Watch_Dogs2-ScriptHook-Installer_r185[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Watch_Dogs2-ScriptHook-Installer_r185.exe
Size

16.1MB
MD5

1d5ea324949b4e28c2548cd18c7ae6e4
SHA1

78f8e0ede25e2e9c043d45c04bdb4b4596f9d55c
SHA256

0d9a1030d4c4974dc195643a95f933f67c7110b0ace1849ed805f920d12f62e0
SHA512

7f9639279eac3a6679e6838e3f102e1ef0cc5e15f041515ec32dd78cba2f37b76180c20703daf957166aa3de593a68db442b2523348a606d7515ff2bb7c0184e
SSDEEP

393216:tVx2WBOiCChPV0tX4/lGNCjTIl+1Oz/N11EFYYSmlWT:tVIWAiCC3W4/lGYjTIskz/CeYSqY

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
Watch_Dogs2-ScriptHook-Installer_r185.exe
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/ScriptHook/core.dll
unpack001/ScriptHook/crashpad_handler.exe
unpack001/ScriptHook/skia.dll
unpack001/dinput8.dll
unpack001/uninstall-scripthook.exe
unpack002/$PLUGINSDIR/UserInfo.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninstall-scripthook.exe	nsis_installer_1
static1/unpack001/uninstall-scripthook.exe	nsis_installer_2

Files

Watch_Dogs2-ScriptHook-Installer_r185.exe
.exe windows:4 windows x86 arch:x86

7c2c71dfce9a27650634dc8b1ca03bf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetFileAttributesA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileTime
GetFileAttributesA
SetCurrentDirectoryA
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MulDiv
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

GetSystemMenu
SetClassLongA
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
LoadImageA
CreateDialogParamA
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
SetWindowLongA
SendMessageTimeoutA
FindWindowExA
IsWindow
AppendMenuA
TrackPopupMenu
CreatePopupMenu
DrawTextA
EndPaint
DestroyWindow
wsprintfA
PostQuitMessage

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

cce05dea98cbac3a9d486b233588f528

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
SetWindowLongA
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ScriptHook/LICENSE
ScriptHook/core.dll
.dll windows:6 windows x64 arch:x64

9211b32172176cfde2e60e46c72dd450

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\Watch_Dogs-2-ScriptHook\Watch_Dogs-2-ScriptHook\NomadFX\bin\Win64\Shipping\projects\wd2sh\core.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathCanonicalizeA

winhttp

WinHttpConnect
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl

dbghelp

SymGetOptions
SymSetOptions
SymFromAddr
SymInitialize

skia

??3SkTextBlob@@CAXPEAX@Z
?MakeDefault@SkTypeface@@SA?AV?$sk_sp@VSkTypeface@@@@XZ
?getCanvas@SkSurface@@QEAAPEAVSkCanvas@@XZ
?MakeRasterDirect@SkSurface@@SA?AV?$sk_sp@VSkSurface@@@@AEBUSkImageInfo@@PEAX_KPEBVSkSurfaceProps@@@Z
?clipRect@SkCanvas@@QEAAXAEBUSkRect@@W4SkClipOp@@_N@Z
?MakeFromName@SkTypeface@@SA?AV?$sk_sp@VSkTypeface@@@@QEBDVSkFontStyle@@@Z
?getFamilyName@SkTypeface@@QEBAXPEAVSkString@@@Z
?restore@SkCanvas@@QEAAXXZ
?drawTextBlob@SkCanvas@@QEAAXPEBVSkTextBlob@@MMAEBVSkPaint@@@Z
??0SkFont@@QEAA@XZ
?measureText@SkFont@@QEBAMPEBX_KW4SkTextEncoding@@PEAUSkRect@@PEBVSkPaint@@@Z
??0SkPaint@@QEAA@XZ
??1SkPaint@@QEAA@XZ
?setColor@SkPaint@@QEAAXAEBU?$SkRGBA4f@$02@@PEAVSkColorSpace@@@Z
?FromColor@?$SkRGBA4f@$02@@SA?AU1@I@Z
?flush@SkSurface@@QEAA?AW4GrSemaphoresSubmitted@@AEBUGrFlushInfo@@PEBVGrBackendSurfaceMutableState@@@Z
?save@SkCanvas@@QEAAHXZ
?MakeRasterData@SkImage@@SA?AV?$sk_sp@VSkImage@@@@AEBUSkImageInfo@@V?$sk_sp@VSkData@@@@_K@Z
?getBounds@SkTypeface@@QEBA?AUSkRect@@XZ
?setSize@SkFont@@QEAAXM@Z
??0SkString@@QEAA@XZ
??1SkString@@QEAA@XZ
??1SkTextBlob@@AEAA@XZ
?drawColor@SkCanvas@@QEAAXAEBU?$SkRGBA4f@$02@@W4SkBlendMode@@@Z
?MakeFromText@SkTextBlob@@SA?AV?$sk_sp@VSkTextBlob@@@@PEBX_KAEBVSkFont@@W4SkTextEncoding@@@Z
?DummyReleaseProc@SkData@@CAXPEBXPEAX@Z
??3SkData@@CAXPEAX@Z
??1SkData@@AEAA@XZ
?MakeWithProc@SkData@@SA?AV?$sk_sp@VSkData@@@@PEBX_KP6AX0PEAX@Z2@Z
?setStrokeWidth@SkPaint@@QEAAXM@Z
?setStyle@SkPaint@@QEAAXW4Style@1@@Z
??0SkPaint@@QEAA@AEBU?$SkRGBA4f@$02@@PEAVSkColorSpace@@@Z
?drawImageRect@SkCanvas@@QEAAXPEBVSkImage@@AEBUSkIRect@@AEBUSkRect@@PEBVSkPaint@@W4SrcRectConstraint@1@@Z
?drawRect@SkCanvas@@QEAAXAEBUSkRect@@AEBVSkPaint@@@Z
?drawLine@SkCanvas@@QEAAXMMMMAEBVSkPaint@@@Z
?resetMatrix@SkCanvas@@QEAAXXZ
?scale@SkCanvas@@QEAAXMM@Z
?imageInfo@SkCanvas@@QEBA?AUSkImageInfo@@XZ
?MakeRasterDirect@SkCanvas@@SA?AV?$unique_ptr@VSkCanvas@@U?$default_delete@VSkCanvas@@@std@@@std@@AEBUSkImageInfo@@PEAX_KPEBVSkSurfaceProps@@@Z
?drawImageRect@SkCanvas@@QEAAXPEBVSkImage@@AEBUSkRect@@PEBVSkPaint@@@Z
?getMetrics@SkFont@@QEBAMPEAUSkFontMetrics@@@Z

kernel32

GetFullPathNameW
GetFileAttributesExW
GetCurrentDirectoryW
AreFileApisANSI
InitOnceComplete
InitOnceBeginInitialize
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
GetFileInformationByHandle
VirtualAlloc
VirtualFree
OpenThread
SetThreadContext
GetThreadContext
HeapAlloc
HeapReAlloc
ResumeThread
SuspendThread
Thread32First
Thread32Next
HeapFree
HeapCreate
VirtualProtect
GetModuleHandleW
SetConsoleCtrlHandler
Sleep
GetConsoleWindow
GetModuleFileNameA
GetModuleHandleA
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
ExitProcess
GetFileAttributesW
lstrcatW
LoadLibraryW
GetProcAddress
FreeLibrary
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
OutputDebugStringA
AttachConsole
GetCurrentProcessId
AllocConsole
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
GetSystemInfo
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitOnceExecuteOnce
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GetLastError
VirtualQuery
LoadLibraryExW
Module32FirstW
Module32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetCurrentProcess
CreateFileW
LockFileEx
SetEndOfFile
UnlockFileEx
GetFileType
SetUnhandledExceptionFilter
SetEvent
WaitForSingleObject
SleepEx
CreateEventW
CreateThread
GetCurrentThreadId
CreateProcessW
FlushInstructionCache
GetVersion
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
OutputDebugStringW
GetLocalTime
FormatMessageW
ReadFile
SetFilePointerEx
WriteFile
FindFirstFileExW
GetFileTime
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FormatMessageA
SetLastError
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetSystemTimeAsFileTime
LocalFree
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock

user32

GetWindowDC
GetDC
RedrawWindow
ClientToScreen
BeginPaint
EndPaint
DefWindowProcW
CallWindowProcW
GetUpdateRect
SetCursor
PostQuitMessage
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
UpdateLayeredWindow
TrackMouseEvent
RegisterRawInputDevices
SetCapture
ReleaseCapture
LoadImageW
MapVirtualKeyW
GetWindowLongW
GetMessageW
PostMessageW
GetWindowRect
DestroyWindow
SetWindowPos
SetWindowLongPtrW
CreateWindowExW
SendMessageW
GetSystemMetrics
UnregisterClassW
SetWindowTextW
GetWindowLongPtrW
RegisterClassExW
ShowWindow
DispatchMessageW
SetTimer
PeekMessageW
AdjustWindowRect
MessageBoxW
LoadCursorW
SetWindowLongW
GetClientRect
IsZoomed
KillTimer
GetDesktopWindow
InvalidateRect
GetWindowTextW
GetRawInputData
ToUnicode
PostMessageA
IsWindow
MessageBoxA
TranslateMessage

gdi32

GetKerningPairsW
SelectObject
BitBlt
CreateCompatibleDC
CreateFontW
DeleteDC
GetGlyphOutlineW
DeleteObject
GetOutlineTextMetricsW
CreateDIBSection
GetStockObject

advapi32

BuildExplicitAccessWithNameW
SystemFunction036
BuildSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteA

msvcp140

_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_signal
_Thrd_sleep
_Cnd_wait
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
_Strcoll
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Strxfrm
_Mtx_unlock
_Xtime_get_ticks
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1facet@locale@std@@MEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Query_perf_frequency
_Query_perf_counter
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Winerror_map@std@@YAHH@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

ws2_32

getaddrinfo
__WSAFDIsSet
closesocket
select
WSAStartup
WSACleanup
WSAGetLastError
setsockopt
getnameinfo
ioctlsocket
freeaddrinfo
getsockopt
recv
connect
ntohs
socket
send
getpeername
WSASocketW

dwmapi

DwmGetWindowAttribute

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_purecall
__std_type_info_destroy_list
__current_exception_context
__current_exception
__C_specific_handler
memchr
strrchr
__std_exception_destroy
__std_exception_copy
__std_terminate
memset
strchr
memcpy
memmove
_CxxThrowException
memcmp
strstr

api-ms-win-crt-heap-l1-1-0

realloc
malloc
calloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

signal
_errno
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
exit
abort
_invalid_parameter_noinfo_noreturn
_beginthreadex
strerror_s
terminate
_initterm
_initterm_e

api-ms-win-crt-math-l1-1-0

sinf
powf
_fdsign
_ldsign
floorf
roundf
cosf
ceilf
_ldclass
ldexp
_fdclass
_dclass
_dsign

api-ms-win-crt-stdio-l1-1-0

ferror
getc
fputc
feof
fflush
__stdio_common_vsprintf_s
__acrt_iob_func
puts
freopen_s
__stdio_common_vsnprintf_s
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fseek
fgetpos
__stdio_common_vsscanf
fclose
__stdio_common_vsprintf
fgetc
__stdio_common_vsprintf_p
fwrite
fopen_s
_wfopen
_wopen
_close
_locking
__stdio_common_vfprintf

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
strtod
strtof
strtoull
strtoll

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32
_wfullpath
_unlock_file
_splitpath_s
_wstat64
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

api-ms-win-crt-string-l1-1-0

_wcsicmp
strcat_s
_wcsdup
strcpy_s
toupper
strcmp
strncmp
tolower
_stricmp
isalpha

api-ms-win-crt-time-l1-1-0

_time64
_mkgmtime64
_gmtime64
strftime

api-ms-win-crt-environment-l1-1-0

_wgetenv
getenv

Exports

Exports

Init
PostInit
PreInit_DInput

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ScriptHook/crashpad_handler.exe
.exe windows:6 windows x64 arch:x64

c0f7d05b08083213cedabea23a7b898d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

powrprof

CallNtPowerInformation

user32

SetWindowLongPtrW
GetWindowLongPtrW
DestroyWindow
CreateWindowExW
UnregisterClassW
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClassW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpWriteData
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
RevertToSelf
ImpersonateNamedPipeClient
SystemFunction036

kernel32

CreateProcessW
Sleep
SleepEx
GetFileAttributesW
DeleteFileW
FindFirstFileExW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
InitOnceExecuteOnce
DeleteCriticalSection
FindNextFileW
GetFileTime
RemoveDirectoryW
InitializeCriticalSection
CreateDirectoryW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
SetProcessShutdownParameters
SetConsoleCtrlHandler
GetProcessTimes
SuspendThread
ResumeThread
GetProcessId
GetThreadContext
Wow64GetThreadContext
IsProcessorFeaturePresent
GetSystemInfo
GetVersionExW
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
GetUserDefaultLCID
GetModuleFileNameW
DuplicateHandle
GetLastError
ConnectNamedPipe
DisconnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
WaitForSingleObject
CreateEventW
GetCurrentProcess
TerminateProcess
CreateThread
OpenProcess
UnregisterWaitEx
RegisterWaitForSingleObject
GetFileInformationByHandleEx
SetLastError
IsWow64Process
GetModuleHandleW
FormatMessageA
VirtualQueryEx
ReadProcessMemory
FindClose
CloseHandle
GetProcAddress
LoadLibraryW
CreateFileW
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetVersion
ReleaseSemaphore
CreateSemaphoreW
GetStdHandle
GetFileType
LockFileEx
ReadFile
SetEndOfFile
SetFilePointerEx
UnlockFileEx
WriteFile
LocalFree
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?_Xbad_alloc@std@@YAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcmp
__current_exception_context
__current_exception
__std_terminate
__C_specific_handler
strchr
_purecall
memset
memmove
memcpy
memchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_cexit
signal
_initialize_wide_environment
_invalid_parameter_noinfo_noreturn
terminate
_configure_wide_argv
_c_exit
__p___argc
_set_app_type
_seh_filter_exe
_invoke_watson
exit
_register_thread_local_exe_atexit_callback
_initterm_e
abort
_initterm
__p___wargv
_crt_atexit
_errno
_get_wide_winmain_command_line
_exit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
fflush
__p__commode
__stdio_common_vsprintf
_set_fmode
__stdio_common_vsprintf_p
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

tolower
wcsnlen
wcsncmp
strnlen
strncmp
_wcsicmp
isspace

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

malloc
_aligned_free
free
_aligned_malloc
_callnewh
_set_new_mode

api-ms-win-crt-convert-l1-1-0

strtoul
strtoull

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dclass

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_wstat64

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ScriptHook/data/config.json
ScriptHook/data/lua/extensions/CDominoManager.lua
ScriptHook/data/lua/extensions/CommandArgumentType.lua
ScriptHook/data/lua/extensions/System.lua
ScriptHook/data/lua/extensions/string.lua
ScriptHook/data/lua/extensions/table.lua
.js
ScriptHook/data/lua/game/Affiliation.lua
ScriptHook/data/lua/game/Broadcasts.lua
ScriptHook/data/lua/game/CameraSpots.lua
ScriptHook/data/lua/game/FelonyTypes.lua
ScriptHook/data/lua/game/Fractions.lua
ScriptHook/data/lua/game/GraphicKitModels.lua
ScriptHook/data/lua/game/Items.lua
ScriptHook/data/lua/game/PlayMusicPriority.lua
ScriptHook/data/lua/game/RelationShips.lua
ScriptHook/data/lua/game/TeleportSpots.lua
ScriptHook/data/lua/game/VehicleArchetype.lua
ScriptHook/data/lua/game/VehicleSeatIds.lua
ScriptHook/data/lua/game/WeaponIds.lua
ScriptHook/data/lua/game/WeatherIds.lua
ScriptHook/data/lua/game/WorldLoadingUnits.lua
ScriptHook/data/lua/main.lua
ScriptHook/data/lua/modules/timer.lua
ScriptHook/data/lua/modules/util.lua
.js
ScriptHook/data/ref_steam_1.0.9.0.nmd
ScriptHook/data/ref_uplay_1.0.10.0.nmd
ScriptHook/data/ref_uplay_1.0.9.0.nmd
ScriptHook/data/ref_uplayplus_1.0.10.0.nmd
ScriptHook/data/scripts/trainer/Vehicles.txt
ScriptHook/data/scripts/trainer/commands/camera.lua
ScriptHook/data/scripts/trainer/commands/cash.lua
ScriptHook/data/scripts/trainer/commands/felony.lua
ScriptHook/data/scripts/trainer/commands/getpos.lua
ScriptHook/data/scripts/trainer/commands/god.lua
ScriptHook/data/scripts/trainer/commands/hud.lua
ScriptHook/data/scripts/trainer/commands/progression.lua
ScriptHook/data/scripts/trainer/commands/repairVehicle.lua
ScriptHook/data/scripts/trainer/commands/skin.lua
ScriptHook/data/scripts/trainer/commands/spawn.lua
ScriptHook/data/scripts/trainer/commands/teleport.lua
ScriptHook/data/scripts/trainer/commands/time.lua
ScriptHook/data/scripts/trainer/commands/timescale.lua
ScriptHook/data/scripts/trainer/commands/weather.lua
ScriptHook/data/scripts/trainer/main.lua
ScriptHook/data/scripts/trainer/manifest.json
ScriptHook/data/scripts/trainer/menu/Camera.lua
ScriptHook/data/scripts/trainer/menu/Clothing.lua
ScriptHook/data/scripts/trainer/menu/Environment.lua
ScriptHook/data/scripts/trainer/menu/Game.lua
ScriptHook/data/scripts/trainer/menu/Inventory.lua
ScriptHook/data/scripts/trainer/menu/Player.lua
ScriptHook/data/scripts/trainer/menu/Teleport.lua
ScriptHook/data/scripts/trainer/menu/Vehicle.lua
ScriptHook/data/scripts/trainer/menu/menu.lua
ScriptHook/data/scripts/trainer/player/StateWatcher.lua
ScriptHook/data/versions.json
ScriptHook/skia.dll
.dll windows:6 windows x64 arch:x64

5699ea66f715cb5f5e00160481102be3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

fontsub

CreateFontPackage

ole32

CoCreateGuid
CoCreateInstance

user32

SystemParametersInfoA
SystemParametersInfoW

usp10

ScriptFreeCache
ScriptItemize
ScriptShape

gdi32

AddFontMemResourceEx
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectA
DeleteDC
DeleteObject
EnumFontFamiliesExA
ExtTextOutW
GdiFlush
GetCharABCWidthsA
GetFontData
GetFontUnicodeRanges
GetGlyphIndicesW
GetGlyphOutlineW
GetOutlineTextMetricsA
GetTextExtentPointI
GetTextFaceA
GetTextMetricsA
RemoveFontMemResourceEx
SelectObject
SetBkMode
SetGraphicsMode
SetTextAlign
SetTextColor
SetWorldTransform

opengl32

wglGetCurrentContext
wglGetProcAddress

d3d12

D3D12SerializeRootSignature

d3dcompiler_47

D3DCompile

kernel32

CloseHandle
CompareStringW
CreateEventA
CreateEventW
CreateFileMappingA
CreateFileW
CreateSemaphoreA
CreateThread
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetExitCodeThread
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTime
GetSystemTimeAsFileTime
GetThreadTimes
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseSemaphore
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

??0?$SkCanvasVirtualEnforcer@VSkCanvas@@@@QEAA@XZ
??0?$SkNVRefCnt@VGrContextThreadSafeProxy@@@@QEAA@XZ
??0?$SkNVRefCnt@VSkColorSpace@@@@QEAA@XZ
??0?$SkNVRefCnt@VSkData@@@@QEAA@XZ
??0?$SkNVRefCnt@VSkPathRef@@@@QEAA@XZ
??0?$SkNVRefCnt@VSkPromiseImageTexture@@@@QEAA@XZ
??0?$SkNVRefCnt@VSkTextBlob@@@@QEAA@XZ
??0?$SkNVRefCnt@VSkVertices@@@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@$$QEAV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@$$QEAV01@AEBV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@AEBV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@_K1AEBV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@_KAEBV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@QEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@QEBD_K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@QEBD_KAEBV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@U_String_constructor_concat_tag@1@AEAV01@1@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@U_String_constructor_concat_tag@1@AEBV01@QEBD_K23@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@V?$initializer_list@D@1@AEBV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@_KD@Z
??0AbortCallback@SkPicture@@QEAA@AEBV01@@Z
??0AbortCallback@SkPicture@@QEAA@XZ
??0Allocator@SkBitmap@@QEAA@XZ
??0AttributeList@SkPDF@@QEAA@XZ
??0Builder@SkLayerDrawLooper@@QEAA@XZ
??0ByteCode@SkSL@@QEAA@XZ
??0Cliperator@SkRegion@@QEAA@AEBV1@AEBUSkIRect@@@Z
??0Compiler@SkSL@@QEAA@W4Flags@01@@Z
??0Context@SkDrawLooper@@QEAA@XZ
??0GrBackendFormat@@AEAA@II@Z
??0GrBackendFormat@@AEAA@W4DXGI_FORMAT@@@Z
??0GrBackendFormat@@AEAA@W4GrColorType@@W4CompressionType@SkImage@@@Z
??0GrBackendFormat@@AEAA@W4VkFormat@@AEBUGrVkYcbcrConversionInfo@@@Z
??0GrBackendFormat@@QEAA@AEBV0@@Z
??0GrBackendFormat@@QEAA@XZ
??0GrBackendRenderTarget@@AEAA@HHHAEBUGrD3DTextureResourceInfo@@V?$sk_sp@VGrD3DResourceState@@@@@Z
??0GrBackendRenderTarget@@QEAA@AEBV0@@Z
??0GrBackendRenderTarget@@QEAA@HHHAEBUGrD3DTextureResourceInfo@@@Z
??0GrBackendRenderTarget@@QEAA@HHHHAEBUGrGLFramebufferInfo@@@Z
??0GrBackendRenderTarget@@QEAA@HHHHAEBUGrMockRenderTargetInfo@@@Z
??0GrBackendRenderTarget@@QEAA@XZ
??0GrBackendTexture@@AEAA@HHAEBUGrD3DTextureResourceInfo@@V?$sk_sp@VGrD3DResourceState@@@@@Z
??0GrBackendTexture@@AEAA@HHW4GrMipMapped@@UGrGLTextureInfo@@V?$sk_sp@VGrGLTextureParameters@@@@@Z
??0GrBackendTexture@@QEAA@AEBV0@@Z
??0GrBackendTexture@@QEAA@HHAEBUGrD3DTextureResourceInfo@@@Z
??0GrBackendTexture@@QEAA@HHW4GrMipMapped@@AEBUGrGLTextureInfo@@@Z
??0GrBackendTexture@@QEAA@HHW4GrMipMapped@@AEBUGrMockTextureInfo@@@Z
??0GrBackendTexture@@QEAA@XZ
??0GrContext@@IEAA@V?$sk_sp@VGrContextThreadSafeProxy@@@@@Z
??0GrContextOptions@@QEAA@XZ
??0GrContextThreadSafeProxy@@AEAA@W4GrBackendApi@@AEBUGrContextOptions@@@Z
??0GrD3DBackendContext@@QEAA@$$QEAU0@@Z
??0GrD3DBackendContext@@QEAA@AEBU0@@Z
??0GrD3DBackendContext@@QEAA@XZ
??0GrDriverBugWorkarounds@@QEAA@AEBV?$vector@HV?$allocator@H@std@@@std@@@Z
??0GrDriverBugWorkarounds@@QEAA@XZ
??0GrGLExtensions@@QEAA@AEBV0@@Z
??0GrGLExtensions@@QEAA@XZ
??0GrGLInterface@@QEAA@XZ
??0ImageSetEntry@SkCanvas@@QEAA@AEBU01@@Z
??0ImageSetEntry@SkCanvas@@QEAA@V?$sk_sp@$$CBVSkImage@@@@AEBUSkRect@@1HMI_N@Z
??0ImageSetEntry@SkCanvas@@QEAA@V?$sk_sp@$$CBVSkImage@@@@AEBUSkRect@@1MI@Z
??0ImageSetEntry@SkCanvas@@QEAA@XZ
??0Iter@SkOSFile@@QEAA@QEBD0@Z
??0Iter@SkOSFile@@QEAA@XZ
??0Iter@SkPath@@QEAA@AEBV1@_N@Z
??0Iter@SkPath@@QEAA@XZ
??0Iter@SkPathRef@@QEAA@AEBV1@@Z
??0Iter@SkPathRef@@QEAA@XZ
??0Iter@SkROBuffer@@QEAA@AEBV?$sk_sp@VSkROBuffer@@@@@Z
??0Iter@SkROBuffer@@QEAA@PEBV1@@Z
??0Iter@SkTextBlob@@QEAA@AEBV1@@Z
??0Iterator@SkRegion@@QEAA@AEBV1@@Z
??0Iterator@SkRegion@@QEAA@XZ
??0LayerInfo@SkLayerDrawLooper@@QEAA@XZ
??0Options@SkWebpEncoder@@QEAA@XZ
??0PersistentCache@GrContextOptions@@QEAA@AEBV01@@Z
??0PersistentCache@GrContextOptions@@QEAA@XZ
??0ProgramIterator@SkDeferredDisplayList@@QEAA@PEAVGrContext@@PEAV1@@Z
??0RawIter@SkPath@@QEAA@AEBV1@@Z
??0RawIter@SkPath@@QEAA@XZ
??0ScopedTracer@tracing_internals@skia@@QEAA@XZ
??0ShaderErrorHandler@GrContextOptions@@QEAA@AEBV01@@Z
??0ShaderErrorHandler@GrContextOptions@@QEAA@XZ
??0Sk1DPathEffect@@QEAA@XZ
??0Sk2DPathEffect@@IEAA@AEBVSkMatrix@@@Z
??0Sk3DView@@QEAA@XZ
??0SkAndroidCodec@@IEAA@PEAVSkCodec@@W4ExifOrientationBehavior@0@@Z
??0SkAnimatedImage@@AEAA@V?$unique_ptr@VSkAndroidCodec@@U?$default_delete@VSkAndroidCodec@@@std@@@std@@USkISize@@USkImageInfo@@USkIRect@@V?$sk_sp@VSkPicture@@@@@Z
??0SkBBHFactory@@QEAA@AEBV0@@Z
??0SkBBHFactory@@QEAA@XZ
??0SkBitmap@@QEAA@$$QEAV0@@Z
??0SkBitmap@@QEAA@AEBV0@@Z
??0SkBitmap@@QEAA@XZ
??0SkCanvas@@AEAA@AEBVSkBitmap@@V?$unique_ptr@VSkRasterHandleAllocator@@U?$default_delete@VSkRasterHandleAllocator@@@std@@@std@@PEAX@Z
??0SkCanvas@@IEAA@AEBUSkIRect@@@Z
??0SkCanvas@@QEAA@AEBVSkBitmap@@@Z
??0SkCanvas@@QEAA@AEBVSkBitmap@@AEBVSkSurfaceProps@@@Z
??0SkCanvas@@QEAA@HHPEBVSkSurfaceProps@@@Z
??0SkCanvas@@QEAA@V?$sk_sp@VSkBaseDevice@@@@@Z
??0SkCanvas@@QEAA@XZ
??0SkCodec@@IEAA@$$QEAUSkEncodedInfo@@W4skcms_PixelFormat@@V?$unique_ptr@VSkStream@@U?$default_delete@VSkStream@@@std@@@std@@W4SkEncodedOrigin@@@Z
??0SkColorFilter@@AEAA@XZ
??0SkColorInfo@@QEAA@$$QEAV0@@Z
??0SkColorInfo@@QEAA@AEBV0@@Z
??0SkColorInfo@@QEAA@W4SkColorType@@W4SkAlphaType@@V?$sk_sp@VSkColorSpace@@@@@Z
??0SkColorInfo@@QEAA@XZ
??0SkColorMatrix@@QEAA@MMMMMMMMMMMMMMMMMMMM@Z
??0SkColorMatrix@@QEAA@XZ
??0SkColorSpace@@AEAA@AEBUskcms_TransferFunction@@AEBUskcms_Matrix3x3@@@Z
??0SkContourMeasure@@AEAA@$$QEAV?$SkTDArray@USegment@SkContourMeasure@@@@$$QEAV?$SkTDArray@USkPoint@@@@M_N@Z
??0SkContourMeasureIter@@QEAA@AEBVSkPath@@_NM@Z
??0SkContourMeasureIter@@QEAA@XZ
??0SkCornerPathEffect@@IEAA@M@Z
??0SkCubicMap@@QEAA@USkPoint@@0@Z
??0SkData@@AEAA@PEBX_KP6AX0PEAX@Z2@Z
??0SkData@@AEAA@_K@Z
??0SkDataTable@@AEAA@PEBUDir@0@HP6AXPEAX@Z1@Z
??0SkDataTable@@AEAA@PEBX_KHP6AXPEAX@Z2@Z
??0SkDataTable@@AEAA@XZ
??0SkDeferredDisplayList@@AEAA@AEBVSkSurfaceCharacterization@@V?$sk_sp@VGrRenderTargetProxy@@@@V?$sk_sp@VLazyProxyData@SkDeferredDisplayList@@@@@Z
??0SkDeferredDisplayListRecorder@@QEAA@AEBV0@@Z
??0SkDeferredDisplayListRecorder@@QEAA@AEBVSkSurfaceCharacterization@@@Z
??0SkDeque@@QEAA@_KH@Z
??0SkDeque@@QEAA@_KPEAX0H@Z
??0SkDeserialProcs@@QEAA@XZ
??0SkDiscardableMemory@@QEAA@AEBV0@@Z
??0SkDiscardableMemory@@QEAA@XZ
??0SkDiscretePathEffect@@IEAA@MMI@Z
??0SkDocument@@IEAA@PEAVSkWStream@@@Z
??0SkDrawLooper@@IEAA@XZ
??0SkDrawable@@IEAA@XZ
??0SkDynamicMemoryWStream@@QEAA@$$QEAV0@@Z
??0SkDynamicMemoryWStream@@QEAA@XZ
??0SkEncoder@@IEAA@AEBVSkPixmap@@_K@Z
??0SkEventTracer@@QEAA@AEBV0@@Z
??0SkEventTracer@@QEAA@XZ
??0SkExecutor@@QEAA@AEBV0@@Z
??0SkExecutor@@QEAA@XZ
??0SkFILEStream@@AEAA@V?$shared_ptr@U_iobuf@@@std@@_K11@Z
??0SkFILEStream@@AEAA@V?$shared_ptr@U_iobuf@@@std@@_K1@Z
??0SkFILEStream@@QEAA@PEAU_iobuf@@@Z
??0SkFILEStream@@QEAA@QEBD@Z
??0SkFILEWStream@@QEAA@QEBD@Z
??0SkFlattenable@@QEAA@XZ
??0SkFont@@QEAA@$$QEAV0@@Z
??0SkFont@@QEAA@AEBV0@@Z
??0SkFont@@QEAA@V?$sk_sp@VSkTypeface@@@@@Z
??0SkFont@@QEAA@V?$sk_sp@VSkTypeface@@@@M@Z
??0SkFont@@QEAA@V?$sk_sp@VSkTypeface@@@@MMM@Z
??0SkFont@@QEAA@XZ
??0SkFontIdentity@@QEAA@XZ
??0SkFontMgr@@QEAA@XZ
??0SkFontMgr_Indirect@@QEAA@V?$sk_sp@VSkFontMgr@@@@V?$sk_sp@VSkRemotableFontMgr@@@@@Z
??0SkFontStyle@@QEAA@HHW4Slant@0@@Z
??0SkFontStyle@@QEAA@XZ
??0SkFontStyleSet@@QEAA@XZ
??0SkImage@@AEAA@AEBUSkImageInfo@@I@Z
??0SkImageFilter@@QEAA@XZ
??0SkImageGenerator@@IEAA@AEBUSkImageInfo@@I@Z
??0SkImageInfo@@AEAA@USkISize@@$$QEAVSkColorInfo@@@Z
??0SkImageInfo@@AEAA@USkISize@@AEBVSkColorInfo@@@Z
??0SkImageInfo@@QEAA@$$QEAU0@@Z
??0SkImageInfo@@QEAA@AEBU0@@Z
??0SkImageInfo@@QEAA@XZ
??0SkInterpolator@@QEAA@HH@Z
??0SkInterpolator@@QEAA@XZ
??0SkInterpolatorBase@@IEAA@XZ
??0SkJpegEncoder@@AEAA@V?$unique_ptr@VSkJpegEncoderMgr@@U?$default_delete@VSkJpegEncoderMgr@@@std@@@std@@AEBVSkPixmap@@@Z
??0SkLatticeIter@@QEAA@$$QEAV0@@Z
??0SkLatticeIter@@QEAA@AEBULattice@SkCanvas@@AEBUSkRect@@@Z
??0SkLatticeIter@@QEAA@AEBV0@@Z
??0SkLatticeIter@@QEAA@HHAEBUSkIRect@@AEBUSkRect@@@Z
??0SkLayerDrawLooper@@IEAA@XZ
??0SkLine2DPathEffect@@IEAA@MAEBVSkMatrix@@@Z
??0SkM44@@QEAA@AEBV0@0@Z
??0SkM44@@QEAA@AEBVSkMatrix@@@Z
??0SkM44@@QEAA@MMMMMMMMMMMMMMMM@Z
??0SkM44@@QEAA@W4NaN_Constructor@0@@Z
??0SkM44@@QEAA@W4Uninitialized_Constructor@0@@Z
??0SkM44@@QEAA@XZ
??0SkMaskFilter@@QEAA@XZ
??0SkMatrix44@@QEAA@AEBV0@0@Z
??0SkMatrix44@@QEAA@AEBVSkMatrix@@@Z
??0SkMatrix44@@QEAA@W4Identity_Constructor@0@@Z
??0SkMatrix44@@QEAA@W4NaN_Constructor@0@@Z
??0SkMatrix44@@QEAA@W4Uninitialized_Constructor@0@@Z
??0SkMatrix44@@QEAA@XZ
??0SkMatrix@@AEAA@MMMMMMMMMH@Z
??0SkMatrix@@QEAA@XZ
??0SkMemoryStream@@QEAA@PEBX_K_N@Z
??0SkMemoryStream@@QEAA@V?$sk_sp@VSkData@@@@@Z
??0SkMemoryStream@@QEAA@XZ
??0SkMemoryStream@@QEAA@_K@Z
??0SkNWayCanvas@@QEAA@HH@Z
??0SkNoDrawCanvas@@QEAA@AEBUSkIRect@@@Z
??0SkNoDrawCanvas@@QEAA@HH@Z
??0SkNoDrawCanvas@@QEAA@V?$sk_sp@VSkBaseDevice@@@@@Z
??0SkNullWStream@@QEAA@XZ
??0SkOpBuilder@@QEAA@$$QEAV0@@Z
??0SkOpBuilder@@QEAA@AEBV0@@Z
??0SkOpBuilder@@QEAA@XZ
??0SkOverdrawCanvas@@QEAA@PEAVSkCanvas@@@Z
??0SkPaint@@QEAA@$$QEAV0@@Z
??0SkPaint@@QEAA@AEBU?$SkRGBA4f@$02@@PEAVSkColorSpace@@@Z
??0SkPaint@@QEAA@AEBV0@@Z
??0SkPaint@@QEAA@XZ
??0SkPaintFilterCanvas@@QEAA@PEAVSkCanvas@@@Z
??0SkPath1DPathEffect@@IEAA@AEBVSkPath@@MMW4Style@0@@Z
??0SkPath2DPathEffect@@IEAA@AEBVSkMatrix@@AEBVSkPath@@@Z
??0SkPath@@AEAA@V?$sk_sp@VSkPathRef@@@@W4SkPathFillType@@_N@Z
??0SkPath@@QEAA@AEBV0@@Z
??0SkPath@@QEAA@XZ
??0SkPathEffect@@IEAA@XZ
??0SkPathMeasure@@QEAA@AEBVSkPath@@_NM@Z
??0SkPathMeasure@@QEAA@XZ
??0SkPathRef@@AEAA@XZ
??0SkPathRef@@QEAA@V?$SkTDArray@USkPoint@@@@V?$SkTDArray@E@@V?$SkTDArray@M@@I@Z
??0SkPicture@@AEAA@XZ
??0SkPictureRecorder@@QEAA@XZ
??0SkPixelRef@@QEAA@HHPEAX_K@Z
??0SkPixmap@@QEAA@$$QEAV0@@Z
??0SkPixmap@@QEAA@AEBUSkImageInfo@@PEBX_K@Z
??0SkPixmap@@QEAA@AEBV0@@Z
??0SkPixmap@@QEAA@XZ
??0SkPngEncoder@@IEAA@V?$unique_ptr@VSkPngEncoderMgr@@U?$default_delete@VSkPngEncoderMgr@@@std@@@std@@AEBVSkPixmap@@@Z
??0SkPromiseImageTexture@@AEAA@AEBVGrBackendTexture@@@Z
??0SkROBuffer@@AEAA@PEBUSkBufferHead@@_KPEBUSkBufferBlock@@@Z
??0SkRRect@@AEAA@AEBUSkRect@@QEBUSkPoint@@H@Z
??0SkRRect@@QEAA@XZ
??0SkRTreeFactory@@QEAA@$$QEAV0@@Z
??0SkRTreeFactory@@QEAA@AEBV0@@Z
??0SkRTreeFactory@@QEAA@XZ
??0SkRWBuffer@@QEAA@_K@Z
??0SkRasterHandleAllocator@@QEAA@AEBV0@@Z
??0SkRasterHandleAllocator@@QEAA@XZ
??0SkRefCnt@@QEAA@XZ
??0SkRefCntBase@@QEAA@XZ
??0SkRegion@@QEAA@AEBUSkIRect@@@Z
??0SkRegion@@QEAA@AEBV0@@Z
??0SkRegion@@QEAA@XZ
??0SkRemotableFontIdentitySet@@AEAA@XZ
??0SkRemotableFontMgr@@QEAA@XZ
??0SkRuntimeEffect@@AEAA@VSkString@@V?$unique_ptr@UProgram@SkSL@@U?$default_delete@UProgram@SkSL@@@std@@@std@@$$QEAV?$vector@UVariable@SkRuntimeEffect@@V?$allocator@UVariable@SkRuntimeEffect@@@std@@@3@$$QEAV?$vector@VSkString@@V?$allocator@VSkString@@@std@@@3@$$QEAV?$vector@USampleUsage@SkSL@@V?$allocator@USampleUsage@SkSL@@@std@@@3@$$QEAV?$vector@UVarying@SkRuntimeEffect@@V?$allocator@UVarying@SkRuntimeEffect@@@std@@@3@_K_N@Z
??0SkSerialProcs@@QEAA@XZ
??0SkShader@@AEAA@XZ
??0SkStream@@QEAA@XZ
??0SkStreamAsset@@QEAA@XZ
??0SkStreamMemory@@QEAA@XZ
??0SkStreamRewindable@@QEAA@XZ
??0SkStreamSeekable@@QEAA@XZ
??0SkStrikeClient@@QEAA@V?$sk_sp@VDiscardableHandleManager@SkStrikeClient@@@@_NPEAVSkStrikeCache@@@Z
??0SkStrikeServer@@QEAA@PEAVDiscardableHandleManager@0@@Z
??0SkString@@QEAA@$$QEAV0@@Z
??0SkString@@QEAA@AEBV0@@Z
??0SkString@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0SkString@@QEAA@QEBD@Z
??0SkString@@QEAA@QEBD_K@Z
??0SkString@@QEAA@XZ
??0SkString@@QEAA@_K@Z
??0SkStrokeRec@@QEAA@AEBVSkPaint@@M@Z
??0SkStrokeRec@@QEAA@AEBVSkPaint@@W4Style@1@M@Z
??0SkStrokeRec@@QEAA@W4InitStyle@0@@Z
??0SkSurface@@IEAA@AEBUSkImageInfo@@PEBVSkSurfaceProps@@@Z
??0SkSurface@@IEAA@HHPEBVSkSurfaceProps@@@Z
??0SkSurfaceCharacterization@@AEAA@V?$sk_sp@VGrContextThreadSafeProxy@@@@_KAEBUSkImageInfo@@AEBVGrBackendFormat@@W4GrSurfaceOrigin@@HW4Textureable@0@W4MipMapped@0@W4UsesGLFBO0@0@W4VulkanSecondaryCBCompatible@0@W4GrProtected@@AEBVSkSurfaceProps@@@Z
??0SkSurfaceCharacterization@@QEAA@$$QEAV0@@Z
??0SkSurfaceCharacterization@@QEAA@AEBV0@@Z
??0SkSurfaceCharacterization@@QEAA@XZ
??0SkSurfaceProps@@AEAA@XZ
??0SkSurfaceProps@@QEAA@AEBV0@@Z
??0SkSurfaceProps@@QEAA@IW4InitType@0@@Z
??0SkSurfaceProps@@QEAA@IW4SkPixelGeometry@@@Z
??0SkSurfaceProps@@QEAA@W4InitType@0@@Z
??0SkTextBlob@@AEAA@AEBUSkRect@@@Z
??0SkTextBlobBuilder@@QEAA@XZ
??0SkTextBlobCacheDiffCanvas@@QEAA@HHAEBVSkSurfaceProps@@PEAVSkStrikeServer@@V?$sk_sp@VSkColorSpace@@@@_N@Z
??0SkTraceMemoryDump@@QEAA@AEBV0@@Z
??0SkTraceMemoryDump@@QEAA@XZ
??0SkTypeface@@IEAA@AEBVSkFontStyle@@_N@Z
??0SkVertices@@AEAA@XZ
??0SkWStream@@QEAA@XZ
??0SkWeakRefCnt@@QEAA@XZ
??0SkXPSDevice@@QEAA@USkISize@@@Z
??0SkYUVASizeInfo@@QEAA@XZ
??0String@SkSL@@QEAA@$$QEAV01@@Z
??0String@SkSL@@QEAA@AEBV01@@Z
??0String@SkSL@@QEAA@PEBD@Z
??0String@SkSL@@QEAA@PEBD_K@Z
??0String@SkSL@@QEAA@UStringFragment@1@@Z
??0String@SkSL@@QEAA@XZ
??0skjpeg_destination_mgr@@QEAA@PEAVSkWStream@@@Z
??1?$SkCanvasVirtualEnforcer@VSkCanvas@@@@UEAA@XZ
??1?$SkCanvasVirtualEnforcer@VSkNWayCanvas@@@@UEAA@XZ
??1?$SkCanvasVirtualEnforcer@VSkNoDrawCanvas@@@@UEAA@XZ
??1?$SkNVRefCnt@VGrContextThreadSafeProxy@@@@QEAA@XZ
??1?$SkNVRefCnt@VSkColorSpace@@@@QEAA@XZ
??1?$SkNVRefCnt@VSkData@@@@QEAA@XZ
??1?$SkNVRefCnt@VSkPathRef@@@@QEAA@XZ
??1?$SkNVRefCnt@VSkPromiseImageTexture@@@@QEAA@XZ
??1?$SkNVRefCnt@VSkTextBlob@@@@QEAA@XZ
??1?$SkNVRefCnt@VSkVertices@@@@QEAA@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??1AbortCallback@SkPicture@@UEAA@XZ
??1Allocator@SkBitmap@@UEAA@XZ
??1AttributeList@SkPDF@@QEAA@XZ
??1Builder@SkLayerDrawLooper@@QEAA@XZ
??1ByteCode@SkSL@@QEAA@XZ
??1Compiler@SkSL@@UEAA@XZ
??1Context@SkDrawLooper@@UEAA@XZ
??1DiscardableHandleManager@SkStrikeServer@@UEAA@XZ
??1GrBackendRenderTarget@@QEAA@XZ
??1GrBackendTexture@@QEAA@XZ
??1GrContext@@UEAA@XZ
??1GrContextOptions@@QEAA@XZ
??1GrContextThreadSafeProxy@@QEAA@XZ
??1GrD3DBackendContext@@QEAA@XZ
??1GrDriverBugWorkarounds@@QEAA@XZ
??1GrGLExtensions@@QEAA@XZ
??1GrGLInterface@@UEAA@XZ
??1ImageSetEntry@SkCanvas@@QEAA@XZ
??1Iter@SkOSFile@@QEAA@XZ
??1PersistentCache@GrContextOptions@@UEAA@XZ
??1ProgramIterator@SkDeferredDisplayList@@QEAA@XZ
??1ScopedTracer@tracing_internals@skia@@QEAA@XZ
??1ShaderErrorHandler@GrContextOptions@@UEAA@XZ
??1Sk1DPathEffect@@UEAA@XZ
??1Sk2DPathEffect@@UEAA@XZ
??1Sk3DView@@QEAA@XZ
??1SkAndroidCodec@@UEAA@XZ
??1SkAnimatedImage@@UEAA@XZ
??1SkBBHFactory@@UEAA@XZ
??1SkBitmap@@QEAA@XZ
??1SkCanvas@@UEAA@XZ
??1SkCodec@@UEAA@XZ
??1SkColorFilter@@UEAA@XZ
??1SkColorInfo@@QEAA@XZ
??1SkColorMatrixFilter@@UEAA@XZ
??1SkColorSpace@@QEAA@XZ
??1SkContourMeasure@@EEAA@XZ
??1SkContourMeasureIter@@QEAA@XZ
??1SkCornerPathEffect@@MEAA@XZ
??1SkData@@AEAA@XZ
??1SkDataTable@@EEAA@XZ
??1SkDeferredDisplayList@@QEAA@XZ
??1SkDeferredDisplayListRecorder@@QEAA@XZ
??1SkDeque@@QEAA@XZ
??1SkDiscardableMemory@@UEAA@XZ
??1SkDiscretePathEffect@@UEAA@XZ
??1SkDocument@@MEAA@XZ
??1SkDrawLooper@@UEAA@XZ
??1SkDrawable@@UEAA@XZ
??1SkDynamicMemoryWStream@@UEAA@XZ
??1SkEncoder@@UEAA@XZ
??1SkEventTracer@@UEAA@XZ
??1SkExecutor@@UEAA@XZ
??1SkFILEStream@@UEAA@XZ
??1SkFILEWStream@@UEAA@XZ
??1SkFlattenable@@UEAA@XZ
??1SkFont@@QEAA@XZ
??1SkFontMgr@@UEAA@XZ
??1SkFontMgr_Indirect@@UEAA@XZ
??1SkFontStyleSet@@UEAA@XZ
??1SkImage@@UEAA@XZ
??1SkImageFilter@@UEAA@XZ
??1SkImageGenerator@@UEAA@XZ
??1SkImageInfo@@QEAA@XZ
??1SkInterpolator@@QEAA@XZ
??1SkInterpolatorBase@@IEAA@XZ
??1SkJpegEncoder@@UEAA@XZ
??1SkLatticeIter@@QEAA@XZ
??1SkLayerDrawLooper@@UEAA@XZ
??1SkLine2DPathEffect@@UEAA@XZ
??1SkMaskFilter@@UEAA@XZ
??1SkMemoryStream@@UEAA@XZ
??1SkNWayCanvas@@UEAA@XZ
??1SkNoDrawCanvas@@UEAA@XZ
??1SkNullWStream@@UEAA@XZ
??1SkOpBuilder@@QEAA@XZ
??1SkOverdrawCanvas@@UEAA@XZ
??1SkPaint@@QEAA@XZ
??1SkPaintFilterCanvas@@UEAA@XZ
??1SkPath1DPathEffect@@UEAA@XZ
??1SkPath2DPathEffect@@UEAA@XZ
??1SkPath@@QEAA@XZ
??1SkPathEffect@@UEAA@XZ
??1SkPathMeasure@@QEAA@XZ
??1SkPathRef@@QEAA@XZ
??1SkPicture@@UEAA@XZ
??1SkPictureRecorder@@QEAA@XZ
??1SkPixelRef@@UEAA@XZ
??1SkPixmap@@QEAA@XZ
??1SkPngEncoder@@UEAA@XZ
??1SkPromiseImageTexture@@QEAA@XZ
??1SkROBuffer@@EEAA@XZ
??1SkRTreeFactory@@UEAA@XZ
??1SkRWBuffer@@QEAA@XZ
??1SkRasterHandleAllocator@@UEAA@XZ
??1SkRefCnt@@UEAA@XZ
??1SkRefCntBase@@UEAA@XZ
??1SkRegion@@QEAA@XZ
??1SkRemotableFontIdentitySet@@UEAA@XZ
??1SkRemotableFontMgr@@UEAA@XZ
??1SkRuntimeEffect@@UEAA@XZ
??1SkSemaphore@@QEAA@XZ
??1SkShader@@UEAA@XZ
??1SkStream@@UEAA@XZ
??1SkStreamAsset@@UEAA@XZ
??1SkStreamMemory@@UEAA@XZ
??1SkStreamRewindable@@UEAA@XZ
??1SkStreamSeekable@@UEAA@XZ
??1SkStrikeClient@@QEAA@XZ
??1SkStrikeServer@@UEAA@XZ
??1SkString@@QEAA@XZ
??1SkSurface@@UEAA@XZ
??1SkSurfaceCharacterization@@QEAA@XZ
??1SkTextBlob@@AEAA@XZ
??1SkTextBlobBuilder@@QEAA@XZ
??1SkTextBlobCacheDiffCanvas@@UEAA@XZ
??1SkTraceMemoryDump@@MEAA@XZ
??1SkTypeface@@MEAA@XZ
??1SkVertices@@QEAA@XZ
??1SkWStream@@UEAA@XZ
??1SkWeakRefCnt@@UEAA@XZ
??1SkXPSDevice@@UEAA@XZ
??1String@SkSL@@QEAA@XZ
??2SkTextBlob@@CAPEAX_K@Z
??2SkTextBlob@@CAPEAX_KPEAX@Z
??3SkData@@CAXPEAX@Z
??3SkTextBlob@@CAXPEAX@Z
??3SkVertices@@CAXPEAX@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@$$QEAV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@AEBV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@QEBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@V?$initializer_list@D@1@@Z
??4AbortCallback@SkPicture@@QEAAAEAV01@AEBV01@@Z
??4Builder@SkLayerDrawLooper@@QEAAAEAV01@AEBV01@@Z
??4Cliperator@SkRegion@@QEAAAEAV01@$$QEAV01@@Z
??4Cliperator@SkRegion@@QEAAAEAV01@AEBV01@@Z
??4GrBackendFormat@@QEAAAEAV0@AEBV0@@Z
??4GrBackendRenderTarget@@QEAAAEAV0@AEBV0@@Z
??4GrBackendTexture@@QEAAAEAV0@AEBV0@@Z
??4GrContextOptions@@QEAAAEAU0@$$QEAU0@@Z
??4GrContextOptions@@QEAAAEAU0@AEBU0@@Z
??4GrD3DBackendContext@@QEAAAEAU0@$$QEAU0@@Z
??4GrD3DBackendContext@@QEAAAEAU0@AEBU0@@Z
??4GrDriverBugWorkarounds@@QEAAAEAV0@AEBV0@@Z
??4GrGLExtensions@@QEAAAEAV0@AEBV0@@Z
??4ImageSetEntry@SkCanvas@@QEAAAEAU01@AEBU01@@Z
??4Iter@SkPath@@QEAAAEAV01@$$QEAV01@@Z
??4Iter@SkPath@@QEAAAEAV01@AEBV01@@Z
??4Iter@SkPathRef@@QEAAAEAV01@$$QEAV01@@Z
??4Iter@SkPathRef@@QEAAAEAV01@AEBV01@@Z
??4Iter@SkROBuffer@@QEAAAEAV01@$$QEAV01@@Z
??4Iter@SkROBuffer@@QEAAAEAV01@AEBV01@@Z
??4Iter@SkTextBlob@@QEAAAEAV01@$$QEAV01@@Z
??4Iter@SkTextBlob@@QEAAAEAV01@AEBV01@@Z
??4Iterator@SkRegion@@QEAAAEAV01@$$QEAV01@@Z
??4Iterator@SkRegion@@QEAAAEAV01@AEBV01@@Z
??4LayerInfo@SkLayerDrawLooper@@QEAAAEAU01@$$QEAU01@@Z
??4LayerInfo@SkLayerDrawLooper@@QEAAAEAU01@AEBU01@@Z
??4Options@SkWebpEncoder@@QEAAAEAU01@$$QEAU01@@Z
??4Options@SkWebpEncoder@@QEAAAEAU01@AEBU01@@Z
??4PersistentCache@GrContextOptions@@QEAAAEAV01@AEBV01@@Z
??4RawIter@SkPath@@QEAAAEAV01@$$QEAV01@@Z
??4RawIter@SkPath@@QEAAAEAV01@AEBV01@@Z
??4ScopedTracer@tracing_internals@skia@@QEAAAEAV012@AEBV012@@Z
??4ShaderErrorHandler@GrContextOptions@@QEAAAEAV01@AEBV01@@Z
??4SkAlphaThresholdFilter@@QEAAAEAV0@$$QEAV0@@Z
??4SkAlphaThresholdFilter@@QEAAAEAV0@AEBV0@@Z
??4SkArithmeticImageFilter@@QEAAAEAV0@$$QEAV0@@Z
??4SkArithmeticImageFilter@@QEAAAEAV0@AEBV0@@Z
??4SkBBHFactory@@QEAAAEAV0@AEBV0@@Z
??4SkBitmap@@QEAAAEAV0@$$QEAV0@@Z
??4SkBitmap@@QEAAAEAV0@AEBV0@@Z
??4SkBlurImageFilter@@QEAAAEAV0@$$QEAV0@@Z
??4SkBlurImageFilter@@QEAAAEAV0@AEBV0@@Z
??4SkBlurMaskFilter@@QEAAAEAV0@$$QEAV0@@Z
??4SkBlurMaskFilter@@QEAAAEAV0@AEBV0@@Z
??4SkCanvasStateUtils@@QEAAAEAV0@$$QEAV0@@Z
??4SkCanvasStateUtils@@QEAAAEAV0@AEBV0@@Z
??4SkColorFilterImageFilter@@QEAAAEAV0@$$QEAV0@@Z
??4SkColorFilterImageFilter@@QEAAAEAV0@AEBV0@@Z
??4SkColorFilters@@QEAAAEAV0@$$QEAV0@@Z
??4SkColorFilters@@QEAAAEAV0@AEBV0@@Z
??4SkColorInfo@@QEAAAEAV0@$$QEAV0@@Z
??4SkColorInfo@@QEAAAEAV0@AEBV0@@Z
??4SkColorMatrix@@QEAAAEAV0@$$QEAV0@@Z
??4SkColorMatrix@@QEAAAEAV0@AEBV0@@Z
??4SkColorSpacePrimaries@@QEAAAEAU0@$$QEAU0@@Z
??4SkColorSpacePrimaries@@QEAAAEAU0@AEBU0@@Z
??4SkComposeImageFilter@@QEAAAEAV0@$$QEAV0@@Z
??4SkComposeImageFilter@@QEAAAEAV0@AEBV0@@Z
??4SkCubicMap@@QEAAAEAV0@$$QEAV0@@Z
??4SkCubicMap@@QEAAAEAV0@AEBV0@@Z
??4SkDashPathEffect@@QEAAAEAV0@$$QEAV0@@Z

Sections

.text
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896KB - Virtual size: 895KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VC_redist.x64.exe
.exe windows:5 windows x86 arch:x86

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:01:34:22:1e:7e:49:2a:ac:da:6a:00:00:00:00:01:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/10/2019, 18:17

Not After

03/01/2021, 18:17

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:E041-4BEE-FA7E,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:cd:00:d9:81:97:db:3f:fb:fb:3f:54:d1:0a:0d:d4:f4:56:29:a6:03:63:86:3f:a0:b1:71:7e:4c:43:8a:da
Signer

Actual PE Digest

b4:cd:00:d9:81:97:db:3f:fb:fb:3f:54:d1:0a:0d:d4:f4:56:29:a6:03:63:86:3f:a0:b1:71:7e:4c:43:8a:da

Digest Algorithm

sha256

PE Digest Matches

true

77:97:6d:62:92:5a:37:44:2f:5d:c5:b0:8d:43:91:09:56:54:b2:48
Signer

Actual PE Digest

77:97:6d:62:92:5a:37:44:2f:5d:c5:b0:8d:43:91:09:56:54:b2:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dinput8.dll
.dll regsvr32 windows:6 windows x64 arch:x64

8b6938b9cfc5652ad14789463a35d3f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\Watch_Dogs-2-ScriptHook\Watch_Dogs-2-ScriptHook\NomadFX\bin\Win64\Shipping\projects\wd2sh\dinput8.pdb

Imports

kernel32

GetModuleFileNameW
GetSystemDirectoryW
LoadLibraryA
LoadLibraryW
GetProcAddress
GetModuleHandleW
CopyFileW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

user32

MessageBoxA
MessageBoxW

shell32

ShellExecuteW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
memmove
__C_specific_handler
memcpy
__std_exception_destroy
memset
__std_type_info_destroy_list
_CxxThrowException

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-string-l1-1-0

wcscat_s
wcscpy_s

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_cexit
_initterm_e
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_execute_onexit_table
_initterm

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

Exports

Exports

DirectInput8Create
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetdfDIJoystick

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall-scripthook.exe
.exe windows:4 windows x86 arch:x86

7c2c71dfce9a27650634dc8b1ca03bf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetFileAttributesA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileTime
GetFileAttributesA
SetCurrentDirectoryA
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MulDiv
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

GetSystemMenu
SetClassLongA
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
LoadImageA
CreateDialogParamA
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
SetWindowLongA
SendMessageTimeoutA
FindWindowExA
IsWindow
AppendMenuA
TrackPopupMenu
CreatePopupMenu
DrawTextA
EndPaint
DestroyWindow
wsprintfA
PostQuitMessage

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

cce05dea98cbac3a9d486b233588f528

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c2c71dfce9a27650634dc8b1ca03bf0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 72KB

.rsrc Size: 109KB - Virtual size: 108KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 636B

cce05dea98cbac3a9d486b233588f528

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 700B

.rdata Size: 1024B - Virtual size: 705B

.data Size: 512B - Virtual size: 88B

.reloc Size: 512B - Virtual size: 240B

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 628B

9211b32172176cfde2e60e46c72dd450

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

winhttp

dbghelp

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 72KB

.rsrc
Size: 109KB - Virtual size: 108KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 1024B - Virtual size: 700B

.rdata
Size: 1024B - Virtual size: 705B

.data
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 628B

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 192KB - Virtual size: 192KB

.data
Size: 81KB - Virtual size: 86KB

.pdata
Size: 47KB - Virtual size: 47KB

CPADinfo
Size: 512B - Virtual size: 56B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 394KB - Virtual size: 393KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 8KB - Virtual size: 10KB

.pdata
Size: 21KB - Virtual size: 21KB

CPADinfo
Size: 512B - Virtual size: 56B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB