setup.exe - Setup

info
MZ
PE
resources
imports
exports
foremost
version info
signature
hexdump
disasm
log
discuss
donate

filename	setup.exe
size	533000 (0x82208)
md5	8518f7a7bc9d648ce4f887c90457216d

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xf8

Rich Header

lib id	version	times used
171	30319	58
158	30319	20
170	30319	157
147	30729	23
1	0	337
158	30311	1
171	30311	35
155	30311	1
154	30311	1
157	30311	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	4
TimeDateStamp	0x4ba20cc0
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x122
Magic	0x10b
LinkerVersion	10.0
SizeOfCode	0x4ea00
SizeOfInitializedData	0x33000
SizeOfUninitializedData	0
AddressOfEntryPoint	0x2e541
BaseOfCode	0x1000
BaseOfData	0x50000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.0
ImageVersion	10.0
SubsystemVersion	5.0
Reserved1	0
SizeOfImage	0x87000
SizeOfHeaders	0x400
CheckSum	0x8d282
Subsystem	2
DllCharacteristics	0x8140
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x2000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C++ v8.0

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x4e948	0x4ea00	R-X CODE
.data	0x50000	0x40ac	0x1c00	RW- IDATA
.rsrc	0x55000	0x2ca48	0x2cc00	R-- IDATA
.reloc	0x82000	0x4740	0x4800	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0x4f8d0	0x78
IMPORT	0x4e6fc	0xc8
RESOURCE	0x55000	0x2ca48
EXCEPTION	0	0
SECURITY	0x81e00	0x408
BASERELOC	0x82000	0x2edc
DEBUG	0x1390	0x1c
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0xa0c0	0x40
Bound_IAT	0	0
IAT	0x1000	0x328
Delay_IAT	0x4e3d4	0x80
CLR_Header	0	0

show previews

type	name	size	cp
ICON	#1	1640	1252
ICON	#2	744	1252
ICON	#3	296	1252
ICON	#4	3752	1252
ICON	#5	2216	1252
ICON	#6	1384	1252
ICON	#7	9640	1252
ICON	#8	4264	1252
ICON	#9	1128	1252
ICON	#10	744	1252
ICON	#11	296	1252
DIALOG	#119	144	1252
DIALOG	#120	436	1252
DIALOG	#1101	420	1252
GROUP_ICON	#107	132	1252
GROUP_ICON	#108	34	1252
VERSION	#1	732	1252
MANIFEST	#1	1098	1252
#40	HOMESITE	10	1252
#40	SUPPORTURL	132	1252
#41	SETUPCFG	100220	1252
#43	1000	16	1252
#43	1001	20	1252
#43	1002	14	1252
#43	1003	24	1252
#43	1004	24	1252
#43	1005	8	1252
#43	1006	6	1252
#43	1008	122	1252
#43	1009	138	1252
#43	1010	52	1252
#43	1011	60	1252
#43	1012	18	1252
#43	1013	34	1252
#43	1016	290	1252
#43	1017	422	1252
#43	1018	1040	1252
#43	1019	54	1252
#43	1020	14	1252
#43	1021	98	1252
#43	1023	10	1252
#43	1025	72	1252
#43	1026	154	1252
#43	1028	122	1252
#43	1029	132	1252
#43	1030	382	1252
#43	1031	70	1252
#43	1032	196	1252
#43	1033	74	1252
#43	1034	102	1252
#43	1035	256	1252
#43	1036	12	1252
#43	1037	72	1252
#43	1038	32	1252
#43	1039	66	1252
#43	1041	116	1252
#43	1042	108	1252
#43	1043	158	1252
#43	1044	90	1252
#43	1045	104	1252
#43	1046	88	1252
#43	1047	2	1252
#43	1048	22	1252
#43	1049	88	1252
#43	1050	166	1252
#43	1051	14	1252
#43	1052	48	1252
#43	1053	18	1252
#43	1054	184	1252
#43	1055	16	1252
#43	1057	332	1252
#43	1058	120	1252
#43	1200	60	1252
#43	1201	206	1252
#43	1202	46	1252
#43	1203	116	1252
#43	1204	182	1252
#43	1205	16	1252
#43	1206	28	1252
#43	1207	120	1252
#43	1208	108	1252
#43	1209	82	1252
#43	1210	78	1252
#43	1211	18	1252
#43	1212	16	1252
#43	1213	18	1252
#43	1400	304	1252
#43	1401	86	1252
#43	1402	74	1252
#43	1405	108	1252
#43	1416	118	1252
#43	1420	68	1252
#43	1423	68	1252
#43	1424	90	1252
#43	1425	218	1252
#43	1426	132	1252
#43	1427	210	1252
#43	1429	94	1252
#43	1430	140	1252
#43	1432	200	1252
#43	1433	210	1252
#43	1435	80	1252
#43	1436	136	1252
#43	1437	120	1252
#43	1438	78	1252
#43	1442	142	1252
#43	1443	168	1252
#43	1444	108	1252
#43	1446	130	1252
#43	1447	228	1252
#43	1448	122	1252
#43	1449	238	1252
#43	CULTURE	6	1252
#44	COUNT	4	1252
#44	EULA0	8186	1252
#44	EULA1	6220	1252
#44	EULA2	20668	1252
#45	CODEPAGE	10	1252
#45	SETUPRES	514	1252

module_name	hint	ord	function_name
KERNEL32.dll	920		Process32NextW
KERNEL32.dll	918		Process32FirstW
KERNEL32.dll	190		CreateToolhelp32Snapshot
KERNEL32.dll	449		GetCurrentProcessId
KERNEL32.dll	549		GetNativeSystemInfo
KERNEL32.dll	1126		SetFilePointer
KERNEL32.dll	723		HeapSetInformation
KERNEL32.dll	133		CreateEventW
KERNEL32.dll	1113		SetEvent
KERNEL32.dll	1201		SizeofResource
KERNEL32.dll	852		LockResource
KERNEL32.dll	833		LoadResource
KERNEL32.dll	334		FindResourceW
KERNEL32.dll	676		GetVersionExW
KERNEL32.dll	100		CompareStringW
KERNEL32.dll	490		GetFileAttributesW
KERNEL32.dll	532		GetModuleFileNameW
KERNEL32.dll	285		ExpandEnvironmentStringsW
KERNEL32.dll	698		GlobalFree
KERNEL32.dll	896		OpenProcess
KERNEL32.dll	624		GetSystemDirectoryW
KERNEL32.dll	214		DeleteFileW
KERNEL32.dll	643		GetTempFileNameW
KERNEL32.dll	645		GetTempPathW
KERNEL32.dll	840		LocalFree
KERNEL32.dll	350		FormatMessageW
KERNEL32.dll	960		ReadFile
KERNEL32.dll	663		GetTimeFormatW
KERNEL32.dll	456		GetDateFormatW
KERNEL32.dll	129		CreateDirectoryW
KERNEL32.dll	117		CopyFileW
KERNEL32.dll	1297		WideCharToMultiByte
KERNEL32.dll	687		GetWindowsDirectoryW
KERNEL32.dll	627		GetSystemInfo
KERNEL32.dll	448		GetCurrentProcess
KERNEL32.dll	476		GetEnvironmentVariableW
KERNEL32.dll	536		GetModuleHandleW
KERNEL32.dll	674		GetVersion
KERNEL32.dll	143		CreateFileW
KERNEL32.dll	237		EndUpdateResourceW
KERNEL32.dll	1202		Sleep
KERNEL32.dll	462		GetDiskFreeSpaceExW
KERNEL32.dll	209		DeleteCriticalSection
KERNEL32.dll	181		CreateThread
KERNEL32.dll	738		InitializeCriticalSection
KERNEL32.dll	238		EnterCriticalSection
KERNEL32.dll	825		LeaveCriticalSection
KERNEL32.dll	870		MulDiv
KERNEL32.dll	1358		lstrlenW
KERNEL32.dll	479		GetExitCodeProcess
KERNEL32.dll	1107		SetEndOfFile
KERNEL32.dll	659		GetTickCount
KERNEL32.dll	313		FindFirstFileW
KERNEL32.dll	325		FindNextFileW
KERNEL32.dll	302		FindClose
KERNEL32.dll	691		GlobalAlloc
KERNEL32.dll	831		LoadLibraryW
KERNEL32.dll	1246		UpdateResourceA
KERNEL32.dll	55		BeginUpdateResourceA
KERNEL32.dll	745		InterlockedCompareExchange
KERNEL32.dll	331		FindResourceA
KERNEL32.dll	211		DeleteFileA
KERNEL32.dll	1357		lstrlenA
KERNEL32.dll	136		CreateFileA
KERNEL32.dll	1247		UpdateResourceW
KERNEL32.dll	56		BeginUpdateResourceW
KERNEL32.dll	475		GetEnvironmentVariableA
KERNEL32.dll	1159		SetStdHandle
KERNEL32.dll	1316		WriteConsoleW
KERNEL32.dll	722		HeapReAlloc
KERNEL32.dll	780		IsValidLocale
KERNEL32.dll	269		EnumSystemLocalesA
KERNEL32.dll	516		GetLocaleInfoA
KERNEL32.dll	667		GetUserDefaultLCID
KERNEL32.dll	724		HeapSize
KERNEL32.dll	343		FlushFileBuffers
KERNEL32.dll	428		GetConsoleMode
KERNEL32.dll	410		GetConsoleCP
KERNEL32.dll	586		GetProcessHeap
KERNEL32.dll	871		MultiByteToWideChar
KERNEL32.dll	813		LCMapStringW
KERNEL32.dll	617		GetStringTypeW
KERNEL32.dll	518		GetLocaleInfoW
KERNEL32.dll	778		IsValidCodePage
KERNEL32.dll	567		GetOEMCP
KERNEL32.dll	360		GetACP
KERNEL32.dll	768		IsDebuggerPresent
KERNEL32.dll	1235		UnhandledExceptionFilter
KERNEL32.dll	1216		TerminateProcess
KERNEL32.dll	715		HeapAlloc
KERNEL32.dll	772		IsProcessorFeaturePresent
KERNEL32.dll	633		GetSystemTimeAsFileTime
KERNEL32.dll	935		QueryPerformanceCounter
KERNEL32.dll	717		HeapCreate
KERNEL32.dll	453		GetCurrentThreadId
KERNEL32.dll	748		InterlockedExchange
KERNEL32.dll	1212		SwitchToThread
KERNEL32.dll	514		GetLastError
KERNEL32.dll	1273		WaitForSingleObject
KERNEL32.dll	82		CloseHandle
KERNEL32.dll	581		GetProcAddress
KERNEL32.dll	354		FreeLibrary
KERNEL32.dll	1317		WriteFile
KERNEL32.dll	1139		SetLastError
KERNEL32.dll	751		InterlockedIncrement
KERNEL32.dll	1222		TlsFree
KERNEL32.dll	1224		TlsSetValue
KERNEL32.dll	1223		TlsGetValue
KERNEL32.dll	1221		TlsAlloc
KERNEL32.dll	499		GetFileType
KERNEL32.dll	739		InitializeCriticalSectionAndSpinCount
KERNEL32.dll	836		LocalAlloc
KERNEL32.dll	828		LoadLibraryA
KERNEL32.dll	945		RaiseException
KERNEL32.dll	391		GetCommandLineW
KERNEL32.dll	611		GetStartupInfoW
KERNEL32.dll	1048		RtlUnwind
KERNEL32.dll	719		HeapFree
KERNEL32.dll	747		InterlockedDecrement
KERNEL32.dll	370		GetCPInfo
KERNEL32.dll	1189		SetUnhandledExceptionFilter
KERNEL32.dll	281		ExitProcess
KERNEL32.dll	612		GetStdHandle
KERNEL32.dll	353		FreeEnvironmentStringsW
KERNEL32.dll	474		GetEnvironmentStringsW
KERNEL32.dll	1135		SetHandleCount
GDI32.dll	525		GetStockObject
GDI32.dll	293		EnumFontFamiliesExW
GDI32.dll	64		CreateFontIndirectW
GDI32.dll	230		DeleteObject
GDI32.dll	48		CreateCompatibleDC
GDI32.dll	459		GetDeviceCaps
GDI32.dll	509		GetObjectW
GDI32.dll	227		DeleteDC
GDI32.dll	631		SelectObject
GDI32.dll	550		GetTextMetricsW
GDI32.dll	542		GetTextExtentPoint32W
ole32.dll	108		CoUninitialize
ole32.dll	62		CoInitialize
Secur32.dll	27		GetComputerObjectNameW
SHELL32.dll	289		ShellExecuteExW
SHELL32.dll	207		SHGetMalloc
SHELL32.dll	215		SHGetPathFromIDListW
SHELL32.dll	223		SHGetSpecialFolderLocation
SHELL32.dll	290		ShellExecuteW
SHELL32.dll	286		ShellExecuteA
USER32.dll	526		MessageBoxA
USER32.dll	732		ShowScrollBar
USER32.dll	276		GetClientRect
USER32.dll	631		SendMessageA
USER32.dll	644		SetClassLongW
USER32.dll	715		SetWindowTextW
USER32.dll	491		LoadCursorW
USER32.dll	648		SetCursor
USER32.dll	97		CreateDialogIndirectParamW
USER32.dll	659		SetForegroundWindow
USER32.dll	216		EnableWindow
USER32.dll	300		GetFocus
USER32.dll	658		SetFocus
USER32.dll	621		ScreenToClient
USER32.dll	539		MoveWindow
USER32.dll	493		LoadIconW
USER32.dll	656		SetDlgItemTextW
USER32.dll	636		SendMessageW
USER32.dll	295		GetDlgItem
USER32.dll	540		MsgWaitForMultipleObjects
USER32.dll	563		PeekMessageW
USER32.dll	461		IsDialogMessageW
USER32.dll	764		TranslateMessage
USER32.dll	175		DispatchMessageW
USER32.dll	166		DestroyWindow
USER32.dll	735		ShowWindow
USER32.dll	627		SendDlgItemMessageW
USER32.dll	412		GetWindowRect
USER32.dll	748		SystemParametersInfoW
USER32.dll	245		ExitWindowsEx
USER32.dll	533		MessageBoxW
USER32.dll	208		DrawTextW
USER32.dll	382		GetSystemMetrics
USER32.dll	289		GetDC
USER32.dll	292		GetDialogBaseUnits
USER32.dll	613		ReleaseDC
USER32.dll	99		CreateDialogParamW
USER32.dll	495		LoadImageW
CRYPT32.dll	61		CertFreeCertificateChain
CRYPT32.dll	116		CertVerifyCertificateChainPolicy
CRYPT32.dll	69		CertGetCertificateChain
WININET.dll	116		InternetCrackUrlW
WININET.dll	109		InternetCombineUrlW
msi.dll		8
msi.dll		150
msi.dll		78
msi.dll		92

ord	entry_va	function_name
1	0x19c45	_DecodePointerInternal@4
2	0x19c23	_EncodePointerInternal@4

module_name	setup.exe
flags	0
timestamp	2010-03-18 11:21:36
version	0.0
ordinal_base	1
nFunctions	2
nNames	2
Names(2)	0x4f900
Functions(2)	0x4f8f8
NameOrdinals(2)	0x4f908

StringTable 040904B0

CompanyName
FileDescription	Setup
FileVersion	10.0.30319.1 built by: RTMRel
InternalName	setup.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	setup.exe
ProductName
ProductVersion	10.0.30319.1

VS_FIXEDFILEINFO

FileVersion	10.0.30319.1
ProductVersion	10.0.30319.1
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	4
FileType	1
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /CN=ShweBo

serial: -1ED555E72281EB5CB35C55129B49A101

Certificates (1)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
             (Negative)1e:d5:55:e7:22:81:eb:5c:b3:5c:55:12:9b:49:a1:01
        Signature Algorithm: md5WithRSAEncryption
        Issuer: CN=ShweBo
        Validity
            Not Before: Nov  3 13:02:23 2012 GMT
            Not After : Dec 31 23:59:59 2039 GMT
        Subject: CN=ShweBo
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:b2:85:72:c8:ee:8c:52:81:80:37:61:df:e9:6a:
                    75:b6:7b:ae:96:48:fc:64:e4:e7:ed:19:00:e7:e2:
                    59:b3:a2:69:a4:c9:53:73:57:7e:dc:a3:f8:1c:28:
                    1a:5a:97:a5:83:55:bc:b7:80:9f:b2:dc:96:74:b6:
                    d6:16:de:b0:2c:69:8d:ee:eb:97:a2:04:de:8c:c3:
                    db:d9:b3:ff:32:64:ed:c2:db:f2:cd:87:dd:8a:f4:
                    b0:23:8a:62:0e:d8:eb:4e:10:0f:6b:6e:83:44:5c:
                    c5:90:88:c7:8d:c3:56:c7:b7:31:ce:9d:45:3b:13:
                    51:dc:15:75:ec:62:70:fb:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            2.5.29.4: critical
                0.0.0..
+.....7.......
            X509v3 Extended Key Usage: 
                Code Signing
            2.5.29.1: 
                09...&.0?p.....D.'l...0.1.0..U....ShweBo...*...~..L...d.^.
    Signature Algorithm: md5WithRSAEncryption
         21:46:87:eb:f7:21:21:f6:c5:00:92:e6:26:02:d8:77:79:25:
         01:fc:61:0e:93:f0:3d:4e:6c:54:a3:28:ed:4d:65:fe:99:59:
         61:0a:2f:13:ab:b4:ba:be:a6:56:31:b6:98:da:a3:d1:e0:a5:
         10:85:a8:8c:d9:1e:23:cd:79:43:ad:02:85:e1:f9:eb:21:39:
         56:09:25:88:80:e5:0e:c6:6b:37:f7:49:64:54:a5:9c:7c:ec:
         18:f9:a6:71:2f:fe:8e:fb:98:72:19:e5:68:cf:00:2c:a4:2a:
         c2:b0:07:43:9a:e0:58:13:79:ab:42:b5:2c:d5:13:71:ee:e5:
         17:7b

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

2f 21 38 80 75 cc f3 b0 42 55 f2 42 30 21 be 18 |/!8.u...BU.B0!..| 8f dc a0 f5 |.... |

2
- -40984541421616798889843474368679223553
- RSA-MD5: nil
- CN: ShweBo
- 2012-11-03 13:02:23 UTC: 2039-12-31 23:59:59 UTC
- CN: ShweBo
- #5
  - rsaEncryption: nil
  - B2:85:72:C8:EE:8C:52:81:80:37:61:DF:E9:6A:75:B6:
    7B:AE:96:48:FC:64:E4:E7:ED:19:00:E7:E2:59:B3:A2:
    69:A4:C9:53:73:57:7E:DC:A3:F8:1C:28:1A:5A:97:A5:
    83:55:BC:B7:80:9F:B2:DC:96:74:B6:D6:16:DE:B0:2C:
    69:8D:EE:EB:97:A2:04:DE:8C:C3:DB:D9:B3:FF:32:64:
    ED:C2:DB:F2:CD:87:DD:8A:F4:B0:23:8A:62:0E:D8:EB:
    4E:10:0F:6B:6E:83:44:5C:C5:90:88:C7:8D:C3:56:C7:
    B7:31:CE:9D:45:3B:13:51:DC:15:75:EC:62:70:FB:23: 0x010001
- #6
  - 2.5.29.4
    - true
    - msCodeInd: 0x80
  - extendedKeyUsage: codeSigning
  - 2.5.29.1
    - b6 26 82 30 3f 70 8a d1 de f5 cb 44 df 27 6c d0 |.&.0?p.....D.'l.|
      - CN: ShweBo
      - e1 2a aa 18 dd 7e 14 a3 4c a3 aa ed 64 b6 5e ff |.*...~..L...d.^.|

RSA-MD5:

21 46 87 eb f7 21 21 f6  c5 00 92 e6 26 02 d8 77  |!F...!!.....&..w|
79 25 01 fc 61 0e 93 f0  3d 4e 6c 54 a3 28 ed 4d  |y%..a...=NlT.(.M|
65 fe 99 59 61 0a 2f 13  ab b4 ba be a6 56 31 b6  |e..Ya./......V1.|
98 da a3 d1 e0 a5 10 85  a8 8c d9 1e 23 cd 79 43  |............#.yC|
ad 02 85 e1 f9 eb 21 39  56 09 25 88 80 e5 0e c6  |......!9V.%.....|
6b 37 f7 49 64 54 a5 9c  7c ec 18 f9 a6 71 2f fe  |k7.IdT..|....q/.|
8e fb 98 72 19 e5 68 cf  00 2c a4 2a c2 b0 07 43  |...r..h..,.*...C|
9a e0 58 13 79 ab 42 b5  2c d5 13 71 ee e5 17 7b  |..X.y.B.,..q...{|

#0
- CN: ShweBo
- -40984541421616798889843474368679223553
SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4
1.3.6.1.4.1.311.2.1.11: msCodeInd

messageDigest:

7e 36 f9 6e 3e d9 d6 e3  bb 1d 5e 46 1b 36 bf 37  |~6.n>.....^F.6.7|
9f d4 5d cc                                       |..].            |

rsaEncryption:

1c 58 b9 09 ee d7 ae f4  d5 b3 61 10 48 72 0a 3a  |.X........a.Hr.:|
6f 60 95 64 91 b1 a0 44  ad 01 af a7 49 e3 eb 72  |o`.d...D....I..r|
52 de 80 ba a4 d3 4b b6  c0 09 74 48 5d d8 2e 77  |R.....K...tH]..w|
91 a7 a0 37 5f 91 9d be  08 8b bf 35 94 b8 5b 92  |...7_......5..[.|
e2 21 fc 1b a7 95 13 a5  ae 2c a3 d9 b7 a9 c0 f5  |.!.......,......|
bc 25 d7 04 b9 2e f3 21  2c d6 ad 54 8b f3 bf 82  |.%.....!,..T....|
0d cd fd 37 ba 24 15 fa  5f ee 07 83 f2 54 ee 59  |...7.$.._....T.Y|
bc 22 4d e2 31 a0 c0 45  4c bd 18 8b 4e f3 fa 0d  |."M.1..EL...N...|