26789\n\nSHOWWINDOW:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 4\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 0.811278\n\nTITLE:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 10\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 2.84644\n\nUPROMPT:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 7\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 2.80735\n\nUSRQCMD:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 7\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 2.80735\n\n3000:\n Type: RT_GROUP_ICON\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 48\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 2.22035\n Detected Filetype: Icon file\n\n1 (#2):\n Type: RT_VERSION\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 1032\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 3.38987\n\n1 (#3):\n Type: RT_MANIFEST\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 2022\n TimeDateStamp: 2059-Dec-25 05:41:58\n Entropy: 5.00142\n\n\nVersion Info:\n-------------\nResource LangID: English - United States\nVS_VERSION_INFO:\n Signature: 0xFEEF04BD\n StructVersion: 0x00010000\n FileVersion: 11.0.22688.1\n ProductVersion: 11.0.22688.1\n FileFlags: (EMPTY)\n FileOs: VOS_DOS_WINDOWS32\n VOS_NT\n VOS_NT_WINDOWS32\n VOS_WINCE\n VOS__WINDOWS32\n FileType: VFT_APP\n Language: English - United States\n CompanyName: Microsoft Corporation\n FileDescription: Win32 Cabinet Self-Extractor \n FileVersion (#2): 11.00.22688.1 (WinBuild.160101.0800)\n InternalName: Wextract \n LegalCopyright: © Microsoft Corporation. All rights reserved.\n OriginalFilename: WEXTRACT.EXE .MUI\n ProductName: Internet Explorer\n ProductVersion (#2): 11.00.22688.1\n\n\nDebug Info:\n-----------\nIMAGE_DEBUG_TYPE_CODEVIEW:\n Characteristics: 0\n TimeDateStamp: 2062-Jul-25 12:18:00\n Version: 0.0\n SizeofData: 37\n AddressOfRawData: 0x00009A64\n PointerToRawData: 0x00008A64\n Referenced File: wextract.pdb\n\nIMAGE_DEBUG_TYPE_POGO:\n Characteristics: 0\n TimeDateStamp: 2062-Jul-25 12:18:00\n Version: 0.0\n SizeofData: 496\n AddressOfRawData: 0x00009A8C\n PointerToRawData: 0x00008A8C\n\nUNKNOWN:\n Characteristics: 0\n TimeDateStamp: 2062-Jul-25 12:18:00\n Version: 0.0\n SizeofData: 36\n AddressOfRawData: 0x00009C7C\n PointerToRawData: 0x00008C7C\n\n\nLoad Configuration:\n-------------------\nSize: 280\nTimeDateStamp: 1970-Jan-01 00:00:00\nVersion: 0.0\nGlobalFlagsClear: (EMPTY)\nGlobalFlagsSet: (EMPTY)\nCriticalSectionDefaultTimeout: 0\nDeCommitFreeBlockThreshold: 0x0000000000000000\nDeCommitTotalFreeThreshold: 0x0000000000000000\nLockPrefixTable: 0x0000000000000000\nMaximumAllocationSize: 0x0000000000000000\nVirtualMemoryThreshold: 0x0000000000000000\nProcessAffinityMask: 0x0000000000000000\nProcessHeapFlags: (EMPTY)\nCSDVersion: 0\nReserved1: 0x0000\nEditList: 0x0000000000000000\nSecurityCookie: 0x000000014000C008\nGuardCFCheckFunctionPointer: 0x0000000140009648\nGuardCFDispatchFunctionPointer: 0x0000000000000000\nGuardCFFunctionTable: 0x0000000000000000\nGuardCFFunctionCount: 0x0000000000000000\nGuardFlags: (EMPTY)\nCodeIntegrity.Flags: 0x0000\nCodeIntegrity.Catalog: 0x0000\nCodeIntegrity.CatalogOffset: 0x00000000\nCodeIntegrity.Reserved: 0x00000000\nGuardAddressTakenIatEntryTable: 0x0000000000000000\nGuardAddressTakenIatEntryCount: 0\nGuardLongJumpTargetTable: 0x0000000000000000\nGuardLongJumpTargetCount: 0\n\nRICH Header:\n------------\nXOR Key: 0x3690B900\nUnmarked objects: 0\nC++ objects (27412): 1\nASM objects (27412): 2\nC objects (27412): 18\nImports (27412): 17\nTotal imports: 160\nC objects (LTCG) (27412): 10\nResource objects (27412): 1\nLinker (27412): 1\n\n[ SUSPICIOUS ] Strings found in the binary may indicate undesirable behavior:\n Contains references to system / monitoring tools:\n rundll32.exe\n May have dropper capabilities:\n CurrentVersion\\Run\n Contains domain names:\n Command.com\n\n[ MALICIOUS ] The PE contains functions mostly used by malware.\n [!] The program may be hiding some of its imports:\n LoadLibraryA\n GetProcAddress\n LoadLibraryExA\n Can access the registry:\n RegDeleteValueA\n RegOpenKeyExA\n RegQueryInfoKeyA\n RegSetValueExA\n RegCreateKeyExA\n RegQueryValueExA\n RegCloseKey\n Possibly launches other programs:\n CreateProcessA\n Can create temporary files:\n GetTempPathA\n CreateFileA\n Functions related to the privilege level:\n OpenProcessToken\n AdjustTokenPrivileges\n Enumerates local disk drives:\n GetDriveTypeA\n GetVolumeInformationA\n Can shut the system down or lock the screen:\n ExitWindowsEx\n\n[ MALICIOUS ] The PE header may have been manually modified.\n Resource CABINET detected as a CAB Installer file.\n The resource timestamps differ from the PE header:\n 2059-Dec-25 05:41:58\n Resources amount for 98.1524% of the executable.\n\nThe following exploit mitigation techniques have been detected\n Stack Canary: enabled\n SafeSEH: enabled (0 registered handlers)\n ASLR: enabled\n DEP: enabled\n CFG: enabled\n\n\n\n[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.\n[!] Error: [Yara compiler] yara_rules/clamav.yara (999960) : syntax error, unexpected '{', expecting text string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (1089890) : syntax error, unexpected string identifier, expecting '}'\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2064551) : unreferenced string \"$a7\"\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2510733) : invalid hex string \"$a0\": uneven number of digits in hex string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2597376) : invalid hex string \"$a5\": syntax error\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2983072) : invalid hex string \"$a0\": invalid character in hex string\n[!] Error: Could not compile yara rules (6 error(s)).\n[!] Error: ClamAV rules haven't been generated yet!\n[!] Error: Please run yara_rules/update_clamav_signatures.py to create them, and refer to the documentation for additional information.\n","json_output":{"Summary":{"architecture":"IMAGE_FILE_MACHINE_AMD64","subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","compilation_date":"2016-Aug-20 04:34:21","detected_languages":["English - United States"],"debug_artifacts":["wextract.pdb"],"company_name":"Microsoft Corporation","file_description":"Win32 Cabinet Self-Extractor","file_version":"11.00.22688.1 (WinBuild.160101.0800)","internal_name":"Wextract","legal_copyright":"© Microsoft Corporation. All rights reserved.","original_filename":"WEXTRACT.EXE.MUI","product_name":"Internet Explorer","product_version":"11.00.22688.1"},"DOS Header":{"e_magic":"MZ","e_cblp":"0x0090","e_cp":"0x0003","e_crlc":"0x0000","e_cparhdr":"0x0004","e_minalloc":"0x0000","e_maxalloc":"0xFFFF","e_ss":"0x0000","e_sp":"0x00B8","e_csum":"0x0000","e_ip":"0x0000","e_cs":"0x0000","e_ovno":"0x0000","e_oemid":"0x0000","e_oeminfo":"0x0000","e_lfanew":"0x000000E8"},"PE Header":{"Signature":"PE","Machine":"IMAGE_FILE_MACHINE_AMD64","NumberofSections":6,"TimeDateStamp":"2016-Aug-20 04:34:21","PointerToSymbolTable":"0x00000000","NumberOfSymbols":0,"SizeOfOptionalHeader":"0x00F0","Characteristics":["IMAGE_FILE_EXECUTABLE_IMAGE","IMAGE_FILE_LARGE_ADDRESS_AWARE"]},"Image Optional Header":{"Magic":"PE32+","LinkerVersion":"14.0","SizeOfCode":"0x00007C00","SizeOfInitializedData":"0x0026D800","SizeOfUninitializedData":"0x00000000","AddressOfEntryPoint":"0x0000000000008200","BaseOfCode":"0x00001000","ImageBase":"0x0000000140000000","SectionAlignment":"0x00001000","FileAlignment":"0x00000200","OperatingSystemVersion":"A.0","ImageVersion":"A.0","SubsystemVersion":"6.0","Win32VersionValue":"0","SizeOfImage":"0x0027B000","SizeOfHeaders":"0x00000400","Checksum":"0x0027F3E6","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","DllCharacteristics":["IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE","IMAGE_DLLCHARACTERISTICS_GUARD_CF","IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA","IMAGE_DLLCHARACTERISTICS_NX_COMPAT","IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE"],"SizeofStackReserve":"0x0000000000080000","SizeofStackCommit":"0x0000000000002000","SizeofHeapReserve":"0x0000000000100000","SizeofHeapCommit":"0x0000000000001000","LoaderFlags":"0x00000000","NumberOfRvaAndSizes":"16"},"Sections":{"sections":[{"name":".text","VirtualSize":"0x00007B80","VirtualAddress":"0x00001000","SizeOfRawData":"0x00007C00","PointerToRawData":"0x00000400","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"Entropy":6.09647},{"name":".rdata","VirtualSize":"0x000022C8","VirtualAddress":"0x00009000","SizeOfRawData":"0x00002400","PointerToRawData":"0x00008000","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"Entropy":4.72784},{"name":".data","VirtualSize":"0x00001F00","VirtualAddress":"0x0000C000","SizeOfRawData":"0x00000400","PointerToRawData":"0x0000A400","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"],"Entropy":3.18898},{"name":".pdata","VirtualSize":"0x00000408","VirtualAddress":"0x0000E000","SizeOfRawData":"0x00000600","PointerToRawData":"0x0000A800","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"Entropy":3.15637},{"name":".rsrc","VirtualSize":"0x0026A616","VirtualAddress":"0x0000F000","SizeOfRawData":"0x0026A800","PointerToRawData":"0x0000AE00","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"Entropy":7.74936},{"name":".reloc","VirtualSize":"0x00000020","VirtualAddress":"0x0027A000","SizeOfRawData":"0x00000200","PointerToRawData":"0x00275600","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_DISCARDABLE","IMAGE_SCN_MEM_READ"],"Entropy":0.406847}]},"Imports":{"entities":{"dlls":["ADVAPI32.dll","KERNEL32.dll","GDI32.dll","USER32.dll","msvcrt.dll","COMCTL32.dll","Cabinet.dll","VERSION.dll"],"functions":{"ADVAPI32.dll":["GetTokenInformation","RegDeleteValueA","RegOpenKeyExA","RegQueryInfoKeyA","FreeSid","OpenProcessToken","RegSetValueExA","RegCreateKeyExA","LookupPrivilegeValueA","AllocateAndInitializeSid","RegQueryValueExA","EqualSid","RegCloseKey","AdjustTokenPrivileges"],"KERNEL32.dll":["_lopen","_llseek","CompareStringA","GetLastError","GetFileAttributesA","GetSystemDirectoryA","LoadLibraryA","DeleteFileA","GlobalAlloc","GlobalFree","CloseHandle","WritePrivateProfileStringA","IsDBCSLeadByte","GetWindowsDirectoryA","SetFileAttributesA","GetProcAddress","GlobalLock","LocalFree","RemoveDirectoryA","FreeLibrary","_lclose","CreateDirectoryA","GetPrivateProfileIntA","GetPrivateProfileStringA","GlobalUnlock","ReadFile","SizeofResource","WriteFile","GetDriveTypeA","LoadLibraryExA","SetFileTime","SetFilePointer","FindResourceA","CreateMutexA","GetVolumeInformationA","WaitForSingleObject","GetCurrentDirectoryA","FreeResource","GetVersion","SetCurrentDirectoryA","GetTempPathA","LocalFileTimeToFileTime","CreateFileA","SetEvent","TerminateThread","GetVersionExA","LockResource","GetSystemInfo","CreateThread","ResetEvent","LoadResource","ExitProcess","GetModuleHandleW","CreateProcessA","FormatMessageA","GetTempFileNameA","DosDateTimeToFileTime","CreateEventA","GetExitCodeProcess","ExpandEnvironmentStringsA","LocalAlloc","lstrcmpA","FindNextFileA","GetCurrentProcess","FindFirstFileA","GetModuleFileNameA","GetShortPathNameA","Sleep","GetStartupInfoW","RtlCaptureContext","RtlLookupFunctionEntry","RtlVirtualUnwind","UnhandledExceptionFilter","SetUnhandledExceptionFilter","TerminateProcess","QueryPerformanceCounter","GetCurrentProcessId","GetCurrentThreadId","GetSystemTimeAsFileTime","GetTickCount","EnumResourceLanguagesA","GetDiskFreeSpaceA","MulDiv","FindClose"],"GDI32.dll":["GetDeviceCaps"],"USER32.dll":["ShowWindow","MsgWaitForMultipleObjects","SetWindowPos","GetDC","GetWindowRect","DispatchMessageA","GetSystemMetrics","CallWindowProcA","SetWindowTextA","MessageBoxA","SendDlgItemMessageA","SendMessageA","GetDlgItem","DialogBoxIndirectParamA","GetWindowLongPtrA","SetWindowLongPtrA","SetForegroundWindow","ReleaseDC","EnableWindow","CharNextA","LoadStringA","CharPrevA","EndDialog","MessageBeep","ExitWindowsEx","SetDlgItemTextA","CharUpperA","GetDesktopWindow","PeekMessageA","GetDlgItemTextA"],"msvcrt.dll":["?terminate@@YAXXZ","_commode","_fmode","_acmdln","__C_specific_handler","memset","__setusermatherr","_ismbblead","_cexit","_exit","exit","__set_app_type","__getmainargs","_amsg_exit","_XcptFilter","memcpy_s","_vsnprintf","_initterm","memcpy"],"COMCTL32.dll":["#17"],"Cabinet.dll":["#20","#21","#23","#22"],"VERSION.dll":["VerQueryValueA","GetFileVersionInfoSizeA","GetFileVersionInfoA"]},"resources":[{"id":"3001","type":"AVI","language":"English - United States","codepage":"Latin 1 / Western European","size":11802,"timedatestamp":"2059-Dec-25 05:41:58","entropy":3.52241,"detected_filetype":"AVI Resource Interchange File Format","detected_filetype_2":"Windows animated cursor"},{"id":"1","type":"RT_ICON","language":"English - United States","codepage":"UNKNOWN","size":278568,"timedatestamp":"1980-Jan-01 00:00:00","entropy":6.16766},{"id":"2","type":"RT_ICON","language":"English - United States","codepage":"UNKNOWN","size":278568,"timedatestamp":"1980-Jan-01 00:00:00","entropy":6.16766},{"id":"3","type":"RT_ICON","language":"English - United States","codepage":"UNKNOWN","size":17448,"timedatestamp":"1980-Jan-01 00:00:00","entropy":6.135},{"id":"2001","type":"RT_DIALOG","language":"English - United States","codepage":"Latin 1 / Western European","size":754,"timedatestamp":"2059-Dec-25 05:41:58","entropy":3.25575},{"id":"2002","type":"RT_DIALOG","language":"English - United States","codepage":"Latin 1 / Western European","size":432,"timedatestamp":"2059-Dec-25 05:41:58","entropy":3.16025},{"id":"2003","type":"RT_DIALOG","language":"English - United States","codepage":"Latin 1 / Western European","size":358,"timedatestamp":"2059-Dec-25 05:41:58","entropy":2.99713},{"id":"2004","type":"RT_DIALOG","language":"English - United States","codepage":"Latin 1 / Western European","size":448,"timedatestamp":"2059-Dec-25 05:41:58","entropy":3.11992},{"id":"2005","type":"RT_DIALOG","language":"English - United States","codepage":"Latin 1 / Western European","size":304,"timedatestamp":"2059-Dec-25 05:41:58","entropy":2.97326},{"id":"2006","type":"RT_DIALOG","language":"English - United States","codepage":"Latin 1 / Western European","size":288,"timedatestamp":"2059-Dec-25 05:41:58","entropy":2.97672},{"id":"63","type":"RT_STRING","language":"English - United States","codepage":"Latin 1 / Western European","size":140,"timedatestamp":"2059-Dec-25 05:41:58","entropy":2.48958},{"id":"76","type":"RT_STRING","language":"English - United States","codepage":"Latin 1 / Western European","size":1312,"timedatestamp":"2059-Dec-25 05:41:58","entropy":3.2674},{"id":"77","type":"RT_STRING","language":"English - United States","codepage":"Latin 1 / Western European","size":1484,"timedatestamp":"2059-Dec-25 05:41:58","entropy":3.29977},{"id":"80","type":"RT_STRING","language":"English - United States","codepage":"Latin 1 / Western European","size":1200,"timedatestamp":"2059-Dec-25 05:41:58","entropy":3.27174},{"id":"83","type":"RT_STRING","language":"English - United States","codepage":"Latin 1 / Western European","size":1098,"timedatestamp":"2059-Dec-25 05:41:58","entropy":3.2912},{"id":"85","type":"RT_STRING","language":"English - United States","codepage":"Latin 1 / Western European","size":974,"timedatestamp":"2059-Dec-25 05:41:58","entropy":3.13591},{"id":"ADMQCMD","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":7,"timedatestamp":"2059-Dec-25 05:41:58","entropy":2.80735},{"id":"CABINET","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":1932347,"timedatestamp":"2059-Dec-25 05:41:58","entropy":7.99986,"detected_filetype":"CAB Installer file"},{"id":"EXTRACTOPT","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":4,"timedatestamp":"2059-Dec-25 05:41:58","entropy":0.811278},{"id":"FILESIZES","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":36,"timedatestamp":"2059-Dec-25 05:41:58","entropy":2.6383},{"id":"FINISHMSG","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":7,"timedatestamp":"2059-Dec-25 05:41:58","entropy":2.80735},{"id":"LICENSE","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":7,"timedatestamp":"2059-Dec-25 05:41:58","entropy":2.80735},{"id":"PACKINSTSPACE","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":4,"timedatestamp":"2059-Dec-25 05:41:58","entropy":0},{"id":"POSTRUNPROGRAM","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":45,"timedatestamp":"2059-Dec-25 05:41:58","entropy":4.37171},{"id":"REBOOT","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":4,"timedatestamp":"2059-Dec-25 05:41:58","entropy":0},{"id":"RUNPROGRAM","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":24,"timedatestamp":"2059-Dec-25 05:41:58","entropy":3.26789},{"id":"SHOWWINDOW","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":4,"timedatestamp":"2059-Dec-25 05:41:58","entropy":0.811278},{"id":"TITLE","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":10,"timedatestamp":"2059-Dec-25 05:41:58","entropy":2.84644},{"id":"UPROMPT","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":7,"timedatestamp":"2059-Dec-25 05:41:58","entropy":2.80735},{"id":"USRQCMD","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":7,"timedatestamp":"2059-Dec-25 05:41:58","entropy":2.80735},{"id":"3000","type":"RT_GROUP_ICON","language":"English - United States","codepage":"Latin 1 / Western European","size":48,"timedatestamp":"2059-Dec-25 05:41:58","entropy":2.22035,"detected_filetype":"Icon file"},{"id":"1 (#2)","type":"RT_VERSION","language":"English - United States","codepage":"Latin 1 / Western European","size":1032,"timedatestamp":"2059-Dec-25 05:41:58","entropy":3.38987},{"id":"1 (#3)","type":"RT_MANIFEST","language":"English - United States","codepage":"Latin 1 / Western European","size":2022,"timedatestamp":"2059-Dec-25 05:41:58","entropy":5.00142}],"version_info":{"resource_langid":"English - United States","vs_version_info":{"signature":"0xFEEF04BD","structversion":"0x00010000","fileversion":"11.0.22688.1","productversion":"11.0.22688.1","fileflags":"(EMPTY)","fileos":["VOS_DOS_WINDOWS32","VOS_NT","VOS_NT_WINDOWS32","VOS_WINCE","VOS__WINDOWS32"],"filetype":"VFT_APP","language":"English - United States","companyname":"Microsoft Corporation","filedescription":"Win32 Cabinet Self-Extractor","fileversion_2":"11.00.22688.1 (WinBuild.160101.0800)","internalname":"Wextract","legalcopyright":"© Microsoft Corporation. All rights reserved.","originalfilename":"WEXTRACT.EXE .MUI","productname":"Internet Explorer","productversion_2":"11.00.22688.1"}},"debug_info":[{"type":"IMAGE_DEBUG_TYPE_CODEVIEW","characteristics":0,"timedatestamp":"2062-Jul-25 12:18:00","version":"0.0","sizeofdata":37,"addressofrawdata":"0x00009A64","pointertorawdata":"0x00008A64","referenced_file":"wextract.pdb"},{"type":"IMAGE_DEBUG_TYPE_POGO","characteristics":0,"timedatestamp":"2062-Jul-25 12:18:00","version":"0.0","sizeofdata":496,"addressofrawdata":"0x00009A8C","pointertorawdata":"0x00008A8C"},{"type":"UNKNOWN","characteristics":0,"timedatestamp":"2062-Jul-25 12:18:00","version":"0.0","sizeofdata":36,"addressofrawdata":"0x00009C7C","pointertorawdata":"0x00008C7C"}],"load_configuration":{"size":280,"timedatestamp":"1970-Jan-01 00:00:00","version":"0.0","globalflagsclear":"(EMPTY)","globalflagsset":"(EMPTY)","criticalsectiondefaulttimeout":0,"decommitfreeblockthreshold":"0x0000000000000000","decommittotalfreethreshold":"0x0000000000000000","lockprefixtable":"0x0000000000000000","maximumallocationsize":"0x0000000000000000","virtualmemorythreshold":"0x0000000000000000","processaffinitymask":"0x0000000000000000","processheapflags":"(EMPTY)","csdversion":0,"reserved1":"0x0000","editlist":"0x0000000000000000","securitycookie":"0x000000014000C008","guardcfcheckfunctionpointer":"0x0000000140009648","guardcfdispatchfunctionpointer":"0x0000000000000000","guardcffunctiontable":"0x0000000000000000","guardcffunctioncount":"0x0000000000000000","guardflags":"(EMPTY)","codeintegrity_flags":"0x0000","codeintegrity_catalog":"0x0000","codeintegrity_catalogoffset":"0x00000000","codeintegrity_reserved":"0x00000000","guardaddresstakeniatentrytable":"0x0000000000000000","guardaddresstakeniatentrycount":0,"guardlongjumptargettable":"0x0000000000000000","guardlongjumptargetcount":0},"rich_header":{"xor_key":"0x3690B900","unmarked_objects":0,"cpp_objects":1,"asm_objects":2,"c_objects":18,"imports":17,"total_imports":160,"c_objects_ltcg":10,"resource_objects":1,"linker":1},"suspicious_strings":["rundll32.exe","CurrentVersion\\Run","Command.com"],"malicious_indicators":["LoadLibraryA","GetProcAddress","LoadLibraryExA","RegDeleteValueA","RegOpenKeyExA","RegQueryInfoKeyA","RegSetValueExA","RegCreateKeyExA","RegQueryValueExA","RegCloseKey","CreateProcessA","GetTempPathA","CreateFileA","OpenProcessToken","AdjustTokenPrivileges","GetDriveTypeA","GetVolumeInformationA","ExitWindowsEx"],"exploit_mitigation_techniques":["Stack Canary: enabled","SafeSEH: enabled (0 registered handlers)","ASLR: enabled","DEP: enabled","CFG: enabled"]}},"Exports":{},"Resources":{"entities":[{"id":"3001","type":"AVI","language":"English - United States","codepage":"Latin 1 / Western European","size":11802,"time_date_stamp":"2059-12-25T05:41:58","entropy":3.52241,"detected_filetype":"AVI Resource Interchange File Format","detected_filetype_2":"Windows animated cursor"},{"id":"1","type":"RT_ICON","language":"English - United States","codepage":"UNKNOWN","size":278568,"time_date_stamp":"1980-01-01T00:00:00","entropy":6.16766},{"id":"2","type":"RT_ICON","language":"English - United States","codepage":"UNKNOWN","size":278568,"time_date_stamp":"1980-01-01T00:00:00","entropy":6.16766},{"id":"3","type":"RT_ICON","language":"English - United States","codepage":"UNKNOWN","size":17448,"time_date_stamp":"1980-01-01T00:00:00","entropy":6.135},{"id":"2001","type":"RT_DIALOG","language":"English - United States","codepage":"Latin 1 / Western European","size":754,"time_date_stamp":"2059-12-25T05:41:58","entropy":3.25575},{"id":"2002","type":"RT_DIALOG","language":"English - United States","codepage":"Latin 1 / Western European","size":432,"time_date_stamp":"2059-12-25T05:41:58","entropy":3.16025},{"id":"2003","type":"RT_DIALOG","language":"English - United States","codepage":"Latin 1 / Western European","size":358,"time_date_stamp":"2059-12-25T05:41:58","entropy":2.99713},{"id":"2004","type":"RT_DIALOG","language":"English - United States","codepage":"Latin 1 / Western European","size":448,"time_date_stamp":"2059-12-25T05:41:58","entropy":3.11992},{"id":"2005","type":"RT_DIALOG","language":"English - United States","codepage":"Latin 1 / Western European","size":304,"time_date_stamp":"2059-12-25T05:41:58","entropy":2.97326},{"id":"2006","type":"RT_DIALOG","language":"English - United States","codepage":"Latin 1 / Western European","size":288,"time_date_stamp":"2059-12-25T05:41:58","entropy":2.97672},{"id":"63","type":"RT_STRING","language":"English - United States","codepage":"Latin 1 / Western European","size":140,"time_date_stamp":"2059-12-25T05:41:58","entropy":2.48958},{"id":"76","type":"RT_STRING","language":"English - United States","codepage":"Latin 1 / Western European","size":1312,"time_date_stamp":"2059-12-25T05:41:58","entropy":3.2674},{"id":"77","type":"RT_STRING","language":"English - United States","codepage":"Latin 1 / Western European","size":1484,"time_date_stamp":"2059-12-25T05:41:58","entropy":3.29977},{"id":"80","type":"RT_STRING","language":"English - United States","codepage":"Latin 1 / Western European","size":1200,"time_date_stamp":"2059-12-25T05:41:58","entropy":3.27174},{"id":"83","type":"RT_STRING","language":"English - United States","codepage":"Latin 1 / Western European","size":1098,"time_date_stamp":"2059-12-25T05:41:58","entropy":3.2912},{"id":"85","type":"RT_STRING","language":"English - United States","codepage":"Latin 1 / Western European","size":974,"time_date_stamp":"2059-12-25T05:41:58","entropy":3.13591},{"id":"ADMQCMD","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":7,"time_date_stamp":"2059-12-25T05:41:58","entropy":2.80735},{"id":"CABINET","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":1932347,"time_date_stamp":"2059-12-25T05:41:58","entropy":7.99986,"detected_filetype":"CAB Installer file"},{"id":"EXTRACTOPT","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":4,"time_date_stamp":"2059-12-25T05:41:58","entropy":0.811278},{"id":"FILESIZES","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":36,"time_date_stamp":"2059-12-25T05:41:58","entropy":2.6383},{"id":"FINISHMSG","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":7,"time_date_stamp":"2059-12-25T05:41:58","entropy":2.80735},{"id":"LICENSE","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":7,"time_date_stamp":"2059-12-25T05:41:58","entropy":2.80735},{"id":"PACKINSTSPACE","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":4,"time_date_stamp":"2059-12-25T05:41:58","entropy":0},{"id":"POSTRUNPROGRAM","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":45,"time_date_stamp":"2059-12-25T05:41:58","entropy":4.37171},{"id":"REBOOT","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":4,"time_date_stamp":"2059-12-25T05:41:58","entropy":0},{"id":"RUNPROGRAM","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":24,"time_date_stamp":"2059-12-25T05:41:58","entropy":3.26789},{"id":"SHOWWINDOW","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":4,"time_date_stamp":"2059-12-25T05:41:58","entropy":0.811278},{"id":"TITLE","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":10,"time_date_stamp":"2059-12-25T05:41:58","entropy":2.84644},{"id":"UPROMPT","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":7,"time_date_stamp":"2059-12-25T05:41:58","entropy":2.80735},{"id":"USRQCMD","type":"RT_RCDATA","language":"English - United States","codepage":"Latin 1 / Western European","size":7,"time_date_stamp":"2059-12-25T05:41:58","entropy":2.80735},{"id":"3000","type":"RT_GROUP_ICON","language":"English - United States","codepage":"Latin 1 / Western European","size":48,"time_date_stamp":"2059-12-25T05:41:58","entropy":2.22035,"detected_filetype":"Icon file"},{"id":"1 (#2)","type":"RT_VERSION","language":"English - United States","codepage":"Latin 1 / Western European","size":1032,"time_date_stamp":"2059-12-25T05:41:58","entropy":3.38987},{"id":"1 (#3)","type":"RT_MANIFEST","language":"English - United States","codepage":"Latin 1 / Western European","size":2022,"time_date_stamp":"2059-12-25T05:41:58","entropy":5.00142}],"version_info":{"resource_lang_id":"English - United States","vs_version_info":{"signature":"0xFEEF04BD","struct_version":"0x00010000","file_version":"11.0.22688.1","product_version":"11.0.22688.1","file_flags":"(EMPTY)","file_os":["VOS_DOS_WINDOWS32","VOS_NT","VOS_NT_WINDOWS32","VOS_WINCE","VOS__WINDOWS32"],"file_type":"VFT_APP","language":"English - United States","company_name":"Microsoft Corporation","file_description":"Win32 Cabinet Self-Extractor","file_version_2":"11.00.22688.1 (WinBuild.160101.0800)","internal_name":"Wextract","legal_copyright":"© Microsoft Corporation. All rights reserved.","original_filename":"WEXTRACT.EXE .MUI","product_name":"Internet Explorer","product_version_2":"11.00.22688.1"}}},"Debug Info":{"debug_entries":[{"type":"IMAGE_DEBUG_TYPE_CODEVIEW","characteristics":0,"time_date_stamp":"2062-Jul-25 12:18:00","version":"0.0","size_of_data":37,"address_of_raw_data":"0x00009A64","pointer_to_raw_data":"0x00008A64","referenced_file":"wextract.pdb"},{"type":"IMAGE_DEBUG_TYPE_POGO","characteristics":0,"time_date_stamp":"2062-Jul-25 12:18:00","version":"0.0","size_of_data":496,"address_of_raw_data":"0x00009A8C","pointer_to_raw_data":"0x00008A8C"},{"type":"UNKNOWN","characteristics":0,"time_date_stamp":"2062-Jul-25 12:18:00","version":"0.0","size_of_data":36,"address_of_raw_data":"0x00009C7C","pointer_to_raw_data":"0x00008C7C"}]},"Load Configuration":{"Size":280,"TimeDateStamp":"1970-Jan-01 00:00:00","Version":"0.0","GlobalFlagsClear":"","GlobalFlagsSet":"","CriticalSectionDefaultTimeout":0,"DeCommitFreeBlockThreshold":0,"DeCommitTotalFreeThreshold":0,"LockPrefixTable":0,"MaximumAllocationSize":0,"VirtualMemoryThreshold":0,"ProcessAffinityMask":0,"ProcessHeapFlags":"","CSDVersion":0,"Reserved1":0,"EditList":0,"SecurityCookie":"0x000000014000C008","GuardCFCheckFunctionPointer":"0x0000000140009648","GuardCFDispatchFunctionPointer":0,"GuardCFFunctionTable":0,"GuardCFFunctionCount":0,"GuardFlags":"","CodeIntegrity":{"Flags":0,"Catalog":0,"CatalogOffset":0,"Reserved":0},"GuardAddressTakenIatEntryTable":0,"GuardAddressTakenIatEntryCount":0,"GuardLongJumpTargetTable":0,"GuardLongJumpTargetCount":0},"RICH Header":{"xor_key":"0x3690B900","unmarked_objects":0,"cpp_objects":1,"asm_objects":2,"c_objects":18,"imports":17,"total_imports":160,"ltcg_c_objects":10,"resource_objects":1,"linker":1,"suspicious_strings":{"system_tools":["rundll32.exe"],"dropper_capabilities":["CurrentVersion\\Run"],"domain_names":["Command.com"]},"malicious_functions":{"hidden_imports":["LoadLibraryA","GetProcAddress","LoadLibraryExA"],"registry_access":["RegDeleteValueA","RegOpenKeyExA","RegQueryInfoKeyA","RegSetValueExA","RegCreateKeyExA","RegQueryValueExA","RegCloseKey"],"process_creation":["CreateProcessA"],"temp_files":["GetTempPathA","CreateFileA"],"privilege_functions":["OpenProcessToken","AdjustTokenPrivileges"],"disk_enumeration":["GetDriveTypeA","GetVolumeInformationA"],"system_shutdown":["ExitWindowsEx"]},"pe_modifications":{"resource_cabinet":true,"timestamp_mismatch":"2059-Dec-25 05:41:58","resource_percentage":98.1524},"exploit_mitigations":{"stack_canary":true,"safe_seh":{"enabled":true,"handlers":0},"aslr":true,"dep":true,"cfg":true}},"Interesting strings found in the binary":{},"file_path":"/home/apogean/projects/malware/windows/all_runs/3"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_re990g1q/output.txt"},"timestamp":"2026-04-27 00:24:29"},{"_id":{"$oid":"69f0fbd759a6632dae07de67"},"sha256":"c5ae6f6ec23fd8d5ba1343e49bf805bbc016545715a413227bd5afe9c795002e","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /home/apogean/projects/malware/windows/all_runs/5.exe\nDate: 2026-04-28 23:55:25\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n-------------------------------------------------------------------------------\n/home/apogean/projects/malware/windows/all_runs/5.exe\n-------------------------------------------------------------------------------\n\nSummary:\n--------\nArchitecture: IMAGE_FILE_MACHINE_I386\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nCompilation Date: 2026-Feb-26 07:28:46\nDetected languages: English - United Kingdom\n\nDOS Header:\n-----------\ne_magic: MZ\ne_cblp: 0x0090\ne_cp: 0x0003\ne_crlc: 0x0000\ne_cparhdr: 0x0004\ne_minalloc: 0x0000\ne_maxalloc: 0xFFFF\ne_ss: 0x0000\ne_sp: 0x00B8\ne_csum: 0x0000\ne_ip: 0x0000\ne_cs: 0x0000\ne_ovno: 0x0000\ne_oemid: 0x0000\ne_oeminfo: 0x0000\ne_lfanew: 0x00000120\n\nPE Header:\n----------\nSignature: PE\nMachine: IMAGE_FILE_MACHINE_I386\nNumberofSections: 5\nTimeDateStamp: 2026-Feb-26 07:28:46\nPointerToSymbolTable: 0x00000000\nNumberOfSymbols: 0\nSizeOfOptionalHeader: 0x00E0\nCharacteristics: IMAGE_FILE_32BIT_MACHINE\n IMAGE_FILE_EXECUTABLE_IMAGE\n IMAGE_FILE_LARGE_ADDRESS_AWARE\n\nImage Optional Header:\n----------------------\nMagic: PE32\nLinkerVersion: 14.0\nSizeOfCode: 0x0009AC00\nSizeOfInitializedData: 0x00077000\nSizeOfUninitializedData: 0x00000000\nAddressOfEntryPoint: 0x000204F7 (Section: .text)\nBaseOfCode: 0x00001000\nBaseOfData: 0x0009C000\nImageBase: 0x00400000\nSectionAlignment: 0x00001000\nFileAlignment: 0x00000200\nOperatingSystemVersion: 5.1\nImageVersion: 0.0\nSubsystemVersion: 5.1\nWin32VersionValue: 0\nSizeOfImage: 0x00118000\nSizeOfHeaders: 0x00000400\nChecksum: 0x0011F1CB\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nDllCharacteristics: IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE\n IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE\nSizeofStackReserve: 0x00400000\nSizeofStackCommit: 0x00001000\nSizeofHeapReserve: 0x00400000\nSizeofHeapCommit: 0x00001000\nLoaderFlags: 0x00000000\nNumberOfRvaAndSizes: 16\n\nSections:\n---------\n.text:\n VirtualSize: 0x0009AA37\n VirtualAddress: 0x00001000\n SizeOfRawData: 0x0009AC00\n PointerToRawData: 0x00000400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 6.66568\n\n.rdata:\n VirtualSize: 0x0002FB92\n VirtualAddress: 0x0009C000\n SizeOfRawData: 0x0002FC00\n PointerToRawData: 0x0009B000\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 5.6928\n\n.data:\n VirtualSize: 0x0000705C\n VirtualAddress: 0x000CC000\n SizeOfRawData: 0x00004800\n PointerToRawData: 0x000CAC00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n Entropy: 0.584577\n\n.rsrc:\n VirtualSize: 0x0003B508\n VirtualAddress: 0x000D4000\n SizeOfRawData: 0x0003B600\n PointerToRawData: 0x000CF400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 7.79942\n\n.reloc:\n VirtualSize: 0x000075CC\n VirtualAddress: 0x00110000\n SizeOfRawData: 0x00007600\n PointerToRawData: 0x0010AA00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_DISCARDABLE\n IMAGE_SCN_MEM_READ\n Entropy: 6.7982\n\n\nImports:\n--------\nWSOCK32.dll: gethostbyname\n recv\n send\n socket\n inet_ntoa\n setsockopt\n ntohs\n WSACleanup\n WSAStartup\n sendto\n htons\n __WSAFDIsSet\n select\n accept\n listen\n bind\n inet_addr\n ioctlsocket\n recvfrom\n WSAGetLastError\n closesocket\n gethostname\n connect\nVERSION.dll: GetFileVersionInfoW\n VerQueryValueW\n GetFileVersionInfoSizeW\nWINMM.dll: timeGetTime\n waveOutSetVolume\n mciSendStringW\nCOMCTL32.dll: ImageList_ReplaceIcon\n ImageList_Destroy\n ImageList_Remove\n ImageList_SetDragCursorImage\n ImageList_BeginDrag\n ImageList_DragEnter\n ImageList_DragLeave\n ImageList_EndDrag\n ImageList_DragMove\n InitCommonControlsEx\n ImageList_Create\nMPR.dll: WNetGetConnectionW\n WNetCancelConnection2W\n WNetUseConnectionW\n WNetAddConnection2W\nWININET.dll: HttpOpenRequestW\n InternetCloseHandle\n InternetOpenW\n InternetSetOptionW\n InternetCrackUrlW\n HttpQueryInfoW\n InternetQueryOptionW\n InternetConnectW\n HttpSendRequestW\n FtpOpenFileW\n FtpGetFileSize\n InternetOpenUrlW\n InternetReadFile\n InternetQueryDataAvailable\nPSAPI.DLL: GetProcessMemoryInfo\nIPHLPAPI.DLL: IcmpSendEcho\n IcmpCloseHandle\n IcmpCreateFile\nUSERENV.dll: DestroyEnvironmentBlock\n LoadUserProfileW\n CreateEnvironmentBlock\n UnloadUserProfile\nUxTheme.dll: IsThemeActive\nKERNEL32.dll: DuplicateHandle\n CreateThread\n WaitForSingleObject\n HeapAlloc\n GetProcessHeap\n HeapFree\n Sleep\n GetCurrentThreadId\n MultiByteToWideChar\n MulDiv\n GetVersionExW\n IsWow64Process\n GetSystemInfo\n FreeLibrary\n LoadLibraryA\n GetProcAddress\n SetErrorMode\n GetModuleFileNameW\n WideCharToMultiByte\n lstrcpyW\n lstrlenW\n GetModuleHandleW\n QueryPerformanceCounter\n VirtualFreeEx\n OpenProcess\n VirtualAllocEx\n WriteProcessMemory\n ReadProcessMemory\n CreateFileW\n SetFilePointerEx\n SetEndOfFile\n ReadFile\n WriteFile\n FlushFileBuffers\n TerminateProcess\n CreateToolhelp32Snapshot\n Process32FirstW\n Process32NextW\n SetFileTime\n GetFileAttributesW\n FindFirstFileW\n FindClose\n GetLongPathNameW\n GetShortPathNameW\n DeleteFileW\n IsDebuggerPresent\n CopyFileExW\n MoveFileW\n CreateDirectoryW\n RemoveDirectoryW\n SetSystemPowerState\n QueryPerformanceFrequency\n LoadResource\n LockResource\n SizeofResource\n OutputDebugStringW\n GetTempPathW\n GetTempFileNameW\n DeviceIoControl\n GetLocalTime\n CompareStringW\n GetCurrentThread\n LeaveCriticalSection\n GetStdHandle\n CreatePipe\n InterlockedExchange\n TerminateThread\n LoadLibraryExW\n FindResourceExW\n CopyFileW\n VirtualFree\n FormatMessageW\n GetExitCodeProcess\n GetPrivateProfileStringW\n WritePrivateProfileStringW\n GetPrivateProfileSectionW\n WritePrivateProfileSectionW\n GetPrivateProfileSectionNamesW\n FileTimeToLocalFileTime\n FileTimeToSystemTime\n SystemTimeToFileTime\n LocalFileTimeToFileTime\n GetDriveTypeW\n GetDiskFreeSpaceExW\n GetDiskFreeSpaceW\n GetVolumeInformationW\n SetVolumeLabelW\n CreateHardLinkW\n SetFileAttributesW\n CreateEventW\n SetEvent\n GetEnvironmentVariableW\n SetEnvironmentVariableW\n GlobalLock\n GlobalUnlock\n GlobalAlloc\n GetFileSize\n GlobalFree\n GlobalMemoryStatusEx\n Beep\n GetSystemDirectoryW\n HeapReAlloc\n HeapSize\n GetComputerNameW\n GetWindowsDirectoryW\n GetCurrentProcessId\n GetProcessIoCounters\n CreateProcessW\n GetProcessId\n SetPriorityClass\n LoadLibraryW\n VirtualAlloc\n GetCurrentDirectoryW\n lstrcmpiW\n DecodePointer\n GetLastError\n RaiseException\n InitializeCriticalSectionAndSpinCount\n DeleteCriticalSection\n InterlockedDecrement\n InterlockedIncrement\n ResetEvent\n WaitForSingleObjectEx\n IsProcessorFeaturePresent\n UnhandledExceptionFilter\n SetUnhandledExceptionFilter\n GetCurrentProcess\n CloseHandle\n GetFullPathNameW\n EnterCriticalSection\n GetStartupInfoW\n GetSystemTimeAsFileTime\n InitializeSListHead\n RtlUnwind\n SetLastError\n TlsAlloc\n TlsGetValue\n TlsSetValue\n TlsFree\n EncodePointer\n ExitProcess\n GetModuleHandleExW\n ExitThread\n ResumeThread\n FreeLibraryAndExitThread\n GetACP\n GetDateFormatW\n GetTimeFormatW\n LCMapStringW\n GetStringTypeW\n GetFileType\n SetStdHandle\n GetConsoleCP\n GetConsoleMode\n ReadConsoleW\n GetTimeZoneInformation\n FindFirstFileExW\n IsValidCodePage\n GetOEMCP\n GetCPInfo\n GetCommandLineA\n GetCommandLineW\n GetEnvironmentStringsW\n FreeEnvironmentStringsW\n SetEnvironmentVariableA\n SetCurrentDirectoryW\n FindNextFileW\n WriteConsoleW\nUSER32.dll: IsCharAlphaW\n IsCharAlphaNumericW\n IsCharLowerW\n IsCharUpperW\n GetMenuStringW\n GetSubMenu\n GetCaretPos\n IsZoomed\n MonitorFromPoint\n GetMonitorInfoW\n SetWindowLongW\n SetLayeredWindowAttributes\n FlashWindow\n GetClassLongW\n TranslateAcceleratorW\n IsDialogMessageW\n GetSysColor\n InflateRect\n DrawFocusRect\n DrawTextW\n FrameRect\n DrawFrameControl\n FillRect\n PtInRect\n DestroyAcceleratorTable\n CreateAcceleratorTableW\n SetCursor\n GetWindowDC\n GetSystemMetrics\n GetActiveWindow\n CharNextW\n wsprintfW\n RedrawWindow\n DrawMenuBar\n DestroyMenu\n SetMenu\n GetWindowTextLengthW\n CreateMenu\n IsDlgButtonChecked\n DefDlgProcW\n CallWindowProcW\n ReleaseCapture\n SetCapture\n TranslateMessage\n PeekMessageW\n GetInputState\n UnregisterHotKey\n CharLowerBuffW\n MonitorFromRect\n LoadImageW\n mouse_event\n ExitWindowsEx\n SetActiveWindow\n FindWindowExW\n EnumThreadWindows\n SetMenuDefaultItem\n InsertMenuItemW\n IsMenu\n GetKeyboardLayoutNameW\n GetCursorPos\n DeleteMenu\n CheckMenuRadioItem\n GetMenuItemID\n GetMenuItemCount\n SetMenuItemInfoW\n GetMenuItemInfoW\n SetForegroundWindow\n IsIconic\n FindWindowW\n SystemParametersInfoW\n GetMessageW\n SendInput\n GetAsyncKeyState\n SetKeyboardState\n GetKeyboardState\n GetKeyState\n VkKeyScanW\n LoadStringW\n DialogBoxParamW\n MessageBeep\n EndDialog\n SendDlgItemMessageW\n GetDlgItem\n SetWindowTextW\n CopyRect\n EndPaint\n BeginPaint\n GetClientRect\n GetMenu\n DestroyWindow\n EnumWindows\n GetDesktopWindow\n IsWindow\n IsWindowEnabled\n IsWindowVisible\n EnableWindow\n InvalidateRect\n GetWindowLongW\n ReleaseDC\n GetDC\n GetWindowThreadProcessId\n AttachThreadInput\n GetFocus\n GetWindowTextW\n SendMessageTimeoutW\n EnumChildWindows\n CharUpperBuffW\n GetClassNameW\n GetParent\n GetDlgCtrlID\n SendMessageW\n MapVirtualKeyW\n PostMessageW\n GetWindowRect\n SetUserObjectSecurity\n CloseDesktop\n CloseWindowStation\n OpenDesktopW\n ClientToScreen\n RegisterHotKey\n GetCursorInfo\n SetWindowPos\n CopyImage\n AdjustWindowRectEx\n SetRect\n SetClipboardData\n EmptyClipboard\n CountClipboardFormats\n CloseClipboard\n GetClipboardData\n IsClipboardFormatAvailable\n OpenClipboard\n TrackPopupMenuEx\n BlockInput\n SetProcessWindowStation\n GetProcessWindowStation\n OpenWindowStationW\n GetUserObjectSecurity\n MessageBoxW\n DefWindowProcW\n MoveWindow\n SetFocus\n PostQuitMessage\n KillTimer\n CreatePopupMenu\n RegisterWindowMessageW\n SetTimer\n ShowWindow\n CreateWindowExW\n RegisterClassExW\n LoadIconW\n LoadCursorW\n GetSysColorBrush\n GetForegroundWindow\n MessageBoxA\n DestroyIcon\n LockWindowUpdate\n keybd_event\n DispatchMessageW\n ScreenToClient\nGDI32.dll: EndPath\n DeleteObject\n GetTextExtentPoint32W\n ExtCreatePen\n StrokeAndFillPath\n GetDeviceCaps\n SetPixel\n CloseFigure\n LineTo\n AngleArc\n MoveToEx\n Ellipse\n CreateCompatibleBitmap\n CreateCompatibleDC\n PolyDraw\n BeginPath\n Rectangle\n SetViewportOrgEx\n GetObjectW\n SetBkMode\n RoundRect\n SetBkColor\n CreatePen\n SelectObject\n StretchBlt\n CreateSolidBrush\n SetTextColor\n CreateFontW\n GetTextFaceW\n GetStockObject\n CreateDCW\n GetPixel\n DeleteDC\n GetDIBits\n StrokePath\nCOMDLG32.dll: GetSaveFileNameW\n GetOpenFileNameW\nADVAPI32.dll: GetAce\n RegEnumValueW\n RegDeleteValueW\n RegDeleteKeyW\n RegEnumKeyExW\n RegSetValueExW\n RegOpenKeyExW\n RegCloseKey\n RegQueryValueExW\n RegConnectRegistryW\n InitializeSecurityDescriptor\n InitializeAcl\n AdjustTokenPrivileges\n OpenThreadToken\n OpenProcessToken\n LookupPrivilegeValueW\n DuplicateTokenEx\n CreateProcessAsUserW\n CreateProcessWithLogonW\n GetLengthSid\n CopySid\n LogonUserW\n AllocateAndInitializeSid\n CheckTokenMembership\n FreeSid\n GetTokenInformation\n RegCreateKeyExW\n GetSecurityDescriptorDacl\n GetAclInformation\n GetUserNameW\n AddAce\n SetSecurityDescriptorDacl\n InitiateSystemShutdownExW\nSHELL32.dll: DragFinish\n DragQueryPoint\n ShellExecuteExW\n DragQueryFileW\n SHEmptyRecycleBinW\n SHGetPathFromIDListW\n SHBrowseForFolderW\n SHCreateShellItem\n SHGetDesktopFolder\n SHGetSpecialFolderLocation\n SHGetFolderPathW\n SHFileOperationW\n ExtractIconExW\n Shell_NotifyIconW\n ShellExecuteW\nole32.dll: CoTaskMemAlloc\n CoTaskMemFree\n CLSIDFromString\n ProgIDFromCLSID\n CLSIDFromProgID\n OleSetMenuDescriptor\n MkParseDisplayName\n OleSetContainedObject\n CoCreateInstance\n IIDFromString\n StringFromGUID2\n CreateStreamOnHGlobal\n OleInitialize\n OleUninitialize\n CoInitialize\n CoUninitialize\n GetRunningObjectTable\n CoGetInstanceFromFile\n CoGetObject\n CoInitializeSecurity\n CoCreateInstanceEx\n CoSetProxyBlanket\nOLEAUT32.dll: CreateStdDispatch\n CreateDispTypeInfo\n UnRegisterTypeLib\n UnRegisterTypeLibForUser\n RegisterTypeLibForUser\n RegisterTypeLib\n LoadTypeLibEx\n VariantCopyInd\n SysReAllocString\n SysFreeString\n VariantChangeType\n SafeArrayDestroyData\n SafeArrayUnaccessData\n SafeArrayAccessData\n SafeArrayAllocData\n SafeArrayAllocDescriptorEx\n SafeArrayCreateVector\n SysStringLen\n QueryPathOfRegTypeLib\n SysAllocString\n VariantInit\n VariantClear\n DispCallFunc\n VariantTimeToSystemTime\n VarR8FromDec\n SafeArrayGetVartype\n SafeArrayDestroyDescriptor\n VariantCopy\n OleLoadPicture\n\nResources:\n----------\n1:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 296\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.66371\n\n2:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 296\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.05883\n\n3:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 296\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.25499\n\n4:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 744\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.65355\n\n5:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 296\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.43704\n\n6:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 3752\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.16139\n\n7:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 2216\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.07494\n\n8:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1384\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.18302\n\n9:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 9640\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.52312\n\n10:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 4264\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.65168\n\n11:\n Type: RT_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.39178\n\n166:\n Type: RT_MENU\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 80\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.68292\n\n7 (#2):\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1428\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.34702\n\n8 (#2):\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1674\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.2804\n\n9 (#2):\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1168\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.28849\n\n10 (#2):\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1532\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.28373\n\n11 (#2):\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1628\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.26322\n\n12:\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1126\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.25812\n\n313:\n Type: RT_STRING\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 344\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.08572\n\nSCRIPT:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: Latin 1 / Western European\n Size: 206799\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.999\n\n99:\n Type: RT_GROUP_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 118\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.8695\n Detected Filetype: Icon file\n\n162:\n Type: RT_GROUP_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.02322\n Detected Filetype: Icon file\n\n164:\n Type: RT_GROUP_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 1.84274\n Detected Filetype: Icon file\n\n169:\n Type: RT_GROUP_ICON\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.02322\n Detected Filetype: Icon file\n\n1 (#2):\n Type: RT_VERSION\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 220\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.77862\n\n1 (#3):\n Type: RT_MANIFEST\n Language: English - United Kingdom\n Codepage: Latin 1 / Western European\n Size: 1007\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.40026\n\n\nVersion Info:\n-------------\nResource LangID: English - United Kingdom\nVS_VERSION_INFO:\n Signature: 0xFEEF04BD\n StructVersion: 0x00010000\n FileVersion: 0.0.0.0\n ProductVersion: 0.0.0.0\n FileFlags: (EMPTY)\n FileOs: VOS_DOS_WINDOWS32\n VOS_NT_WINDOWS32\n VOS__WINDOWS32\n FileType: VFT_APP\n Language: English - United Kingdom\n\n\nDebug Info:\n-----------\nIMAGE_DEBUG_TYPE_POGO:\n Characteristics: 0\n TimeDateStamp: 2022-Mar-06 00:51:55\n Version: 0.0\n SizeofData: 1116\n AddressOfRawData: 0x000C8210\n PointerToRawData: 0x000C7210\n\n\nTLS Callbacks:\n--------------\nStartAddressOfRawData: 0x004C868C\nEndAddressOfRawData: 0x004C8694\nAddressOfIndex: 0x004D0740\nAddressOfCallbacks: 0x0049C8F8\nSizeOfZeroFill: 0x00000000\nCharacteristics: IMAGE_SCN_ALIGN_4BYTES\nCallbacks: (EMPTY)\n\nLoad Configuration:\n-------------------\nSize: 160\nTimeDateStamp: 1970-Jan-01 00:00:00\nVersion: 0.0\nGlobalFlagsClear: (EMPTY)\nGlobalFlagsSet: (EMPTY)\nCriticalSectionDefaultTimeout: 0\nDeCommitFreeBlockThreshold: 0x00000000\nDeCommitTotalFreeThreshold: 0x00000000\nLockPrefixTable: 0x00000000\nMaximumAllocationSize: 0x00000000\nVirtualMemoryThreshold: 0x00000000\nProcessAffinityMask: 0x00000000\nProcessHeapFlags: (EMPTY)\nCSDVersion: 0\nReserved1: 0x0000\nEditList: 0x00000000\nSecurityCookie: 0x004CC014\nSEHandlerTable: 0x00000000\nSEHandlerCount: 0\n\nRICH Header:\n------------\nXOR Key: 0xFDEDA6DE\nUnmarked objects: 0\n241 (40116): 35\n243 (40116): 157\n242 (40116): 35\n199 (41118): 1\nC++ objects (VS 2015/2017 runtime 26706): 45\nC objects (VS 2015/2017 runtime 26706): 18\nASM objects (VS 2015/2017 runtime 26706): 21\nC objects (VS2008 SP1 build 30729): 9\nImports (VS2008 SP1 build 30729): 37\nTotal imports: 553\nC++ objects (POGO O) (27045): 80\nASM objects (27045): 1\nResource objects (27045): 1\n151: 1\nLinker (27045): 1\n\nMatching compiler(s):\n Microsoft Visual C++ 6.0 - 8.0\n\n[ SUSPICIOUS ] Strings found in the binary may indicate undesirable behavior:\n Is an AutoIT compiled script:\n AutoIt Error\n reserved for AutoIt internal use\n\nCryptographic algorithms detected in the binary:\n Uses constants related to CRC32\n Uses known Mersenne Twister constants\n\n[ MALICIOUS ] The PE contains functions mostly used by malware.\n [!] The program may be hiding some of its imports:\n LoadLibraryA\n GetProcAddress\n LoadLibraryExW\n LoadLibraryW\n Functions which can be used for anti-debugging purposes:\n CreateToolhelp32Snapshot\n FindWindowW\n Code injection capabilities:\n OpenProcess\n VirtualAllocEx\n WriteProcessMemory\n VirtualAlloc\n Code injection capabilities (PowerLoader):\n FindWindowW\n GetWindowLongW\n Can access the registry:\n RegisterHotKey\n RegEnumValueW\n RegDeleteValueW\n RegDeleteKeyW\n RegEnumKeyExW\n RegSetValueExW\n RegOpenKeyExW\n RegCloseKey\n RegQueryValueExW\n RegCreateKeyExW\n Possibly launches other programs:\n CreateProcessW\n CreateProcessAsUserW\n CreateProcessWithLogonW\n ShellExecuteW\n Can create temporary files:\n CreateFileW\n GetTempPathW\n Uses functions commonly found in keyloggers:\n GetAsyncKeyState\n AttachThreadInput\n MapVirtualKeyW\n GetForegroundWindow\n Has Internet access capabilities:\n InternetCloseHandle\n InternetOpenW\n InternetSetOptionW\n InternetCrackUrlW\n InternetQueryOptionW\n InternetConnectW\n InternetOpenUrlW\n InternetReadFile\n InternetQueryDataAvailable\n Functions related to the privilege level:\n AdjustTokenPrivileges\n OpenProcessToken\n DuplicateTokenEx\n CheckTokenMembership\n Enumerates local disk drives:\n GetDriveTypeW\n GetVolumeInformationW\n Manipulates other processes:\n OpenProcess\n WriteProcessMemory\n ReadProcessMemory\n Process32FirstW\n Process32NextW\n Can take screenshots:\n FindWindowW\n GetDC\n CreateCompatibleDC\n Reads the contents of the clipboard:\n GetClipboardData\n Can shut the system down or lock the screen:\n ExitWindowsEx\n InitiateSystemShutdownExW\n\nThe PE's resources present abnormal characteristics.\n Resource SCRIPT is possibly compressed or encrypted.\n\nThe following exploit mitigation techniques have been detected\n Stack Canary: enabled\n SafeSEH: enabled (0 registered handlers)\n ASLR: enabled\n DEP: disabled\n CFG: disabled\n\n\n\n[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.\n[!] Error: [Yara compiler] yara_rules/clamav.yara (999960) : syntax error, unexpected '{', expecting text string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (1089890) : syntax error, unexpected string identifier, expecting '}'\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2064551) : unreferenced string \"$a7\"\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2510733) : invalid hex string \"$a0\": uneven number of digits in hex string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2597376) : invalid hex string \"$a5\": syntax error\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2983072) : invalid hex string \"$a0\": invalid character in hex string\n[!] Error: Could not compile yara rules (6 error(s)).\n[!] Error: ClamAV rules haven't been generated yet!\n[!] Error: Please run yara_rules/update_clamav_signatures.py to create them, and refer to the documentation for additional information.\n","json_output":{"Summary":{"architecture":"IMAGE_FILE_MACHINE_I386","subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","compilation_date":"2026-02-26T07:28:46","detected_languages":["English - United Kingdom"]},"DOS Header":{"e_magic":"MZ","e_cblp":"0x0090","e_cp":"0x0003","e_crlc":"0x0000","e_cparhdr":"0x0004","e_minalloc":"0x0000","e_maxalloc":"0xFFFF","e_ss":"0x0000","e_sp":"0x00B8","e_csum":"0x0000","e_ip":"0x0000","e_cs":"0x0000","e_ovno":"0x0000","e_oemid":"0x0000","e_oeminfo":"0x0000","e_lfanew":"0x00000120"},"PE Header":{"Signature":"PE","Machine":"IMAGE_FILE_MACHINE_I386","NumberofSections":5,"TimeDateStamp":"2026-Feb-26 07:28:46","PointerToSymbolTable":"0x00000000","NumberOfSymbols":0,"SizeOfOptionalHeader":"0x00E0","Characteristics":["IMAGE_FILE_32BIT_MACHINE","IMAGE_FILE_EXECUTABLE_IMAGE","IMAGE_FILE_LARGE_ADDRESS_AWARE"]},"Image Optional Header":{"Magic":"PE32","LinkerVersion":"14.0","SizeOfCode":"0x0009AC00","SizeOfInitializedData":"0x00077000","SizeOfUninitializedData":"0x00000000","AddressOfEntryPoint":"0x000204F7","EntryPointSection":".text","BaseOfCode":"0x00001000","BaseOfData":"0x0009C000","ImageBase":"0x00400000","SectionAlignment":"0x00001000","FileAlignment":"0x00000200","OperatingSystemVersion":"5.1","ImageVersion":"0.0","SubsystemVersion":"5.1","Win32VersionValue":"0","SizeOfImage":"0x00118000","SizeOfHeaders":"0x00000400","Checksum":"0x0011F1CB","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","DllCharacteristics":["IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE","IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE"],"SizeofStackReserve":"0x00400000","SizeofStackCommit":"0x00001000","SizeofHeapReserve":"0x00400000","SizeofHeapCommit":"0x00001000","LoaderFlags":"0x00000000","NumberOfRvaAndSizes":"16"},"Sections":{"sections":[{"name":".text","virtual_size":"0x0009AA37","virtual_address":"0x00001000","size_of_raw_data":"0x0009AC00","pointer_to_raw_data":"0x00000400","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"entropy":6.66568},{"name":".rdata","virtual_size":"0x0002FB92","virtual_address":"0x0009C000","size_of_raw_data":"0x0002FC00","pointer_to_raw_data":"0x0009B000","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"entropy":5.6928},{"name":".data","virtual_size":"0x0000705C","virtual_address":"0x000CC000","size_of_raw_data":"0x00004800","pointer_to_raw_data":"0x000CAC00","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"],"entropy":0.584577},{"name":".rsrc","virtual_size":"0x0003B508","virtual_address":"0x000D4000","size_of_raw_data":"0x0003B600","pointer_to_raw_data":"0x000CF400","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"entropy":7.79942},{"name":".reloc","virtual_size":"0x000075CC","virtual_address":"0x00110000","size_of_raw_data":"0x00007600","pointer_to_raw_data":"0x0010AA00","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_DISCARDABLE","IMAGE_SCN_MEM_READ"],"entropy":6.7982}]},"Imports":{"dll_functions":{"WSOCK32.dll":["gethostbyname","recv","send","socket","inet_ntoa","setsockopt","ntohs","WSACleanup","WSAStartup","sendto","htons","__WSAFDIsSet","select","accept","listen","bind","inet_addr","ioctlsocket","recvfrom","WSAGetLastError","closesocket","gethostname","connect"],"VERSION.dll":["GetFileVersionInfoW","VerQueryValueW","GetFileVersionInfoSizeW"],"WINMM.dll":["timeGetTime","waveOutSetVolume","mciSendStringW"],"COMCTL32.dll":["ImageList_ReplaceIcon","ImageList_Destroy","ImageList_Remove","ImageList_SetDragCursorImage","ImageList_BeginDrag","ImageList_DragEnter","ImageList_DragLeave","ImageList_EndDrag","ImageList_DragMove","InitCommonControlsEx","ImageList_Create"],"MPR.dll":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"WININET.dll":["HttpOpenRequestW","InternetCloseHandle","InternetOpenW","InternetSetOptionW","InternetCrackUrlW","HttpQueryInfoW","InternetQueryOptionW","InternetConnectW","HttpSendRequestW","FtpOpenFileW","FtpGetFileSize","InternetOpenUrlW","InternetReadFile","InternetQueryDataAvailable"],"PSAPI.DLL":["GetProcessMemoryInfo"],"IPHLPAPI.DLL":["IcmpSendEcho","IcmpCloseHandle","IcmpCreateFile"],"USERENV.dll":["DestroyEnvironmentBlock","LoadUserProfileW","CreateEnvironmentBlock","UnloadUserProfile"],"UxTheme.dll":["IsThemeActive"],"KERNEL32.dll":["DuplicateHandle","CreateThread","WaitForSingleObject","HeapAlloc","GetProcessHeap","HeapFree","Sleep","GetCurrentThreadId","MultiByteToWideChar","MulDiv","GetVersionExW","IsWow64Process","GetSystemInfo","FreeLibrary","LoadLibraryA","GetProcAddress","SetErrorMode","GetModuleFileNameW","WideCharToMultiByte","lstrcpyW","lstrlenW","GetModuleHandleW","QueryPerformanceCounter","VirtualFreeEx","OpenProcess","VirtualAllocEx","WriteProcessMemory","ReadProcessMemory","CreateFileW","SetFilePointerEx","SetEndOfFile","ReadFile","WriteFile","FlushFileBuffers","TerminateProcess","CreateToolhelp32Snapshot","Process32FirstW","Process32NextW","SetFileTime","GetFileAttributesW","FindFirstFileW","FindClose","GetLongPathNameW","GetShortPathNameW","DeleteFileW","IsDebuggerPresent","CopyFileExW","MoveFileW","CreateDirectoryW","RemoveDirectoryW","SetSystemPowerState","QueryPerformanceFrequency","LoadResource","LockResource","SizeofResource","OutputDebugStringW","GetTempPathW","GetTempFileNameW","DeviceIoControl","GetLocalTime","CompareStringW","GetCurrentThread","LeaveCriticalSection","GetStdHandle","CreatePipe","InterlockedExchange","TerminateThread","LoadLibraryExW","FindResourceExW","CopyFileW","VirtualFree","FormatMessageW","GetExitCodeProcess","GetPrivateProfileStringW","WritePrivateProfileStringW","GetPrivateProfileSectionW","WritePrivateProfileSectionW","GetPrivateProfileSectionNamesW","FileTimeToLocalFileTime","FileTimeToSystemTime","SystemTimeToFileTime","LocalFileTimeToFileTime","GetDriveTypeW","GetDiskFreeSpaceExW","GetDiskFreeSpaceW","GetVolumeInformationW","SetVolumeLabelW","CreateHardLinkW","SetFileAttributesW","CreateEventW","SetEvent","GetEnvironmentVariableW","SetEnvironmentVariableW","GlobalLock","GlobalUnlock","GlobalAlloc","GetFileSize","GlobalFree","GlobalMemoryStatusEx","Beep","GetSystemDirectoryW","HeapReAlloc","HeapSize","GetComputerNameW","GetWindowsDirectoryW","GetCurrentProcessId","GetProcessIoCounters","CreateProcessW","GetProcessId","SetPriorityClass","LoadLibraryW","VirtualAlloc","GetCurrentDirectoryW","lstrcmpiW","DecodePointer","GetLastError","RaiseException","InitializeCriticalSectionAndSpinCount","DeleteCriticalSection","InterlockedDecrement","InterlockedIncrement","ResetEvent","WaitForSingleObjectEx","IsProcessorFeaturePresent","UnhandledExceptionFilter","SetUnhandledExceptionFilter","GetCurrentProcess","CloseHandle","GetFullPathNameW","EnterCriticalSection","GetStartupInfoW","GetSystemTimeAsFileTime","InitializeSListHead","RtlUnwind","SetLastError","TlsAlloc","TlsGetValue","TlsSetValue","TlsFree","EncodePointer","ExitProcess","GetModuleHandleExW","ExitThread","ResumeThread","FreeLibraryAndExitThread","GetACP","GetDateFormatW","GetTimeFormatW","LCMapStringW","GetStringTypeW","GetFileType","SetStdHandle","GetConsoleCP","GetConsoleMode","ReadConsoleW","GetTimeZoneInformation","FindFirstFileExW","IsValidCodePage","GetOEMCP","GetCPInfo","GetCommandLineA","GetCommandLineW","GetEnvironmentStringsW","FreeEnvironmentStringsW","SetEnvironmentVariableA","SetCurrentDirectoryW","FindNextFileW","WriteConsoleW"],"USER32.dll":["IsCharAlphaW","IsCharAlphaNumericW","IsCharLowerW","IsCharUpperW","GetMenuStringW","GetSubMenu","GetCaretPos","IsZoomed","MonitorFromPoint","GetMonitorInfoW","SetWindowLongW","SetLayeredWindowAttributes","FlashWindow","GetClassLongW","TranslateAcceleratorW","IsDialogMessageW","GetSysColor","InflateRect","DrawFocusRect","DrawTextW","FrameRect","DrawFrameControl","FillRect","PtInRect","DestroyAcceleratorTable","CreateAcceleratorTableW","SetCursor","GetWindowDC","GetSystemMetrics","GetActiveWindow","CharNextW","wsprintfW","RedrawWindow","DrawMenuBar","DestroyMenu","SetMenu","GetWindowTextLengthW","CreateMenu","IsDlgButtonChecked","DefDlgProcW","CallWindowProcW","ReleaseCapture","SetCapture","TranslateMessage","PeekMessageW","GetInputState","UnregisterHotKey","CharLowerBuffW","MonitorFromRect","LoadImageW","mouse_event","ExitWindowsEx","SetActiveWindow","FindWindowExW","EnumThreadWindows","SetMenuDefaultItem","InsertMenuItemW","IsMenu","GetKeyboardLayoutNameW","GetCursorPos","DeleteMenu","CheckMenuRadioItem","GetMenuItemID","GetMenuItemCount","SetMenuItemInfoW","GetMenuItemInfoW","SetForegroundWindow","IsIconic","FindWindowW","SystemParametersInfoW","GetMessageW","SendInput","GetAsyncKeyState","SetKeyboardState","GetKeyboardState","GetKeyState","VkKeyScanW","LoadStringW","DialogBoxParamW","MessageBeep","EndDialog","SendDlgItemMessageW","GetDlgItem","SetWindowTextW","CopyRect","EndPaint","BeginPaint","GetClientRect","GetMenu","DestroyWindow","EnumWindows","GetDesktopWindow","IsWindow","IsWindowEnabled","IsWindowVisible","EnableWindow","InvalidateRect","GetWindowLongW","ReleaseDC","GetDC","GetWindowThreadProcessId","AttachThreadInput","GetFocus","GetWindowTextW","SendMessageTimeoutW","EnumChildWindows","CharUpperBuffW","GetClassNameW","GetParent","GetDlgCtrlID","SendMessageW","MapVirtualKeyW","PostMessageW","GetWindowRect","SetUserObjectSecurity","CloseDesktop","CloseWindowStation","OpenDesktopW","ClientToScreen","RegisterHotKey","GetCursorInfo","SetWindowPos","CopyImage","AdjustWindowRectEx","SetRect","SetClipboardData","EmptyClipboard","CountClipboardFormats","CloseClipboard","GetClipboardData","IsClipboardFormatAvailable","OpenClipboard","TrackPopupMenuEx","BlockInput","SetProcessWindowStation","GetProcessWindowStation","OpenWindowStationW","GetUserObjectSecurity","MessageBoxW","DefWindowProcW","MoveWindow","SetFocus","PostQuitMessage","KillTimer","CreatePopupMenu","RegisterWindowMessageW","SetTimer","ShowWindow","CreateWindowExW","RegisterClassExW","LoadIconW","LoadCursorW","GetSysColorBrush","GetForegroundWindow","MessageBoxA","DestroyIcon","LockWindowUpdate","keybd_event","DispatchMessageW","ScreenToClient"],"GDI32.dll":["EndPath","DeleteObject","GetTextExtentPoint32W","ExtCreatePen","StrokeAndFillPath","GetDeviceCaps","SetPixel","CloseFigure","LineTo","AngleArc","MoveToEx","Ellipse","CreateCompatibleBitmap","CreateCompatibleDC","PolyDraw","BeginPath","Rectangle","SetViewportOrgEx","GetObjectW","SetBkMode","RoundRect","SetBkColor","CreatePen","SelectObject","StretchBlt","CreateSolidBrush","SetTextColor","CreateFontW","GetTextFaceW","GetStockObject","CreateDCW","GetPixel","DeleteDC","GetDIBits","StrokePath"],"COMDLG32.dll":["GetSaveFileNameW","GetOpenFileNameW"],"ADVAPI32.dll":["GetAce","RegEnumValueW","RegDeleteValueW","RegDeleteKeyW","RegEnumKeyExW","RegSetValueExW","RegOpenKeyExW","RegCloseKey","RegQueryValueExW","RegConnectRegistryW","InitializeSecurityDescriptor","InitializeAcl","AdjustTokenPrivileges","OpenThreadToken","OpenProcessToken","LookupPrivilegeValueW","DuplicateTokenEx","CreateProcessAsUserW","CreateProcessWithLogonW","GetLengthSid","CopySid","LogonUserW","AllocateAndInitializeSid","CheckTokenMembership","FreeSid","GetTokenInformation","RegCreateKeyExW","GetSecurityDescriptorDacl","GetAclInformation","GetUserNameW","AddAce","SetSecurityDescriptorDacl","InitiateSystemShutdownExW"],"SHELL32.dll":["DragFinish","DragQueryPoint","ShellExecuteExW","DragQueryFileW","SHEmptyRecycleBinW","SHGetPathFromIDListW","SHBrowseForFolderW","SHCreateShellItem","SHGetDesktopFolder","SHGetSpecialFolderLocation","SHGetFolderPathW","SHFileOperationW","ExtractIconExW","Shell_NotifyIconW","ShellExecuteW"],"ole32.dll":["CoTaskMemAlloc","CoTaskMemFree","CLSIDFromString","ProgIDFromCLSID","CLSIDFromProgID","OleSetMenuDescriptor","MkParseDisplayName","OleSetContainedObject","CoCreateInstance","IIDFromString","StringFromGUID2","CreateStreamOnHGlobal","OleInitialize","OleUninitialize","CoInitialize","CoUninitialize","GetRunningObjectTable","CoGetInstanceFromFile","CoGetObject","CoInitializeSecurity","CoCreateInstanceEx","CoSetProxyBlanket"],"OLEAUT32.dll":["CreateStdDispatch","CreateDispTypeInfo","UnRegisterTypeLib","UnRegisterTypeLibForUser","RegisterTypeLibForUser","RegisterTypeLib","LoadTypeLibEx","VariantCopyInd","SysReAllocString","SysFreeString","VariantChangeType","SafeArrayDestroyData","SafeArrayUnaccessData","SafeArrayAccessData","SafeArrayAllocData","SafeArrayAllocDescriptorEx","SafeArrayCreateVector","SysStringLen","QueryPathOfRegTypeLib","SysAllocString","VariantInit","VariantClear","DispCallFunc","VariantTimeToSystemTime","VarR8FromDec","SafeArrayGetVartype","SafeArrayDestroyDescriptor","VariantCopy","OleLoadPicture"]},"resources":[{"id":1,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"timedatestamp":"1980-Jan-01 00:00:00","entropy":3.66371},{"id":2,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"timedatestamp":"1980-Jan-01 00:00:00","entropy":2.05883},{"id":3,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"timedatestamp":"1980-Jan-01 00:00:00","entropy":2.25499},{"id":4,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":744,"timedatestamp":"1980-Jan-01 00:00:00","entropy":3.65355},{"id":5,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"timedatestamp":"1980-Jan-01 00:00:00","entropy":3.43704},{"id":6,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":3752,"timedatestamp":"1980-Jan-01 00:00:00","entropy":4.16139},{"id":7,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":2216,"timedatestamp":"1980-Jan-01 00:00:00","entropy":4.07494},{"id":8,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1384,"timedatestamp":"1980-Jan-01 00:00:00","entropy":2.18302},{"id":9,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":9640,"timedatestamp":"1980-Jan-01 00:00:00","entropy":4.52312},{"id":10,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":4264,"timedatestamp":"1980-Jan-01 00:00:00","entropy":4.65168},{"id":11,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1128,"timedatestamp":"1980-Jan-01 00:00:00","entropy":4.39178},{"id":166,"type":"RT_MENU","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":80,"timedatestamp":"1980-Jan-01 00:00:00","entropy":2.68292},{"id":"7 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1428,"timedatestamp":"1980-Jan-01 00:00:00","entropy":3.34702},{"id":"8 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1674,"timedatestamp":"1980-Jan-01 00:00:00","entropy":3.2804},{"id":"9 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1168,"timedatestamp":"1980-Jan-01 00:00:00","entropy":3.28849},{"id":"10 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1532,"timedatestamp":"1980-Jan-01 00:00:00","entropy":3.28373},{"id":"11 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1628,"timedatestamp":"1980-Jan-01 00:00:00","entropy":3.26322},{"id":12,"type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1126,"timedatestamp":"1980-Jan-01 00:00:00","entropy":3.25812},{"id":313,"type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":344,"timedatestamp":"1980-Jan-01 00:00:00","entropy":3.08572},{"id":"SCRIPT","type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":206799,"timedatestamp":"1980-Jan-01 00:00:00","entropy":7.999},{"id":99,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":118,"timedatestamp":"1980-Jan-01 00:00:00","entropy":2.8695,"detected_filetype":"Icon file"},{"id":162,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":20,"timedatestamp":"1980-Jan-01 00:00:00","entropy":2.02322,"detected_filetype":"Icon file"},{"id":164,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":20,"timedatestamp":"1980-Jan-01 00:00:00","entropy":1.84274,"detected_filetype":"Icon file"},{"id":169,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":20,"timedatestamp":"1980-Jan-01 00:00:00","entropy":2.02322,"detected_filetype":"Icon file"},{"id":"1 (#2)","type":"RT_VERSION","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":220,"timedatestamp":"1980-Jan-01 00:00:00","entropy":2.77862},{"id":"1 (#3)","type":"RT_MANIFEST","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1007,"timedatestamp":"1980-Jan-01 00:00:00","entropy":5.40026}],"version_info":{"resource_langid":"English - United Kingdom","vs_version_info":{"signature":"0xFEEF04BD","structversion":"0x00010000","fileversion":"0.0.0.0","productversion":"0.0.0.0","fileflags":"(EMPTY)","fileos":["VOS_DOS_WINDOWS32","VOS_NT_WINDOWS32","VOS__WINDOWS32"],"filetype":"VFT_APP","language":"English - United Kingdom"}},"debug_info":{"image_debug_type_pogo":{"characteristics":0,"timedatestamp":"2022-Mar-06 00:51:55","version":"0.0","sizeofdata":1116,"addressofrawdata":"0x000C8210","pointertorawdata":"0x000C7210"}},"tls_callbacks":{"startaddressofrawdata":"0x004C868C","endaddressofrawdata":"0x004C8694","addressofindex":"0x004D0740","addressofcallbacks":"0x0049C8F8","sizeofzerofill":"0x00000000","characteristics":"IMAGE_SCN_ALIGN_4BYTES","callbacks":"(EMPTY)"},"load_configuration":{"size":160,"timedatestamp":"1970-Jan-01 00:00:00","version":"0.0","globalflagsclear":"(EMPTY)","globalflagsset":"(EMPTY)","criticalsectiondefaulttimeout":0,"decommitfreeblockthreshold":"0x00000000","decommittotalfreethreshold":"0x00000000","lockprefixtable":"0x00000000","maximumallocationsize":"0x00000000","virtualmemorythreshold":"0x00000000","processaffinitymask":"0x00000000","processheapflags":"(EMPTY)","csdversion":0,"reserved1":"0x0000","editlist":"0x00000000","securitycookie":"0x004CC014","sehandlertable":"0x00000000","sehandlercount":0},"rich_header":{"xor_key":"0xFDEDA6DE","unmarked_objects":0,"entries":[{"id":241,"build_id":40116,"count":35},{"id":243,"build_id":40116,"count":157},{"id":242,"build_id":40116,"count":35},{"id":199,"build_id":41118,"count":1},{"description":"C++ objects (VS 2015/2017 runtime 26706)","count":45},{"description":"C objects (VS 2015/2017 runtime 26706)","count":18},{"description":"ASM objects (VS 2015/2017 runtime 26706)","count":21},{"description":"C objects (VS2008 SP1 build 30729)","count":9},{"description":"Imports (VS2008 SP1 build 30729)","count":37},{"description":"Total imports","count":553},{"description":"C++ objects (POGO O) (27045)","count":80},{"description":"ASM objects (27045)","count":1},{"description":"Resource objects (27045)","count":1},{"id":151,"count":1},{"description":"Linker (27045)","count":1}]},"compiler_detection":["Microsoft Visual C++ 6.0 - 8.0"],"suspicious_strings":["AutoIt Error","reserved for AutoIt internal use"],"cryptographic_algorithms":["Uses constants related to CRC32","Uses known Mersenne Twister constants"],"malicious_indicators":{"hidden_imports":["LoadLibraryA","GetProcAddress","LoadLibraryExW","LoadLibraryW"],"anti_debugging":["CreateToolhelp32Snapshot","FindWindowW"],"code_injection":["OpenProcess","VirtualAllocEx","WriteProcessMemory","VirtualAlloc"],"powerloader_injection":["FindWindowW","GetWindowLongW"],"registry_access":["RegisterHotKey","RegEnumValueW","RegDeleteValueW","RegDeleteKeyW","RegEnumKeyExW","RegSetValueExW","RegOpenKeyExW","RegCloseKey","RegQueryValueExW","RegCreateKeyExW"],"process_creation":["CreateProcessW","CreateProcessAsUserW","CreateProcessWithLogonW","ShellExecuteW"],"temp_files":["CreateFileW","GetTempPathW"],"keylogging":["GetAsyncKeyState","AttachThreadInput","MapVirtualKeyW","GetForegroundWindow"],"internet_access":["InternetCloseHandle","InternetOpenW","InternetSetOptionW","InternetCrackUrlW","InternetQueryOptionW","InternetConnectW","InternetOpenUrlW","InternetReadFile","InternetQueryDataAvailable"],"privilege_escalation":["AdjustTokenPrivileges","OpenProcessToken","DuplicateTokenEx","CheckTokenMembership"],"disk_enumeration":["GetDriveTypeW","GetVolumeInformationW"],"process_manipulation":["OpenProcess","WriteProcessMemory","ReadProcessMemory","Process32FirstW","Process32NextW"],"screen_capture":["FindWindowW","GetDC","CreateCompatibleDC"],"clipboard_access":["GetClipboardData"],"system_shutdown":["ExitWindowsEx","InitiateSystemShutdownExW"]},"abnormal_resources":["Resource SCRIPT is possibly compressed or encrypted."],"exploit_mitigations":{"stack_canary":"enabled","safe_seh":"enabled (0 registered handlers)","aslr":"enabled","dep":"disabled","cfg":"disabled"}},"Exports":{},"Resources":{"entities":[{"id":1,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"timestamp":"1980-Jan-01 00:00:00","entropy":3.66371},{"id":2,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"timestamp":"1980-Jan-01 00:00:00","entropy":2.05883},{"id":3,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"timestamp":"1980-Jan-01 00:00:00","entropy":2.25499},{"id":4,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":744,"timestamp":"1980-Jan-01 00:00:00","entropy":3.65355},{"id":5,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":296,"timestamp":"1980-Jan-01 00:00:00","entropy":3.43704},{"id":6,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":3752,"timestamp":"1980-Jan-01 00:00:00","entropy":4.16139},{"id":7,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":2216,"timestamp":"1980-Jan-01 00:00:00","entropy":4.07494},{"id":8,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1384,"timestamp":"1980-Jan-01 00:00:00","entropy":2.18302},{"id":9,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":9640,"timestamp":"1980-Jan-01 00:00:00","entropy":4.52312},{"id":10,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":4264,"timestamp":"1980-Jan-01 00:00:00","entropy":4.65168},{"id":11,"type":"RT_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1128,"timestamp":"1980-Jan-01 00:00:00","entropy":4.39178},{"id":166,"type":"RT_MENU","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":80,"timestamp":"1980-Jan-01 00:00:00","entropy":2.68292},{"id":"7 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1428,"timestamp":"1980-Jan-01 00:00:00","entropy":3.34702},{"id":"8 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1674,"timestamp":"1980-Jan-01 00:00:00","entropy":3.2804},{"id":"9 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1168,"timestamp":"1980-Jan-01 00:00:00","entropy":3.28849},{"id":"10 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1532,"timestamp":"1980-Jan-01 00:00:00","entropy":3.28373},{"id":"11 (#2)","type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1628,"timestamp":"1980-Jan-01 00:00:00","entropy":3.26322},{"id":12,"type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1126,"timestamp":"1980-Jan-01 00:00:00","entropy":3.25812},{"id":313,"type":"RT_STRING","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":344,"timestamp":"1980-Jan-01 00:00:00","entropy":3.08572},{"id":"SCRIPT","type":"RT_RCDATA","language":"UNKNOWN","codepage":"Latin 1 / Western European","size":206799,"timestamp":"1980-Jan-01 00:00:00","entropy":7.999},{"id":99,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":118,"timestamp":"1980-Jan-01 00:00:00","entropy":2.8695,"detected_filetype":"Icon file"},{"id":162,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":20,"timestamp":"1980-Jan-01 00:00:00","entropy":2.02322,"detected_filetype":"Icon file"},{"id":164,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":20,"timestamp":"1980-Jan-01 00:00:00","entropy":1.84274,"detected_filetype":"Icon file"},{"id":169,"type":"RT_GROUP_ICON","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":20,"timestamp":"1980-Jan-01 00:00:00","entropy":2.02322,"detected_filetype":"Icon file"},{"id":"1 (#2)","type":"RT_VERSION","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":220,"timestamp":"1980-Jan-01 00:00:00","entropy":2.77862},{"id":"1 (#3)","type":"RT_MANIFEST","language":"English - United Kingdom","codepage":"Latin 1 / Western European","size":1007,"timestamp":"1980-Jan-01 00:00:00","entropy":5.40026}],"version_info":{"resource_langid":"English - United Kingdom","signature":"0xFEEF04BD","struct_version":"0x00010000","file_version":"0.0.0.0","product_version":"0.0.0.0","file_flags":"(EMPTY)","file_os":["VOS_DOS_WINDOWS32","VOS_NT_WINDOWS32","VOS__WINDOWS32"],"file_type":"VFT_APP","language":"English - United Kingdom"}},"Debug Info":{"IMAGE_DEBUG_TYPE_POGO":{"Characteristics":0,"TimeDateStamp":"2022-Mar-06 00:51:55","Version":"0.0","SizeofData":1116,"AddressOfRawData":"0x000C8210","PointerToRawData":"0x000C7210"},"TLS_Callbacks":{"StartAddressOfRawData":"0x004C868C","EndAddressOfRawData":"0x004C8694","AddressOfIndex":"0x004D0740","AddressOfCallbacks":"0x0049C8F8","SizeOfZeroFill":"0x00000000","Characteristics":"IMAGE_SCN_ALIGN_4BYTES","Callbacks":"EMPTY"}},"Load Configuration":{"Size":160,"TimeDateStamp":"1970-Jan-01 00:00:00","Version":"0.0","GlobalFlagsClear":"","GlobalFlagsSet":"","CriticalSectionDefaultTimeout":0,"DeCommitFreeBlockThreshold":0,"DeCommitTotalFreeThreshold":0,"LockPrefixTable":0,"MaximumAllocationSize":0,"VirtualMemoryThreshold":0,"ProcessAffinityMask":0,"ProcessHeapFlags":"","CSDVersion":0,"Reserved1":0,"EditList":0,"SecurityCookie":5038100,"SEHandlerTable":0,"SEHandlerCount":0},"RICH Header":{"xor_key":"0xFDEDA6DE","unmarked_objects":0,"object_counts":{"151":1,"241_40116":35,"243_40116":157,"242_40116":35,"199_41118":1,"cpp_objects_vs_2015_2017_runtime_26706":45,"c_objects_vs_2015_2017_runtime_26706":18,"asm_objects_vs_2015_2017_runtime_26706":21,"c_objects_vs2008_sp1_build_30729":9,"imports_vs2008_sp1_build_30729":37,"total_imports":553,"cpp_objects_pogo_o_27045":80,"asm_objects_27045":1,"resource_objects_27045":1,"linker_27045":1},"matching_compilers":["Microsoft Visual C++ 6.0 - 8.0"],"suspicious_strings":{"autoit_compiled_script":["AutoIt Error","reserved for AutoIt internal use"]},"cryptographic_algorithms":["Uses constants related to CRC32","Uses known Mersenne Twister constants"],"malicious_indicators":{"hidden_imports":["LoadLibraryA","GetProcAddress","LoadLibraryExW","LoadLibraryW"],"anti_debugging_functions":["CreateToolhelp32Snapshot","FindWindowW"],"code_injection_capabilities":["OpenProcess","VirtualAllocEx","WriteProcessMemory","VirtualAlloc"],"powerloader_code_injection":["FindWindowW","GetWindowLongW"],"registry_access_functions":["RegisterHotKey","RegEnumValueW","RegDeleteValueW","RegDeleteKeyW","RegEnumKeyExW","RegSetValueExW","RegOpenKeyExW","RegCloseKey","RegQueryValueExW","RegCreateKeyExW"],"program_launching_functions":["CreateProcessW","CreateProcessAsUserW","CreateProcessWithLogonW","ShellExecuteW"],"temporary_file_creation":["CreateFileW","GetTempPathW"],"keylogger_functions":["GetAsyncKeyState","AttachThreadInput","MapVirtualKeyW","GetForegroundWindow"],"internet_access_functions":["InternetCloseHandle","InternetOpenW","InternetSetOptionW","InternetCrackUrlW","InternetQueryOptionW","InternetConnectW","InternetOpenUrlW","InternetReadFile","InternetQueryDataAvailable"],"privilege_level_functions":["AdjustTokenPrivileges","OpenProcessToken","DuplicateTokenEx","CheckTokenMembership"],"disk_drive_enumeration":["GetDriveTypeW","GetVolumeInformationW"],"process_manipulation":["OpenProcess","WriteProcessMemory","ReadProcessMemory","Process32FirstW","Process32NextW"],"screenshot_functions":["FindWindowW","GetDC","CreateCompatibleDC"],"clipboard_reading":["GetClipboardData"],"system_shutdown_functions":["ExitWindowsEx","InitiateSystemShutdownExW"]},"abnormal_resource_characteristics":["Resource SCRIPT is possibly compressed or encrypted"],"exploit_mitigation_techniques":{"stack_canary":true,"safe_seh":true,"aslr":true,"dep":false,"cfg":false}},"Interesting strings found in the binary":{},"file_path":"/home/apogean/projects/malware/windows/all_runs/5.exe"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_keig3j92/output.txt"},"timestamp":"2026-04-28 23:56:31"},{"_id":{"$oid":"69f1fc1f59a6632dae07de7b"},"sha256":"778c2e260d8d3982c7b93c1ecc8201fb16bd62f085004c2886d3c69ef45cec27","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /home/apogean/projects/malware/windows/all_runs/custom_edid.bin\nDate: 2026-04-29 18:09:59\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n\n[!] Error: DOS Header is invalid (wrong magic).\n[!] Error: Could not parse /home/apogean/projects/malware/windows/all_runs/custom_edid.bin!\n\n","json_output":{"Summary":{},"DOS Header":{},"PE Header":{},"Image Optional Header":{},"Sections":{},"Imports":{},"Exports":{},"Resources":{},"Debug Info":{},"Load Configuration":{},"RICH Header":{},"Interesting strings found in the binary":{},"file_path":"/home/apogean/projects/malware/windows/all_runs/custom_edid.bin"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_5w_xv943/output.txt"},"timestamp":"2026-04-29 18:09:59"},{"_id":{"$oid":"69f24e7259a6632dae07de82"},"sha256":"4792cd702b952d39c1cd215f842223b96e2c17ce9981629cce63014bf095329e","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /home/apogean/projects/malware/windows/all_runs/mamamia.exe\nDate: 2026-04-29 23:44:42\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n-------------------------------------------------------------------------------\n/home/apogean/projects/malware/windows/all_runs/mamamia.exe\n-------------------------------------------------------------------------------\n\nSummary:\n--------\nArchitecture: IMAGE_FILE_MACHINE_I386\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nCompilation Date: 2025-Nov-17 20:35:38\nDetected languages: English - United States\n Portuguese - Brazil\nFileDescription: WinLSP\nFileVersion: 1.0.0.0\nProductName: WinLSP\nProductVersion: 1.0.0.0\nProgramID: com.embarcadero.WinLSP\n\nDOS Header:\n-----------\ne_magic: MZ\ne_cblp: 0x0050\ne_cp: 0x0002\ne_crlc: 0x0000\ne_cparhdr: 0x0004\ne_minalloc: 0x000F\ne_maxalloc: 0xFFFF\ne_ss: 0x0000\ne_sp: 0x00B8\ne_csum: 0x0000\ne_ip: 0x0000\ne_cs: 0x0000\ne_ovno: 0x001A\ne_oemid: 0x0000\ne_oeminfo: 0x0000\ne_lfanew: 0x00000100\n\nPE Header:\n----------\nSignature: PE\nMachine: IMAGE_FILE_MACHINE_I386\nNumberofSections: 11\nTimeDateStamp: 2025-Nov-17 20:35:38\nPointerToSymbolTable: 0x00000000\nNumberOfSymbols: 0\nSizeOfOptionalHeader: 0x00E0\nCharacteristics: IMAGE_FILE_32BIT_MACHINE\n IMAGE_FILE_EXECUTABLE_IMAGE\n\nImage Optional Header:\n----------------------\nMagic: PE32\nLinkerVersion: 2.0\nSizeOfCode: 0x00AD7200\nSizeOfInitializedData: 0x02A96C00\nSizeOfUninitializedData: 0x00000000\nAddressOfEntryPoint: 0x00AD81E4 (Section: .itext)\nBaseOfCode: 0x00001000\nBaseOfData: 0x00AD9000\nImageBase: 0x00400000\nSectionAlignment: 0x00001000\nFileAlignment: 0x00000200\nOperatingSystemVersion: 6.0\nImageVersion: 0.0\nSubsystemVersion: 6.0\nWin32VersionValue: 0\nSizeOfImage: 0x035A0000\nSizeOfHeaders: 0x00000400\nChecksum: 0x00000000\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nDllCharacteristics: IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE\n IMAGE_DLLCHARACTERISTICS_NX_COMPAT\n IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE\nSizeofStackReserve: 0x00100000\nSizeofStackCommit: 0x00004000\nSizeofHeapReserve: 0x00100000\nSizeofHeapCommit: 0x00001000\nLoaderFlags: 0x00000000\nNumberOfRvaAndSizes: 16\n\nSections:\n---------\n.text:\n VirtualSize: 0x00AD0C04\n VirtualAddress: 0x00001000\n SizeOfRawData: 0x00AD0E00\n PointerToRawData: 0x00000400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 6.49067\n\n.itext:\n VirtualSize: 0x00006240\n VirtualAddress: 0x00AD2000\n SizeOfRawData: 0x00006400\n PointerToRawData: 0x00AD1200\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 6.31899\n\n.data:\n VirtualSize: 0x0002D1E4\n VirtualAddress: 0x00AD9000\n SizeOfRawData: 0x0002D200\n PointerToRawData: 0x00AD7600\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n Entropy: 5.64362\n\n.bss:\n VirtualSize: 0x000298FC\n VirtualAddress: 0x00B07000\n SizeOfRawData: 0x00000000\n PointerToRawData: 0x00000000\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n\n.idata:\n VirtualSize: 0x00004C18\n VirtualAddress: 0x00B31000\n SizeOfRawData: 0x00004E00\n PointerToRawData: 0x00B04800\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n Entropy: 5.1625\n\n.didata:\n VirtualSize: 0x000011B0\n VirtualAddress: 0x00B36000\n SizeOfRawData: 0x00001200\n PointerToRawData: 0x00B09600\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n Entropy: 4.40898\n\n.edata:\n VirtualSize: 0x0000006F\n VirtualAddress: 0x00B38000\n SizeOfRawData: 0x00000200\n PointerToRawData: 0x00B0A800\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 1.32437\n\n.tls:\n VirtualSize: 0x00000060\n VirtualAddress: 0x00B39000\n SizeOfRawData: 0x00000000\n PointerToRawData: 0x00000000\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n\n.rdata:\n VirtualSize: 0x0000005D\n VirtualAddress: 0x00B3A000\n SizeOfRawData: 0x00000200\n PointerToRawData: 0x00B0AA00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 1.38389\n\n.reloc:\n VirtualSize: 0x0010D040\n VirtualAddress: 0x00B3B000\n SizeOfRawData: 0x0010D200\n PointerToRawData: 0x00B0AC00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_DISCARDABLE\n IMAGE_SCN_MEM_READ\n Entropy: 6.62953\n\n.rsrc:\n VirtualSize: 0x02956400\n VirtualAddress: 0x00C49000\n SizeOfRawData: 0x02956400\n PointerToRawData: 0x00C17E00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 6.36329\n\n\nImports:\n--------\nshlwapi.dll: SHCreateStreamOnFileW\nwininet.dll: InternetCloseHandle\n InternetGetConnectedState\n InternetReadFile\n HttpOpenRequestW\n HttpSendRequestW\n InternetConnectW\n InternetOpenW\n InternetOpenUrlW\nwinspool.drv: DocumentPropertiesW\n ClosePrinter\n OpenPrinterW\n GetDefaultPrinterW\n EnumPrintersW\ncomctl32.dll: ImageList_GetImageInfo\n FlatSB_SetScrollInfo\n InitCommonControls\n ImageList_DragMove\n ImageList_Destroy\n _TrackMouseEvent\n ImageList_DragShowNolock\n ImageList_Add\n FlatSB_SetScrollProp\n ImageList_GetDragImage\n ImageList_Create\n ImageList_EndDrag\n ImageList_DrawEx\n ImageList_AddMasked\n ImageList_SetImageCount\n FlatSB_GetScrollPos\n FlatSB_SetScrollPos\n InitializeFlatSB\n ImageList_Copy\n FlatSB_GetScrollInfo\n ImageList_Write\n ImageList_DrawIndirect\n ImageList_SetBkColor\n ImageList_GetBkColor\n ImageList_BeginDrag\n ImageList_GetIcon\n ImageList_Replace\n ImageList_GetImageCount\n ImageList_DragEnter\n ImageList_GetIconSize\n ImageList_SetIconSize\n ImageList_Read\n ImageList_DragLeave\n ImageList_LoadImageW\n ImageList_Draw\n ImageList_Remove\n ImageList_ReplaceIcon\n ImageList_SetOverlayImage\nshell32.dll: SHGetMalloc\n SHGetFolderPathW\n SHGetFileInfoW\n SHGetDesktopFolder\n DragQueryFileW\n SHGetSpecialFolderLocation\n Shell_NotifyIconW\n SHAppBarMessage\n ShellExecuteW\n ShellExecuteExW\nuser32.dll: CopyImage\n MoveWindow\n SetMenuItemInfoW\n GetMenuItemInfoW\n DefFrameProcW\n GetCaretPos\n ScrollWindowEx\n GetDlgCtrlID\n GetUpdateRgn\n FrameRect\n RegisterWindowMessageW\n GetMenuStringW\n FillRect\n SendMessageA\n IsClipboardFormatAvailable\n EnumWindows\n ShowOwnedPopups\n GetClassInfoW\n GetScrollRange\n SetActiveWindow\n GetActiveWindow\n DrawEdge\n GetKeyboardLayoutList\n LoadBitmapW\n EnumChildWindows\n SendNotifyMessageW\n GetScrollBarInfo\n UnhookWindowsHookEx\n SetCapture\n GetCapture\n ChildWindowFromPointEx\n CreatePopupMenu\n ShowCaret\n GetMenuItemID\n CharLowerBuffW\n ChangeDisplaySettingsW\n PostMessageW\n SetWindowLongW\n IsZoomed\n SetParent\n DrawMenuBar\n InvalidateRgn\n SetSystemCursor\n GetClientRect\n IsChild\n IntersectRect\n IsIconic\n CallNextHookEx\n ShowWindow\n SetForegroundWindow\n GetWindowTextW\n GetAsyncKeyState\n GetWindowTextLengthW\n DestroyWindow\n IsDialogMessageW\n RegisterClassW\n EndMenu\n CharNextW\n GetFocus\n GetDC\n SetFocus\n ReleaseDC\n mouse_event\n ExitWindowsEx\n GetClassLongW\n SetScrollRange\n DrawTextW\n PeekMessageA\n TabbedTextOutW\n MessageBeep\n SetClassLongW\n SetRectEmpty\n LockWindowUpdate\n RemovePropW\n GetSubMenu\n EqualRect\n DestroyIcon\n IsWindowVisible\n DispatchMessageA\n PtInRect\n UnregisterClassW\n GetTopWindow\n SendMessageW\n GetTabbedTextExtentW\n GetMessageTime\n NotifyWinEvent\n CreateMenu\n LoadStringW\n CharLowerW\n SetWindowRgn\n SetWindowPos\n GetWindowRgn\n GetMenuItemCount\n GetSysColorBrush\n GetWindowDC\n DrawTextExW\n CharLowerBuffA\n EnumClipboardFormats\n GetScrollInfo\n SetWindowTextW\n GetMessageExtraInfo\n GetSysColor\n EnableScrollBar\n TrackPopupMenu\n DrawIconEx\n keybd_event\n GetClassNameW\n GetMessagePos\n GetIconInfo\n SetScrollInfo\n GetKeyNameTextW\n GetDesktopWindow\n SetCursorPos\n GetCursorPos\n SetMenu\n GetMenuState\n GetMenu\n SetRect\n GetKeyState\n IsRectEmpty\n ValidateRect\n IsCharAlphaW\n GetCursor\n KillTimer\n BeginDeferWindowPos\n WaitMessage\n TranslateMDISysAccel\n GetWindowPlacement\n CreateIconIndirect\n CreateWindowExW\n ChildWindowFromPoint\n GetMessageW\n GetDCEx\n PeekMessageW\n MonitorFromWindow\n GetUpdateRect\n SetTimer\n WindowFromPoint\n BeginPaint\n RegisterClipboardFormatW\n MapVirtualKeyW\n OffsetRect\n IsWindowUnicode\n DispatchMessageW\n CreateAcceleratorTableW\n DefMDIChildProcW\n GetSystemMenu\n SetScrollPos\n GetScrollPos\n InflateRect\n DrawFocusRect\n ReleaseCapture\n LoadCursorW\n GetGUIThreadInfo\n ScrollWindow\n GetLastActivePopup\n SetMenuInfo\n GetMenuInfo\n GetSystemMetrics\n CharUpperBuffW\n ClientToScreen\n SetClipboardData\n GetClipboardData\n SetWindowPlacement\n GetMonitorInfoW\n CheckMenuItem\n CharUpperW\n DefWindowProcW\n GetForegroundWindow\n ToAscii\n EnableWindow\n GetWindowThreadProcessId\n RedrawWindow\n EndPaint\n MsgWaitForMultipleObjectsEx\n LoadKeyboardLayoutW\n EnumDisplaySettingsW\n ActivateKeyboardLayout\n GetParent\n MonitorFromRect\n InsertMenuItemW\n GetPropW\n MessageBoxW\n SetPropW\n UpdateWindow\n MsgWaitForMultipleObjects\n DestroyMenu\n SetWindowsHookExW\n GetDoubleClickTime\n EmptyClipboard\n GetAncestor\n AdjustWindowRectEx\n DrawIcon\n IsWindow\n EnumThreadWindows\n InvalidateRect\n LookupIconIdFromDirectoryEx\n SetKeyboardState\n GetKeyboardState\n DrawFrameControl\n ScreenToClient\n IsCharAlphaNumericW\n WindowFromDC\n BringWindowToTop\n SetCursor\n CreateIcon\n RemoveMenu\n AppendMenuW\n SubtractRect\n GetKeyboardLayoutNameW\n OpenClipboard\n TranslateMessage\n MapWindowPoints\n EnumDisplayMonitors\n CallWindowProcW\n CountClipboardFormats\n CloseClipboard\n DestroyCursor\n CharUpperBuffA\n CopyIcon\n PostQuitMessage\n ShowScrollBar\n LoadImageW\n EnableMenuItem\n DeferWindowPos\n HideCaret\n EndDeferWindowPos\n FindWindowExW\n MonitorFromPoint\n LoadIconW\n SystemParametersInfoW\n GetWindow\n GetWindowLongW\n GetWindowRect\n ToUnicode\n InsertMenuW\n IsWindowEnabled\n IsDialogMessageA\n FindWindowW\n DeleteMenu\n GetKeyboardLayout\nversion.dll: GetFileVersionInfoSizeW\n VerQueryValueW\n GetFileVersionInfoW\noleaut32.dll: SafeArrayPutElement\n GetErrorInfo\n VariantInit\n VariantClear\n SysFreeString\n SafeArrayAccessData\n SysReAllocStringLen\n SafeArrayCreate\n SafeArrayGetElement\n GetActiveObject\n SysAllocStringLen\n SafeArrayUnaccessData\n SafeArrayPtrOfIndex\n SafeArrayCreateVector\n SafeArrayGetElemsize\n VariantCopy\n SafeArrayGetUBound\n SafeArrayGetLBound\n VariantCopyInd\n VariantChangeType\nadvapi32.dll: RegSetValueExW\n RegConnectRegistryW\n RegEnumKeyExW\n RegLoadKeyW\n AdjustTokenPrivileges\n RegDeleteKeyW\n LookupPrivilegeValueW\n OpenProcessToken\n RegOpenKeyExW\n RegQueryInfoKeyW\n RegUnLoadKeyW\n RegSaveKeyW\n RegDeleteValueW\n RegReplaceKeyW\n RegFlushKey\n RegQueryValueExW\n RegEnumValueW\n RegCloseKey\n RegCreateKeyExW\n RegRestoreKeyW\nmsvcrt.dll: isupper\n isalpha\n isalnum\n toupper\n memchr\n memcmp\n memcpy\n memset\n isprint\n isspace\n iscntrl\n isxdigit\n ispunct\n isgraph\n islower\n tolower\nwinhttp.dll: WinHttpGetIEProxyConfigForCurrentUser\n WinHttpSetTimeouts\n WinHttpSetStatusCallback\n WinHttpConnect\n WinHttpReceiveResponse\n WinHttpQueryAuthSchemes\n WinHttpGetProxyForUrl\n WinHttpReadData\n WinHttpCloseHandle\n WinHttpQueryHeaders\n WinHttpOpenRequest\n WinHttpAddRequestHeaders\n WinHttpOpen\n WinHttpWriteData\n WinHttpSetCredentials\n WinHttpQueryDataAvailable\n WinHttpSetOption\n WinHttpSendRequest\n WinHttpQueryOption\nkernel32.dll: GetFileType\n QueryDosDeviceW\n GetACP\n CloseHandle\n LocalFree\n GetCurrentProcessId\n SizeofResource\n TerminateThread\n QueryPerformanceFrequency\n SetProcessWorkingSetSize\n IsDebuggerPresent\n FindNextFileW\n GetFullPathNameW\n VirtualFree\n GetProcessHeap\n ExitProcess\n HeapAlloc\n GetCPInfoExW\n GlobalSize\n RtlUnwind\n GetCPInfo\n EnumSystemLocalesW\n GetStdHandle\n GetTimeZoneInformation\n FileTimeToLocalFileTime\n GetModuleHandleW\n FreeLibrary\n TryEnterCriticalSection\n HeapDestroy\n FileTimeToDosDateTime\n ReadFile\n GetUserDefaultLCID\n GetLastError\n GetModuleFileNameW\n SetLastError\n GlobalAlloc\n GlobalUnlock\n FindResourceW\n CreateThread\n CompareStringW\n MapViewOfFile\n LoadLibraryA\n GetVolumeInformationW\n ResetEvent\n MulDiv\n FreeResource\n GetDriveTypeW\n GetVersion\n RaiseException\n GlobalAddAtomW\n FormatMessageW\n OpenProcess\n SwitchToThread\n GetExitCodeThread\n GetStringTypeW\n OutputDebugStringW\n GetCurrentThread\n GetFileAttributesExW\n IsBadReadPtr\n ExpandEnvironmentStringsW\n GetComputerNameA\n LoadLibraryExW\n TerminateProcess\n LockResource\n FileTimeToSystemTime\n GetCurrentThreadId\n UnhandledExceptionFilter\n GlobalFindAtomW\n VirtualQuery\n GlobalFree\n VirtualQueryEx\n Sleep\n EnterCriticalSection\n SetFilePointer\n ReleaseMutex\n LoadResource\n SuspendThread\n GetTickCount\n WaitForMultipleObjects\n GetFileSize\n GlobalDeleteAtom\n GetStartupInfoW\n GetFileAttributesW\n SetCurrentDirectoryW\n GetCurrentDirectoryW\n InitializeCriticalSection\n GetThreadPriority\n GetCurrentProcess\n GlobalLock\n SetThreadPriority\n VirtualAlloc\n GetTempPathW\n GetCommandLineW\n GetSystemInfo\n LeaveCriticalSection\n GetProcAddress\n ResumeThread\n GetLogicalDriveStringsW\n GetVersionExW\n VerifyVersionInfoW\n HeapCreate\n LCMapStringW\n GetDiskFreeSpaceW\n VerSetConditionMask\n FindFirstFileW\n GetUserDefaultUILanguage\n GetConsoleOutputCP\n UnmapViewOfFile\n GetConsoleCP\n lstrlenW\n CompareStringA\n QueryPerformanceCounter\n SetEndOfFile\n lstrcmpW\n InitializeCriticalSectionAndSpinCount\n HeapFree\n WideCharToMultiByte\n FindClose\n MultiByteToWideChar\n CreateMutexA\n LoadLibraryW\n SetEvent\n GetLocaleInfoW\n CreateFileW\n EnumResourceNamesW\n DeleteFileW\n IsDBCSLeadByteEx\n GetEnvironmentVariableW\n GetLocalTime\n WaitForSingleObject\n WriteFile\n CreateFileMappingW\n ExitThread\n DeleteCriticalSection\n GetDateFormatW\n GetTimeFormatW\n TlsGetValue\n SetErrorMode\n GetComputerNameW\n IsValidLocale\n SleepEx\n TlsSetValue\n GetSystemDefaultUILanguage\n EnumCalendarInfoW\n LocalAlloc\n RemoveDirectoryW\n CreateEventW\n WaitForMultipleObjectsEx\n GetThreadLocale\n SetThreadLocale\nwsock32.dll: gethostbyaddr\n WSACleanup\n gethostbyname\n bind\n gethostname\n closesocket\n WSAGetLastError\n connect\n inet_addr\n getpeername\n WSAAsyncSelect\n WSAAsyncGetServByName\n WSACancelAsyncRequest\n send\n ntohs\n htons\n WSAStartup\n getservbyname\n getsockname\n listen\n socket\n recv\n inet_ntoa\n ioctlsocket\n WSAAsyncGetHostByName\nole32.dll: RevokeDragDrop\n OleRegEnumVerbs\n IsAccelerator\n CoCreateInstance\n CoUninitialize\n CLSIDFromString\n RegisterDragDrop\n IsEqualGUID\n ProgIDFromCLSID\n CreateStreamOnHGlobal\n OleInitialize\n CoInitializeEx\n OleUninitialize\n CoGetClassObject\n CoInitialize\n CoTaskMemFree\n OleDraw\n CoTaskMemAlloc\n StringFromCLSID\n OleSetMenuDescriptor\n DoDragDrop\ngdi32.dll: Pie\n SetBkMode\n GetTextCharsetInfo\n GetRandomRgn\n CreateCompatibleBitmap\n CreatePolygonRgn\n BeginPath\n GetEnhMetaFileHeader\n CloseEnhMetaFile\n RectVisible\n AngleArc\n TranslateCharsetInfo\n ResizePalette\n SetAbortProc\n SetTextColor\n GetTextColor\n StretchBlt\n PathToRegion\n GetCharABCWidthsFloatW\n GetGlyphIndicesW\n ExtSelectClipRgn\n RoundRect\n SelectClipRgn\n RectInRegion\n RestoreDC\n FillPath\n SetRectRgn\n GetTextMetricsW\n GetWindowOrgEx\n CreatePalette\n GetTextCharset\n CreateDCW\n CreateICW\n FillRgn\n PolyBezierTo\n GetStockObject\n CreateSolidBrush\n GetFontUnicodeRanges\n Polygon\n MoveToEx\n PlayEnhMetaFile\n Ellipse\n ModifyWorldTransform\n StartPage\n GetBitmapBits\n StartDocW\n AbortDoc\n GetSystemPaletteEntries\n GetEnhMetaFileBits\n CreatePenIndirect\n GetEnhMetaFilePaletteEntries\n SetMapMode\n CreateFontIndirectW\n PolyBezier\n DPtoLP\n LPtoDP\n GetNearestColor\n EndDoc\n GetObjectW\n GetCurrentObject\n GetFontData\n GetWinMetaFileBits\n SetROP2\n GetTextExtentExPointW\n GetROP2\n GetOutlineTextMetricsW\n PtVisible\n GetEnhMetaFileDescriptionW\n ArcTo\n CreateEnhMetaFileW\n Arc\n CreateRectRgnIndirect\n TextOutW\n SelectPalette\n SetGraphicsMode\n SetLayout\n ExcludeClipRect\n SetTextJustification\n SetWindowOrgEx\n MaskBlt\n GetCharacterPlacementW\n CreatePatternBrush\n EndPage\n EndPath\n EqualRgn\n DeleteEnhMetaFile\n Chord\n SetDIBits\n SetViewportOrgEx\n GetViewportOrgEx\n CreateRectRgn\n RealizePalette\n GetObjectType\n SetDIBColorTable\n GetDIBColorTable\n OffsetClipRgn\n GetTextMetricsA\n CreateBrushIndirect\n PatBlt\n SetEnhMetaFileBits\n CreateEllipticRgn\n Rectangle\n DeleteDC\n SaveDC\n GetWorldTransform\n BitBlt\n FrameRgn\n SetWorldTransform\n GetDeviceCaps\n GetTextExtentPoint32W\n PtInRegion\n GetClipBox\n GetClipRgn\n Polyline\n IntersectClipRect\n CombineTransform\n CreateBitmap\n CombineRgn\n SetWinMetaFileBits\n CreateDIBitmap\n GetStretchBltMode\n CreateDIBSection\n SetStretchBltMode\n GetDIBits\n CreateFontIndirectA\n LineTo\n GetRgnBox\n EnumFontFamiliesW\n EnumFontsW\n SetWindowExtEx\n CreateHalftonePalette\n DeleteObject\n SelectObject\n ExtFloodFill\n UnrealizeObject\n CopyEnhMetaFileW\n OffsetRgn\n GetBkColor\n SetBkColor\n CreateCompatibleDC\n GetBrushOrgEx\n GetCurrentPositionEx\n GetNearestPaletteIndex\n SetTextAlign\n GetTextAlign\n CreateRoundRectRgn\n GetTextExtentPointW\n ExtTextOutW\n SetBrushOrgEx\n GetPixel\n GdiFlush\n GetTextFaceW\n SetViewportExtEx\n SetPixel\n EnumFontFamiliesExW\n StretchDIBits\n WidenPath\n GetPaletteEntries\nkernel32.dll (delay-loaded): GetFileType\n QueryDosDeviceW\n GetACP\n CloseHandle\n LocalFree\n GetCurrentProcessId\n SizeofResource\n TerminateThread\n QueryPerformanceFrequency\n SetProcessWorkingSetSize\n IsDebuggerPresent\n FindNextFileW\n GetFullPathNameW\n VirtualFree\n GetProcessHeap\n ExitProcess\n HeapAlloc\n GetCPInfoExW\n GlobalSize\n RtlUnwind\n GetCPInfo\n EnumSystemLocalesW\n GetStdHandle\n GetTimeZoneInformation\n FileTimeToLocalFileTime\n GetModuleHandleW\n FreeLibrary\n TryEnterCriticalSection\n HeapDestroy\n FileTimeToDosDateTime\n ReadFile\n GetUserDefaultLCID\n GetLastError\n GetModuleFileNameW\n SetLastError\n GlobalAlloc\n GlobalUnlock\n FindResourceW\n CreateThread\n CompareStringW\n MapViewOfFile\n LoadLibraryA\n GetVolumeInformationW\n ResetEvent\n MulDiv\n FreeResource\n GetDriveTypeW\n GetVersion\n RaiseException\n GlobalAddAtomW\n FormatMessageW\n OpenProcess\n SwitchToThread\n GetExitCodeThread\n GetStringTypeW\n OutputDebugStringW\n GetCurrentThread\n GetFileAttributesExW\n IsBadReadPtr\n ExpandEnvironmentStringsW\n GetComputerNameA\n LoadLibraryExW\n TerminateProcess\n LockResource\n FileTimeToSystemTime\n GetCurrentThreadId\n UnhandledExceptionFilter\n GlobalFindAtomW\n VirtualQuery\n GlobalFree\n VirtualQueryEx\n Sleep\n EnterCriticalSection\n SetFilePointer\n ReleaseMutex\n LoadResource\n SuspendThread\n GetTickCount\n WaitForMultipleObjects\n GetFileSize\n GlobalDeleteAtom\n GetStartupInfoW\n GetFileAttributesW\n SetCurrentDirectoryW\n GetCurrentDirectoryW\n InitializeCriticalSection\n GetThreadPriority\n GetCurrentProcess\n GlobalLock\n SetThreadPriority\n VirtualAlloc\n GetTempPathW\n GetCommandLineW\n GetSystemInfo\n LeaveCriticalSection\n GetProcAddress\n ResumeThread\n GetLogicalDriveStringsW\n GetVersionExW\n VerifyVersionInfoW\n HeapCreate\n LCMapStringW\n GetDiskFreeSpaceW\n VerSetConditionMask\n FindFirstFileW\n GetUserDefaultUILanguage\n GetConsoleOutputCP\n UnmapViewOfFile\n GetConsoleCP\n lstrlenW\n CompareStringA\n QueryPerformanceCounter\n SetEndOfFile\n lstrcmpW\n InitializeCriticalSectionAndSpinCount\n HeapFree\n WideCharToMultiByte\n FindClose\n MultiByteToWideChar\n CreateMutexA\n LoadLibraryW\n SetEvent\n GetLocaleInfoW\n CreateFileW\n EnumResourceNamesW\n DeleteFileW\n IsDBCSLeadByteEx\n GetEnvironmentVariableW\n GetLocalTime\n WaitForSingleObject\n WriteFile\n CreateFileMappingW\n ExitThread\n DeleteCriticalSection\n GetDateFormatW\n GetTimeFormatW\n TlsGetValue\n SetErrorMode\n GetComputerNameW\n IsValidLocale\n SleepEx\n TlsSetValue\n GetSystemDefaultUILanguage\n EnumCalendarInfoW\n LocalAlloc\n RemoveDirectoryW\n CreateEventW\n WaitForMultipleObjectsEx\n GetThreadLocale\n SetThreadLocale\n\nExports:\n--------\ndbkFCallWrapperAddr:\n Ordinal: 1\n Address: 0x00B0A648\n\n__dbk_fcall_wrapper:\n Ordinal: 2\n Address: 0x0001316C\n\n\nResources:\n----------\nBASIC:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 392648\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.03979\n\nBLACK:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 632474\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.40358\n\nBLUE:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 629461\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.38328\n\nBLUEPRINT:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 408130\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.79472\n\nCARAMEL:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 517231\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.45167\n\nCOFFEE:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 427858\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.77092\n\nDARKROOM:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 552169\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.32537\n\nDARKSIDE:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 657696\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.27633\n\nDEFAULTSKINICONLARGE:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 2970\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.93178\n Detected Filetype: PNG graphic file\n\nDEFAULTSKINICONSMALL:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 841\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.70582\n Detected Filetype: PNG graphic file\n\nDEFAULTUSERSKINDATA:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 449884\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.1206\n\nDEVEXPRESSDARKSTYLE:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 632434\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.29812\n\nDEVEXPRESSSTYLE:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 713226\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.75435\n\nFOGGY:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 448912\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.8669\n\nGLASSOCEANS:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 407575\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.82211\n\nHIGHCONTRAST:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 349369\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.22293\n\nIMAGINARY:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 428106\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.98271\n\nLILIAN:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 427394\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.99915\n\nLIQUIDSKY:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 460727\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.9265\n\nLONDONLIQUIDSKY:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 454069\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.97707\n\nMCSKIN:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 485925\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.95053\n\nMETROPOLIS:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 617978\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.04259\n\nMETROPOLISDARK:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 636851\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.40651\n\nMONEYTWINS:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 995952\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.18537\n\nOFFICE2007BLACK:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 651624\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.68278\n\nOFFICE2007BLUE:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 656344\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.6159\n\nOFFICE2007GREEN:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 650938\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.68461\n\nOFFICE2007PINK:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 653529\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.67542\n\nOFFICE2007SILVER:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 656142\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.67262\n\nOFFICE2010BLACK:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 655570\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.25224\n\nOFFICE2010BLUE:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 702488\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.62031\n\nOFFICE2010SILVER:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 655204\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.45266\n\nOFFICE2013DARKGRAY:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 695957\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.91297\n\nOFFICE2013LIGHTGRAY:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 706232\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.8502\n\nOFFICE2013WHITE:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 810216\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.16607\n\nOFFICE2016COLORFUL:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 672435\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.79291\n\nOFFICE2016DARK:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 670058\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.71935\n\nOFFICE2019BLACK:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 372492\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.92104\n\nOFFICE2019COLORFUL:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 373845\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.9163\n\nOFFICE2019DARKGRAY:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 373646\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.92917\n\nOFFICE2019WHITE:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 375261\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.92395\n\nPUMPKIN:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 889258\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.5233\n\nSEVEN:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 887639\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.78871\n\nSEVENCLASSIC:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 723526\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.01114\n\nSHARP:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 508719\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.87009\n\nSHARPPLUS:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 537748\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.88953\n\nSILVER:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 551015\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.03051\n\nSPRINGTIME:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3920521\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.03097\n\nSTARDUST:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 497794\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.86685\n\nSUMMER2008:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 2528764\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.19403\n\nTHEASPHALTWORLD:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 388167\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.74479\n\nTHEBEZIER:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 420659\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.91153\n\nVALENTINE:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1978265\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.64581\n\nVISUALSTUDIO2013BLUE:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 666983\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.98091\n\nVISUALSTUDIO2013DARK:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 747629\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.74274\n\nVISUALSTUDIO2013LIGHT:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 713307\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.76112\n\nVS2010:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 582724\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.32297\n\nWHITEPRINT:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 408630\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.06764\n\nXMAS2008BLUE:\n Type: DXSKINS\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 2746608\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.66403\n\nCX_BACKBUTTON:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4778\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.94404\n Detected Filetype: PNG graphic file\n\nCX_CLOCKFACE:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 13546\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88\n Detected Filetype: PNG graphic file\n\nCX_CLOCKGLASS:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 8741\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.86413\n Detected Filetype: PNG graphic file\n\nCX_COMMANDLINKGLYPH:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 972\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.67671\n Detected Filetype: PNG graphic file\n\nCX_DATAROWFIXEDNONE:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 117\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.71906\n Detected Filetype: PNG graphic file\n\nCX_DATAROWFIXEDONBOTTOM:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 153\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.20847\n Detected Filetype: PNG graphic file\n\nCX_DATAROWFIXEDONTOP:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 154\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.117\n Detected Filetype: PNG graphic file\n\nCX_FIXEDGROUPINDICATOR:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 320\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.14129\n Detected Filetype: PNG graphic file\n\nCX_LOOKANDFEELSTYLEICON_FLAT16:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 822\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.95107\n Detected Filetype: Bitmap graphic\n\nCX_LOOKANDFEELSTYLEICON_FLAT48:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9270\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.07825\n Detected Filetype: Bitmap graphic\n\nCX_LOOKANDFEELSTYLEICON_NATIVE16:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 822\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.91815\n Detected Filetype: Bitmap graphic\n\nCX_LOOKANDFEELSTYLEICON_NATIVE48:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9270\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.69514\n Detected Filetype: Bitmap graphic\n\nCX_LOOKANDFEELSTYLEICON_OFFICE1116:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 822\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.50548\n Detected Filetype: Bitmap graphic\n\nCX_LOOKANDFEELSTYLEICON_OFFICE1148:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9270\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.1877\n Detected Filetype: Bitmap graphic\n\nCX_LOOKANDFEELSTYLEICON_STANDARD16:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1078\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.41483\n Detected Filetype: Bitmap graphic\n\nCX_LOOKANDFEELSTYLEICON_STANDARD48:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9270\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.56675\n Detected Filetype: Bitmap graphic\n\nCX_LOOKANDFEELSTYLEICON_ULTRAFLAT16:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 822\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.19295\n Detected Filetype: Bitmap graphic\n\nCX_LOOKANDFEELSTYLEICON_ULTRAFLAT48:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9270\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.97473\n Detected Filetype: Bitmap graphic\n\nCX_RATINGCONTROLINDICATOR:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1556\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.80381\n Detected Filetype: PNG graphic file\n\nDX_MAPPUSHPIN:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3113\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88674\n Detected Filetype: PNG graphic file\n\nDX_NAVIGATIONBARCUSTOMIZATIONBUTTON:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 193\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.28168\n Detected Filetype: PNG graphic file\n\nDX_SEARCHBUTTONGLYPH:\n Type: PNG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 418\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.90065\n Detected Filetype: PNG graphic file\n\nCXEDIT_GLYPH_ERROR:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 568\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.4707\n\nCXEDIT_GLYPH_INFO:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 773\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.6317\n\nCXEDIT_GLYPH_WARNING:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 740\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.54468\n\nCX_ARROWBITMAP:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 336\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.31976\n\nCX_CALENDARBUTTON:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 824\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.51986\n\nCX_CLEARBUTTON:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 458\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.19984\n\nCX_DATAROWFIXEDNONE (#2):\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 257\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.39795\n\nCX_DATAROWFIXEDONBOTTOM (#2):\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 385\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.28039\n\nCX_DATAROWFIXEDONTOP (#2):\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 386\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.28109\n\nCX_DOWN:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 647\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.48306\n\nCX_EDITBITMAP:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 415\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.42433\n\nCX_FILTERBITMAP:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 317\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.36397\n\nCX_GROUPBYBOXSEARCHBUTTON:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 587\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.22382\n\nCX_INPLACEEDITBITMAP:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 429\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.28476\n\nCX_INSERTBITMAP:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 429\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.28476\n\nCX_MULTIARROWBITMAP:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 310\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.42971\n\nCX_MULTIDOTBITMAP:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 319\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.34395\n\nCX_SMARTTAG:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 623\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.26675\n\nCX_SORTBYSUMMARYVALUE:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 446\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.06562\n\nCX_UP:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 646\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.49047\n\nDX_FILTERCONTROLADDBUTTON:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 454\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.23254\n\nDX_FILTERCONTROLREMOVEBUTTON:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 716\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.85024\n\nDX_FILTERPANELREMOVEBUTTON:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 631\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.16361\n\nDX_PASSWORDREVEALINVISIBLEBUTTON:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 602\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.47557\n\nDX_PASSWORDREVEALVISIBLEBUTTON:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 911\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.31247\n\nDX_PIN:\n Type: SVG\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 708\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.50335\n\n1:\n Type: RT_CURSOR\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.14151\n\n2:\n Type: RT_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.80231\n\n3:\n Type: RT_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.00046\n\n4:\n Type: RT_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.56318\n\n5:\n Type: RT_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.6949\n\n6:\n Type: RT_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.62527\n\n7:\n Type: RT_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.91604\n\n8:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.576453\n\n9:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.689326\n\n10:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.476246\n\n11:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.454895\n\n12:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.733178\n\n13:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.836149\n\n14:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.787415\n\n15:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.47067\n\n16:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.697878\n\n17:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.902945\n\n18:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.71419\n\n19:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.99434\n\n20:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.938912\n\n21:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.05969\n\n22:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.591048\n\n23:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.692732\n\n24:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.692569\n\n25:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.748841\n\n26:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.840899\n\n27:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.841059\n\n28:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.35706\n\n29:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.77516\n\n30:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.493939\n\n31:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.598455\n\n32:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.482178\n\n33:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.46661\n\n34:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.94672\n\n35:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3244\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.773365\n\n36:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.94672\n\n37:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3244\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.773365\n\n38:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.841214\n\n39:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3244\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.711323\n\n40:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.516503\n\n41:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.533632\n\n42:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.443345\n\n43:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.489437\n\n44:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.443345\n\n45:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.489437\n\n46:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.454962\n\n47:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.472779\n\n48:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.454962\n\n49:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.472779\n\n50:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.873215\n\n51:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.897314\n\n52:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.699505\n\n53:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.692865\n\n54:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.707519\n\n55:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.841358\n\n56:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.580793\n\n57:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.708058\n\n58:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.557228\n\n59:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.698536\n\n60:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.778059\n\n61:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.800326\n\n62:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.891475\n\n63:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.918294\n\n64:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.894286\n\n65:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.05551\n\n66:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.824634\n\n67:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.901645\n\n68:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.736642\n\n69:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3244\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.535273\n\n70:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.73268\n\n71:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3244\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.535273\n\n72:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.621542\n\n73:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3244\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.470425\n\n74:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.19424\n\n75:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.31665\n\n76:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.38496\n\n77:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3244\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.15859\n\n78:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 300\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.48952\n\n79:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.38701\n\n80:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.475108\n\n81:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.877765\n\n82:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.35311\n\n83:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.35706\n\n84:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.37092\n\n85:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.388534\n\n86:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.458239\n\n87:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.77592\n\n88:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.35388\n\n89:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.483042\n\n90:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.483529\n\n91:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.476246\n\n92:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.56287\n\n93:\n Type: RT_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.6633\n\n102:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.40392\n\n103:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.435441\n\n104:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.435847\n\n105:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.700205\n\n106:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.72859\n\n107:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4268\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.778747\n\n111:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.356038\n\n112:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.384864\n\n113:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.90609\n\n114:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16940\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.356038\n\n115:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9644\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.384864\n\n116:\n Type: RT_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.94133\n\nCXBMBLOB_BLOB:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 664\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.21261\n\nCXBMBLOB_BLOB_NULL:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 664\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.45952\n\nCXBMBLOB_MEMO:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 664\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.87218\n\nCXBMBLOB_MEMO_NULL:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 664\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.45952\n\nCXBMBLOB_OLE:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 664\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.92557\n\nCXBMBLOB_OLE_NULL:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 664\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.64339\n\nCXBMBLOB_PICT:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 664\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 6.00448\n\nCXBMBLOB_PICT_NULL:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 664\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.0098\n\nCXEDIT_GLYPH_ERROR (#2):\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 616\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.56046\n\nCXEDIT_GLYPH_INFO (#2):\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 616\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.78064\n\nCXEDIT_GLYPH_WARNING (#2):\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 616\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.96087\n\nCXNAVIGATORBUTTONS:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 8048\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.99946\n\nCX_ARROWBITMAP (#2):\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 140\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.84802\n\nCX_DROPARROW:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 364\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.09162\n\nCX_DROPARROW_150:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 768\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.07197\n\nCX_DROPARROW_200:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1264\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.03879\n\nCX_EDITBITMAP (#2):\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 140\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.0601\n\nCX_FILTERBITMAP (#2):\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 140\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.01358\n\nCX_FULLSCROLLBITMAP:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 568\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.07418\n\nCX_HORSCROLLBITMAP:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 568\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.01517\n\nCX_INPLACEEDITBITMAP (#2):\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 256\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4.31849\n\nCX_INSERTBITMAP (#2):\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 140\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.0601\n\nCX_MULTIARROWBITMAP (#2):\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 140\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.04925\n\nCX_MULTIDOTBITMAP (#2):\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 140\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.9371\n\nCX_SCROLLBITMAPNESW:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3404\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.512834\n\nCX_SCROLLBITMAPNS:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3404\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.512834\n\nCX_SCROLLBITMAPNWSE:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3404\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.18306\n\nCX_SCROLLBITMAPWE:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3404\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.512834\n\nCX_SORTBYSUMMARYVALUE (#2):\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 140\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.03605\n\nCX_VERSCROLLBITMAP:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 568\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.941\n\nCX_ZOOMINBUTTONGLYPH:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 616\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.37076\n\nCX_ZOOMOUTBUTTONGLYPH:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 616\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 0.92557\n\nDXEXPANDBUTTON_MINUS:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 524\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.63296\n\nDXEXPANDBUTTON_PLUS:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 524\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.72678\n\nDXSUBMENUEXPAND:\n Type: RT_BITMAP\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1320\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.95444\n\n1 (#2):\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 387\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.24043\n Detected Filetype: PNG graphic file\n\n2 (#2):\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 512\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.43683\n Detected Filetype: PNG graphic file\n\n3 (#2):\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 625\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.51744\n Detected Filetype: PNG graphic file\n\n4 (#2):\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 973\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.71103\n Detected Filetype: PNG graphic file\n\n5 (#2):\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1211\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.80385\n Detected Filetype: PNG graphic file\n\n6 (#2):\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1469\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.86111\n Detected Filetype: PNG graphic file\n\n7 (#2):\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1947\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88021\n Detected Filetype: PNG graphic file\n\n8 (#2):\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 8104\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.9117\n Detected Filetype: PNG graphic file\n\n3998:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 856\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.28907\n\n3999:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1064\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.2383\n\n4000:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1460\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.45896\n\n4001:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 884\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.35615\n\n4002:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 688\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.39708\n\n4003:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1608\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.25623\n\n4004:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 852\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.27593\n\n4005:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 412\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.45641\n\n4006:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 336\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.33839\n\n4007:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 304\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.28148\n\n4008:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 388\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.44438\n\n4009:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 480\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.33625\n\n4010:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 464\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.46985\n\n4011:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 624\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.35158\n\n4012:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 444\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.39737\n\n4013:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 504\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.40738\n\n4014:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 340\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.45014\n\n4015:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 496\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.48175\n\n4016:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 320\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.303\n\n4017:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 416\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.39955\n\n4018:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.31507\n\n4019:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 440\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.47255\n\n4020:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 472\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.43704\n\n4021:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 332\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.41524\n\n4022:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 776\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.32212\n\n4023:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1024\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.28021\n\n4024:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1756\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.22714\n\n4025:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1928\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.29081\n\n4026:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 440\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.29762\n\n4027:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 284\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.47583\n\n4028:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 212\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.45085\n\n4029:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 712\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.31609\n\n4030:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 320\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.37447\n\n4031:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 456\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.08484\n\n4032:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 708\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.22777\n\n4033:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 760\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.35162\n\n4034:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 344\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.31597\n\n4035:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 456\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.34277\n\n4036:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.38574\n\n4037:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 4440\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.1204\n\n4038:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 2400\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.224\n\n4039:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 2452\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.18348\n\n4040:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 2344\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.18617\n\n4041:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1672\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.19955\n\n4042:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 488\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.36005\n\n4043:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1176\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.40081\n\n4044:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1396\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.18951\n\n4045:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1344\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.31222\n\n4046:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1228\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.33018\n\n4047:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1228\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.37154\n\n4048:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1032\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.28652\n\n4049:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 756\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.24094\n\n4050:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 964\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.32652\n\n4051:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1236\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.21476\n\n4052:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 524\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.31721\n\n4053:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 908\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.23181\n\n4054:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1220\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.27989\n\n4055:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1224\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.27271\n\n4056:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 2744\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.28182\n\n4057:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 2364\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.30529\n\n4058:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1080\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.28579\n\n4059:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 860\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.3585\n\n4060:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1656\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.35051\n\n4061:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1176\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.31689\n\n4062:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 876\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.33929\n\n4063:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 628\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.41819\n\n4064:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 416\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.39545\n\n4065:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 916\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.39142\n\n4066:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 880\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.26592\n\n4067:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 912\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.22975\n\n4068:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 636\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.37224\n\n4069:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 816\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.32765\n\n4070:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1132\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.28691\n\n4071:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 860\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.31349\n\n4072:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1100\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.30049\n\n4073:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 344\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.42093\n\n4074:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 212\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.40358\n\n4075:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 404\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.45344\n\n4076:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 692\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.33871\n\n4077:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 992\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.3395\n\n4078:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1016\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.30476\n\n4079:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1068\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.23623\n\n4080:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1252\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.28886\n\n4081:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 540\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.23935\n\n4082:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1128\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.42191\n\n4083:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1140\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.32815\n\n4084:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1448\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.29144\n\n4085:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1216\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.31952\n\n4086:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 952\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.20276\n\n4087:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1016\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.35803\n\n4088:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1108\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.32373\n\n4089:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 492\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.33528\n\n4090:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 196\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.36848\n\n4091:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 420\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.42061\n\n4092:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 852\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.34802\n\n4093:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1176\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.31262\n\n4094:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 760\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.3639\n\n4095:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 752\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.27523\n\n4096:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 872\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.19144\n\nBBABORT:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3421\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.89162\n Detected Filetype: PNG graphic file\n\nBBABORT_DISABLED:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3415\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.89925\n Detected Filetype: PNG graphic file\n\nBBALL:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3324\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88971\n Detected Filetype: PNG graphic file\n\nBBALL_DISABLED:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3289\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88726\n Detected Filetype: PNG graphic file\n\nBBCANCEL:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3421\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.89162\n Detected Filetype: PNG graphic file\n\nBBCANCEL_DISABLED:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3415\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.89925\n Detected Filetype: PNG graphic file\n\nBBCLOSE:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3150\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88443\n Detected Filetype: PNG graphic file\n\nBBCLOSE_DISABLED:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3150\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.8746\n Detected Filetype: PNG graphic file\n\nBBHELP:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3253\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88589\n Detected Filetype: PNG graphic file\n\nBBHELP_DISABLED:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3248\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88975\n Detected Filetype: PNG graphic file\n\nBBIGNORE:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3414\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88943\n Detected Filetype: PNG graphic file\n\nBBIGNORE_DISABLED:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3399\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88308\n Detected Filetype: PNG graphic file\n\nBBNO:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3522\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.89641\n Detected Filetype: PNG graphic file\n\nBBNO_DISABLED:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3525\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.89332\n Detected Filetype: PNG graphic file\n\nBBOK:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3315\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88545\n Detected Filetype: PNG graphic file\n\nBBOK_DISABLED:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3309\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.89033\n Detected Filetype: PNG graphic file\n\nBBRETRY:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3497\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.89289\n Detected Filetype: PNG graphic file\n\nBBRETRY_DISABLED:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3494\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.89259\n Detected Filetype: PNG graphic file\n\nBBYES:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3315\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88545\n Detected Filetype: PNG graphic file\n\nBBYES_DISABLED:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3309\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.89033\n Detected Filetype: PNG graphic file\n\nDBEDIT:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2851\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.86863\n Detected Filetype: PNG graphic file\n\nDBEDIT_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2939\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.8721\n Detected Filetype: PNG graphic file\n\nDBGARROW:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2875\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.87425\n Detected Filetype: PNG graphic file\n\nDBGARROW_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2977\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.87406\n Detected Filetype: PNG graphic file\n\nDBINSERT:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2933\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.87679\n Detected Filetype: PNG graphic file\n\nDBINSERT_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3035\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.87878\n Detected Filetype: PNG graphic file\n\nDBMULTIARROW:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2959\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.87319\n Detected Filetype: PNG graphic file\n\nDBMULTIARROW_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3132\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.87994\n Detected Filetype: PNG graphic file\n\nDBMULTIDOT:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2872\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.87516\n Detected Filetype: PNG graphic file\n\nDBMULTIDOT_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2941\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.8724\n Detected Filetype: PNG graphic file\n\nDBN_APPLYUPDATES:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3070\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88307\n Detected Filetype: PNG graphic file\n\nDBN_APPLYUPDATES_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3332\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.89104\n Detected Filetype: PNG graphic file\n\nDBN_CANCEL:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3086\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88536\n Detected Filetype: PNG graphic file\n\nDBN_CANCELUPDATES:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3099\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88515\n Detected Filetype: PNG graphic file\n\nDBN_CANCELUPDATES_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3382\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88809\n Detected Filetype: PNG graphic file\n\nDBN_CANCEL_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3343\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88897\n Detected Filetype: PNG graphic file\n\nDBN_DELETE:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2823\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.86505\n Detected Filetype: PNG graphic file\n\nDBN_DELETE_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2857\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.86626\n Detected Filetype: PNG graphic file\n\nDBN_EDIT:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2939\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.8754\n Detected Filetype: PNG graphic file\n\nDBN_EDIT_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3028\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.8824\n Detected Filetype: PNG graphic file\n\nDBN_FIRST:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2957\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.87733\n Detected Filetype: PNG graphic file\n\nDBN_FIRST_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3091\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.87983\n Detected Filetype: PNG graphic file\n\nDBN_INSERT:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2845\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.86506\n Detected Filetype: PNG graphic file\n\nDBN_INSERT_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2885\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.86961\n Detected Filetype: PNG graphic file\n\nDBN_LAST:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2950\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.87466\n Detected Filetype: PNG graphic file\n\nDBN_LAST_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3072\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.87807\n Detected Filetype: PNG graphic file\n\nDBN_NEXT:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2938\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.8754\n Detected Filetype: PNG graphic file\n\nDBN_NEXT_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3062\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88351\n Detected Filetype: PNG graphic file\n\nDBN_POST:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3051\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88381\n Detected Filetype: PNG graphic file\n\nDBN_POST_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3205\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88693\n Detected Filetype: PNG graphic file\n\nDBN_PRIOR:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2947\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.87443\n Detected Filetype: PNG graphic file\n\nDBN_PRIOR_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3075\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.8801\n Detected Filetype: PNG graphic file\n\nDBN_REFRESH:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3116\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88464\n Detected Filetype: PNG graphic file\n\nDBN_REFRESH_20X:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3397\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.88955\n Detected Filetype: PNG graphic file\n\nDVCLAL:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 4\n\nFILTERCONTROLIMAGES:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 18256\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.77418\n Detected Filetype: Zip Compressed Archive\n\nMSG_ERROR:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 5259\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.93139\n Detected Filetype: PNG graphic file\n\nMSG_INFO:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 4382\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.90721\n Detected Filetype: PNG graphic file\n\nMSG_WARNING:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 3468\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 7.89203\n Detected Filetype: PNG graphic file\n\nPACKAGEINFO:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 9308\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.51388\n\nPLATFORMTARGETS:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1\n\nTDV_CREAT_MAIN:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1719\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.58283\n\nTDXFRMCOMMONFILEDIALOG:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 43833\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.18698\n\nTDXLAYOUTCONTROLCUSTOMIZEFORM:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 81046\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.97717\n\nTDXMESSAGEDIALOGFORM:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1250\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.37099\n\nTFMFILTERCONTROLDIALOG:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 2821\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.40815\n\nTFMSHELLDIALOGCOLUMNCUSTOMIZATION:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 5238\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.39429\n\nTFORMULARIOBLOQUEIO:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 3016\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.86649\n\nTFRMRECORTE:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 715\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.38095\n\nTLAYOUTEDITFORM:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1720\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.33516\n\nTLOGINDIALOG:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 1160\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.40016\n\nTMESA_BRANCA:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 352\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.23166\n\nTPAIT_GRAFIC:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 442\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.26042\n\nTPASSWORDDIALOG:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 964\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.41548\n\nCURSOR_1:\n Type: RT_GROUP_CURSOR\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 20\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.83876\n Detected Filetype: Cursor file\n\nCXDROPAFTERCOPY:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCXDROPBEFORECOPY:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.71817\n Detected Filetype: Cursor file\n\nCXDROPINSIDECOPY:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCXEDIT_MOUSEWHEEL:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 34\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.30604\n Detected Filetype: Cursor file\n\nCX_COLORPICKERCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_CROSSCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_DOWNSCROLLCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_DRAGCOPYCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_DRAGCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.71817\n Detected Filetype: Cursor file\n\nCX_FULLSCROLLCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_HANDCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 20\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.1815\n Detected Filetype: Cursor file\n\nCX_HANDDRAGCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 20\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.1815\n Detected Filetype: Cursor file\n\nCX_HANDPOINT:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_HANDPOINTCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_HORSCROLLCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_HORZRESIZECURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_HORZSIZECURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_LEFTARROWCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.71521\n Detected Filetype: Cursor file\n\nCX_LEFTSCROLLCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_MULTIDRAGCOPYCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_MULTIDRAGCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_NODROPCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.70244\n Detected Filetype: Cursor file\n\nCX_REMOVECURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.71817\n Detected Filetype: Cursor file\n\nCX_RIGHTARROWCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.71521\n Detected Filetype: Cursor file\n\nCX_RIGHTSCROLLCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.71817\n Detected Filetype: Cursor file\n\nCX_TASKLINKCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_UPSCROLLCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.71817\n Detected Filetype: Cursor file\n\nCX_VERSCROLLCURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nCX_VERTSIZECURSOR:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.67355\n Detected Filetype: Cursor file\n\nDXLAYOUTCONTROLDROPAFTER:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nDXLAYOUTCONTROLDROPBEFORE:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nDXLAYOUTCONTROLDROPINSIDE:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nDXLAYOUTCONTROLNODROP:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\nDXLAYOUTCONTROLREMOVE:\n Type: RT_GROUP_CURSOR\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 48\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.75983\n Detected Filetype: Cursor file\n\n32761:\n Type: RT_GROUP_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 20\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.01924\n Detected Filetype: Cursor file\n\n32762:\n Type: RT_GROUP_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 20\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 1.91924\n Detected Filetype: Cursor file\n\n32763:\n Type: RT_GROUP_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 20\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.01924\n Detected Filetype: Cursor file\n\n32764:\n Type: RT_GROUP_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 20\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.01924\n Detected Filetype: Cursor file\n\n32765:\n Type: RT_GROUP_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 20\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.01924\n Detected Filetype: Cursor file\n\n32766:\n Type: RT_GROUP_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 20\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.01924\n Detected Filetype: Cursor file\n\n32767:\n Type: RT_GROUP_CURSOR\n Language: English - United States\n Codepage: UNKNOWN\n Size: 20\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.01924\n Detected Filetype: Cursor file\n\nMAINICON:\n Type: RT_GROUP_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 118\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 2.6162\n Detected Filetype: Icon file\n\n1 (#3):\n Type: RT_VERSION\n Language: English - United States\n Codepage: UNKNOWN\n Size: 500\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 3.14455\n\n1 (#4):\n Type: RT_MANIFEST\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1803\n TimeDateStamp: 2025-Nov-17 17:35:38\n Entropy: 5.27093\n\n\nVersion Info:\n-------------\nResource LangID: English - United States\nVS_VERSION_INFO:\n Signature: 0xFEEF04BD\n StructVersion: 0x00010000\n FileVersion: 1.0.0.0\n ProductVersion: 1.0.0.0\n FileFlags: (EMPTY)\n FileOs: VOS_DOS_WINDOWS32\n VOS_NT_WINDOWS32\n VOS__WINDOWS32\n FileType: VFT_APP\n Language: English - United States\n FileDescription: WinLSP\n FileVersion (#2): 1.0.0.0\n ProductName: WinLSP\n ProductVersion (#2): 1.0.0.0\n ProgramID: com.embarcadero.WinLSP\n\n\nTLS Callbacks:\n--------------\nStartAddressOfRawData: 0x00F39000\nEndAddressOfRawData: 0x00F39060\nAddressOfIndex: 0x00ED9C38\nAddressOfCallbacks: 0x00F3A010\nSizeOfZeroFill: 0x00000000\nCharacteristics: IMAGE_SCN_TYPE_REG\nCallbacks: (EMPTY)\n\nDelayed Imports:\n----------------\nAttributes: 0x00000001\nName: kernel32.dll\nModuleHandle: 0x00B36240\nDelayImportAddressTable: 0x00B36288\nDelayImportNameTable: 0x00B3643C\nBoundDelayImportTable: 0x00B365F0\nUnloadDelayImportTable: 0x00B36760\nTimeStamp: 1970-Jan-01 00:00:00\n\n[ SUSPICIOUS ] PEiD Signature:\n Crunch 4\n\nInteresting strings found in the binary:\n Contains domain names:\n .zapto.org\n accounts.google.com\n adobe.com\n google.com\n googleapis.com\n graph.microsoft.com\n http://ns.adobe.com\n http://ns.adobe.com/xap/1.0/\n http://ns.adobe.com/xap/1.0/mm/\n http://ns.adobe.com/xap/1.0/rights/\n http://ns.adobe.com/xap/1.0/sType/ResourceRef#\n http://www.indyproject.org\n http://www.indyproject.org/\n http://www.microsoft.com\n http://www.microsoft.com/downloads\n http://www.w3.org\n http://www.w3.org/1999/02/22-rdf-syntax-ns#\n http://www.w3.org/1999/xlink\n http://www.w3.org/1999/xlink"\n http://www.w3.org/2000/svg\n https://accounts.google.com\n https://accounts.google.com/o/oauth2/revoke?token\n https://accounts.google.com/o/oauth2/v2/auth?scope\n https://google.com\n https://graph.microsoft.com\n https://graph.microsoft.com/v1.0/me/\n https://login.microsoftonline.com\n https://login.microsoftonline.com/common/oauth2/v2.0/authorize?access_type\n https://login.microsoftonline.com/common/oauth2/v2.0/revoke?token\n https://www.google.com\n https://www.google.com/sorry/index\n https://www.googleapis.com\n https://www.googleapis.com/userinfo/v2/me\n indyproject.org\n login.microsoftonline.com\n microsoft.com\n microsoftonline.com\n ns.adobe.com\n www.google.com\n www.googleapis.com\n www.indyproject.org\n www.microsoft.com\n www.w3.org\n zapto.org\n\nCryptographic algorithms detected in the binary:\n Uses constants related to CRC32\n Uses constants related to MD5\n Uses constants related to SHA1\n Uses constants related to Blowfish\n\n[ SUSPICIOUS ] The PE is possibly packed.\n Unusual section name found: .itext\n Unusual section name found: .didata\n\n[ MALICIOUS ] The PE contains functions mostly used by malware.\n [!] The program may be hiding some of its imports:\n LoadLibraryA\n LoadLibraryExW\n GetProcAddress\n LoadLibraryW\n Functions which can be used for anti-debugging purposes:\n FindWindowW\n SwitchToThread\n Code injection capabilities (PowerLoader):\n GetWindowLongW\n FindWindowW\n Can access the registry:\n RegSetValueExW\n RegEnumKeyExW\n RegLoadKeyW\n RegDeleteKeyW\n RegOpenKeyExW\n RegQueryInfoKeyW\n RegUnLoadKeyW\n RegSaveKeyW\n RegDeleteValueW\n RegReplaceKeyW\n RegFlushKey\n RegQueryValueExW\n RegEnumValueW\n RegCloseKey\n RegCreateKeyExW\n RegRestoreKeyW\n Possibly launches other programs:\n ShellExecuteW\n Can create temporary files:\n GetTempPathW\n CreateFileW\n Uses functions commonly found in keyloggers:\n CallNextHookEx\n GetAsyncKeyState\n MapVirtualKeyW\n GetForegroundWindow\n Has Internet access capabilities:\n InternetCloseHandle\n InternetGetConnectedState\n InternetReadFile\n InternetConnectW\n InternetOpenW\n InternetOpenUrlW\n WinHttpGetIEProxyConfigForCurrentUser\n WinHttpSetTimeouts\n WinHttpSetStatusCallback\n WinHttpConnect\n WinHttpReceiveResponse\n WinHttpQueryAuthSchemes\n WinHttpGetProxyForUrl\n WinHttpReadData\n WinHttpCloseHandle\n WinHttpQueryHeaders\n WinHttpOpenRequest\n WinHttpAddRequestHeaders\n WinHttpOpen\n WinHttpWriteData\n WinHttpSetCredentials\n WinHttpQueryDataAvailable\n WinHttpSetOption\n WinHttpSendRequest\n WinHttpQueryOption\n Functions related to the privilege level:\n AdjustTokenPrivileges\n OpenProcessToken\n Enumerates local disk drives:\n GetVolumeInformationW\n GetDriveTypeW\n GetLogicalDriveStringsW\n Manipulates other processes:\n OpenProcess\n Can take screenshots:\n GetDC\n GetDCEx\n FindWindowW\n BitBlt\n CreateCompatibleDC\n Reads the contents of the clipboard:\n GetClipboardData\n Can shut the system down or lock the screen:\n ExitWindowsEx\n\n[ SUSPICIOUS ] The PE is possibly a dropper.\n Resource BLACK is possibly compressed or encrypted.\n Resource BLUE is possibly compressed or encrypted.\n Resource DARKSIDE is possibly compressed or encrypted.\n Resource DEFAULTUSERSKINDATA is possibly compressed or encrypted.\n Resource MONEYTWINS is possibly compressed or encrypted.\n Resource PUMPKIN is possibly compressed or encrypted.\n Resource SILVER is possibly compressed or encrypted.\n The binary may have been compiled on a machine in the UTC-3 timezone.\n Resources amount for 77.3092% of the executable.\n\nThe following exploit mitigation techniques have been detected\n Stack Canary: disabled\n SafeSEH: disabled\n ASLR: enabled\n DEP: enabled\n CFG: disabled\n\n\n\n[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.\n[!] Error: [Yara compiler] yara_rules/clamav.yara (999960) : syntax error, unexpected '{', expecting text string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (1089890) : syntax error, unexpected string identifier, expecting '}'\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2064551) : unreferenced string \"$a7\"\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2510733) : invalid hex string \"$a0\": uneven number of digits in hex string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2597376) : invalid hex string \"$a5\": syntax error\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2983072) : invalid hex string \"$a0\": invalid character in hex string\n[!] Error: Could not compile yara rules (6 error(s)).\n[!] Error: ClamAV rules haven't been generated yet!\n[!] Error: Please run yara_rules/update_clamav_signatures.py to create them, and refer to the documentation for additional information.\n","json_output":{"Summary":{"architecture":"IMAGE_FILE_MACHINE_I386","subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","compilation_date":"2025-11-17T20:35:38","detected_languages":["English - United States","Portuguese - Brazil"],"file_description":"WinLSP","file_version":"1.0.0.0","product_name":"WinLSP","product_version":"1.0.0.0","program_id":"com.embarcadero.WinLSP"},"DOS Header":{"e_magic":"MZ","e_cblp":"0x0050","e_cp":"0x0002","e_crlc":"0x0000","e_cparhdr":"0x0004","e_minalloc":"0x000F","e_maxalloc":"0xFFFF","e_ss":"0x0000","e_sp":"0x00B8","e_csum":"0x0000","e_ip":"0x0000","e_cs":"0x0000","e_ovno":"0x001A","e_oemid":"0x0000","e_oeminfo":"0x0000","e_lfanew":"0x00000100"},"PE Header":{"Signature":"PE","Machine":"IMAGE_FILE_MACHINE_I386","NumberofSections":11,"TimeDateStamp":"2025-Nov-17 20:35:38","PointerToSymbolTable":"0x00000000","NumberOfSymbols":0,"SizeOfOptionalHeader":"0x00E0","Characteristics":["IMAGE_FILE_32BIT_MACHINE","IMAGE_FILE_EXECUTABLE_IMAGE"]},"Image Optional Header":{"Magic":"PE32","LinkerVersion":"2.0","SizeOfCode":"0x00AD7200","SizeOfInitializedData":"0x02A96C00","SizeOfUninitializedData":"0x00000000","AddressOfEntryPoint":"0x00AD81E4","BaseOfCode":"0x00001000","BaseOfData":"0x00AD9000","ImageBase":"0x00400000","SectionAlignment":"0x00001000","FileAlignment":"0x00000200","OperatingSystemVersion":"6.0","ImageVersion":"0.0","SubsystemVersion":"6.0","Win32VersionValue":"0","SizeOfImage":"0x035A0000","SizeOfHeaders":"0x00000400","Checksum":"0x00000000","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","DllCharacteristics":["IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE","IMAGE_DLLCHARACTERISTICS_NX_COMPAT","IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE"],"SizeofStackReserve":"0x00100000","SizeofStackCommit":"0x00004000","SizeofHeapReserve":"0x00100000","SizeofHeapCommit":"0x00001000","LoaderFlags":"0x00000000","NumberOfRvaAndSizes":"16"},"Sections":{"sections":[{"name":".text","VirtualSize":"0x00AD0C04","VirtualAddress":"0x00001000","SizeOfRawData":"0x00AD0E00","PointerToRawData":"0x00000400","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"Entropy":6.49067},{"name":".itext","VirtualSize":"0x00006240","VirtualAddress":"0x00AD2000","SizeOfRawData":"0x00006400","PointerToRawData":"0x00AD1200","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"Entropy":6.31899},{"name":".data","VirtualSize":"0x0002D1E4","VirtualAddress":"0x00AD9000","SizeOfRawData":"0x0002D200","PointerToRawData":"0x00AD7600","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"],"Entropy":5.64362},{"name":".bss","VirtualSize":"0x000298FC","VirtualAddress":"0x00B07000","SizeOfRawData":"0x00000000","PointerToRawData":"0x00000000","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"]},{"name":".idata","VirtualSize":"0x00004C18","VirtualAddress":"0x00B31000","SizeOfRawData":"0x00004E00","PointerToRawData":"0x00B04800","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"],"Entropy":5.1625},{"name":".didata","VirtualSize":"0x000011B0","VirtualAddress":"0x00B36000","SizeOfRawData":"0x00001200","PointerToRawData":"0x00B09600","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"],"Entropy":4.40898},{"name":".edata","VirtualSize":"0x0000006F","VirtualAddress":"0x00B38000","SizeOfRawData":"0x00000200","PointerToRawData":"0x00B0A800","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"Entropy":1.32437},{"name":".tls","VirtualSize":"0x00000060","VirtualAddress":"0x00B39000","SizeOfRawData":"0x00000000","PointerToRawData":"0x00000000","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"]},{"name":".rdata","VirtualSize":"0x0000005D","VirtualAddress":"0x00B3A000","SizeOfRawData":"0x00000200","PointerToRawData":"0x00B0AA00","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"Entropy":1.38389},{"name":".reloc","VirtualSize":"0x0010D040","VirtualAddress":"0x00B3B000","SizeOfRawData":"0x0010D200","PointerToRawData":"0x00B0AC00","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_DISCARDABLE","IMAGE_SCN_MEM_READ"],"Entropy":6.62953},{"name":".rsrc","VirtualSize":"0x02956400","VirtualAddress":"0x00C49000","SizeOfRawData":"0x02956400","PointerToRawData":"0x00C17E00","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"Entropy":6.36329}]},"Imports":{"entities":[{"library":"shlwapi.dll","functions":["SHCreateStreamOnFileW"]},{"library":"wininet.dll","functions":["InternetCloseHandle","InternetGetConnectedState","InternetReadFile","HttpOpenRequestW","HttpSendRequestW","InternetConnectW","InternetOpenW","InternetOpenUrlW"]},{"library":"winspool.drv","functions":["DocumentPropertiesW","ClosePrinter","OpenPrinterW","GetDefaultPrinterW","EnumPrintersW"]},{"library":"comctl32.dll","functions":["ImageList_GetImageInfo","FlatSB_SetScrollInfo","InitCommonControls","ImageList_DragMove","ImageList_Destroy","_TrackMouseEvent","ImageList_DragShowNolock","ImageList_Add","FlatSB_SetScrollProp","ImageList_GetDragImage","ImageList_Create","ImageList_EndDrag","ImageList_DrawEx","ImageList_AddMasked","ImageList_SetImageCount","FlatSB_GetScrollPos","FlatSB_SetScrollPos","InitializeFlatSB","ImageList_Copy","FlatSB_GetScrollInfo","ImageList_Write","ImageList_DrawIndirect","ImageList_SetBkColor","ImageList_GetBkColor","ImageList_BeginDrag","ImageList_GetIcon","ImageList_Replace","ImageList_GetImageCount","ImageList_DragEnter","ImageList_GetIconSize","ImageList_SetIconSize","ImageList_Read","ImageList_DragLeave","ImageList_LoadImageW","ImageList_Draw","ImageList_Remove","ImageList_ReplaceIcon","ImageList_SetOverlayImage"]},{"library":"shell32.dll","functions":["SHGetMalloc","SHGetFolderPathW","SHGetFileInfoW","SHGetDesktopFolder","DragQueryFileW","SHGetSpecialFolderLocation","Shell_NotifyIconW","SHAppBarMessage","ShellExecuteW","ShellExecuteExW"]},{"library":"user32.dll","functions":["CopyImage","MoveWindow","SetMenuItemInfoW","GetMenuItemInfoW","DefFrameProcW","GetCaretPos","ScrollWindowEx","GetDlgCtrlID","GetUpdateRgn","FrameRect","RegisterWindowMessageW","GetMenuStringW","FillRect","SendMessageA","IsClipboardFormatAvailable","EnumWindows","ShowOwnedPopups","GetClassInfoW","GetScrollRange","SetActiveWindow","GetActiveWindow","DrawEdge","GetKeyboardLayoutList","LoadBitmapW","EnumChildWindows","SendNotifyMessageW","GetScrollBarInfo","UnhookWindowsHookEx","SetCapture","GetCapture","ChildWindowFromPointEx","CreatePopupMenu","ShowCaret","GetMenuItemID","CharLowerBuffW","ChangeDisplaySettingsW","PostMessageW","SetWindowLongW","IsZoomed","SetParent","DrawMenuBar","InvalidateRgn","SetSystemCursor","GetClientRect","IsChild","IntersectRect","IsIconic","CallNextHookEx","ShowWindow","SetForegroundWindow","GetWindowTextW","GetAsyncKeyState","GetWindowTextLengthW","DestroyWindow","IsDialogMessageW","RegisterClassW","EndMenu","CharNextW","GetFocus","GetDC","SetFocus","ReleaseDC","mouse_event","ExitWindowsEx","GetClassLongW","SetScrollRange","DrawTextW","PeekMessageA","TabbedTextOutW","MessageBeep","SetClassLongW","SetRectEmpty","LockWindowUpdate","RemovePropW","GetSubMenu","EqualRect","DestroyIcon","IsWindowVisible","DispatchMessageA","PtInRect","UnregisterClassW","GetTopWindow","SendMessageW","GetTabbedTextExtentW","GetMessageTime","NotifyWinEvent","CreateMenu","LoadStringW","CharLowerW","SetWindowRgn","SetWindowPos","GetWindowRgn","GetMenuItemCount","GetSysColorBrush","GetWindowDC","DrawTextExW","CharLowerBuffA","EnumClipboardFormats","GetScrollInfo","SetWindowTextW","GetMessageExtraInfo","GetSysColor","EnableScrollBar","TrackPopupMenu","DrawIconEx","keybd_event","GetClassNameW","GetMessagePos","GetIconInfo","SetScrollInfo","GetKeyNameTextW","GetDesktopWindow","SetCursorPos","GetCursorPos","SetMenu","GetMenuState","GetMenu","SetRect","GetKeyState","IsRectEmpty","ValidateRect","IsCharAlphaW","GetCursor","KillTimer","BeginDeferWindowPos","WaitMessage","TranslateMDISysAccel","GetWindowPlacement","CreateIconIndirect","CreateWindowExW","ChildWindowFromPoint","GetMessageW","GetDCEx","PeekMessageW","MonitorFromWindow","GetUpdateRect","SetTimer","WindowFromPoint","BeginPaint","RegisterClipboardFormatW","MapVirtualKeyW","OffsetRect","IsWindowUnicode","DispatchMessageW","CreateAcceleratorTableW","DefMDIChildProcW","GetSystemMenu","SetScrollPos","GetScrollPos","InflateRect","DrawFocusRect","ReleaseCapture","LoadCursorW","GetGUIThreadInfo","ScrollWindow","GetLastActivePopup","SetMenuInfo","GetMenuInfo","GetSystemMetrics","CharUpperBuffW","ClientToScreen","SetClipboardData","GetClipboardData","SetWindowPlacement","GetMonitorInfoW","CheckMenuItem","CharUpperW","DefWindowProcW","GetForegroundWindow","ToAscii","EnableWindow","GetWindowThreadProcessId","RedrawWindow","EndPaint","MsgWaitForMultipleObjectsEx","LoadKeyboardLayoutW","EnumDisplaySettingsW","ActivateKeyboardLayout","GetParent","MonitorFromRect","InsertMenuItemW","GetPropW","MessageBoxW","SetPropW","UpdateWindow","MsgWaitForMultipleObjects","DestroyMenu","SetWindowsHookExW","GetDoubleClickTime","GetAncestor","AdjustWindowRectEx","DrawIcon","IsWindow","EnumThreadWindows","InvalidateRect","LookupIconIdFromDirectoryEx","SetKeyboardState","GetKeyboardState","DrawFrameControl","ScreenToClient","IsCharAlphaNumericW","WindowFromDC","BringWindowToTop","SetCursor","CreateIcon","RemoveMenu","AppendMenuW","SubtractRect","GetKeyboardLayoutNameW","OpenClipboard","TranslateMessage","MapWindowPoints","EnumDisplayMonitors","CallWindowProcW","CountClipboardFormats","CloseClipboard","DestroyCursor","CharUpperBuffA","CopyIcon","PostQuitMessage","ShowScrollBar","LoadImageW","EnableMenuItem","DeferWindowPos","HideCaret","EndDeferWindowPos","FindWindowExW","MonitorFromPoint","LoadIconW","SystemParametersInfoW","GetWindow","GetWindowLongW","GetWindowRect","ToUnicode","InsertMenuW","IsWindowEnabled","IsDialogMessageA","FindWindowW","DeleteMenu","GetKeyboardLayout"]},{"library":"version.dll","functions":["GetFileVersionInfoSizeW","VerQueryValueW","GetFileVersionInfoW"]},{"library":"oleaut32.dll","functions":["SafeArrayPutElement","GetErrorInfo","VariantInit","VariantClear","SysFreeString","SafeArrayAccessData","SysReAllocStringLen","SafeArrayCreate","SafeArrayGetElement","GetActiveObject","SysAllocStringLen","SafeArrayUnaccessData","SafeArrayPtrOfIndex","SafeArrayCreateVector","SafeArrayGetElemsize","VariantCopy","SafeArrayGetUBound","SafeArrayGetLBound","VariantCopyInd","VariantChangeType"]},{"library":"advapi32.dll","functions":["RegSetValueExW","RegConnectRegistryW","RegEnumKeyExW","RegLoadKeyW","AdjustTokenPrivileges","RegDeleteKeyW","LookupPrivilegeValueW","OpenProcessToken","RegOpenKeyExW","RegQueryInfoKeyW","RegUnLoadKeyW","RegSaveKeyW","RegDeleteValueW","RegReplaceKeyW","RegFlushKey","RegQueryValueExW","RegEnumValueW","RegCloseKey","RegCreateKeyExW","RegRestoreKeyW"]},{"library":"msvcrt.dll","functions":["isupper","isalpha","isalnum","toupper","memchr","memcmp","memcpy","memset","isprint","isspace","iscntrl","isxdigit","ispunct","isgraph","islower","tolower"]},{"library":"winhttp.dll","functions":["WinHttpGetIEProxyConfigForCurrentUser","WinHttpSetTimeouts","WinHttpSetStatusCallback","WinHttpConnect","WinHttpReceiveResponse","WinHttpQueryAuthSchemes","WinHttpGetProxyForUrl","WinHttpReadData","WinHttpCloseHandle","WinHttpQueryHeaders","WinHttpOpenRequest","WinHttpAddRequestHeaders","WinHttpOpen","WinHttpWriteData","WinHttpSetCredentials","WinHttpQueryDataAvailable","WinHttpSetOption","WinHttpSendRequest","WinHttpQueryOption"]},{"library":"kernel32.dll","functions":["GetFileType","QueryDosDeviceW","GetACP","CloseHandle","LocalFree","GetCurrentProcessId","SizeofResource","TerminateThread","QueryPerformanceFrequency","SetProcessWorkingSetSize","IsDebuggerPresent","FindNextFileW","GetFullPathNameW","VirtualFree","GetProcessHeap","ExitProcess","HeapAlloc","GetCPInfoExW","GlobalSize","RtlUnwind","GetCPInfo","EnumSystemLocalesW","GetStdHandle","GetTimeZoneInformation","FileTimeToLocalFileTime","GetModuleHandleW","FreeLibrary","TryEnterCriticalSection","HeapDestroy","FileTimeToDosDateTime","ReadFile","GetUserDefaultLCID","GetLastError","GetModuleFileNameW","SetLastError","GlobalAlloc","GlobalUnlock","FindResourceW","CreateThread","CompareStringW","MapViewOfFile","LoadLibraryA","GetVolumeInformationW","ResetEvent","MulDiv","FreeResource","GetDriveTypeW","GetVersion","RaiseException","GlobalAddAtomW","FormatMessageW","OpenProcess","SwitchToThread","GetExitCodeThread","GetStringTypeW","OutputDebugStringW","GetCurrentThread","GetFileAttributesExW","IsBadReadPtr","ExpandEnvironmentStringsW","GetComputerNameA","LoadLibraryExW","TerminateProcess","LockResource","FileTimeToSystemTime","GetCurrentThreadId","UnhandledExceptionFilter","GlobalFindAtomW","VirtualQuery","GlobalFree","VirtualQueryEx","Sleep","EnterCriticalSection","SetFilePointer","ReleaseMutex","LoadResource","SuspendThread","GetTickCount","WaitForMultipleObjects","GetFileSize","GlobalDeleteAtom","GetStartupInfoW","GetFileAttributesW","SetCurrentDirectoryW","GetCurrentDirectoryW","InitializeCriticalSection","GetThreadPriority","GetCurrentProcess","GlobalLock","SetThreadPriority","VirtualAlloc","GetTempPathW","GetCommandLineW","GetSystemInfo","LeaveCriticalSection","GetProcAddress","ResumeThread","GetLogicalDriveStringsW","GetVersionExW","VerifyVersionInfoW","HeapCreate","LCMapStringW","GetDiskFreeSpaceW","VerSetConditionMask","FindFirstFileW","GetUserDefaultUILanguage","GetConsoleOutputCP","UnmapViewOfFile","GetConsoleCP","lstrlenW","CompareStringA","QueryPerformanceCounter","SetEndOfFile","lstrcmpW","InitializeCriticalSectionAndSpinCount","HeapFree","WideCharToMultiByte","FindClose","MultiByteToWideChar","CreateMutexA","LoadLibraryW","SetEvent","GetLocaleInfoW","CreateFileW","EnumResourceNamesW","DeleteFileW","IsDBCSLeadByteEx","GetEnvironmentVariableW","GetLocalTime","WaitForSingleObject","WriteFile","CreateFileMappingW","ExitThread","DeleteCriticalSection","GetDateFormatW","GetTimeFormatW","TlsGetValue","SetErrorMode","GetComputerNameW","IsValidLocale","SleepEx","TlsSetValue","GetSystemDefaultUILanguage","EnumCalendarInfoW","LocalAlloc","RemoveDirectoryW","CreateEventW","WaitForMultipleObjectsEx","GetThreadLocale","SetThreadLocale"]},{"library":"wsock32.dll","functions":["gethostbyaddr","WSACleanup","gethostbyname","bind","gethostname","closesocket","WSAGetLastError","connect","inet_addr","getpeername","WSAAsyncSelect","WSAAsyncGetServByName","WSACancelAsyncRequest","send","ntohs","htons","WSAStartup","getservbyname","getsockname","listen","socket","recv","inet_ntoa","ioctlsocket","WSAAsyncGetHostByName"]},{"library":"ole32.dll","functions":["RevokeDragDrop","OleRegEnumVerbs","IsAccelerator","CoCreateInstance","CoUninitialize","CLSIDFromString","RegisterDragDrop","IsEqualGUID","ProgIDFromCLSID","CreateStreamOnHGlobal","OleInitialize","CoInitializeEx","OleUninitialize","CoGetClassObject","CoInitialize","CoTaskMemFree","OleDraw","CoTaskMemAlloc","StringFromCLSID","OleSetMenuDescriptor","DoDragDrop"]},{"library":"gdi32.dll","functions":["Pie","SetBkMode","GetTextCharsetInfo","GetRandomRgn","CreateCompatibleBitmap","CreatePolygonRgn","BeginPath","GetEnhMetaFileHeader","CloseEnhMetaFile","RectVisible","AngleArc","TranslateCharsetInfo","ResizePalette","SetAbortProc","SetTextColor","GetTextColor","StretchBlt","PathToRegion","GetCharABCWidthsFloatW","GetGlyphIndicesW","ExtSelectClipRgn","RoundRect","SelectClipRgn","RectInRegion","RestoreDC","FillPath","SetRectRgn","GetTextMetricsW","GetWindowOrgEx","CreatePalette","GetTextCharset","CreateDCW","CreateICW","FillRgn","PolyBezierTo","GetStockObject","CreateSolidBrush","GetFontUnicodeRanges","Polygon","MoveToEx","PlayEnhMetaFile","Ellipse","ModifyWorldTransform","StartPage","GetBitmapBits","StartDocW","AbortDoc","GetSystemPaletteEntries","GetEnhMetaFileBits","CreatePenIndirect","GetEnhMetaFilePaletteEntries","SetMapMode","CreateFontIndirectW","PolyBezier","DPtoLP","LPtoDP","GetNearestColor","EndDoc","GetObjectW","GetCurrentObject","GetFontData","GetWinMetaFileBits","SetROP2","GetTextExtentExPointW","GetROP2","GetOutlineTextMetricsW","PtVisible","GetEnhMetaFileDescriptionW","ArcTo","CreateEnhMetaFileW","Arc","CreateRectRgnIndirect","TextOutW","SelectPalette","SetGraphicsMode","SetLayout","ExcludeClipRect","SetTextJustification","SetWindowOrgEx","MaskBlt","GetCharacterPlacementW","CreatePatternBrush","EndPage","EndPath","EqualRgn","DeleteEnhMetaFile","Chord","SetDIBits","SetViewportOrgEx","GetViewportOrgEx","CreateRectRgn","RealizePalette","GetObjectType","SetDIBColorTable","GetDIBColorTable","OffsetClipRgn","GetTextMetricsA","CreateBrushIndirect","PatBlt","SetEnhMetaFileBits","CreateEllipticRgn","Rectangle","DeleteDC","SaveDC","GetWorldTransform","BitBlt","FrameRgn","SetWorldTransform","GetDeviceCaps","GetTextExtentPoint32W","PtInRegion","GetClipBox","GetClipRgn","Polyline","IntersectClipRect","CombineTransform","CreateBitmap","CombineRgn","SetWinMetaFileBits","CreateDIBitmap","GetStretchBltMode","CreateDIBSection","SetStretchBltMode","GetDIBits","CreateFontIndirectA","LineTo","GetRgnBox","EnumFontFamiliesW","EnumFontsW","SetWindowExtEx","CreateHalftonePalette","DeleteObject","SelectObject","ExtFloodFill","UnrealizeObject","CopyEnhMetaFileW","OffsetRgn","GetBkColor","SetBkColor","CreateCompatibleDC","GetBrushOrgEx","GetCurrentPositionEx","GetNearestPaletteIndex","SetTextAlign","GetTextAlign","CreateRoundRectRgn","GetTextExtentPointW","ExtTextOutW","SetBrushOrgEx","GetPixel","GdiFlush","GetTextFaceW","SetViewportExtEx","SetPixel","EnumFontFamiliesExW","StretchDIBits","WidenPath","GetPaletteEntries"]}]},"Exports":{"entities":[{"name":"dbkFCallWrapperAddr","ordinal":1,"address":"0x00B0A648"},{"name":"__dbk_fcall_wrapper","ordinal":2,"address":"0x0001316C"}]},"Resources":{"raw_response":"Error: Read timeout on endpoint URL: \"https://bedrock-runtime.ap-south-1.amazonaws.com/model/qwen.qwen3-coder-480b-a35b-v1%3A0/converse\""},"Debug Info":{},"Load Configuration":{},"RICH Header":{},"Interesting strings found in the binary":{"domain_names":[".zapto.org","accounts.google.com","adobe.com","google.com","googleapis.com","graph.microsoft.com","http://ns.adobe.com","http://ns.adobe.com/xap/1.0/","http://ns.adobe.com/xap/1.0/mm/","http://ns.adobe.com/xap/1.0/rights/","http://ns.adobe.com/xap/1.0/sType/ResourceRef#","http://www.indyproject.org","http://www.indyproject.org/","http://www.microsoft.com","http://www.microsoft.com/downloads","http://www.w3.org","http://www.w3.org/1999/02/22-rdf-syntax-ns#","http://www.w3.org/1999/xlink","http://www.w3.org/1999/xlink"","http://www.w3.org/2000/svg","https://accounts.google.com","https://accounts.google.com/o/oauth2/revoke?token","https://accounts.google.com/o/oauth2/v2/auth?scope","https://google.com","https://graph.microsoft.com","https://graph.microsoft.com/v1.0/me/","https://login.microsoftonline.com","https://login.microsoftonline.com/common/oauth2/v2.0/authorize?access_type","https://login.microsoftonline.com/common/oauth2/v2.0/revoke?token","https://www.google.com","https://www.google.com/sorry/index","https://www.googleapis.com","https://www.googleapis.com/userinfo/v2/me","indyproject.org","login.microsoftonline.com","microsoft.com","microsoftonline.com","ns.adobe.com","www.google.com","www.googleapis.com","www.indyproject.org","www.microsoft.com","www.w3.org","zapto.org"],"cryptographic_algorithms":["CRC32","MD5","SHA1","Blowfish"],"suspicious_indicators":{"packed_pe":true,"unusual_section_names":[".itext",".didata"],"possible_dropper":true,"compressed_or_encrypted_resources":["BLACK","BLUE","DARKSIDE","DEFAULTUSERSKINDATA","MONEYTWINS","PUMPKIN","SILVER"],"timezone_info":"UTC-3","resource_percentage":77.3092},"malicious_functions":{"hidden_imports":["LoadLibraryA","LoadLibraryExW","GetProcAddress","LoadLibraryW"],"anti_debugging":["FindWindowW","SwitchToThread"],"code_injection":["GetWindowLongW","FindWindowW"],"registry_access":["RegSetValueExW","RegEnumKeyExW","RegLoadKeyW","RegDeleteKeyW","RegOpenKeyExW","RegQueryInfoKeyW","RegUnLoadKeyW","RegSaveKeyW","RegDeleteValueW","RegReplaceKeyW","RegFlushKey","RegQueryValueExW","RegEnumValueW","RegCloseKey","RegCreateKeyExW","RegRestoreKeyW"],"launch_programs":["ShellExecuteW"],"create_temp_files":["GetTempPathW","CreateFileW"],"keylogger_functions":["CallNextHookEx","GetAsyncKeyState","MapVirtualKeyW","GetForegroundWindow"],"internet_access":["InternetCloseHandle","InternetGetConnectedState","InternetReadFile","InternetConnectW","InternetOpenW","InternetOpenUrlW","WinHttpGetIEProxyConfigForCurrentUser","WinHttpSetTimeouts","WinHttpSetStatusCallback","WinHttpConnect","WinHttpReceiveResponse","WinHttpQueryAuthSchemes","WinHttpGetProxyForUrl","WinHttpReadData","WinHttpCloseHandle","WinHttpQueryHeaders","WinHttpOpenRequest","WinHttpAddRequestHeaders","WinHttpOpen","WinHttpWriteData","WinHttpSetCredentials","WinHttpQueryDataAvailable","WinHttpSetOption","WinHttpSendRequest","WinHttpQueryOption"],"privilege_level_functions":["AdjustTokenPrivileges","OpenProcessToken"],"enumerate_drives":["GetVolumeInformationW","GetDriveTypeW","GetLogicalDriveStringsW"],"manipulate_processes":["OpenProcess"],"take_screenshots":["GetDC","GetDCEx","FindWindowW","BitBlt","CreateCompatibleDC"],"read_clipboard":["GetClipboardData"],"shutdown_lock":["ExitWindowsEx"]},"exploit_mitigation_techniques":{"stack_canary":false,"safe_seh":false,"aslr":true,"dep":true,"cfg":false}},"file_path":"/home/apogean/projects/malware/windows/all_runs/mamamia.exe"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_k3efqp35/output.txt"},"timestamp":"2026-04-30 00:01:14"},{"_id":{"$oid":"6a049827204ca8b07f91707b"},"sha256":"0d6e72e20edd52cf3f8cb41446a5eff46c59fb2b79700fb791a85661a5a8f5b4","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /home/apogean/projects/malware/windows/all_runs/Server_Encrypted.ps1.bin\nDate: 2026-05-13 20:56:31\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n\n[!] Error: DOS Header is invalid (wrong magic).\n[!] Error: Could not parse /home/apogean/projects/malware/windows/all_runs/Server_Encrypted.ps1.bin!\n\n","json_output":{"Summary":{},"DOS Header":{},"PE Header":{},"Image Optional Header":{},"Sections":{},"Imports":{},"Exports":{},"Resources":{},"Debug Info":{},"Load Configuration":{},"RICH Header":{},"Interesting strings found in the binary":{},"file_path":"/home/apogean/projects/malware/windows/all_runs/Server_Encrypted.ps1.bin"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_lrq7jh_j/output.txt"},"timestamp":"2026-05-13 20:56:31"},{"_id":{"$oid":"6a0716cb204ca8b07f91707f"},"sha256":"f450cef035a0355bdc9c5da156a92a83ea1ca3787cf8ccc6ace3559c3c1100f9","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /home/apogean/projects/malware/windows/all_runs/MBSetup-3.3-019e2b88-d6a1-74d0-8824-310d46fb50a0.exe\nDate: 2026-05-15 17:49:12\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n-------------------------------------------------------------------------------\n/home/apogean/projects/malware/windows/all_runs/MBSetup-3.3-019e2b88-d6a1-74d0-8824-310d46fb50a0.exe\n-------------------------------------------------------------------------------\n\nSummary:\n--------\nArchitecture: IMAGE_FILE_MACHINE_I386\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nCompilation Date: 2026-May-06 22:16:41\nDetected languages: Dutch - Netherlands\n English - United States\n French - France\n German - Germany\n Italian - Italy\n Polish - Poland\n Portuguese - Brazil\n Portuguese - Portugal\n Russian - Russia\n Spanish - Spain (Traditional sort)\nDebug artifacts: C:\\Jenkins\\workspace\\MBAM-Windows\\A_MB5_MBSetup\\bin\\Win32\\Release\\MBSetup.pdb\nCompanyName: Malwarebytes\nFileDescription: Malwarebytes Setup\nFileVersion: 5.5.7.145\nLegalCopyright: Copyright (C) 2017 - 2026 Malwarebytes, Inc. All rights reserved.\nInternalName: MBSetup.exe\nOriginalFilename: MBSetup.exe\nProductName: Malwarebytes\n\nDOS Header:\n-----------\ne_magic: MZ\ne_cblp: 0x0090\ne_cp: 0x0003\ne_crlc: 0x0000\ne_cparhdr: 0x0004\ne_minalloc: 0x0000\ne_maxalloc: 0xFFFF\ne_ss: 0x0000\ne_sp: 0x00B8\ne_csum: 0x0000\ne_ip: 0x0000\ne_cs: 0x0000\ne_ovno: 0x0000\ne_oemid: 0x0000\ne_oeminfo: 0x0000\ne_lfanew: 0x00000110\n\nPE Header:\n----------\nSignature: PE\nMachine: IMAGE_FILE_MACHINE_I386\nNumberofSections: 5\nTimeDateStamp: 2026-May-06 22:16:41\nPointerToSymbolTable: 0x00000000\nNumberOfSymbols: 0\nSizeOfOptionalHeader: 0x00E0\nCharacteristics: IMAGE_FILE_32BIT_MACHINE\n IMAGE_FILE_EXECUTABLE_IMAGE\n\nImage Optional Header:\n----------------------\nMagic: PE32\nLinkerVersion: 14.0\nSizeOfCode: 0x000C7E00\nSizeOfInitializedData: 0x001E4C00\nSizeOfUninitializedData: 0x00000000\nAddressOfEntryPoint: 0x00094BEF (Section: .text)\nBaseOfCode: 0x00001000\nBaseOfData: 0x000C9000\nImageBase: 0x00400000\nSectionAlignment: 0x00001000\nFileAlignment: 0x00000200\nOperatingSystemVersion: 6.0\nImageVersion: 0.0\nSubsystemVersion: 6.0\nWin32VersionValue: 0\nSizeOfImage: 0x002AF000\nSizeOfHeaders: 0x00000400\nChecksum: 0x002C7F60\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nDllCharacteristics: IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE\n IMAGE_DLLCHARACTERISTICS_NX_COMPAT\n IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE\nSizeofStackReserve: 0x00100000\nSizeofStackCommit: 0x00001000\nSizeofHeapReserve: 0x00100000\nSizeofHeapCommit: 0x00001000\nLoaderFlags: 0x00000000\nNumberOfRvaAndSizes: 16\n\nSections:\n---------\n.text:\n VirtualSize: 0x000C7DDC\n VirtualAddress: 0x00001000\n SizeOfRawData: 0x000C7E00\n PointerToRawData: 0x00000400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 6.54276\n\n.rdata:\n VirtualSize: 0x00046952\n VirtualAddress: 0x000C9000\n SizeOfRawData: 0x00046A00\n PointerToRawData: 0x000C8200\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 5.98262\n\n.data:\n VirtualSize: 0x00004D2C\n VirtualAddress: 0x00110000\n SizeOfRawData: 0x00003A00\n PointerToRawData: 0x0010EC00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n Entropy: 4.29593\n\n.rsrc:\n VirtualSize: 0x0018EA88\n VirtualAddress: 0x00115000\n SizeOfRawData: 0x0018EC00\n PointerToRawData: 0x00112600\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 7.17308\n\n.reloc:\n VirtualSize: 0x0000A688\n VirtualAddress: 0x002A4000\n SizeOfRawData: 0x0000A800\n PointerToRawData: 0x002A1200\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_DISCARDABLE\n IMAGE_SCN_MEM_READ\n Entropy: 6.69893\n\n\nImports:\n--------\nKERNEL32.dll: LeaveCriticalSection\n EnterCriticalSection\n GetLastError\n MultiByteToWideChar\n SizeofResource\n LoadResource\n FindResourceW\n LoadLibraryExW\n GetModuleFileNameW\n InitializeCriticalSectionEx\n DeleteCriticalSection\n RaiseException\n IsWow64Process\n GetCurrentProcess\n VerifyVersionInfoW\n VerSetConditionMask\n GetSystemDirectoryW\n CreateFileW\n DeviceIoControl\n CloseHandle\n GetCurrentThreadId\n SetLastError\n LockResource\n FindResourceExW\n Sleep\n DeleteFileW\n GlobalFree\n LocalFree\n FormatMessageW\n LocalAlloc\n CallNamedPipeW\n GetWindowsDirectoryW\n SetCurrentDirectoryW\n GetCommandLineW\n DecodePointer\n CreateMutexW\n lstrcmpiW\n GetDiskFreeSpaceExW\n FindFirstFileW\n FindClose\n CreateProcessW\n FindNextFileW\n WideCharToMultiByte\n GlobalAlloc\n GlobalLock\n SetThreadUILanguage\n LoadLibraryW\n CreateDirectoryW\n GetLogicalDrives\n GetTempPathW\n MoveFileExW\n InitializeProcThreadAttributeList\n UpdateProcThreadAttribute\n DeleteProcThreadAttributeList\n OpenProcess\n ResumeThread\n TerminateProcess\n CreateToolhelp32Snapshot\n Process32FirstW\n Process32NextW\n K32GetModuleFileNameExW\n GetCurrentDirectoryW\n GetCurrentProcessId\n GetModuleFileNameA\n ProcessIdToSessionId\n OutputDebugStringW\n GetLocalTime\n GetFileSizeEx\n GetFileAttributesW\n WriteConsoleW\n SetStdHandle\n SetEnvironmentVariableW\n GetProcAddress\n GetModuleHandleW\n FreeLibrary\n GetProcessHeap\n HeapAlloc\n HeapFree\n HeapReAlloc\n HeapSize\n HeapDestroy\n GetNativeSystemInfo\n MulDiv\n FreeEnvironmentStringsW\n GetEnvironmentStringsW\n GetOEMCP\n GetACP\n IsValidCodePage\n GetTimeZoneInformation\n ReadConsoleW\n EnumSystemLocalesW\n GetUserDefaultLCID\n IsValidLocale\n SetEndOfFile\n GetLocaleInfoW\n LCMapStringW\n CompareStringW\n GetTimeFormatW\n GetDateFormatW\n GetSystemInfo\n VirtualProtect\n VirtualQuery\n LoadLibraryExA\n FormatMessageA\n GetStringTypeW\n GetLocaleInfoEx\n FindFirstFileExW\n GetFileAttributesExW\n GetFileInformationByHandle\n SetFileInformationByHandle\n AreFileApisANSI\n CopyFileW\n GetFileInformationByHandleEx\n QueryPerformanceCounter\n QueryPerformanceFrequency\n ReleaseSRWLockExclusive\n AcquireSRWLockExclusive\n EncodePointer\n LCMapStringEx\n WakeAllConditionVariable\n SleepConditionVariableSRW\n GetSystemTimeAsFileTime\n GetCPInfo\n IsDebuggerPresent\n InitializeSListHead\n InterlockedPopEntrySList\n InterlockedPushEntrySList\n FlushInstructionCache\n IsProcessorFeaturePresent\n VirtualAlloc\n VirtualFree\n UnhandledExceptionFilter\n SetUnhandledExceptionFilter\n GetStartupInfoW\n RtlUnwind\n InitializeCriticalSectionAndSpinCount\n TlsAlloc\n TlsGetValue\n TlsSetValue\n TlsFree\n ExitProcess\n GetModuleHandleExW\n CreateThread\n ExitThread\n FreeLibraryAndExitThread\n GetCommandLineA\n GetStdHandle\n WriteFile\n GetFileType\n FlushFileBuffers\n GetConsoleOutputCP\n GetConsoleMode\n SetFilePointerEx\n ReadFile\ndwmapi.dll: DwmGetWindowAttribute\nCRYPT32.dll: CryptMsgClose\n CertCloseStore\n CertFreeCertificateContext\n CertGetNameStringW\n CertFindCertificateInStore\n CryptMsgGetParam\n CryptQueryObject\nRPCRT4.dll: UuidToStringW\n RpcStringFreeW\n UuidCreate\nWTSAPI32.dll: WTSQuerySessionInformationW\n WTSFreeMemory\nUSER32.dll (delay-loaded): GetClassInfoExW\n RegisterClassExW\n LoadAcceleratorsW\n LoadMenuW\n PostQuitMessage\n LoadStringA\n MonitorFromPoint\n PeekMessageW\n GetMessageW\n TranslateMessage\n DispatchMessageW\n GetWindowInfo\n IsRectEmpty\n GetLastActivePopup\n GetDlgCtrlID\n GetDlgItemTextW\n ReleaseDC\n SetDlgItemTextW\n SendDlgItemMessageW\n LoadBitmapW\n MessageBoxW\n LoadStringW\n FindWindowW\n EndDialog\n GetWindow\n MonitorFromWindow\n GetMonitorInfoW\n MapWindowPoints\n IsWindow\n UnionRect\n DrawFocusRect\n InflateRect\n DrawTextW\n CopyRect\n CallWindowProcW\n DefWindowProcW\n KillTimer\n SetTimer\n LoadCursorW\n MessageBoxA\n InvalidateRect\n DestroyMenu\n DestroyWindow\n TranslateAcceleratorW\n EnableMenuItem\n CreateDialogParamW\n DialogBoxParamW\n UnregisterClassW\n GetWindowLongW\n SetWindowPos\n SetLayeredWindowAttributes\n GetSystemMenu\n GetActiveWindow\n ShowWindow\n RegisterWindowMessageW\n IsProcessDPIAware\n CharNextW\n OffsetRect\n SetWindowLongW\n GetParent\n PostMessageW\n GetWindowTextLengthW\n GetWindowTextW\n GetMenuItemCount\n PtInRect\n TrackPopupMenuEx\n AppendMenuW\n GetMenuItemInfoW\n GetDC\n LoadImageW\n GetSystemMetrics\n SendMessageW\n GetWindowRect\n GetClientRect\n IsDialogMessageW\n MessageBeep\n CreateWindowExW\n wsprintfW\n GetWindowThreadProcessId\n FillRect\n GetShellWindow\n EndPaint\n BeginPaint\n SetFocus\n EnableWindow\n GetDlgItem\n MoveWindow\n CreatePopupMenu\n SetWindowTextW\n RemoveMenu\n\nResources:\n----------\n10:\n Type: BINARY\n Language: English - United States\n Codepage: UNKNOWN\n Size: 167336\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 6.48739\n Detected Filetype: TrueType font file\n\n11:\n Type: BINARY\n Language: English - United States\n Codepage: UNKNOWN\n Size: 168260\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 6.48684\n Detected Filetype: TrueType font file\n\n10 (#2):\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 347\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 6.75455\n Detected Filetype: PNG graphic file\n\n11 (#2):\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1178\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.76742\n Detected Filetype: PNG graphic file\n\n12:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1519\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.81057\n Detected Filetype: PNG graphic file\n\n13:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 533\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.34081\n Detected Filetype: PNG graphic file\n\n20:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 974\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.71936\n Detected Filetype: PNG graphic file\n\n21:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1218\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.74801\n Detected Filetype: PNG graphic file\n\n22:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1434\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.79791\n Detected Filetype: PNG graphic file\n\n23:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1820\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.84927\n Detected Filetype: PNG graphic file\n\n30:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 912\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.7041\n Detected Filetype: PNG graphic file\n\n31:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1200\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.7578\n Detected Filetype: PNG graphic file\n\n32:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1330\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.80465\n Detected Filetype: PNG graphic file\n\n33:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1738\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.84466\n Detected Filetype: PNG graphic file\n\n40:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 18141\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.858\n Detected Filetype: PNG graphic file\n\n41:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 23600\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.68108\n Detected Filetype: PNG graphic file\n\n42:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 27856\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.79672\n Detected Filetype: PNG graphic file\n\n43:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 39152\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.66305\n Detected Filetype: PNG graphic file\n\n50:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 5485\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.9415\n Detected Filetype: PNG graphic file\n\n51:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 7578\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.96177\n Detected Filetype: PNG graphic file\n\n52:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 10158\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.97452\n Detected Filetype: PNG graphic file\n\n53:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 16202\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.98299\n Detected Filetype: PNG graphic file\n\n60:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 7725\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.94\n Detected Filetype: PNG graphic file\n\n61:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 9795\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.89902\n Detected Filetype: PNG graphic file\n\n62:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 12033\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.89567\n Detected Filetype: PNG graphic file\n\n63:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 15749\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.87168\n Detected Filetype: PNG graphic file\n\n70:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 14077\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.95958\n Detected Filetype: PNG graphic file\n\n71:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 19339\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.97617\n Detected Filetype: PNG graphic file\n\n72:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 25270\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.97643\n Detected Filetype: PNG graphic file\n\n73:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 39031\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.97414\n Detected Filetype: PNG graphic file\n\n80:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 9041\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.9479\n Detected Filetype: PNG graphic file\n\n81:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 12987\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.95981\n Detected Filetype: PNG graphic file\n\n82:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 17221\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.92035\n Detected Filetype: PNG graphic file\n\n83:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 26736\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.9454\n Detected Filetype: PNG graphic file\n\n90:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 11969\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.96535\n Detected Filetype: PNG graphic file\n\n91:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 16057\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.96688\n Detected Filetype: PNG graphic file\n\n92:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 20854\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.96838\n Detected Filetype: PNG graphic file\n\n93:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 31242\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.95611\n Detected Filetype: PNG graphic file\n\n100:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 12179\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.96673\n Detected Filetype: PNG graphic file\n\n101:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 16899\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.96887\n Detected Filetype: PNG graphic file\n\n102:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 22385\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.95956\n Detected Filetype: PNG graphic file\n\n103:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 35448\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.95745\n Detected Filetype: PNG graphic file\n\n110:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1129\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.62419\n Detected Filetype: PNG graphic file\n\n111:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1793\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.73443\n Detected Filetype: PNG graphic file\n\n112:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2373\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.84997\n Detected Filetype: PNG graphic file\n\n113:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2646\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.83369\n Detected Filetype: PNG graphic file\n\n120:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 5979\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.94471\n Detected Filetype: PNG graphic file\n\n121:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 7933\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.95785\n Detected Filetype: PNG graphic file\n\n122:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 9191\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.95049\n Detected Filetype: PNG graphic file\n\n123:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 12630\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.95791\n Detected Filetype: PNG graphic file\n\n130:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 6503\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.95371\n Detected Filetype: PNG graphic file\n\n131:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 9400\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.97349\n Detected Filetype: PNG graphic file\n\n132:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 12534\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.97711\n Detected Filetype: PNG graphic file\n\n133:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 20400\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.98545\n Detected Filetype: PNG graphic file\n\n140:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 820\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.62687\n Detected Filetype: PNG graphic file\n\n141:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1093\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.72757\n Detected Filetype: PNG graphic file\n\n142:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1243\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.76702\n Detected Filetype: PNG graphic file\n\n143:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1602\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.82154\n Detected Filetype: PNG graphic file\n\n150:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1150\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.71455\n Detected Filetype: PNG graphic file\n\n151:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2392\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.90283\n Detected Filetype: PNG graphic file\n\n152:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2807\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.90061\n Detected Filetype: PNG graphic file\n\n153:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2305\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.76961\n Detected Filetype: PNG graphic file\n\n160:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 276\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 6.76997\n Detected Filetype: PNG graphic file\n\n161:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 351\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.04693\n Detected Filetype: PNG graphic file\n\n162:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 392\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.11264\n Detected Filetype: PNG graphic file\n\n163:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 378\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.01976\n Detected Filetype: PNG graphic file\n\n170:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 832\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.45367\n Detected Filetype: PNG graphic file\n\n171:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 976\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.56396\n Detected Filetype: PNG graphic file\n\n172:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1160\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.65503\n Detected Filetype: PNG graphic file\n\n173:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1554\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.72858\n Detected Filetype: PNG graphic file\n\n180:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 5412\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.9455\n Detected Filetype: PNG graphic file\n\n181:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 6966\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.94007\n Detected Filetype: PNG graphic file\n\n182:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 8117\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.93815\n Detected Filetype: PNG graphic file\n\n183:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 11224\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.95186\n Detected Filetype: PNG graphic file\n\n190:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1171\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.65964\n Detected Filetype: PNG graphic file\n\n191:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1430\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.70715\n Detected Filetype: PNG graphic file\n\n192:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1674\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.78279\n Detected Filetype: PNG graphic file\n\n193:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2247\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.81812\n Detected Filetype: PNG graphic file\n\n200:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 9492\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.95741\n Detected Filetype: PNG graphic file\n\n201:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 12293\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.97172\n Detected Filetype: PNG graphic file\n\n202:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 16630\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.97583\n Detected Filetype: PNG graphic file\n\n203:\n Type: PNG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 25086\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 7.96565\n Detected Filetype: PNG graphic file\n\nEULA:\n Type: RESOURCEFILE\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 62958\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.99786\n\nPOLICY:\n Type: RESOURCEFILE\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 60260\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.41222\n\n129:\n Type: RT_BITMAP\n Language: English - United States\n Codepage: UNKNOWN\n Size: 10984\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.52429\n\n130 (#2):\n Type: RT_BITMAP\n Language: English - United States\n Codepage: UNKNOWN\n Size: 17200\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.19334\n\n131 (#2):\n Type: RT_BITMAP\n Language: English - United States\n Codepage: UNKNOWN\n Size: 24376\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.92106\n\n132 (#2):\n Type: RT_BITMAP\n Language: English - United States\n Codepage: UNKNOWN\n Size: 45316\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.60509\n\n1:\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.87443\n\n2:\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2440\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.77941\n\n3:\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 4264\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.75136\n\n4:\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 9640\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.54513\n\n5:\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 16936\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.48768\n\n6:\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 38056\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.42116\n\n7:\n Type: RT_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 67624\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.37626\n\n100 (#2):\n Type: RT_DIALOG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 272\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.62266\n\n110 (#2):\n Type: RT_DIALOG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 376\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.5246\n\n120 (#2):\n Type: RT_DIALOG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 260\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.65465\n\n140 (#2):\n Type: RT_DIALOG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 472\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.45731\n\n150 (#2):\n Type: RT_DIALOG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 384\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.5793\n\n160 (#2):\n Type: RT_DIALOG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 216\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.494\n\n170 (#2):\n Type: RT_DIALOG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 228\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.71292\n\n999:\n Type: RT_DIALOG\n Language: English - United States\n Codepage: UNKNOWN\n Size: 288\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.02415\n\n9:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 72\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.08391\n\n9 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 78\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.21387\n\n9 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 72\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.05614\n\n9 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 72\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.10121\n\n9 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 72\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.09072\n\n9 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 72\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.10121\n\n9 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 72\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.07343\n\n9 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 78\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.22015\n\n9 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 72\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.07343\n\n9 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 78\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.22015\n\n63 (#2):\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 342\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.08368\n\n63 (#3):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 276\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.02297\n\n63 (#4):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 358\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.97098\n\n63 (#5):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 376\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.99727\n\n63 (#6):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 346\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.00852\n\n63 (#7):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 348\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.02329\n\n63 (#8):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.15361\n\n63 (#9):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 332\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.02278\n\n63 (#10):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 360\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.8204\n\n63 (#11):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 374\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.05012\n\n64:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 520\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.21887\n\n64 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 438\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.18944\n\n64 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 534\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.17962\n\n64 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 590\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.16347\n\n64 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 610\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.14042\n\n64 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 556\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.17266\n\n64 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 502\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.43302\n\n64 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 520\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.1719\n\n64 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 556\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.8741\n\n64 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 514\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.17805\n\n69:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 318\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.04866\n\n69 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 322\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.00679\n\n69 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 306\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.99827\n\n69 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 322\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.99159\n\n69 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 320\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.98595\n\n69 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 318\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.00927\n\n69 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 384\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.22982\n\n69 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 298\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.01573\n\n69 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 346\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.86128\n\n69 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 298\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.01573\n\n70 (#2):\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 318\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.60018\n\n70 (#3):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 298\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.55828\n\n70 (#4):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 328\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.50914\n\n70 (#5):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 326\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.50849\n\n70 (#6):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.57047\n\n70 (#7):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 314\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.52591\n\n70 (#8):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 298\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.69287\n\n70 (#9):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 322\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.54286\n\n70 (#10):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 314\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.12465\n\n70 (#11):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 326\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.52631\n\n71 (#2):\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 670\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.16528\n\n71 (#3):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 572\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.97746\n\n71 (#4):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 660\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.98797\n\n71 (#5):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 722\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.13125\n\n71 (#6):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 734\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.06133\n\n71 (#7):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 654\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.92384\n\n71 (#8):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 616\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.40994\n\n71 (#9):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 650\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.10139\n\n71 (#10):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 530\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.51756\n\n71 (#11):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 650\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.11158\n\n76:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 354\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.29895\n\n76 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 282\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.15852\n\n76 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 320\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.22244\n\n76 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 334\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.15299\n\n76 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 322\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.09632\n\n76 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 320\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.1807\n\n76 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 302\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.33408\n\n76 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 326\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.13748\n\n76 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 312\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.68469\n\n76 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 332\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.18624\n\n82 (#2):\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 616\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.22847\n\n82 (#3):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 500\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.15649\n\n82 (#4):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 616\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.12955\n\n82 (#5):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 638\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.1553\n\n82 (#6):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 584\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.08737\n\n82 (#7):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 576\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.12621\n\n82 (#8):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 650\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.4717\n\n82 (#9):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 572\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.09685\n\n82 (#10):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 616\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.70029\n\n82 (#11):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 592\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.07932\n\n88:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 456\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.1579\n\n88 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 360\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.08499\n\n88 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 394\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.06094\n\n88 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 436\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.09257\n\n88 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 422\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.10098\n\n88 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 430\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.09725\n\n88 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 342\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.37804\n\n88 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 384\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.09744\n\n88 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 430\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.86995\n\n88 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 422\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.09156\n\n89:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 2094\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.35685\n\n89 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1910\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.26856\n\n89 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 2216\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.22736\n\n89 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 2240\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.28244\n\n89 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 2314\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.20368\n\n89 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 2086\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.23346\n\n89 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 1984\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.52843\n\n89 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 2216\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.25932\n\n89 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 2092\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.93753\n\n89 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 2228\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.2432\n\n90 (#2):\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 2602\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.302\n\n90 (#3):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2444\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.21316\n\n90 (#4):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 2930\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.19403\n\n90 (#5):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 2944\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.23119\n\n90 (#6):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 2972\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.17996\n\n90 (#7):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 2682\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.18834\n\n90 (#8):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 2522\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.50334\n\n90 (#9):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 2960\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.24534\n\n90 (#10):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 2564\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.92409\n\n90 (#11):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 2904\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.21787\n\n91 (#2):\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 378\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.90956\n\n91 (#3):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 272\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.02237\n\n91 (#4):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 328\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.01403\n\n91 (#5):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 382\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.07905\n\n91 (#6):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 466\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.96879\n\n91 (#7):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 314\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.07605\n\n91 (#8):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 318\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.27076\n\n91 (#9):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 320\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.02592\n\n91 (#10):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 284\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.52759\n\n91 (#11):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.92577\n\n92 (#2):\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 1528\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.27775\n\n92 (#3):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1284\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.2272\n\n92 (#4):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 1468\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.20998\n\n92 (#5):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 1418\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.2976\n\n92 (#6):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 1646\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.15848\n\n92 (#7):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 1342\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.22086\n\n92 (#8):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 1274\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.54845\n\n92 (#9):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 1354\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.25076\n\n92 (#10):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 1236\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.88672\n\n92 (#11):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 1342\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.2469\n\n93 (#2):\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 564\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.10511\n\n93 (#3):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 468\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.01358\n\n93 (#4):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 538\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.01928\n\n93 (#5):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 534\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.13986\n\n93 (#6):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 534\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.98906\n\n93 (#7):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 534\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.99595\n\n93 (#8):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 458\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.29732\n\n93 (#9):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 496\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.04301\n\n93 (#10):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 508\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.76016\n\n93 (#11):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 506\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.05451\n\n94:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 206\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.92317\n\n94 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 170\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.82898\n\n94 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 186\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.82105\n\n94 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 240\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.90743\n\n94 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 240\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.84846\n\n94 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 222\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.88525\n\n94 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 198\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.01541\n\n94 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 178\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.82457\n\n94 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 150\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.43712\n\n94 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 184\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.87053\n\n95:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 224\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.8922\n\n95 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 198\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.90713\n\n95 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 222\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.8752\n\n95 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 222\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.97751\n\n95 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 238\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.89249\n\n95 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 222\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.89257\n\n95 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 196\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.16922\n\n95 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 220\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.94531\n\n95 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 174\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.45359\n\n95 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 202\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.8423\n\n101 (#2):\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 362\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.96303\n\n101 (#3):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 290\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.90751\n\n101 (#4):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 292\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.90735\n\n101 (#5):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 388\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.07171\n\n101 (#6):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 348\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.90258\n\n101 (#7):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 328\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.94945\n\n101 (#8):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 296\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.21501\n\n101 (#9):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 292\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.9211\n\n101 (#10):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 308\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.52608\n\n101 (#11):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 238\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.80023\n\n107:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 276\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.90003\n\n107 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 250\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.87762\n\n107 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 246\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.87874\n\n107 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 270\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.97758\n\n107 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 284\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.92296\n\n107 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 272\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.94802\n\n107 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 234\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.10733\n\n107 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 258\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.98646\n\n107 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 238\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.74235\n\n107 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 252\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.00864\n\n113 (#2):\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 284\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.83545\n\n113 (#3):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 258\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.82913\n\n113 (#4):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 248\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.81451\n\n113 (#5):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 278\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.89917\n\n113 (#6):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 324\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.94367\n\n113 (#7):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 284\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.8976\n\n113 (#8):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 246\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.08948\n\n113 (#9):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 270\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.93365\n\n113 (#10):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 250\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.78198\n\n113 (#11):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 264\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.94982\n\n119:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 366\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.11235\n\n119 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 274\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.00438\n\n119 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 370\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.95233\n\n119 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 344\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.97658\n\n119 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 354\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.97094\n\n119 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 340\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.0206\n\n119 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 324\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.35141\n\n119 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 322\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.98739\n\n119 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 358\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.77363\n\n119 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 402\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.04852\n\n120 (#3):\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 120\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.63181\n\n120 (#4):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 112\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.49205\n\n120 (#5):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 174\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.68187\n\n120 (#6):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 134\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.61857\n\n120 (#7):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 118\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.47281\n\n120 (#8):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 136\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.70281\n\n120 (#9):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 150\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.96354\n\n120 (#10):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 130\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.5532\n\n120 (#11):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 134\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.41466\n\n120 (#12):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 130\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.59431\n\n126:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 1170\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.15807\n\n126 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 850\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.12623\n\n126 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 906\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.12353\n\n126 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 1006\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.11844\n\n126 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 1172\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.14341\n\n126 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 754\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.08653\n\n126 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 1100\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.39327\n\n126 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 898\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.14561\n\n126 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 854\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.9462\n\n126 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 878\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.09652\n\n563:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 132\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.61121\n\n563 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 132\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.61121\n\n563 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 138\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.64518\n\n563 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 132\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.61121\n\n563 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 132\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.61121\n\n563 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 132\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.61121\n\n563 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 180\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.92977\n\n563 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 132\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.61121\n\n563 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 132\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.61121\n\n563 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 132\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.61121\n\n564:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 228\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.02914\n\n564 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 212\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.93076\n\n564 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 240\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.93485\n\n564 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 240\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.99286\n\n564 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 218\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.97531\n\n564 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 220\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.93298\n\n564 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 214\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.07316\n\n564 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 234\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.9872\n\n564 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 274\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.79502\n\n564 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 216\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.91487\n\n565:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 1208\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.30059\n\n565 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 884\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.12625\n\n565 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 966\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.07858\n\n565 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 1066\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.17\n\n565 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 1026\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.15068\n\n565 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 1060\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.13888\n\n565 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 1064\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.42878\n\n565 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 916\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.16292\n\n565 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 888\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.88654\n\n565 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 974\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.1365\n\n566:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 1372\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.22991\n\n566 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1254\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.19619\n\n566 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 1314\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.19311\n\n566 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 1334\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.23005\n\n566 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 1336\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.18939\n\n566 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 1342\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.2056\n\n566 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 1204\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.36365\n\n566 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 1262\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.24106\n\n566 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 1264\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.09804\n\n566 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 1262\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.21707\n\n567:\n Type: RT_STRING\n Language: German - Germany\n Codepage: UNKNOWN\n Size: 506\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.22209\n\n567 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: UNKNOWN\n Size: 404\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.13697\n\n567 (#3):\n Type: RT_STRING\n Language: Spanish - Spain (Traditional sort)\n Codepage: UNKNOWN\n Size: 446\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.13015\n\n567 (#4):\n Type: RT_STRING\n Language: French - France\n Codepage: UNKNOWN\n Size: 478\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.18303\n\n567 (#5):\n Type: RT_STRING\n Language: Italian - Italy\n Codepage: UNKNOWN\n Size: 494\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.1464\n\n567 (#6):\n Type: RT_STRING\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 418\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.18152\n\n567 (#7):\n Type: RT_STRING\n Language: Polish - Poland\n Codepage: UNKNOWN\n Size: 484\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.29686\n\n567 (#8):\n Type: RT_STRING\n Language: Portuguese - Brazil\n Codepage: UNKNOWN\n Size: 438\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.20791\n\n567 (#9):\n Type: RT_STRING\n Language: Russian - Russia\n Codepage: UNKNOWN\n Size: 478\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.94232\n\n567 (#10):\n Type: RT_STRING\n Language: Portuguese - Portugal\n Codepage: UNKNOWN\n Size: 436\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.20827\n\n128:\n Type: RT_GROUP_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 104\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.0112\n Detected Filetype: Icon file\n\n1 (#2):\n Type: RT_VERSION\n Language: English - United States\n Codepage: UNKNOWN\n Size: 760\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.44984\n\n1 (#3):\n Type: RT_MANIFEST\n Language: English - United States\n Codepage: UNKNOWN\n Size: 2082\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.18995\n\n\nVersion Info:\n-------------\nResource LangID: English - United States\nVS_VERSION_INFO:\n Signature: 0xFEEF04BD\n StructVersion: 0x00010000\n FileVersion: 5.5.7.145\n ProductVersion: 0.0.0.0\n FileFlags: (EMPTY)\n FileOs: VOS_DOS_WINDOWS32\n VOS_NT\n VOS_NT_WINDOWS32\n VOS_WINCE\n VOS__WINDOWS32\n FileType: VFT_DLL\n Language: English - United States\n CompanyName: Malwarebytes\n FileDescription: Malwarebytes Setup\n FileVersion (#2): 5.5.7.145\n LegalCopyright: Copyright (C) 2017 - 2026 Malwarebytes, Inc. All rights reserved.\n InternalName: MBSetup.exe\n OriginalFilename: MBSetup.exe\n ProductName: Malwarebytes\n\n\nDebug Info:\n-----------\nIMAGE_DEBUG_TYPE_CODEVIEW:\n Characteristics: 0\n TimeDateStamp: 2026-May-06 22:16:41\n Version: 0.0\n SizeofData: 102\n AddressOfRawData: 0x001036F0\n PointerToRawData: 0x001028F0\n Referenced File: C:\\Jenkins\\workspace\\MBAM-Windows\\A_MB5_MBSetup\\bin\\Win32\\Release\\MBSetup.pdb\n\nIMAGE_DEBUG_TYPE_VC_FEATURE:\n Characteristics: 0\n TimeDateStamp: 2026-May-06 22:16:41\n Version: 0.0\n SizeofData: 20\n AddressOfRawData: 0x00103758\n PointerToRawData: 0x00102958\n\nIMAGE_DEBUG_TYPE_POGO:\n Characteristics: 0\n TimeDateStamp: 2026-May-06 22:16:41\n Version: 0.0\n SizeofData: 1116\n AddressOfRawData: 0x0010376C\n PointerToRawData: 0x0010296C\n\nIMAGE_DEBUG_TYPE_ILTCG:\n Characteristics: 0\n TimeDateStamp: 2026-May-06 22:16:41\n Version: 0.0\n SizeofData: 0\n AddressOfRawData: 0x00000000\n PointerToRawData: 0x00000000\n\n\nTLS Callbacks:\n--------------\nStartAddressOfRawData: 0x00503BD8\nEndAddressOfRawData: 0x00503BE0\nAddressOfIndex: 0x00514224\nAddressOfCallbacks: 0x004C9574\nSizeOfZeroFill: 0x00000000\nCharacteristics: IMAGE_SCN_ALIGN_4BYTES\nCallbacks: (EMPTY)\n\nLoad Configuration:\n-------------------\nSize: 192\nTimeDateStamp: 1970-Jan-01 00:00:00\nVersion: 0.0\nGlobalFlagsClear: (EMPTY)\nGlobalFlagsSet: (EMPTY)\nCriticalSectionDefaultTimeout: 0\nDeCommitFreeBlockThreshold: 0x00000000\nDeCommitTotalFreeThreshold: 0x00000000\nLockPrefixTable: 0x00000000\nMaximumAllocationSize: 0x00000000\nVirtualMemoryThreshold: 0x00000000\nProcessAffinityMask: 0x00000000\nProcessHeapFlags: (EMPTY)\nCSDVersion: 0\nReserved1: 0x0000\nEditList: 0x00000000\nSecurityCookie: 0x00510080\nSEHandlerTable: 0x00502D1C\nSEHandlerCount: 375\n\nDelayed Imports:\n----------------\nAttributes: 0x00000001\nName: USER32.dll\nModuleHandle: 0x00113890\nDelayImportAddressTable: 0x0011360C\nDelayImportNameTable: 0x0010D1DC\nBoundDelayImportTable: 0x0010E554\nUnloadDelayImportTable: 0x00000000\nTimeStamp: 1970-Jan-01 00:00:00\n\nRICH Header:\n------------\nXOR Key: 0x304765BC\nUnmarked objects: 0\nASM objects (30795): 11\nC++ objects (30795): 191\nC objects (VS 2015-2022 runtime 33030): 19\nASM objects (VS 2015-2022 runtime 33030): 24\nC++ objects (VS 2015-2022 runtime 33030): 111\nC objects (30795): 29\nC objects (CVTCIL) (30795): 1\nImports (30795): 15\nTotal imports: 460\nC++ objects (LTCG) (33134): 35\nResource objects (33134): 1\n151: 2\nLinker (33134): 1\n\nMatching compiler(s):\n Microsoft Visual C++ 6.0 - 8.0\n\n[ SUSPICIOUS ] Strings found in the binary may indicate undesirable behavior:\n Contains references to internet browsers:\n chrome.exe\n firefox.exe\n Tries to detect virtualized environments:\n Hardware\\Description\\System\n Looks for VMWare presence:\n VMware\n May have dropper capabilities:\n CurrentControlSet\\Services\n Accesses the WMI:\n ROOT\\CIMV2\n Miscellaneous malware strings:\n Exploit\n VIRUS\n cmd.exe\n exploit\n Contains domain names:\n amazon.com\n amplitude.com\n apache.org\n api2.amplitude.com\n ark-stage.mwbsys.com\n ark.mwbsys.com\n ark.threatdown.com\n ark.threatdownstage.com\n aws.amazon.com\n br.malwarebytes.com\n cdn.cookielaw.org\n cdn.jsdelivr.net\n cdnjs.cloudflare.com\n cloudflare.com\n code.jquery.com\n cookielaw.org\n de.malwarebytes.com\n downloads.malwarebytes.com\n dse.mwb-dev.net\n es.malwarebytes.com\n fr.malwarebytes.com\n google.com\n http://www.adr.org\n http://www.adr.org/Forms\n http://www.adr.org/Rules\n http://www.apache.org\n http://www.apache.org/licenses/LICENSE-2.0\n http://www.google.com\n http://www.google.com/policies/privacy\n http://www.malwarebytes.com\n http://www.malwarebytes.com/legal\n https://ark.mwbsys.com\n https://ark.mwbsys.com/bgext\n https://aws.amazon.com\n https://aws.amazon.com/compliance/\n https://br.malwarebytes.com\n https://br.malwarebytes.com/privacy/\n https://cdn.cookielaw.org\n https://cdn.cookielaw.org/consent/9530a107-0af8-4204-a2c2-217efb78222b.js\n https://cdn.jsdelivr.net\n https://cdn.jsdelivr.net/npm/slick-carousel\n https://cdnjs.cloudflare.com\n https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick-theme.css\n https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.css\n https://code.jquery.com\n https://code.jquery.com/jquery-3.3.1.min.js\n https://de.malwarebytes.com\n https://de.malwarebytes.com/privacy/\n https://downloads.malwarebytes.com\n https://downloads.malwarebytes.com/file/mb5_offline\n https://es.malwarebytes.com\n https://es.malwarebytes.com/privacy/\n https://fr.malwarebytes.com\n https://fr.malwarebytes.com/privacy/\n https://it.malwarebytes.com\n https://it.malwarebytes.com/privacy/\n https://links.malwarebytes.com\n https://links.malwarebytes.com/link/uninstalled?\n https://links.malwarebytes.com/support/general/business/ms-2019-09-security-update\n https://links.malwarebytes.com/support/installer/AVBlocking\n https://links.malwarebytes.com/support/mb/windows/security-other-av\n https://links.malwarebytes.com/support/mb/windows/system-requirements\n https://links.malwarebytes.com/windows/support/installation-troubleshooting\n https://nl.malwarebytes.com\n https://nl.malwarebytes.com/privacy/\n https://pl.malwarebytes.com\n https://pl.malwarebytes.com/privacy/\n https://preferences-mgr.truste.com\n https://preferences-mgr.truste.com/\n https://pt.malwarebytes.com\n https://pt.malwarebytes.com/privacy/\n https://ru.malwarebytes.com\n https://ru.malwarebytes.com/privacy/\n https://support.malwarebytes.com\n https://support.malwarebytes.com/hc/en-us/articles/4402964326419\n https://www.google.com\n https://www.google.com/policies/privacy\n https://www.jamsadr.com\n https://www.jamsadr.com/eu-us-privacy-shield.\n https://www.malwarebytes.com\n https://www.malwarebytes.com/\n https://www.malwarebytes.com/eula/\n https://www.malwarebytes.com/eula/services-agreement/\n https://www.malwarebytes.com/images/mb-logo-2.png\n https://www.malwarebytes.com/images/share/Malwarebytes-homepage-share.jpg\n https://www.malwarebytes.com/images/uploads/2020/07/30233020/EULA_Chart-2.png\n https://www.malwarebytes.com/jobs\n https://www.malwarebytes.com/js/mess.js\n https://www.malwarebytes.com/legal/privacy-policy\n https://www.malwarebytes.com/privacy/\n https://www.malwarebytes.com/support/lifecycle/\n https://www.privacyshield.gov\n https://www.privacyshield.gov/article?id\n https://www.privacyshield.gov/list\n https://www.youronlinechoices.eu\n https://www.youronlinechoices.eu/\n it.malwarebytes.com\n jamsadr.com\n jquery.com\n jsdelivr.net\n links.malwarebytes.com\n malwarebytes.com\n mgr.truste.com\n mwb-dev.net\n mwbsys.com\n my.malwarebytes.com\n nl.malwarebytes.com\n pl.malwarebytes.com\n preferences-mgr.truste.com\n privacyshield.gov\n pt.malwarebytes.com\n ru.malwarebytes.com\n stage.mwbsys.com\n support.malwarebytes.com\n telemetry.dse.mwb-dev.net\n telemetry.malwarebytes.com\n threatdown.com\n threatdownstage.com\n truste.com\n www.adr.org\n www.apache.org\n www.google.com\n www.jamsadr.com\n www.malwarebytes.com\n www.privacyshield.gov\n\nLibraries used to perform cryptographic operations:\n Microsoft's Cryptography API\n\n[ MALICIOUS ] The PE contains functions mostly used by malware.\n [!] The program may be hiding some of its imports:\n LoadLibraryExW\n LoadLibraryW\n GetProcAddress\n LoadLibraryExA\n Functions which can be used for anti-debugging purposes:\n CreateToolhelp32Snapshot\n FindWindowW\n Code injection capabilities (PowerLoader):\n FindWindowW\n GetWindowLongW\n Possibly launches other programs:\n CreateProcessW\n Uses Microsoft's cryptographic API:\n CryptMsgClose\n CryptMsgGetParam\n CryptQueryObject\n Can create temporary files:\n CreateFileW\n GetTempPathW\n Memory manipulation functions often used by packers:\n VirtualProtect\n VirtualAlloc\n Manipulates other processes:\n OpenProcess\n Process32FirstW\n Process32NextW\n Can take screenshots:\n FindWindowW\n GetDC\n\nThe following exploit mitigation techniques have been detected\n Stack Canary: enabled\n SafeSEH: enabled (375 registered handlers)\n ASLR: enabled\n DEP: enabled\n CFG: disabled\n\nThe PE is digitally signed.\n Signer: Malwarebytes Inc\n Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1\n\n\n\n[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.\n[!] Error: [Yara compiler] yara_rules/clamav.yara (999960) : syntax error, unexpected '{', expecting text string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (1089890) : syntax error, unexpected string identifier, expecting '}'\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2064551) : unreferenced string \"$a7\"\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2510733) : invalid hex string \"$a0\": uneven number of digits in hex string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2597376) : invalid hex string \"$a5\": syntax error\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2983072) : invalid hex string \"$a0\": invalid character in hex string\n[!] Error: Could not compile yara rules (6 error(s)).\n[!] Error: ClamAV rules haven't been generated yet!\n[!] Error: Please run yara_rules/update_clamav_signatures.py to create them, and refer to the documentation for additional information.\n","json_output":{"Summary":{"architecture":"IMAGE_FILE_MACHINE_I386","subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","compilation_date":"2026-05-06T22:16:41","detected_languages":["Dutch - Netherlands","English - United States","French - France","German - Germany","Italian - Italy","Polish - Poland","Portuguese - Brazil","Portuguese - Portugal","Russian - Russia","Spanish - Spain (Traditional sort)"],"debug_artifacts":"C:\\Jenkins\\workspace\\MBAM-Windows\\A_MB5_MBSetup\\bin\\Win32\\Release\\MBSetup.pdb","company_name":"Malwarebytes","file_description":"Malwarebytes Setup","file_version":"5.5.7.145","legal_copyright":"Copyright (C) 2017 - 2026 Malwarebytes, Inc. All rights reserved.","internal_name":"MBSetup.exe","original_filename":"MBSetup.exe","product_name":"Malwarebytes"},"DOS Header":{"e_magic":"MZ","e_cblp":144,"e_cp":3,"e_crlc":0,"e_cparhdr":4,"e_minalloc":0,"e_maxalloc":65535,"e_ss":0,"e_sp":184,"e_csum":0,"e_ip":0,"e_cs":0,"e_ovno":0,"e_oemid":0,"e_oeminfo":0,"e_lfanew":272},"PE Header":{"Signature":"PE","Machine":"IMAGE_FILE_MACHINE_I386","NumberofSections":5,"TimeDateStamp":"2026-May-06 22:16:41","PointerToSymbolTable":"0x00000000","NumberOfSymbols":0,"SizeOfOptionalHeader":"0x00E0","Characteristics":["IMAGE_FILE_32BIT_MACHINE","IMAGE_FILE_EXECUTABLE_IMAGE"]},"Image Optional Header":{"Magic":"PE32","LinkerVersion":"14.0","SizeOfCode":"0x000C7E00","SizeOfInitializedData":"0x001E4C00","SizeOfUninitializedData":"0x00000000","AddressOfEntryPoint":"0x00094BEF","EntryPointSection":".text","BaseOfCode":"0x00001000","BaseOfData":"0x000C9000","ImageBase":"0x00400000","SectionAlignment":"0x00001000","FileAlignment":"0x00000200","OperatingSystemVersion":"6.0","ImageVersion":"0.0","SubsystemVersion":"6.0","Win32VersionValue":"0","SizeOfImage":"0x002AF000","SizeOfHeaders":"0x00000400","Checksum":"0x002C7F60","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","DllCharacteristics":["IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE","IMAGE_DLLCHARACTERISTICS_NX_COMPAT","IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE"],"SizeofStackReserve":"0x00100000","SizeofStackCommit":"0x00001000","SizeofHeapReserve":"0x00100000","SizeofHeapCommit":"0x00001000","LoaderFlags":"0x00000000","NumberOfRvaAndSizes":"16"},"Sections":{"sections":[{"name":".text","virtual_size":"0x000C7DDC","virtual_address":"0x00001000","size_of_raw_data":"0x000C7E00","pointer_to_raw_data":"0x00000400","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"entropy":6.54276},{"name":".rdata","virtual_size":"0x00046952","virtual_address":"0x000C9000","size_of_raw_data":"0x00046A00","pointer_to_raw_data":"0x000C8200","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"entropy":5.98262},{"name":".data","virtual_size":"0x00004D2C","virtual_address":"0x00110000","size_of_raw_data":"0x00003A00","pointer_to_raw_data":"0x0010EC00","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"],"entropy":4.29593},{"name":".rsrc","virtual_size":"0x0018EA88","virtual_address":"0x00115000","size_of_raw_data":"0x0018EC00","pointer_to_raw_data":"0x00112600","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"entropy":7.17308},{"name":".reloc","virtual_size":"0x0000A688","virtual_address":"0x002A4000","size_of_raw_data":"0x0000A800","pointer_to_raw_data":"0x002A1200","pointer_to_relocations":"0x00000000","pointer_to_line_numbers":"0x00000000","number_of_line_numbers":0,"number_of_relocations":0,"characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_DISCARDABLE","IMAGE_SCN_MEM_READ"],"entropy":6.69893}]},"Imports":{"raw_response":"Error: Read timeout on endpoint URL: \"https://bedrock-runtime.ap-south-1.amazonaws.com/model/qwen.qwen3-coder-480b-a35b-v1%3A0/converse\""},"Exports":{},"Resources":{"raw_response":"Error: Read timeout on endpoint URL: \"https://bedrock-runtime.ap-south-1.amazonaws.com/model/qwen.qwen3-coder-480b-a35b-v1%3A0/converse\""},"Debug Info":{"debug_entries":[{"type":"IMAGE_DEBUG_TYPE_CODEVIEW","characteristics":0,"time_date_stamp":"2026-May-06 22:16:41","version":"0.0","size_of_data":102,"address_of_raw_data":"0x001036F0","pointer_to_raw_data":"0x001028F0","referenced_file":"C:\\Jenkins\\workspace\\MBAM-Windows\\A_MB5_MBSetup\\bin\\Win32\\Release\\MBSetup.pdb"},{"type":"IMAGE_DEBUG_TYPE_VC_FEATURE","characteristics":0,"time_date_stamp":"2026-May-06 22:16:41","version":"0.0","size_of_data":20,"address_of_raw_data":"0x00103758","pointer_to_raw_data":"0x00102958"},{"type":"IMAGE_DEBUG_TYPE_POGO","characteristics":0,"time_date_stamp":"2026-May-06 22:16:41","version":"0.0","size_of_data":1116,"address_of_raw_data":"0x0010376C","pointer_to_raw_data":"0x0010296C"},{"type":"IMAGE_DEBUG_TYPE_ILTCG","characteristics":0,"time_date_stamp":"2026-May-06 22:16:41","version":"0.0","size_of_data":0,"address_of_raw_data":"0x00000000","pointer_to_raw_data":"0x00000000"}],"tls_callbacks":{"start_address_of_raw_data":"0x00503BD8","end_address_of_raw_data":"0x00503BE0","address_of_index":"0x00514224","address_of_callbacks":"0x004C9574","size_of_zero_fill":"0x00000000","characteristics":"IMAGE_SCN_ALIGN_4BYTES","callbacks":"EMPTY"}},"Load Configuration":{"size":192,"timeDateStamp":"1970-Jan-01 00:00:00","version":"0.0","globalFlagsClear":"","globalFlagsSet":"","criticalSectionDefaultTimeout":0,"deCommitFreeBlockThreshold":0,"deCommitTotalFreeThreshold":0,"lockPrefixTable":0,"maximumAllocationSize":0,"virtualMemoryThreshold":0,"processAffinityMask":0,"processHeapFlags":"","csdVersion":0,"reserved1":0,"editList":0,"securityCookie":5308544,"seHandlerTable":5254428,"seHandlerCount":375,"delayedImports":{"attributes":1,"name":"USER32.dll","moduleHandle":1128592,"delayImportAddressTable":1128076,"delayImportNameTable":1102300,"boundDelayImportTable":1107284,"unloadDelayImportTable":0,"timeStamp":"1970-Jan-01 00:00:00"}},"RICH Header":{"xor_key":"0x304765BC","unmarked_objects":0,"asm_objects_30795":11,"cpp_objects_30795":191,"c_objects_vs_runtime_33030":19,"asm_objects_vs_runtime_33030":24,"cpp_objects_vs_runtime_33030":111,"c_objects_30795":29,"c_objects_cvtcil_30795":1,"imports_30795":15,"total_imports":460,"cpp_objects_ltcg_33134":35,"resource_objects_33134":1,"unknown_151":2,"linker_33134":1,"matching_compilers":["Microsoft Visual C++ 6.0 - 8.0"],"suspicious_strings":{"internet_browsers":["chrome.exe","firefox.exe"],"virtualization_detection":["Hardware\\Description\\System"],"vmware_references":["VMware"],"dropper_indicators":["CurrentControlSet\\Services"],"wmi_access":["ROOT\\CIMV2"],"malware_related_strings":["Exploit","VIRUS","cmd.exe","exploit"],"domain_names":["amazon.com","amplitude.com","apache.org","api2.amplitude.com","ark-stage.mwbsys.com","ark.mwbsys.com","ark.threatdown.com","ark.threatdownstage.com","aws.amazon.com","br.malwarebytes.com","cdn.cookielaw.org","cdn.jsdelivr.net","cdnjs.cloudflare.com","cloudflare.com","code.jquery.com","cookielaw.org","de.malwarebytes.com","downloads.malwarebytes.com","dse.mwb-dev.net","es.malwarebytes.com","fr.malwarebytes.com","google.com","http://www.adr.org","http://www.adr.org/Forms","http://www.adr.org/Rules","http://www.apache.org","http://www.apache.org/licenses/LICENSE-2.0","http://www.google.com","http://www.google.com/policies/privacy","http://www.malwarebytes.com","http://www.malwarebytes.com/legal","https://ark.mwbsys.com","https://ark.mwbsys.com/bgext","https://aws.amazon.com","https://aws.amazon.com/compliance/","https://br.malwarebytes.com","https://br.malwarebytes.com/privacy/","https://cdn.cookielaw.org","https://cdn.cookielaw.org/consent/9530a107-0af8-4204-a2c2-217efb78222b.js","https://cdn.jsdelivr.net","https://cdn.jsdelivr.net/npm/slick-carousel","https://cdnjs.cloudflare.com","https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick-theme.css","https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.css","https://code.jquery.com","https://code.jquery.com/jquery-3.3.1.min.js","https://de.malwarebytes.com","https://de.malwarebytes.com/privacy/","https://downloads.malwarebytes.com","https://downloads.malwarebytes.com/file/mb5_offline","https://es.malwarebytes.com","https://es.malwarebytes.com/privacy/","https://fr.malwarebytes.com","https://fr.malwarebytes.com/privacy/","https://it.malwarebytes.com","https://it.malwarebytes.com/privacy/","https://links.malwarebytes.com","https://links.malwarebytes.com/link/uninstalled?","https://links.malwarebytes.com/support/general/business/ms-2019-09-security-update","https://links.malwarebytes.com/support/installer/AVBlocking","https://links.malwarebytes.com/support/mb/windows/security-other-av","https://links.malwarebytes.com/support/mb/windows/system-requirements","https://links.malwarebytes.com/windows/support/installation-troubleshooting","https://nl.malwarebytes.com","https://nl.malwarebytes.com/privacy/","https://pl.malwarebytes.com","https://pl.malwarebytes.com/privacy/","https://preferences-mgr.truste.com","https://preferences-mgr.truste.com/","https://pt.malwarebytes.com","https://pt.malwarebytes.com/privacy/","https://ru.malwarebytes.com","https://ru.malwarebytes.com/privacy/","https://support.malwarebytes.com","https://support.malwarebytes.com/hc/en-us/articles/4402964326419","https://www.google.com","https://www.google.com/policies/privacy","https://www.jamsadr.com","https://www.jamsadr.com/eu-us-privacy-shield.","https://www.malwarebytes.com","https://www.malwarebytes.com/","https://www.malwarebytes.com/eula/","https://www.malwarebytes.com/eula/services-agreement/","https://www.malwarebytes.com/images/mb-logo-2.png","https://www.malwarebytes.com/images/share/Malwarebytes-homepage-share.jpg","https://www.malwarebytes.com/images/uploads/2020/07/30233020/EULA_Chart-2.png","https://www.malwarebytes.com/jobs","https://www.malwarebytes.com/js/mess.js","https://www.malwarebytes.com/legal/privacy-policy","https://www.malwarebytes.com/privacy/","https://www.malwarebytes.com/support/lifecycle/","https://www.privacyshield.gov","https://www.privacyshield.gov/article?id","https://www.privacyshield.gov/list","https://www.youronlinechoices.eu","https://www.youronlinechoices.eu/","it.malwarebytes.com","jamsadr.com","jquery.com","jsdelivr.net","links.malwarebytes.com","malwarebytes.com","mgr.truste.com","mwb-dev.net","mwbsys.com","my.malwarebytes.com","nl.malwarebytes.com","pl.malwarebytes.com","preferences-mgr.truste.com","privacyshield.gov","pt.malwarebytes.com","ru.malwarebytes.com","stage.mwbsys.com","support.malwarebytes.com","telemetry.dse.mwb-dev.net","telemetry.malwarebytes.com","threatdown.com","threatdownstage.com","truste.com","www.adr.org","www.apache.org","www.google.com","www.jamsadr.com","www.malwarebytes.com","www.privacyshield.gov"]},"cryptographic_libraries":["Microsoft's Cryptography API"],"malicious_indicators":{"hidden_imports":["LoadLibraryExW","LoadLibraryW","GetProcAddress","LoadLibraryExA"],"anti_debugging_functions":["CreateToolhelp32Snapshot","FindWindowW"],"code_injection_capabilities":["FindWindowW","GetWindowLongW"],"process_launching":["CreateProcessW"],"crypto_api_usage":["CryptMsgClose","CryptMsgGetParam","CryptQueryObject"],"temporary_file_creation":["CreateFileW","GetTempPathW"],"memory_manipulation":["VirtualProtect","VirtualAlloc"],"process_manipulation":["OpenProcess","Process32FirstW","Process32NextW"],"screenshot_capabilities":["FindWindowW","GetDC"]},"exploit_mitigation":{"stack_canary":"enabled","safe_seh":"enabled (375 registered handlers)","aslr":"enabled","dep":"enabled","cfg":"disabled"},"digital_signature":{"signer":"Malwarebytes Inc","issuer":"DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"}},"Interesting strings found in the binary":{},"file_path":"/home/apogean/projects/malware/windows/all_runs/MBSetup-3.3-019e2b88-d6a1-74d0-8824-310d46fb50a0.exe"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_7aqj1emj/output.txt"},"timestamp":"2026-05-15 18:21:23"},{"_id":{"$oid":"6a11b9a532de6bb6782baab1"},"sha256":"dccfa4b16aa79e273cc7ffc35493c495a7fd09f92a4b790f2dc41c65f64d5378","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /home/apogean/projects/malware/windows/all_runs/HxDSetup-019e5534-ae66-7590-befd-f3c55a2b3e38.exe\nDate: 2026-05-23 19:58:27\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n-------------------------------------------------------------------------------\n/home/apogean/projects/malware/windows/all_runs/HxDSetup-019e5534-ae66-7590-befd-f3c55a2b3e38.exe\n-------------------------------------------------------------------------------\n\nSummary:\n--------\nArchitecture: IMAGE_FILE_MACHINE_I386\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nCompilation Date: 2018-Jun-14 13:27:46\nDetected languages: Dutch - Netherlands\n English - United States\nComments: This installation was built with Inno Setup.\nCompanyName: Maël Hörz \nFileDescription: HxD Hex Editor Setup \nFileVersion: 2.5 \nLegalCopyright: Copyright © 2002-2021 Maël Hörz \nProductName: HxD Hex Editor \nProductVersion: 2.5 \n\nDOS Header:\n-----------\ne_magic: MZ\ne_cblp: 0x0050\ne_cp: 0x0002\ne_crlc: 0x0000\ne_cparhdr: 0x0004\ne_minalloc: 0x000F\ne_maxalloc: 0xFFFF\ne_ss: 0x0000\ne_sp: 0x00B8\ne_csum: 0x0000\ne_ip: 0x0000\ne_cs: 0x0000\ne_ovno: 0x001A\ne_oemid: 0x0000\ne_oeminfo: 0x0000\ne_lfanew: 0x00000100\n\nPE Header:\n----------\nSignature: PE\nMachine: IMAGE_FILE_MACHINE_I386\nNumberofSections: 8\nTimeDateStamp: 2018-Jun-14 13:27:46\nPointerToSymbolTable: 0x00000000\nNumberOfSymbols: 0\nSizeOfOptionalHeader: 0x00E0\nCharacteristics: IMAGE_FILE_32BIT_MACHINE\n IMAGE_FILE_BYTES_REVERSED_HI\n IMAGE_FILE_BYTES_REVERSED_LO\n IMAGE_FILE_EXECUTABLE_IMAGE\n IMAGE_FILE_LINE_NUMS_STRIPPED\n IMAGE_FILE_LOCAL_SYMS_STRIPPED\n IMAGE_FILE_RELOCS_STRIPPED\n\nImage Optional Header:\n----------------------\nMagic: PE32\nLinkerVersion: 2.0\nSizeOfCode: 0x00010400\nSizeOfInitializedData: 0x0000D200\nSizeOfUninitializedData: 0x00000000\nAddressOfEntryPoint: 0x0001181C (Section: .itext)\nBaseOfCode: 0x00001000\nBaseOfData: 0x00012000\nImageBase: 0x00400000\nSectionAlignment: 0x00001000\nFileAlignment: 0x00000200\nOperatingSystemVersion: 5.0\nImageVersion: 6.0\nSubsystemVersion: 5.0\nWin32VersionValue: 0\nSizeOfImage: 0x00028000\nSizeOfHeaders: 0x00000400\nChecksum: 0x00000000\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nDllCharacteristics: IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE\n IMAGE_DLLCHARACTERISTICS_NX_COMPAT\n IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE\nSizeofStackReserve: 0x00100000\nSizeofStackCommit: 0x00004000\nSizeofHeapReserve: 0x00100000\nSizeofHeapCommit: 0x00001000\nLoaderFlags: 0x00000000\nNumberOfRvaAndSizes: 16\n\nSections:\n---------\n.text:\n VirtualSize: 0x0000F25C\n VirtualAddress: 0x00001000\n SizeOfRawData: 0x0000F400\n PointerToRawData: 0x00000400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 6.37588\n\n.itext:\n VirtualSize: 0x00000FA4\n VirtualAddress: 0x00011000\n SizeOfRawData: 0x00001000\n PointerToRawData: 0x0000F800\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 5.77877\n\n.data:\n VirtualSize: 0x00000C8C\n VirtualAddress: 0x00012000\n SizeOfRawData: 0x00000E00\n PointerToRawData: 0x00010800\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n Entropy: 2.30283\n\n.bss:\n VirtualSize: 0x000056BC\n VirtualAddress: 0x00013000\n SizeOfRawData: 0x00000000\n PointerToRawData: 0x00011600\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n\n.idata:\n VirtualSize: 0x00000E04\n VirtualAddress: 0x00019000\n SizeOfRawData: 0x00001000\n PointerToRawData: 0x00011600\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n Entropy: 4.59781\n\n.tls:\n VirtualSize: 0x00000008\n VirtualAddress: 0x0001A000\n SizeOfRawData: 0x00000000\n PointerToRawData: 0x00012600\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n\n.rdata:\n VirtualSize: 0x00000018\n VirtualAddress: 0x0001B000\n SizeOfRawData: 0x00000200\n PointerToRawData: 0x00012600\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 0.204488\n\n.rsrc:\n VirtualSize: 0x0000B200\n VirtualAddress: 0x0001C000\n SizeOfRawData: 0x0000B200\n PointerToRawData: 0x00012800\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 4.14272\n\n\nImports:\n--------\noleaut32.dll: SysFreeString\n SysReAllocStringLen\n SysAllocStringLen\nadvapi32.dll: RegQueryValueExW\n RegOpenKeyExW\n RegCloseKey\nuser32.dll: GetKeyboardType\n LoadStringW\n MessageBoxA\n CharNextW\nkernel32.dll: GetACP\n Sleep\n VirtualFree\n VirtualAlloc\n GetSystemInfo\n GetTickCount\n QueryPerformanceCounter\n GetVersion\n GetCurrentThreadId\n VirtualQuery\n WideCharToMultiByte\n MultiByteToWideChar\n lstrlenW\n lstrcpynW\n LoadLibraryExW\n GetThreadLocale\n GetStartupInfoA\n GetProcAddress\n GetModuleHandleW\n GetModuleFileNameW\n GetLocaleInfoW\n GetCommandLineW\n FreeLibrary\n FindFirstFileW\n FindClose\n ExitProcess\n WriteFile\n UnhandledExceptionFilter\n RtlUnwind\n RaiseException\n GetStdHandle\n CloseHandle\nkernel32.dll (#2): GetACP\n Sleep\n VirtualFree\n VirtualAlloc\n GetSystemInfo\n GetTickCount\n QueryPerformanceCounter\n GetVersion\n GetCurrentThreadId\n VirtualQuery\n WideCharToMultiByte\n MultiByteToWideChar\n lstrlenW\n lstrcpynW\n LoadLibraryExW\n GetThreadLocale\n GetStartupInfoA\n GetProcAddress\n GetModuleHandleW\n GetModuleFileNameW\n GetLocaleInfoW\n GetCommandLineW\n FreeLibrary\n FindFirstFileW\n FindClose\n ExitProcess\n WriteFile\n UnhandledExceptionFilter\n RtlUnwind\n RaiseException\n GetStdHandle\n CloseHandle\nuser32.dll (#2): GetKeyboardType\n LoadStringW\n MessageBoxA\n CharNextW\nkernel32.dll (#3): GetACP\n Sleep\n VirtualFree\n VirtualAlloc\n GetSystemInfo\n GetTickCount\n QueryPerformanceCounter\n GetVersion\n GetCurrentThreadId\n VirtualQuery\n WideCharToMultiByte\n MultiByteToWideChar\n lstrlenW\n lstrcpynW\n LoadLibraryExW\n GetThreadLocale\n GetStartupInfoA\n GetProcAddress\n GetModuleHandleW\n GetModuleFileNameW\n GetLocaleInfoW\n GetCommandLineW\n FreeLibrary\n FindFirstFileW\n FindClose\n ExitProcess\n WriteFile\n UnhandledExceptionFilter\n RtlUnwind\n RaiseException\n GetStdHandle\n CloseHandle\nadvapi32.dll (#2): RegQueryValueExW\n RegOpenKeyExW\n RegCloseKey\ncomctl32.dll: InitCommonControls\nkernel32.dll (#4): GetACP\n Sleep\n VirtualFree\n VirtualAlloc\n GetSystemInfo\n GetTickCount\n QueryPerformanceCounter\n GetVersion\n GetCurrentThreadId\n VirtualQuery\n WideCharToMultiByte\n MultiByteToWideChar\n lstrlenW\n lstrcpynW\n LoadLibraryExW\n GetThreadLocale\n GetStartupInfoA\n GetProcAddress\n GetModuleHandleW\n GetModuleFileNameW\n GetLocaleInfoW\n GetCommandLineW\n FreeLibrary\n FindFirstFileW\n FindClose\n ExitProcess\n WriteFile\n UnhandledExceptionFilter\n RtlUnwind\n RaiseException\n GetStdHandle\n CloseHandle\nadvapi32.dll (#3): RegQueryValueExW\n RegOpenKeyExW\n RegCloseKey\n\nResources:\n----------\n1:\n Type: RT_ICON\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 296\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 3.25755\n\n2:\n Type: RT_ICON\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 1384\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 3.47151\n\n3:\n Type: RT_ICON\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 744\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 3.91708\n\n4:\n Type: RT_ICON\n Language: Dutch - Netherlands\n Codepage: UNKNOWN\n Size: 2216\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 3.91366\n\n4091:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 104\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 2.56031\n\n4092:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 212\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 3.25287\n\n4093:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 164\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 3.26919\n\n4094:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 684\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 3.33268\n\n4095:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 844\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 3.34579\n\n4096:\n Type: RT_STRING\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 660\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 3.28057\n\nCHARTABLE:\n Type: RT_RCDATA\n Language: English - United States\n Codepage: UNKNOWN\n Size: 33512\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 3.5072\n\nDVCLAL:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 16\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 4\n\nPACKAGEINFO:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 336\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 5.17906\n\n11111:\n Type: RT_RCDATA\n Language: UNKNOWN\n Codepage: UNKNOWN\n Size: 44\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 4.52263\n\nMAINICON:\n Type: RT_GROUP_ICON\n Language: English - United States\n Codepage: UNKNOWN\n Size: 62\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 2.64576\n Detected Filetype: Icon file\n\n1 (#2):\n Type: RT_VERSION\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1268\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 2.75253\n\n1 (#3):\n Type: RT_MANIFEST\n Language: English - United States\n Codepage: UNKNOWN\n Size: 1580\n TimeDateStamp: 2018-Jun-14 15:27:48\n Entropy: 5.13965\n\n\nVersion Info:\n-------------\nResource LangID: English - United States\nVS_VERSION_INFO:\n Signature: 0xFEEF04BD\n StructVersion: 0x00010000\n FileVersion: 2.5.0.0\n ProductVersion: 2.5.0.0\n FileFlags: (EMPTY)\n FileOs: VOS_DOS_WINDOWS32\n VOS_NT_WINDOWS32\n VOS__WINDOWS32\n FileType: VFT_APP\n Language: UNKNOWN\n Comments: This installation was built with Inno Setup.\n CompanyName: Maël Hörz \n FileDescription: HxD Hex Editor Setup \n FileVersion (#2): 2.5 \n LegalCopyright: Copyright © 2002-2021 Maël Hörz \n ProductName: HxD Hex Editor \n ProductVersion (#2): 2.5 \n\n\nTLS Callbacks:\n--------------\nStartAddressOfRawData: 0x0041A000\nEndAddressOfRawData: 0x0041A008\nAddressOfIndex: 0x004127AC\nAddressOfCallbacks: 0x0041B010\nSizeOfZeroFill: 0x00000000\nCharacteristics: IMAGE_SCN_TYPE_REG\nCallbacks: (EMPTY)\n\nInteresting strings found in the binary:\n Contains domain names:\n http://www.jrsoftware.org\n http://www.jrsoftware.org/ishelp/index.php?topic\n jrsoftware.org\n www.jrsoftware.org\n\n[ SUSPICIOUS ] The PE is possibly packed.\n Unusual section name found: .itext\n\n[ MALICIOUS ] The PE contains functions mostly used by malware.\n [!] The program may be hiding some of its imports:\n LoadLibraryExW\n GetProcAddress\n LoadLibraryW\n Can access the registry:\n RegQueryValueExW\n RegOpenKeyExW\n RegCloseKey\n Possibly launches other programs:\n CreateProcessW\n Memory manipulation functions often used by packers:\n VirtualAlloc\n VirtualProtect\n Functions related to the privilege level:\n OpenProcessToken\n AdjustTokenPrivileges\n Can shut the system down or lock the screen:\n ExitWindowsEx\n\nThe PE's resources present abnormal characteristics.\n The binary may have been compiled on a machine in the UTC+2 timezone.\n\nThe following exploit mitigation techniques have been detected\n Stack Canary: disabled\n SafeSEH: disabled\n ASLR: enabled\n DEP: enabled\n CFG: disabled\n\n[ SUSPICIOUS ] The file contains overlay data.\n 3323613 bytes of data starting at offset 0x1da00.\n The overlay data has an entropy of 7.9999 and is possibly compressed or encrypted.\n Overlay data amounts for 96.4776% of the executable.\n\n\n\n[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.\n[!] Error: [Yara compiler] yara_rules/clamav.yara (999960) : syntax error, unexpected '{', expecting text string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (1089890) : syntax error, unexpected string identifier, expecting '}'\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2064551) : unreferenced string \"$a7\"\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2510733) : invalid hex string \"$a0\": uneven number of digits in hex string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2597376) : invalid hex string \"$a5\": syntax error\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2983072) : invalid hex string \"$a0\": invalid character in hex string\n[!] Error: Could not compile yara rules (6 error(s)).\n[!] Error: ClamAV rules haven't been generated yet!\n[!] Error: Please run yara_rules/update_clamav_signatures.py to create them, and refer to the documentation for additional information.\n","json_output":{"Summary":{"architecture":"IMAGE_FILE_MACHINE_I386","subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","compilation_date":"2018-Jun-14 13:27:46","detected_languages":["Dutch - Netherlands","English - United States"],"comments":"This installation was built with Inno Setup.","company_name":"Maël Hörz","file_description":"HxD Hex Editor Setup","file_version":"2.5","legal_copyright":"Copyright © 2002-2021 Maël Hörz","product_name":"HxD Hex Editor","product_version":"2.5"},"DOS Header":{"e_magic":"MZ","e_cblp":"0x0050","e_cp":"0x0002","e_crlc":"0x0000","e_cparhdr":"0x0004","e_minalloc":"0x000F","e_maxalloc":"0xFFFF","e_ss":"0x0000","e_sp":"0x00B8","e_csum":"0x0000","e_ip":"0x0000","e_cs":"0x0000","e_ovno":"0x001A","e_oemid":"0x0000","e_oeminfo":"0x0000","e_lfanew":"0x00000100"},"PE Header":{"Signature":"PE","Machine":"IMAGE_FILE_MACHINE_I386","NumberofSections":8,"TimeDateStamp":"2018-Jun-14 13:27:46","PointerToSymbolTable":"0x00000000","NumberOfSymbols":0,"SizeOfOptionalHeader":"0x00E0","Characteristics":["IMAGE_FILE_32BIT_MACHINE","IMAGE_FILE_BYTES_REVERSED_HI","IMAGE_FILE_BYTES_REVERSED_LO","IMAGE_FILE_EXECUTABLE_IMAGE","IMAGE_FILE_LINE_NUMS_STRIPPED","IMAGE_FILE_LOCAL_SYMS_STRIPPED","IMAGE_FILE_RELOCS_STRIPPED"]},"Image Optional Header":{"Magic":"PE32","LinkerVersion":"2.0","SizeOfCode":"0x00010400","SizeOfInitializedData":"0x0000D200","SizeOfUninitializedData":"0x00000000","AddressOfEntryPoint":"0x0001181C","BaseOfCode":"0x00001000","BaseOfData":"0x00012000","ImageBase":"0x00400000","SectionAlignment":"0x00001000","FileAlignment":"0x00000200","OperatingSystemVersion":"5.0","ImageVersion":"6.0","SubsystemVersion":"5.0","Win32VersionValue":"0","SizeOfImage":"0x00028000","SizeOfHeaders":"0x00000400","Checksum":"0x00000000","Subsystem":"IMAGE_SUBSYSTEM_WINDOWS_GUI","DllCharacteristics":["IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE","IMAGE_DLLCHARACTERISTICS_NX_COMPAT","IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE"],"SizeofStackReserve":"0x00100000","SizeofStackCommit":"0x00004000","SizeofHeapReserve":"0x00100000","SizeofHeapCommit":"0x00001000","LoaderFlags":"0x00000000","NumberOfRvaAndSizes":"16"},"Sections":{"sections":[{"name":".text","VirtualSize":"0x0000F25C","VirtualAddress":"0x00001000","SizeOfRawData":"0x0000F400","PointerToRawData":"0x00000400","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"Entropy":6.37588},{"name":".itext","VirtualSize":"0x00000FA4","VirtualAddress":"0x00011000","SizeOfRawData":"0x00001000","PointerToRawData":"0x0000F800","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_CODE","IMAGE_SCN_MEM_EXECUTE","IMAGE_SCN_MEM_READ"],"Entropy":5.77877},{"name":".data","VirtualSize":"0x00000C8C","VirtualAddress":"0x00012000","SizeOfRawData":"0x00000E00","PointerToRawData":"0x00010800","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"],"Entropy":2.30283},{"name":".bss","VirtualSize":"0x000056BC","VirtualAddress":"0x00013000","SizeOfRawData":"0x00000000","PointerToRawData":"0x00011600","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"]},{"name":".idata","VirtualSize":"0x00000E04","VirtualAddress":"0x00019000","SizeOfRawData":"0x00001000","PointerToRawData":"0x00011600","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"],"Entropy":4.59781},{"name":".tls","VirtualSize":"0x00000008","VirtualAddress":"0x0001A000","SizeOfRawData":"0x00000000","PointerToRawData":"0x00012600","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_MEM_READ","IMAGE_SCN_MEM_WRITE"]},{"name":".rdata","VirtualSize":"0x00000018","VirtualAddress":"0x0001B000","SizeOfRawData":"0x00000200","PointerToRawData":"0x00012600","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"Entropy":0.204488},{"name":".rsrc","VirtualSize":"0x0000B200","VirtualAddress":"0x0001C000","SizeOfRawData":"0x0000B200","PointerToRawData":"0x00012800","PointerToRelocations":"0x00000000","PointerToLineNumbers":"0x00000000","NumberOfLineNumbers":0,"NumberOfRelocations":0,"Characteristics":["IMAGE_SCN_CNT_INITIALIZED_DATA","IMAGE_SCN_MEM_READ"],"Entropy":4.14272}]},"Imports":{"entities":{"functions":{"oleaut32.dll":["SysFreeString","SysReAllocStringLen","SysAllocStringLen"],"advapi32.dll":["RegQueryValueExW","RegOpenKeyExW","RegCloseKey"],"user32.dll":["GetKeyboardType","LoadStringW","MessageBoxA","CharNextW"],"kernel32.dll":["GetACP","Sleep","VirtualFree","VirtualAlloc","GetSystemInfo","GetTickCount","QueryPerformanceCounter","GetVersion","GetCurrentThreadId","VirtualQuery","WideCharToMultiByte","MultiByteToWideChar","lstrlenW","lstrcpynW","LoadLibraryExW","GetThreadLocale","GetStartupInfoA","GetProcAddress","GetModuleHandleW","GetModuleFileNameW","GetLocaleInfoW","GetCommandLineW","FreeLibrary","FindFirstFileW","FindClose","ExitProcess","WriteFile","UnhandledExceptionFilter","RtlUnwind","RaiseException","GetStdHandle","CloseHandle"],"comctl32.dll":["InitCommonControls"]},"resources":[{"id":1,"type":"RT_ICON","language":"Dutch - Netherlands","size":296,"entropy":3.25755},{"id":2,"type":"RT_ICON","language":"Dutch - Netherlands","size":1384,"entropy":3.47151},{"id":3,"type":"RT_ICON","language":"Dutch - Netherlands","size":744,"entropy":3.91708},{"id":4,"type":"RT_ICON","language":"Dutch - Netherlands","size":2216,"entropy":3.91366},{"id":4091,"type":"RT_STRING","language":"UNKNOWN","size":104,"entropy":2.56031},{"id":4092,"type":"RT_STRING","language":"UNKNOWN","size":212,"entropy":3.25287},{"id":4093,"type":"RT_STRING","language":"UNKNOWN","size":164,"entropy":3.26919},{"id":4094,"type":"RT_STRING","language":"UNKNOWN","size":684,"entropy":3.33268},{"id":4095,"type":"RT_STRING","language":"UNKNOWN","size":844,"entropy":3.34579},{"id":4096,"type":"RT_STRING","language":"UNKNOWN","size":660,"entropy":3.28057},{"id":"CHARTABLE","type":"RT_RCDATA","language":"English - United States","size":33512,"entropy":3.5072},{"id":"DVCLAL","type":"RT_RCDATA","language":"UNKNOWN","size":16,"entropy":4},{"id":"PACKAGEINFO","type":"RT_RCDATA","language":"UNKNOWN","size":336,"entropy":5.17906},{"id":11111,"type":"RT_RCDATA","language":"UNKNOWN","size":44,"entropy":4.52263},{"id":"MAINICON","type":"RT_GROUP_ICON","language":"English - United States","size":62,"entropy":2.64576,"detected_filetype":"Icon file"},{"id":"1 (#2)","type":"RT_VERSION","language":"English - United States","size":1268,"entropy":2.75253},{"id":"1 (#3)","type":"RT_MANIFEST","language":"English - United States","size":1580,"entropy":5.13965}],"version_info":{"resource_langid":"English - United States","signature":"0xFEEF04BD","struct_version":"0x00010000","file_version":"2.5.0.0","product_version":"2.5.0.0","file_flags":"(EMPTY)","file_os":["VOS_DOS_WINDOWS32","VOS_NT_WINDOWS32","VOS__WINDOWS32"],"file_type":"VFT_APP","language":"UNKNOWN","comments":"This installation was built with Inno Setup.","company_name":"Maël Hörz","file_description":"HxD Hex Editor Setup","legal_copyright":"Copyright © 2002-2021 Maël Hörz","product_name":"HxD Hex Editor","file_version_text":"2.5","product_version_text":"2.5"},"tls_callbacks":{"start_address_of_raw_data":"0x0041A000","end_address_of_raw_data":"0x0041A008","address_of_index":"0x004127AC","address_of_callbacks":"0x0041B010","size_of_zero_fill":"0x00000000","characteristics":"IMAGE_SCN_TYPE_REG","callbacks":"(EMPTY)"},"strings":{"domain_names":["http://www.jrsoftware.org","http://www.jrsoftware.org/ishelp/index.php?topic","jrsoftware.org","www.jrsoftware.org"]},"mitigations":{"stack_canary":"disabled","safe_seh":"disabled","aslr":"enabled","dep":"enabled","cfg":"disabled"},"overlay":{"size":3323613,"offset":"0x1da00","entropy":7.9999,"description":"possibly compressed or encrypted"}}},"Exports":{},"Resources":{"entities":[{"id":"1","type":"RT_ICON","language":"Dutch - Netherlands","codepage":"UNKNOWN","size":296,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":3.25755},{"id":"2","type":"RT_ICON","language":"Dutch - Netherlands","codepage":"UNKNOWN","size":1384,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":3.47151},{"id":"3","type":"RT_ICON","language":"Dutch - Netherlands","codepage":"UNKNOWN","size":744,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":3.91708},{"id":"4","type":"RT_ICON","language":"Dutch - Netherlands","codepage":"UNKNOWN","size":2216,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":3.91366},{"id":"4091","type":"RT_STRING","language":"UNKNOWN","codepage":"UNKNOWN","size":104,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":2.56031},{"id":"4092","type":"RT_STRING","language":"UNKNOWN","codepage":"UNKNOWN","size":212,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":3.25287},{"id":"4093","type":"RT_STRING","language":"UNKNOWN","codepage":"UNKNOWN","size":164,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":3.26919},{"id":"4094","type":"RT_STRING","language":"UNKNOWN","codepage":"UNKNOWN","size":684,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":3.33268},{"id":"4095","type":"RT_STRING","language":"UNKNOWN","codepage":"UNKNOWN","size":844,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":3.34579},{"id":"4096","type":"RT_STRING","language":"UNKNOWN","codepage":"UNKNOWN","size":660,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":3.28057},{"id":"CHARTABLE","type":"RT_RCDATA","language":"English - United States","codepage":"UNKNOWN","size":33512,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":3.5072},{"id":"DVCLAL","type":"RT_RCDATA","language":"UNKNOWN","codepage":"UNKNOWN","size":16,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":4},{"id":"PACKAGEINFO","type":"RT_RCDATA","language":"UNKNOWN","codepage":"UNKNOWN","size":336,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":5.17906},{"id":"11111","type":"RT_RCDATA","language":"UNKNOWN","codepage":"UNKNOWN","size":44,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":4.52263},{"id":"MAINICON","type":"RT_GROUP_ICON","language":"English - United States","codepage":"UNKNOWN","size":62,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":2.64576,"detected_filetype":"Icon file"},{"id":"1 (#2)","type":"RT_VERSION","language":"English - United States","codepage":"UNKNOWN","size":1268,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":2.75253},{"id":"1 (#3)","type":"RT_MANIFEST","language":"English - United States","codepage":"UNKNOWN","size":1580,"time_date_stamp":"2018-Jun-14 15:27:48","entropy":5.13965}],"version_info":{"resource_lang_id":"English - United States","signature":"0xFEEF04BD","struct_version":"0x00010000","file_version":"2.5.0.0","product_version":"2.5.0.0","file_flags":"(EMPTY)","file_os":["VOS_DOS_WINDOWS32","VOS_NT_WINDOWS32","VOS__WINDOWS32"],"file_type":"VFT_APP","language":"UNKNOWN","comments":"This installation was built with Inno Setup.","company_name":"Maël Hörz","file_description":"HxD Hex Editor Setup","file_version_text":"2.5","legal_copyright":"Copyright © 2002-2021 Maël Hörz","product_name":"HxD Hex Editor","product_version_text":"2.5"},"tls_callbacks":{"start_address_of_raw_data":"0x0041A000","end_address_of_raw_data":"0x0041A008","address_of_index":"0x004127AC","address_of_callbacks":"0x0041B010","size_of_zero_fill":"0x00000000","characteristics":"IMAGE_SCN_TYPE_REG","callbacks":"(EMPTY)"},"interesting_strings":{"domain_names":["http://www.jrsoftware.org","http://www.jrsoftware.org/ishelp/index.php?topic","jrsoftware.org","www.jrsoftware.org"]},"suspicious_indicators":["The PE is possibly packed. Unusual section name found: .itext","The file contains overlay data. 3323613 bytes of data starting at offset 0x1da00. The overlay data has an entropy of 7.9999 and is possibly compressed or encrypted. Overlay data amounts for 96.4776% of the executable."],"malicious_indicators":["The PE contains functions mostly used by malware.","The program may be hiding some of its imports: LoadLibraryExW, GetProcAddress, LoadLibraryW","Can access the registry: RegQueryValueExW, RegOpenKeyExW, RegCloseKey","Possibly launches other programs: CreateProcessW","Memory manipulation functions often used by packers: VirtualAlloc, VirtualProtect","Functions related to the privilege level: OpenProcessToken, AdjustTokenPrivileges","Can shut the system down or lock the screen: ExitWindowsEx"],"exploit_mitigation_techniques":{"stack_canary":"disabled","safe_seh":"disabled","aslr":"enabled","dep":"enabled","cfg":"disabled"},"additional_info":{"binary_compiled_utc_plus_2":true}},"Debug Info":{},"Load Configuration":{},"RICH Header":{},"Interesting strings found in the binary":{"domains":["http://www.jrsoftware.org","http://www.jrsoftware.org/ishelp/index.php?topic","jrsoftware.org","www.jrsoftware.org"],"suspicious_indicators":["PE is possibly packed","Unusual section name found: .itext","File contains overlay data","Overlay data entropy: 7.9999","Overlay data size: 3323613 bytes","Overlay data percentage: 96.4776%"],"malicious_indicators":["Program may be hiding imports","Can access the registry","Possibly launches other programs","Memory manipulation functions used","Functions related to privilege level","Can shut down or lock the system"],"hidden_imports":["LoadLibraryExW","GetProcAddress","LoadLibraryW"],"registry_functions":["RegQueryValueExW","RegOpenKeyExW","RegCloseKey"],"process_functions":["CreateProcessW"],"memory_functions":["VirtualAlloc","VirtualProtect"],"privilege_functions":["OpenProcessToken","AdjustTokenPrivileges"],"system_functions":["ExitWindowsEx"],"mitigation_techniques":{"Stack Canary":"disabled","SafeSEH":"disabled","ASLR":"enabled","DEP":"enabled","CFG":"disabled"},"resource_info":{"timezone":"UTC+2"}},"file_path":"/home/apogean/projects/malware/windows/all_runs/HxDSetup-019e5534-ae66-7590-befd-f3c55a2b3e38.exe"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_vwvcx7km/output.txt"},"timestamp":"2026-05-23 19:58:53"},{"_id":{"$oid":"6a131b4032de6bb6782baac2"},"sha256":"a14055e8b09fd980e82a3eb551fe7ca60018b5486d46e462fda29ee88f252ca0","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /home/apogean/projects/malware/windows/all_runs/BrowsingHistoryView-019e5a9f39047902b64b76f6e25fc509.exe\nDate: 2026-05-24 21:07:35\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n-------------------------------------------------------------------------------\n/home/apogean/projects/malware/windows/all_runs/BrowsingHistoryView-019e5a9f39047902b64b76f6e25fc509.exe\n-------------------------------------------------------------------------------\n\nSummary:\n--------\nArchitecture: IMAGE_FILE_MACHINE_I386\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nCompilation Date: 2025-Mar-26 10:28:47\nDetected languages: English - United States\n Hebrew - Israel\nCompanyName: NirSoft\nFileDescription: Web Browser History Viewer\nFileVersion: 2.60\nLegalCopyright: Copyright © 2012 - 2025 Nir Sofer\nOriginalFilename: BrowsingHistoryView.exe\nProductName: BrowsingHistoryView\nProductVersion: 2.60\n\nDOS Header:\n-----------\ne_magic: MZ\ne_cblp: 0x0090\ne_cp: 0x0003\ne_crlc: 0x0000\ne_cparhdr: 0x0004\ne_minalloc: 0x0000\ne_maxalloc: 0xFFFF\ne_ss: 0x0000\ne_sp: 0x00B8\ne_csum: 0x0000\ne_ip: 0x0000\ne_cs: 0x0000\ne_ovno: 0x0000\ne_oemid: 0x0000\ne_oeminfo: 0x0000\ne_lfanew: 0x000000F8\n\nPE Header:\n----------\nSignature: PE\nMachine: IMAGE_FILE_MACHINE_I386\nNumberofSections: 4\nTimeDateStamp: 2025-Mar-26 10:28:47\nPointerToSymbolTable: 0x00000000\nNumberOfSymbols: 0\nSizeOfOptionalHeader: 0x00E0\nCharacteristics: IMAGE_FILE_32BIT_MACHINE\n IMAGE_FILE_EXECUTABLE_IMAGE\n IMAGE_FILE_RELOCS_STRIPPED\n\nImage Optional Header:\n----------------------\nMagic: PE32\nLinkerVersion: 8.0\nSizeOfCode: 0x00089000\nSizeOfInitializedData: 0x00018400\nSizeOfUninitializedData: 0x00000000\nAddressOfEntryPoint: 0x0000193E (Section: .text)\nBaseOfCode: 0x00001000\nBaseOfData: 0x0008A000\nImageBase: 0x00400000\nSectionAlignment: 0x00001000\nFileAlignment: 0x00000200\nOperatingSystemVersion: 4.0\nImageVersion: 0.0\nSubsystemVersion: 4.0\nWin32VersionValue: 0\nSizeOfImage: 0x000A5000\nSizeOfHeaders: 0x00000400\nChecksum: 0x000A9703\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nSizeofStackReserve: 0x00100000\nSizeofStackCommit: 0x00001000\nSizeofHeapReserve: 0x00100000\nSizeofHeapCommit: 0x00001000\nLoaderFlags: 0x00000000\nNumberOfRvaAndSizes: 16\n\nSections:\n---------\n.text:\n VirtualSize: 0x00088EEB\n VirtualAddress: 0x00001000\n SizeOfRawData: 0x00089000\n PointerToRawData: 0x00000400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 6.57183\n\n.rdata:\n VirtualSize: 0x0000BA16\n VirtualAddress: 0x0008A000\n SizeOfRawData: 0x0000BC00\n PointerToRawData: 0x00089400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 5.79085\n\n.data:\n VirtualSize: 0x00002BE8\n VirtualAddress: 0x00096000\n SizeOfRawData: 0x00001200\n PointerToRawData: 0x00095000\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n Entropy: 3.37625\n\n.rsrc:\n VirtualSize: 0x0000B50C\n VirtualAddress: 0x00099000\n SizeOfRawData: 0x0000B600\n PointerToRawData: 0x00096200\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 5.39067\n\n\nImports:\n--------\nCOMCTL32.dll: CreateToolbarEx\n CreateStatusWindowW\n ImageList_SetImageCount\n ImageList_AddMasked\n ImageList_Add\n #17\n ImageList_Create\n ImageList_ReplaceIcon\nVERSION.dll: GetFileVersionInfoSizeW\n VerQueryValueW\n GetFileVersionInfoW\nmsvcrt.dll: strftime\n qsort\n _wcslwr\n _itow\n strchr\n _endthreadex\n memmove\n modf\n wcstoul\n _memicmp\n free\n _msize\n _beginthreadex\n _gmtime64\n realloc\n _wcsnicmp\n __dllonexit\n wcsrchr\n malloc\n ??3@YAXPAX@Z\n ??2@YAPAXI@Z\n _purecall\n _ultow\n sprintf\n _wcsupr\n _wtoi\n _wcsicmp\n wcschr\n wcsncat\n _snwprintf\n _onexit\n _c_exit\n _exit\n _XcptFilter\n _cexit\n exit\n _wcmdln\n __wgetmainargs\n _initterm\n __setusermatherr\n _adjust_fdiv\n __p__commode\n __p__fmode\n memcpy\n _except_handler3\n _controlfp\n __set_app_type\n memset\nWININET.dll: FindFirstUrlCacheEntryW\n FindCloseUrlCache\n FindNextUrlCacheEntryW\nKERNEL32.dll: GetStartupInfoW\n GetModuleHandleA\n HeapSize\n DeleteCriticalSection\n InitializeCriticalSection\n SetEndOfFile\n GetFileAttributesExW\n FormatMessageA\n TryEnterCriticalSection\n FlushFileBuffers\n GetProcessHeap\n UnlockFileEx\n OutputDebugStringW\n SystemTimeToFileTime\n FileTimeToSystemTime\n GetFileSize\n CloseHandle\n GetSystemTimeAsFileTime\n ExpandEnvironmentStringsW\n CompareFileTime\n CopyFileW\n CreateFileW\n DeleteFileW\n FreeLibrary\n GetModuleHandleW\n LoadLibraryW\n GetProcAddress\n GetTickCount\n SetFilePointerEx\n GetLastError\n MultiByteToWideChar\n lstrcpyW\n LockResource\n ReadFile\n LocalFileTimeToFileTime\n FindFirstFileW\n GetModuleFileNameW\n SetFilePointer\n lstrlenW\n WriteFile\n GlobalUnlock\n GetTempPathW\n GlobalAlloc\n FindResourceW\n GetSystemDirectoryW\n LoadResource\n WideCharToMultiByte\n FindNextFileW\n LoadLibraryExW\n SizeofResource\n FindClose\n FormatMessageW\n GetWindowsDirectoryW\n GlobalLock\n GetVersionExW\n FileTimeToLocalFileTime\n LocalFree\n GetDateFormatW\n GetTimeFormatW\n GetTempFileNameW\n GetFileAttributesW\n DosDateTimeToFileTime\n CreateFileMappingW\n OpenProcess\n DuplicateHandle\n GetCurrentProcessId\n MapViewOfFile\n UnmapViewOfFile\n GetDriveTypeW\n GetCurrentProcess\n GetPrivateProfileStringW\n WritePrivateProfileStringW\n GetPrivateProfileIntW\n EnumResourceNamesW\n GetStdHandle\n GetCurrentDirectoryW\n SetErrorMode\n ExitProcess\n ReadProcessMemory\n Process32NextW\n CreateToolhelp32Snapshot\n Process32FirstW\n EnumResourceTypesW\n GetCurrentThreadId\n HeapAlloc\n OutputDebugStringA\n GetVersionExA\n LockFileEx\n Sleep\n EnterCriticalSection\n QueryPerformanceCounter\n GetDiskFreeSpaceW\n HeapDestroy\n HeapFree\n GetFullPathNameW\n LeaveCriticalSection\n GetTempPathA\n GetFileAttributesA\n GetFullPathNameA\n WaitForSingleObject\n CreateFileMappingA\n GetSystemTime\n HeapCreate\n AreFileApisANSI\n InterlockedCompareExchange\n DeleteFileA\n HeapValidate\n UnlockFile\n HeapReAlloc\n FlushViewOfFile\n CreateFileA\n GetDiskFreeSpaceA\n LockFile\n WaitForSingleObjectEx\n CreateMutexW\n GetSystemInfo\n HeapCompact\nUSER32.dll: CreatePopupMenu\n ReleaseDC\n SetCursor\n LoadCursorW\n GetSysColorBrush\n ShowWindow\n ChildWindowFromPoint\n GetDC\n SetDlgItemTextW\n GetDlgItemTextW\n GetSystemMetrics\n GetWindowRect\n GetWindowPlacement\n GetDlgItemInt\n DeferWindowPos\n SetDlgItemInt\n SetWindowPlacement\n CreateWindowExW\n BeginPaint\n EndPaint\n GetWindow\n GetClientRect\n SendDlgItemMessageW\n DrawFrameControl\n EndDialog\n SetWindowLongW\n GetDlgItem\n SetWindowTextW\n UpdateWindow\n SendMessageW\n InvalidateRect\n SetMenu\n SetWindowPos\n LoadAcceleratorsW\n DefWindowProcW\n PostMessageW\n RegisterClassW\n MessageBoxW\n TranslateAcceleratorW\n LoadImageW\n LoadIconW\n GetSysColor\n GetWindowLongW\n EndDeferWindowPos\n BeginDeferWindowPos\n SetFocus\n GetParent\n GetFocus\n KillTimer\n SetTimer\n OpenClipboard\n CloseClipboard\n EmptyClipboard\n SetClipboardData\n CheckMenuItem\n GetCursorPos\n GetSubMenu\n GetMenu\n EnableWindow\n MapWindowPoints\n InsertMenuItemW\n FillRect\n EnableMenuItem\n GetClassNameW\n GetMenuStringW\n ScreenToClient\n MoveWindow\n GetMenuItemCount\n CheckMenuRadioItem\n EnumChildWindows\n DestroyWindow\n LoadStringW\n GetDesktopWindow\n GetWindowTextW\n LoadMenuW\n ModifyMenuW\n GetMenuItemInfoW\n GetDlgCtrlID\n DestroyMenu\n DialogBoxParamW\n CreateDialogParamW\n GetKeyState\n SetMenuItemInfoW\n RegisterWindowMessageW\n TrackPopupMenu\n PostQuitMessage\n GetMessageW\n DrawTextExW\n DispatchMessageW\n InsertMenuW\n RemoveMenu\n IsDialogMessageW\n TranslateMessage\n PeekMessageW\n GetMonitorInfoW\n MonitorFromWindow\n ReleaseCapture\n SetCapture\nGDI32.dll: SetBkColor\n GetTextExtentPoint32W\n SetStretchBltMode\n CreateSolidBrush\n StretchBlt\n PatBlt\n GetStockObject\n SetPixel\n GetObjectW\n GetPixel\n SetDIBits\n DeleteDC\n SelectObject\n CreateCompatibleDC\n CreateCompatibleBitmap\n DeleteObject\n SetTextColor\n CreateFontIndirectW\n GetDeviceCaps\n SetBkMode\ncomdlg32.dll: FindTextW\n GetSaveFileNameW\n GetOpenFileNameW\n ChooseFontW\nADVAPI32.dll: RegOpenKeyExW\n RegCloseKey\n RegSetValueExW\n RegQueryValueExW\n RegDeleteValueW\nSHELL32.dll: ShellExecuteW\n SHGetFileInfoW\n SHGetPathFromIDListW\n SHGetMalloc\n SHBrowseForFolderW\nole32.dll: CoUninitialize\n CoCreateInstance\n CoInitialize\nOLEAUT32.dll: SysAllocString\n SysFreeString\n\nResources:\n----------\n1:\n Type: RT_CURSOR\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 308\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.77748\n\n2:\n Type: RT_CURSOR\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 308\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.27305\n\n111:\n Type: RT_BITMAP\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 7720\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.19556\n\n133:\n Type: RT_BITMAP\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 216\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.40854\n\n134:\n Type: RT_BITMAP\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 216\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.44509\n\n3:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 4264\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 6.28929\n\n4:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 6.63268\n\n5:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.732\n\n6:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 6.05338\n\n7:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 6.60488\n\n8:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.59465\n\n9:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.03789\n\n10:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.53675\n\n11:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 6.04518\n\n12:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.78929\n\n13:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.23257\n\n14:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 6.37777\n\n15:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.20672\n\n16:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1128\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.74254\n\n102:\n Type: RT_MENU\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 1840\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.46766\n\n104:\n Type: RT_MENU\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 640\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.28652\n\n110:\n Type: RT_MENU\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 18\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.05583\n\n105:\n Type: RT_DIALOG\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 188\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.88349\n\n107:\n Type: RT_DIALOG\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 662\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.38237\n\n109:\n Type: RT_DIALOG\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 3052\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.53493\n\n112:\n Type: RT_DIALOG\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 250\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.09378\n\n113:\n Type: RT_DIALOG\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1150\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.52003\n\n114:\n Type: RT_DIALOG\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 248\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.00572\n\n1096:\n Type: RT_DIALOG\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 822\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.54616\n\n1 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 522\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.2537\n\n32:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 280\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.03744\n\n38:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 208\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.09029\n\n39:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 236\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.32896\n\n44:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 258\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.75952\n\n45:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 500\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.03585\n\n47:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 68\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 1.88341\n\n48:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 492\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.08588\n\n49:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 160\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.53036\n\n51:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 800\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.1455\n\n57:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 266\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.31291\n\n58:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 176\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.04003\n\n63:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 160\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.97371\n\n64:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 194\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.16434\n\n103:\n Type: RT_ACCELERATOR\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 104\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.07271\n\n103 (#2):\n Type: RT_GROUP_CURSOR\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 1.83876\n Detected Filetype: Cursor file\n\n113 (#2):\n Type: RT_GROUP_CURSOR\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 1.91924\n Detected Filetype: Cursor file\n\n101:\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 34\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.30604\n Detected Filetype: Icon file\n\n102 (#2):\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.0815\n Detected Filetype: Icon file\n\n103 (#3):\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.0815\n Detected Filetype: Icon file\n\n104 (#2):\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.0815\n Detected Filetype: Icon file\n\n105 (#2):\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.0815\n Detected Filetype: Icon file\n\n106:\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.0815\n Detected Filetype: Icon file\n\n107 (#2):\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.0815\n Detected Filetype: Icon file\n\n114 (#2):\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.0815\n Detected Filetype: Icon file\n\n115:\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.0815\n Detected Filetype: Icon file\n\n116:\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.0815\n Detected Filetype: Icon file\n\n117:\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.0815\n Detected Filetype: Icon file\n\n118:\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.0815\n Detected Filetype: Icon file\n\n119:\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 1.94375\n Detected Filetype: Icon file\n\n1 (#3):\n Type: RT_VERSION\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 720\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.40921\n\n1 (#4):\n Type: RT_MANIFEST\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 1093\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.40431\n\n\nVersion Info:\n-------------\nResource LangID: Hebrew - Israel\nVS_VERSION_INFO:\n Signature: 0xFEEF04BD\n StructVersion: 0x00010000\n FileVersion: 2.6.0.34\n ProductVersion: 2.6.0.34\n FileFlags: (EMPTY)\n FileOs: VOS_DOS_WINDOWS32\n VOS_NT\n VOS_NT_WINDOWS32\n VOS_WINCE\n VOS__WINDOWS32\n FileType: VFT_APP\n Language: English - United States\n CompanyName: NirSoft\n FileDescription: Web Browser History Viewer\n FileVersion (#2): 2.60\n LegalCopyright: Copyright © 2012 - 2025 Nir Sofer\n OriginalFilename: BrowsingHistoryView.exe\n ProductName: BrowsingHistoryView\n ProductVersion (#2): 2.60\n\n\nRICH Header:\n------------\nXOR Key: 0xBB3AD956\nUnmarked objects: 0\nC objects (VS2003 (.NET) build 4035): 3\nASM objects (9210): 12\nC objects (9178): 11\nImports (9210): 2\nImports (VS2003 (.NET) build 4035): 23\nTotal imports: 364\n114 (VS2012 build 50727 / VS2005 build 50727): 45\nResource objects (VS2012 build 50727 / VS2005 build 50727): 1\nLinker (VS2012 build 50727 / VS2005 build 50727): 1\n\nMatching compiler(s):\n Microsoft Visual C++ 6.0 - 8.0\n Microsoft Visual C++\n Microsoft Visual C++ v6.0\n\n[ SUSPICIOUS ] Strings found in the binary may indicate undesirable behavior:\n Contains references to internet browsers:\n firefox.exe\n Contains domain names:\n http://www.nirsoft.net\n http://www.nirsoft.net/\n nirsoft.net\n www.nirsoft.net\n\n[ SUSPICIOUS ] The PE contains functions most legitimate programs don't use.\n [!] The program may be hiding some of its imports:\n LoadLibraryW\n GetProcAddress\n LoadLibraryExW\n Functions which can be used for anti-debugging purposes:\n CreateToolhelp32Snapshot\n Can access the registry:\n RegOpenKeyExW\n RegCloseKey\n RegSetValueExW\n RegQueryValueExW\n RegDeleteValueW\n Possibly launches other programs:\n ShellExecuteW\n Can create temporary files:\n CreateFileW\n GetTempPathW\n GetTempPathA\n CreateFileA\n Enumerates local disk drives:\n GetDriveTypeW\n Manipulates other processes:\n OpenProcess\n ReadProcessMemory\n Process32NextW\n Process32FirstW\n Can take screenshots:\n GetDC\n CreateCompatibleDC\n\nThe following exploit mitigation techniques have been detected\n Stack Canary: disabled\n SafeSEH: disabled\n ASLR: disabled\n DEP: disabled\n CFG: disabled\n\n\n\n[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.\n[!] Error: [Yara compiler] yara_rules/clamav.yara (999960) : syntax error, unexpected '{', expecting text string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (1089890) : syntax error, unexpected string identifier, expecting '}'\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2064551) : unreferenced string \"$a7\"\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2510733) : invalid hex string \"$a0\": uneven number of digits in hex string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2597376) : invalid hex string \"$a5\": syntax error\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2983072) : invalid hex string \"$a0\": invalid character in hex string\n[!] Error: Could not compile yara rules (6 error(s)).\n[!] Error: ClamAV rules haven't been generated yet!\n[!] Error: Please run yara_rules/update_clamav_signatures.py to create them, and refer to the documentation for additional information.\n","json_output":{"Summary":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"DOS Header":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"PE Header":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Image Optional Header":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Sections":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Imports":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Exports":{},"Resources":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Debug Info":{},"Load Configuration":{},"RICH Header":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Interesting strings found in the binary":{},"file_path":"/home/apogean/projects/malware/windows/all_runs/BrowsingHistoryView-019e5a9f39047902b64b76f6e25fc509.exe"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_vdphkyja/output.txt"},"timestamp":"2026-05-24 21:07:36"},{"_id":{"$oid":"6a13e5be32de6bb6782baac7"},"sha256":"637175bedfe6852886341e15c4d48241d7a58083a45272df0aac35469c653f6f","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /tmp/sdm_unpack_k1vcrp4_/WirelessNetView-019e5db7803a7fb0825cc53140c34d58.exe_637175bedfe6/001_upx_unpacked.exe\nDate: 2026-05-25 11:31:33\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n-------------------------------------------------------------------------------\n/tmp/sdm_unpack_k1vcrp4_/WirelessNetView-019e5db7803a7fb0825cc53140c34d58.exe_637175bedfe6/001_upx_unpacked.exe\n-------------------------------------------------------------------------------\n\nSummary:\n--------\nArchitecture: IMAGE_FILE_MACHINE_I386\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nCompilation Date: 2017-Oct-03 11:43:56\nDetected languages: English - United States\n Hebrew - Israel\nCompanyName: NirSoft\nFileDescription: WirelessNetView\nFileVersion: 1.75\nInternalName: WirelessNetView\nLegalCopyright: Copyright © 2008 - 2017 Nir Sofer\nOriginalFilename: WirelessNetView.exe\nProductName: WirelessNetView\nProductVersion: 1.75\n\nDOS Header:\n-----------\ne_magic: MZ\ne_cblp: 0x0090\ne_cp: 0x0003\ne_crlc: 0x0000\ne_cparhdr: 0x0004\ne_minalloc: 0x0000\ne_maxalloc: 0xFFFF\ne_ss: 0x0000\ne_sp: 0x00B8\ne_csum: 0x0000\ne_ip: 0x0000\ne_cs: 0x0000\ne_ovno: 0x0000\ne_oemid: 0x0000\ne_oeminfo: 0x0000\ne_lfanew: 0x000000E8\n\nPE Header:\n----------\nSignature: PE\nMachine: IMAGE_FILE_MACHINE_I386\nNumberofSections: 4\nTimeDateStamp: 2017-Oct-03 11:43:56\nPointerToSymbolTable: 0x00000000\nNumberOfSymbols: 0\nSizeOfOptionalHeader: 0x00E0\nCharacteristics: IMAGE_FILE_32BIT_MACHINE\n IMAGE_FILE_EXECUTABLE_IMAGE\n IMAGE_FILE_RELOCS_STRIPPED\n\nImage Optional Header:\n----------------------\nMagic: PE32\nLinkerVersion: 8.0\nSizeOfCode: 0x0000C800\nSizeOfInitializedData: 0x00007E00\nSizeOfUninitializedData: 0x00000000\nAddressOfEntryPoint: 0x0000D3D0 (Section: .text)\nBaseOfCode: 0x00001000\nBaseOfData: 0x0000E000\nImageBase: 0x00400000\nSectionAlignment: 0x00001000\nFileAlignment: 0x00000200\nOperatingSystemVersion: 4.0\nImageVersion: 0.0\nSubsystemVersion: 4.0\nWin32VersionValue: 0\nSizeOfImage: 0x00018000\nSizeOfHeaders: 0x00000400\nChecksum: 0x00000000\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nSizeofStackReserve: 0x00100000\nSizeofStackCommit: 0x00001000\nSizeofHeapReserve: 0x00100000\nSizeofHeapCommit: 0x00001000\nLoaderFlags: 0x00000000\nNumberOfRvaAndSizes: 16\n\nSections:\n---------\n.text:\n VirtualSize: 0x0000C747\n VirtualAddress: 0x00001000\n SizeOfRawData: 0x0000C800\n PointerToRawData: 0x00000400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 6.4016\n\n.rdata:\n VirtualSize: 0x00002E12\n VirtualAddress: 0x0000E000\n SizeOfRawData: 0x00003000\n PointerToRawData: 0x0000CC00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 4.27786\n\n.data:\n VirtualSize: 0x00001B28\n VirtualAddress: 0x00011000\n SizeOfRawData: 0x00000800\n PointerToRawData: 0x0000FC00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n Entropy: 2.02075\n\n.rsrc:\n VirtualSize: 0x000045BC\n VirtualAddress: 0x00013000\n SizeOfRawData: 0x00004600\n PointerToRawData: 0x00010400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 3.79506\n\n\nImports:\n--------\nKERNEL32.DLL: OpenProcess\n GetCurrentProcessId\n ReadProcessMemory\n GetCurrentProcess\n ExitProcess\n WaitForSingleObject\n SetErrorMode\n CreateThread\n DeleteFileW\n GetPrivateProfileIntW\n WritePrivateProfileStringW\n GetPrivateProfileStringW\n EnumResourceNamesW\n WriteFile\n EnumResourceTypesW\n Sleep\n GetModuleHandleA\n GetStartupInfoW\n GetProcAddress\n FileTimeToLocalFileTime\n CompareFileTime\n GetSystemTimeAsFileTime\n MultiByteToWideChar\n LoadLibraryW\n FileTimeToSystemTime\n FreeLibrary\n LocalFree\n FindResourceW\n GlobalAlloc\n GlobalUnlock\n LoadResource\n GetTempPathW\n WideCharToMultiByte\n LoadLibraryExW\n GetLastError\n GetLocaleInfoW\n SizeofResource\n GlobalLock\n FormatMessageW\n GetVersionExW\n CloseHandle\n GetDateFormatW\n GetWindowsDirectoryW\n GetTempFileNameW\n GetTimeFormatW\n GetFileSize\n GetModuleHandleW\n GetFileAttributesW\n GetNumberFormatW\n ReadFile\n LockResource\n GetModuleFileNameW\n CreateFileW\nADVAPI32.dll: RegQueryValueExW\n RegOpenKeyExW\n RegCloseKey\nCOMCTL32.dll: ImageList_SetImageCount\n ImageList_ReplaceIcon\n #17\n ImageList_Create\n ImageList_AddMasked\n CreateToolbarEx\n CreateStatusWindowW\ncomdlg32.dll: GetSaveFileNameW\n FindTextW\nGDI32.dll: DeleteObject\n GetStockObject\n GetTextExtentPoint32W\n SetBkColor\n GetDeviceCaps\n SelectObject\n SetTextColor\n CreateFontIndirectW\n SetBkMode\nmsvcrt.dll: __p__commode\n _adjust_fdiv\n __setusermatherr\n _initterm\n __wgetmainargs\n _wcmdln\n exit\n _cexit\n _XcptFilter\n _exit\n _c_exit\n _onexit\n __p__fmode\n strtoul\n strncpy\n strcpy\n _wcslwr\n strlen\n qsort\n _purecall\n wcsrchr\n wcsncpy\n malloc\n wcschr\n __set_app_type\n _controlfp\n __dllonexit\n _except_handler3\n free\n modf\n wcscmp\n _wtoi\n wcstoul\n _memicmp\n ??2@YAPAXI@Z\n ??3@YAXPAX@Z\n wcslen\n _ultow\n memcmp\n _itow\n _wcsicmp\n memcpy\n wcscpy\n memset\n wcscat\n _snwprintf\n wcsncat\nSHELL32.dll: SHGetFileInfoW\n ShellExecuteW\n Shell_NotifyIconW\nUSER32.dll: SetForegroundWindow\n PostQuitMessage\n TrackPopupMenu\n RegisterWindowMessageW\n SendMessageTimeoutW\n KillTimer\n MessageBeep\n IsWindowVisible\n FindWindowW\n SetCursor\n LoadCursorW\n GetSysColorBrush\n ShowWindow\n ChildWindowFromPoint\n CreateWindowExW\n GetWindowRect\n GetDlgItemInt\n GetWindowTextLengthW\n SendDlgItemMessageW\n EndDialog\n EndPaint\n GetDlgItem\n InvalidateRect\n SetDlgItemInt\n GetWindow\n BeginPaint\n DrawFrameControl\n GetClientRect\n SetWindowTextW\n SetDlgItemTextW\n GetDlgItemTextW\n GetSystemMetrics\n DeferWindowPos\n UpdateWindow\n SendMessageW\n TranslateAcceleratorW\n RegisterClassW\n MessageBoxW\n SetMenu\n SetWindowPos\n GetWindowPlacement\n LoadAcceleratorsW\n PostMessageW\n DefWindowProcW\n LoadImageW\n LoadIconW\n GetWindowLongW\n SetWindowLongW\n EndDeferWindowPos\n BeginDeferWindowPos\n SetFocus\n GetKeyState\n CallWindowProcW\n GetDC\n EmptyClipboard\n EnableMenuItem\n ReleaseDC\n GetClassNameW\n OpenClipboard\n GetMenuStringW\n CloseClipboard\n MoveWindow\n GetMenuItemCount\n CheckMenuRadioItem\n GetParent\n CheckMenuItem\n GetCursorPos\n GetSysColor\n SetClipboardData\n GetMenu\n GetSubMenu\n EnableWindow\n MapWindowPoints\n ModifyMenuW\n GetMenuItemInfoW\n DialogBoxParamW\n GetDlgCtrlID\n DestroyMenu\n DestroyWindow\n CreateDialogParamW\n EnumChildWindows\n LoadStringW\n GetWindowTextW\n LoadMenuW\n GetMessageW\n SetTimer\n IsDialogMessageW\n DispatchMessageW\n TranslateMessage\n DrawTextExW\n\nResources:\n----------\n1:\n Type: RT_CURSOR\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 308\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.77748\n\n104:\n Type: RT_BITMAP\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1000\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.6489\n\n133:\n Type: RT_BITMAP\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 216\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.40854\n\n134:\n Type: RT_BITMAP\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 216\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.44509\n\n2:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 2216\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.77341\n\n3:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1384\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 1.5351\n\n4:\n Type: RT_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 1384\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 1.5351\n\n102:\n Type: RT_MENU\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 2234\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.47794\n\n104 (#2):\n Type: RT_MENU\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 536\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.21183\n\n109:\n Type: RT_MENU\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 82\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.98862\n\n105:\n Type: RT_DIALOG\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 162\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.15596\n\n107:\n Type: RT_DIALOG\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 662\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.38237\n\n112:\n Type: RT_DIALOG\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 250\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.09378\n\n115:\n Type: RT_DIALOG\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 424\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.31215\n\n121:\n Type: RT_DIALOG\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 320\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.24686\n\n1096:\n Type: RT_DIALOG\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 822\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.54616\n\n1 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 586\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.23536\n\n2 (#2):\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 544\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.10956\n\n7:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 88\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.54309\n\n13:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 148\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.03559\n\n32:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 280\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.04212\n\n38:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 152\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.01634\n\n39:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 48\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 1.24891\n\n41:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 72\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.10121\n\n63:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 206\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.03729\n\n64:\n Type: RT_STRING\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 360\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.49639\n\n103:\n Type: RT_ACCELERATOR\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 136\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.25605\n\n103 (#2):\n Type: RT_GROUP_CURSOR\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 1.83876\n Detected Filetype: Cursor file\n\n101:\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 34\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.42369\n Detected Filetype: Icon file\n\n102 (#2):\n Type: RT_GROUP_ICON\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 20\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 2.0815\n Detected Filetype: Icon file\n\n1 (#3):\n Type: RT_VERSION\n Language: Hebrew - Israel\n Codepage: Latin 1 / Western European\n Size: 744\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 3.36935\n\n1 (#4):\n Type: RT_MANIFEST\n Language: English - United States\n Codepage: Latin 1 / Western European\n Size: 362\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 5.07251\n\n\nVersion Info:\n-------------\nResource LangID: Hebrew - Israel\nVS_VERSION_INFO:\n Signature: 0xFEEF04BD\n StructVersion: 0x00010000\n FileVersion: 1.7.5.0\n ProductVersion: 1.7.5.0\n FileFlags: (EMPTY)\n FileOs: VOS_DOS_WINDOWS32\n VOS_NT\n VOS_NT_WINDOWS32\n VOS_WINCE\n VOS__WINDOWS32\n FileType: VFT_APP\n Language: English - United States\n CompanyName: NirSoft\n FileDescription: WirelessNetView\n FileVersion (#2): 1.75\n InternalName: WirelessNetView\n LegalCopyright: Copyright © 2008 - 2017 Nir Sofer\n OriginalFilename: WirelessNetView.exe\n ProductName: WirelessNetView\n ProductVersion (#2): 1.75\n\n\nRICH Header:\n------------\nXOR Key: 0x231B48D6\nUnmarked objects: 0\nImports (VS2003 (.NET) build 4035): 14\nASM objects (9210): 3\nC objects (9178): 11\nTotal imports: 264\nImports (9210): 3\n114 (VS2012 build 50727 / VS2005 build 50727): 28\nResource objects (VS2012 build 50727 / VS2005 build 50727): 1\nLinker (VS2012 build 50727 / VS2005 build 50727): 1\n\nMatching compiler(s):\n Microsoft Visual C++ 6.0 - 8.0\n\nInteresting strings found in the binary:\n Contains domain names:\n comodo.net\n comodoca.com\n crl.comodoca.com\n crl.usertrust.com\n crt.comodoca.com\n crt.usertrust.com\n http://crl.comodoca.com\n http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r\n http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q\n http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t\n http://crl.usertrust.com\n http://crl.usertrust.com/AddTrustExternalCARoot.crl05\n http://crl.usertrust.com/UTN-USERFirst-Object.crl05\n http://crl.usertrust.com/UTN-USERFirst-Object.crl0t\n http://crt.comodoca.com\n http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$\n http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$\n http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$\n http://crt.usertrust.com\n http://crt.usertrust.com/UTNAddTrustObject_CA.crt0%\n http://ocsp.comodoca.com0\n http://ocsp.usertrust.com0\n http://www.nirsoft.net\n http://www.nirsoft.net/\n http://www.usertrust.com1\n https://secure.comodo.net\n https://secure.comodo.net/CPS0A\n https://secure.comodo.net/CPS0C\n nirsoft.net\n secure.comodo.net\n usertrust.com\n www.nirsoft.net\n\nCryptographic algorithms detected in the binary:\n Uses constants related to SHA1\n Uses constants related to SHA256\n\n[ MALICIOUS ] The PE contains functions mostly used by malware.\n [!] The program may be hiding some of its imports:\n GetProcAddress\n LoadLibraryW\n LoadLibraryExW\n Functions which can be used for anti-debugging purposes:\n FindWindowW\n Code injection capabilities (PowerLoader):\n FindWindowW\n GetWindowLongW\n Can access the registry:\n RegQueryValueExW\n RegOpenKeyExW\n RegCloseKey\n Possibly launches other programs:\n ShellExecuteW\n Can create temporary files:\n GetTempPathW\n CreateFileW\n Manipulates other processes:\n OpenProcess\n ReadProcessMemory\n Can take screenshots:\n FindWindowW\n GetDC\n\nThe following exploit mitigation techniques have been detected\n Stack Canary: disabled\n SafeSEH: disabled\n ASLR: disabled\n DEP: disabled\n CFG: disabled\n\n[ SUSPICIOUS ] The file contains overlay data.\n 11984 bytes of data starting at offset 0x14a00.\n The overlay data has an entropy of 7.42164 and is possibly compressed or encrypted.\n\n\n\n[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.\n[!] Error: [Yara compiler] yara_rules/clamav.yara (999960) : syntax error, unexpected '{', expecting text string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (1089890) : syntax error, unexpected string identifier, expecting '}'\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2064551) : unreferenced string \"$a7\"\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2510733) : invalid hex string \"$a0\": uneven number of digits in hex string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2597376) : invalid hex string \"$a5\": syntax error\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2983072) : invalid hex string \"$a0\": invalid character in hex string\n[!] Error: Could not compile yara rules (6 error(s)).\n[!] Error: ClamAV rules haven't been generated yet!\n[!] Error: Please run yara_rules/update_clamav_signatures.py to create them, and refer to the documentation for additional information.\n","json_output":{"Summary":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"DOS Header":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"PE Header":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Image Optional Header":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Sections":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Imports":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Exports":{},"Resources":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Debug Info":{},"Load Configuration":{},"RICH Header":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Interesting strings found in the binary":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"file_path":"/tmp/sdm_unpack_k1vcrp4_/WirelessNetView-019e5db7803a7fb0825cc53140c34d58.exe_637175bedfe6/001_upx_unpacked.exe"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_oxdpdd71/output.txt"},"timestamp":"2026-05-25 11:31:34"},{"_id":{"$oid":"6a14627d32de6bb6782baad8"},"sha256":"bc1363062c4f4aff514d71fd85fc9a5a08ad7fc2ea9a40298bb8865d041b8a3f","analysis_data":{"success":true,"output":"\n================================================================================\nMANALYZE ANALYSIS REPORT\n================================================================================\nFile: /tmp/sdm_decoded_c8oa189i/zlib_offset_0x6aee8_7.bin\nDate: 2026-05-26 00:28:50\nExit Code: 0\n================================================================================\n\n* Manalyze 0.9 *\n\n-------------------------------------------------------------------------------\n/tmp/sdm_decoded_c8oa189i/zlib_offset_0x6aee8_7.bin\n-------------------------------------------------------------------------------\n\nSummary:\n--------\nArchitecture: IMAGE_FILE_MACHINE_AMD64\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nCompilation Date: 2026-Apr-02 07:53:11\nDetected languages: English - United States\n\nDOS Header:\n-----------\ne_magic: MZ\ne_cblp: 0x0090\ne_cp: 0x0003\ne_crlc: 0x0000\ne_cparhdr: 0x0004\ne_minalloc: 0x0000\ne_maxalloc: 0xFFFF\ne_ss: 0x0000\ne_sp: 0x00B8\ne_csum: 0x0000\ne_ip: 0x0000\ne_cs: 0x0000\ne_ovno: 0x0000\ne_oemid: 0x0000\ne_oeminfo: 0x0000\ne_lfanew: 0x00000100\n\nPE Header:\n----------\nSignature: PE\nMachine: IMAGE_FILE_MACHINE_AMD64\nNumberofSections: 6\nTimeDateStamp: 2026-Apr-02 07:53:11\nPointerToSymbolTable: 0x00000000\nNumberOfSymbols: 0\nSizeOfOptionalHeader: 0x00F0\nCharacteristics: IMAGE_FILE_DLL\n IMAGE_FILE_EXECUTABLE_IMAGE\n IMAGE_FILE_LARGE_ADDRESS_AWARE\n\nImage Optional Header:\n----------------------\nMagic: PE32+\nLinkerVersion: 14.0\nSizeOfCode: 0x00025200\nSizeOfInitializedData: 0x00010C00\nSizeOfUninitializedData: 0x00000000\nAddressOfEntryPoint: 0x00000000000253F4 (Section: .text)\nBaseOfCode: 0x00001000\nImageBase: 0x0000000180000000\nSectionAlignment: 0x00001000\nFileAlignment: 0x00000200\nOperatingSystemVersion: 6.0\nImageVersion: 0.0\nSubsystemVersion: 6.0\nWin32VersionValue: 0\nSizeOfImage: 0x0003A000\nSizeOfHeaders: 0x00000400\nChecksum: 0x00000000\nSubsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI\nDllCharacteristics: IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE\n IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA\n IMAGE_DLLCHARACTERISTICS_NX_COMPAT\nSizeofStackReserve: 0x0000000000100000\nSizeofStackCommit: 0x0000000000001000\nSizeofHeapReserve: 0x0000000000100000\nSizeofHeapCommit: 0x0000000000001000\nLoaderFlags: 0x00000000\nNumberOfRvaAndSizes: 16\n\nSections:\n---------\n.text:\n VirtualSize: 0x00025018\n VirtualAddress: 0x00001000\n SizeOfRawData: 0x00025200\n PointerToRawData: 0x00000400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_CODE\n IMAGE_SCN_MEM_EXECUTE\n IMAGE_SCN_MEM_READ\n Entropy: 6.20152\n\n.rdata:\n VirtualSize: 0x000088D4\n VirtualAddress: 0x00027000\n SizeOfRawData: 0x00008A00\n PointerToRawData: 0x00025600\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 5.25688\n\n.data:\n VirtualSize: 0x00005C28\n VirtualAddress: 0x00030000\n SizeOfRawData: 0x00004A00\n PointerToRawData: 0x0002E000\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n IMAGE_SCN_MEM_WRITE\n Entropy: 1.61748\n\n.pdata:\n VirtualSize: 0x0000180C\n VirtualAddress: 0x00036000\n SizeOfRawData: 0x00001A00\n PointerToRawData: 0x00032A00\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 4.85358\n\n.rsrc:\n VirtualSize: 0x000000F8\n VirtualAddress: 0x00038000\n SizeOfRawData: 0x00000200\n PointerToRawData: 0x00034400\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_READ\n Entropy: 2.52592\n\n.reloc:\n VirtualSize: 0x00000700\n VirtualAddress: 0x00039000\n SizeOfRawData: 0x00000800\n PointerToRawData: 0x00034600\n PointerToRelocations: 0x00000000\n PointerToLineNumbers: 0x00000000\n NumberOfLineNumbers: 0\n NumberOfRelocations: 0\n Characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA\n IMAGE_SCN_MEM_DISCARDABLE\n IMAGE_SCN_MEM_READ\n Entropy: 5.1969\n\n\nImports:\n--------\npython314.dll: _Py_ctype_table\n PyObject_SetAttrString\n PyObject_GC_UnTrack\n PyNumber_Xor\n PyDict_GetItemWithError\n PyComplex_FromDoubles\n PySet_Contains\n PyObject_GetAttr\n PyDict_Contains\n PyUnicode_FromOrdinal\n PyFloat_AsDouble\n _Py_NoneStruct\n PyTuple_New\n PyLong_FromString\n PySequence_Contains\n PyObject_GenericSetDict\n PyUnicode_ReadChar\n PyObject_VisitManagedDict\n PyVectorcall_Call\n PyDict_Size\n PyFloat_FromDouble\n PySet_Add\n PyExc_AttributeError\n PyTuple_GetSlice\n PyUnicode_New\n PyUnicode_Split\n PyNumber_Multiply\n PyErr_SetString\n PyExc_ZeroDivisionError\n _PyErr_ChainExceptions1\n PyIter_Next\n PyObject_GetIter\n PyNumber_Add\n PyExc_ValueError\n PyUnicode_InternInPlace\n PyDict_Next\n PyErr_Format\n PyDict_Type\n PyObject_RichCompare\n PyBool_Type\n PyTuple_Type\n _Py_FalseStruct\n PyImport_GetModule\n PyNumber_InPlaceAdd\n PyLong_FromDouble\n PyFloat_Type\n PyType_IsSubtype\n PyNumber_Subtract\n PyErr_Restore\n PyUnicode_Join\n PyExc_OverflowError\n _Py_Dealloc\n PyImport_GetModuleDict\n PyModule_GetDict\n PyErr_ExceptionMatches\n PyObject_ClearManagedDict\n _Py_ctype_tolower\n PyUnicode_FindChar\n PyNumber_And\n PyObject_GC_Del\n PyErr_Fetch\n PyObject_CallFunctionObjArgs\n PyObject_GenericGetDict\n PyObject_ClearWeakRefs\n PyObject_Vectorcall\n PyUnicode_AsUTF8\n PyUnicode_FromFormat\n PyList_New\n PyModule_Create2\n PyMethod_New\n PySlice_New\n PyType_Ready\n PyUnicode_Contains\n PyObject_GetAttrString\n PyErr_Clear\n PyList_Append\n PyObject_RichCompareBool\n _PyUnicode_IsDigit\n PyCapsule_New\n PyObject_VectorcallDict\n PyDict_SetItem\n PyDict_New\n PyUnicode_Type\n _PyUnicode_IsWhitespace\n PyObject_VectorcallMethod\n PyObject_IsInstance\n PyMem_Free\n PyObject_GetOptionalAttr\n PyType_GenericAlloc\n PyFrozenSet_New\n PyErr_NoMemory\n PyObject_GetItem\n PyObject_GC_Track\n PyBytes_FromStringAndSize\n PyImport_Import\n PyExc_TypeError\n PyUnicode_Tailmatch\n PyLongWriter_Finish\n PyObject_IsTrue\n PyObject_Str\n PyTuple_Pack\n PyMem_Malloc\n PyList_AsTuple\n PyExc_IndexError\n PyExc_ImportError\n _Py_TrueStruct\n PyExc_SystemError\n PyObject_SetItem\n PyNumber_TrueDivide\n PyNumber_Or\n PyRange_Type\n PyErr_SetImportError\n PyUnicode_GetLength\n PyUnicode_FromString\n PyObject_CallNoArgs\n PyUnicode_CompareWithASCIIString\n PyType_Type\n PyUnicode_EqualToUTF8\n PyUnicode_Substring\n PyObject_DelItem\n PyExc_RuntimeError\n PyList_SetSlice\n PyTraceBack_Here\n PyNumber_Absolute\n PyList_Sort\n PyUnicode_DecodeUTF8\n PySuper_Type\n PyLong_FromSsize_t\n PyBytes_FromObject\n PyUnicode_Equal\n PyLongWriter_Create\n PyErr_Occurred\n PyImport_ImportModuleLevelObject\n PyImport_ImportModule\n PyExc_KeyError\n PyUnicode_Replace\n PyLong_AsSsize_t\n _Py_ascii_whitespace\n PyFrame_New\n PyCode_NewEmpty\n PyErr_SetObject\n PyThreadState_Get\n PyUnicode_InternFromString\n PyObject_SetAttr\n PyObject_GetOptionalAttrString\n PyBaseObject_Type\n PyDict_GetItemStringRef\n PySequence_List\n PyUnicode_CopyCharacters\n PyFrozenSet_Type\n PyModule_GetFilenameObject\nKERNEL32.dll: QueryPerformanceCounter\n RtlCaptureContext\n RtlLookupFunctionEntry\n RtlVirtualUnwind\n UnhandledExceptionFilter\n SetUnhandledExceptionFilter\n GetCurrentProcess\n TerminateProcess\n IsProcessorFeaturePresent\n IsDebuggerPresent\n GetCurrentProcessId\n GetCurrentThreadId\n GetSystemTimeAsFileTime\n DisableThreadLibraryCalls\n InitializeSListHead\nVCRUNTIME140.dll: memcpy\n memcmp\n strchr\n __C_specific_handler\n __std_type_info_destroy_list\n memset\napi-ms-win-crt-runtime-l1-1-0.dll: _cexit\n abort\n _initterm\n _initterm_e\n _seh_filter_dll\n _configure_narrow_argv\n _initialize_narrow_environment\n _initialize_onexit_table\n _execute_onexit_table\napi-ms-win-crt-stdio-l1-1-0.dll: fflush\n __stdio_common_vfprintf\n __acrt_iob_func\n __stdio_common_vsprintf\napi-ms-win-crt-string-l1-1-0.dll: strcmp\n\nExports:\n--------\nPyInit_81d243bd2c585b0f4821__mypyc:\n Ordinal: 1\n Address: 0x00024F50\n\n\nResources:\n----------\n2:\n Type: RT_MANIFEST\n Language: English - United States\n Codepage: UNKNOWN\n Size: 145\n TimeDateStamp: 1980-Jan-01 00:00:00\n Entropy: 4.8858\n\n\nDebug Info:\n-----------\nIMAGE_DEBUG_TYPE_POGO:\n Characteristics: 0\n TimeDateStamp: 2026-Apr-02 07:53:11\n Version: 0.0\n SizeofData: 600\n AddressOfRawData: 0x0002CF6C\n PointerToRawData: 0x0002B56C\n\n\nLoad Configuration:\n-------------------\nSize: 320\nTimeDateStamp: 1970-Jan-01 00:00:00\nVersion: 0.0\nGlobalFlagsClear: (EMPTY)\nGlobalFlagsSet: (EMPTY)\nCriticalSectionDefaultTimeout: 0\nDeCommitFreeBlockThreshold: 0x0000000000000000\nDeCommitTotalFreeThreshold: 0x0000000000000000\nLockPrefixTable: 0x0000000000000000\nMaximumAllocationSize: 0x0000000000000000\nVirtualMemoryThreshold: 0x0000000000000000\nProcessAffinityMask: 0x0000000000000000\nProcessHeapFlags: (EMPTY)\nCSDVersion: 0\nReserved1: 0x0000\nEditList: 0x0000000000000000\nSecurityCookie: 0x0000000180030000\n\nRICH Header:\n------------\nXOR Key: 0xF1CCD5F2\nUnmarked objects: 0\nImports (VS2008 SP1 build 30729): 8\nImports (35207): 2\nImports (33145): 2\nASM objects (35207): 3\nC objects (35207): 8\nC++ objects (35207): 13\nImports (35222): 3\nTotal imports: 285\nC objects (LTCG) (35225): 1\nExports (35225): 1\nResource objects (35225): 1\nLinker (35225): 1\n\nMatching compiler(s):\n MASM/TASM - sig1(h)\n\nThe following exploit mitigation techniques have been detected\n Stack Canary: enabled\n SafeSEH: enabled (0 registered handlers)\n ASLR: enabled\n DEP: enabled\n CFG: disabled\n\n\n\n[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.\n[!] Error: [Yara compiler] yara_rules/clamav.yara (999960) : syntax error, unexpected '{', expecting text string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (1089890) : syntax error, unexpected string identifier, expecting '}'\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2064551) : unreferenced string \"$a7\"\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2510733) : invalid hex string \"$a0\": uneven number of digits in hex string\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2597376) : invalid hex string \"$a5\": syntax error\n[!] Error: [Yara compiler] yara_rules/clamav.yara (2983072) : invalid hex string \"$a0\": invalid character in hex string\n[!] Error: Could not compile yara rules (6 error(s)).\n[!] Error: ClamAV rules haven't been generated yet!\n[!] Error: Please run yara_rules/update_clamav_signatures.py to create them, and refer to the documentation for additional information.\n","json_output":{"Summary":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"DOS Header":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"PE Header":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Image Optional Header":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Sections":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Imports":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Exports":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Resources":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Debug Info":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Load Configuration":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"RICH Header":{"raw_response":"Error: An error occurred (UnrecognizedClientException) when calling the Converse operation: The security token included in the request is invalid."},"Interesting strings found in the binary":{},"file_path":"/tmp/sdm_decoded_c8oa189i/zlib_offset_0x6aee8_7.bin"},"exit_code":0,"output_file":"/tmp/sdm_manalyze_4afxrpqd/output.txt"},"timestamp":"2026-05-26 00:28:50"}]