Manalyze report for b83e7c81477f9e9105ccf0fa457f53ee

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Nov-02 17:54:58
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	C:\cemu\bin\Cemu.pdb
FileDescription	Wii U emulator
InternalName	Cemu
LegalCopyright	Team Cemu
OriginalFilename	Cemu.exe
ProductName	Cemu
ProductVersion	`1.16.0 WIP 14 Patreon`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: QEMU` `Accesses the WMI: root\cimv2` `Miscellaneous malware strings: cmd.exe`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread NtQuerySystemInformation` `Can access the registry: RegisterHotKey RegDeleteKeyW RegDeleteValueW RegEnumKeyW RegEnumValueW RegSetValueExW RegQueryValueExW RegOpenKeyExW RegCreateKeyExW RegCloseKey` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Microsoft's cryptographic API: CryptDestroyHash CryptHashData CryptCreateHash CryptGenRandom CryptGetHashParam CryptReleaseContext CryptAcquireContextA CryptStringToBinaryA CryptQueryObject` `Can create temporary files: CreateFileA CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: CallNextHookEx GetAsyncKeyState MapVirtualKeyW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: #23 #55 #8 freeaddrinfo #9 #2 #3 #17 #20 WSAIoctl #115 #7 #22 #21 #116 #112 #15 #10 #111 #13 #1 #4 #151 getaddrinfo #51 #52 #5 #6 #18 #16 #19 inet_pton` `Enumerates local disk drives: GetVolumeInformationA GetLogicalDriveStringsW GetDriveTypeW` `Can take screenshots: GetDC CreateCompatibleDC BitBlt` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore`
Safe	VirusTotal score: 0/70 (Scanned on 2019-11-07 23:32:41)	`All the AVs think this file is safe.`

Hashes

MD5	`b83e7c81477f9e9105ccf0fa457f53ee`
SHA1	`f0cce815edf1d5f958e7224dcd25d64baae0473f`
SHA256	`91c40334b0e75dce7f3848512af1bfb80a9ba3266caf79715bba7f97f0572f8d`
SHA3	`08e7045f3f2226f935545421e41c4a9f2324b46ab7bf6391da140987fe62c7ab`
SSDeep	`196608:bnv/jV3066G9Ij/0BClwqF9Bpb6spjVkFLJm6IaDm7/SIQQbRP:L/jtmGqj/EewqF9BpbvpZkF9pDLItbR`
Imports Hash	`fde057bb17b94baa6ba53e0e52c3b3d7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x150`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2019-Nov-02 17:54:58
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xd0b400`
SizeOfInitializedData	`0x843800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000BAF2A0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1553000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2754a62144f75cf1323d4ec653f68e05`
SHA1	`0b8d297891a06d5a1540e0d141927a928e648c57`
SHA256	`02a05974367c1f03a8c3796655dbc7b86675ebcf78e8c79b133a2cd767b1bfd7`
SHA3	`f40b1fbb88f216f8602891e4565294b8d873e31b8dc7ed400d8a36975004d49a`
VirtualSize	`0xd0b3dc`
VirtualAddress	`0x1000`
SizeOfRawData	`0xd0b400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.40201`

.rdata

MD5	`ff705727ff1eebe498983a21b4787579`
SHA1	`ffb9309ef81372a8595880b0efd6f928f5f9a447`
SHA256	`ff4a4303c9772e967754914fdc7e35bd15a51b24a7422b59c4f5bf1746c3f4b3`
SHA3	`c3bd334dac2b68a8a284ebc8b91151e5eb5d7ebac7b880254e3fef24bf5c8673`
VirtualSize	`0x48b736`
VirtualAddress	`0xd0d000`
SizeOfRawData	`0x48b800`
PointerToRawData	`0xd0b800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.46029`

.data

MD5	`3e429d2d6e65917dd6bd499cc4f465c1`
SHA1	`b1623ec9c4bb65b6943033cdc951168fb44ce2bf`
SHA256	`380f2012757365eeac8bb5ddf5de2885a7f8973fa4fe1cd1830f306ffc4fd535`
SHA3	`9aa6b3c100cf44270f10bbfaa0d434d4c72f20c0ccf67c5e7946d0009248c216`
VirtualSize	`0x2d7114`
VirtualAddress	`0x1199000`
SizeOfRawData	`0x150e00`
PointerToRawData	`0x1197000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.52398`

.pdata

MD5	`49ae52be7d0c9560eb7c724b7125c25e`
SHA1	`d732a86439148682a9f65d58fcb54ff31469ab03`
SHA256	`9211c65840d414f0e9b034a41e696f480c2911b426ff2e05ecd41555fcf99c27`
SHA3	`99ddf2a534aec315dfdafb79fe02b54ad318e7bf24cf54041178e5313c257b6e`
VirtualSize	`0x66690`
VirtualAddress	`0x1471000`
SizeOfRawData	`0x66800`
PointerToRawData	`0x12e7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.63213`

.rsrc

MD5	`edee70f83b098cef5c8e2ab5aae68d3a`
SHA1	`5db6b76b7911513769dbbc45a5eccd0ad5ce2101`
SHA256	`e485120b230c8f2f3e98fba519ffbb266f2fe6cd0148a5d09f9785fe6df8eb57`
SHA3	`1267071293cd6edf9b05c49cb68f5edc5bbe4e0d27d35c96ab48b10435470aea`
VirtualSize	`0x4df90`
VirtualAddress	`0x14d8000`
SizeOfRawData	`0x4e000`
PointerToRawData	`0x134e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.18458`

.reloc

MD5	`09fcbd9bd5b5678e07e5e863cabae37d`
SHA1	`50de681b960b4d78c55bc1662be3213f6a8108e1`
SHA256	`4ef068839451442bd8899394eb229bbcf1820c50f7b89031b2912e8fc9626de7`
SHA3	`42a8f71cf8468e697ff06a1c0ef1e0e40cf3e8607a7b0df4e20ed300bad184fa`
VirtualSize	`0x2c580`
VirtualAddress	`0x1526000`
SizeOfRawData	`0x2c600`
PointerToRawData	`0x139c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.46645`

Imports

WS2_32.dll	`#23` `#55` `#8` `freeaddrinfo` `#9` `#2` `#3` `#17` `#20` `WSAIoctl` `#115` `#7` `#22` `#21` `#116` `#112` `#15` `#10` `#111` `#13` `#1` `#4` `#151` `getaddrinfo` `#51` `#52` `#5` `#6` `#18` `#16` `#19` `inet_pton`
DINPUT8.dll	`DirectInput8Create`
OPENGL32.dll	`wglDeleteContext` `wglCreateContext` `wglShareLists` `glTexParameterfv` `glTexParameterf` `glClearStencil` `glClearDepth` `glDrawArrays` `glPointSize` `glPolygonOffset` `glCullFace` `glFrontFace` `glLogicOp` `glDepthMask` `glTexSubImage1D` `glTexSubImage2D` `glDepthFunc` `glDrawBuffer` `glDepthRange` `glGetTexImage` `glGetTexLevelParameteriv` `glClear` `glClearColor` `glGetString` `glFinish` `wglMakeCurrent` `wglGetProcAddress` `glFlush` `glGetError` `glTexImage2D` `glPixelStorei` `glBindTexture` `glScissor` `glIsEnabled` `glViewport` `glPolygonMode` `glDisable` `glBlendFunc` `glEnable` `glGetIntegerv` `glTexParameteri` `glDeleteTextures` `glGenTextures`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueW`
KERNEL32.dll	`SetLastError` `SetEndOfFile` `FlushFileBuffers` `UnmapViewOfFile` `MapViewOfFile` `CreateFileMappingW` `GetFileInformationByHandle` `VirtualQuery` `GetCurrentThreadId` `ConvertThreadToFiber` `DeleteFiber` `CreateFiber` `SwitchToFiber` `GetTimeZoneInformation` `CreateFileA` `GetVolumeInformationA` `lstrcmpW` `GetCurrentDirectoryW` `AttachConsole` `SetPriorityClass` `SetErrorMode` `RtlUnwind` `GetLogicalDriveStringsW` `AddVectoredExceptionHandler` `SetUnhandledExceptionFilter` `GlobalMemoryStatusEx` `SetCurrentDirectoryW` `GetModuleFileNameA` `GetModuleHandleExA` `GetCommandLineA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetOEMCP` `RtlCaptureStackBackTrace` `GetSystemTime` `GetWriteWatch` `MoveFileW` `DeleteFileW` `CreateDirectoryW` `FindNextFileW` `CancelIo` `VirtualFree` `VirtualAlloc` `InitializeCriticalSection` `ResumeThread` `SetThreadContext` `GetThreadContext` `SuspendThread` `OpenThread` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `FindClose` `FindFirstFileW` `GlobalUnlock` `GlobalLock` `GlobalFree` `GlobalAlloc` `VirtualProtect` `LeaveCriticalSection` `EnterCriticalSection` `GetOverlappedResult` `HeapFree` `GetProcessHeap` `HeapAlloc` `CreateDirectoryA` `CreateSemaphoreW` `WaitForSingleObject` `ReleaseSemaphore` `WideCharToMultiByte` `MultiByteToWideChar` `ReadConsoleInputW` `SetConsoleMode` `HeapReAlloc` `GetFileAttributesExW` `CreateThread` `QueryPerformanceCounter` `QueryPerformanceFrequency` `GetModuleHandleW` `FindResourceW` `ResetEvent` `SizeofResource` `LockResource` `LoadResource` `LoadLibraryExW` `ExitThread` `TryEnterCriticalSection` `GetThreadLocale` `EnumSystemLocalesW` `GetTimeFormatW` `GetDateFormatW` `FormatMessageA` `LocalFree` `FormatMessageW` `ReadFile` `SetEnvironmentVariableW` `ReadConsoleW` `GetConsoleMode` `SetStdHandle` `GetConsoleCP` `SetConsoleCtrlHandler` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `GetDriveTypeW` `RtlUnwindEx` `UnregisterWaitEx` `QueryDepthSList` `InterlockedFlushSList` `SetFilePointer` `GetFileSize` `SetThreadExecutionState` `K32GetProcessMemoryInfo` `GetProcessTimes` `GetSystemTimeAsFileTime` `GetSystemInfo` `GetCurrentProcess` `GetModuleHandleA` `GetModuleFileNameW` `DecodePointer` `DeleteCriticalSection` `InitializeCriticalSectionEx` `InterlockedPushEntrySList` `InterlockedPopEntrySList` `FreeLibraryAndExitThread` `GetThreadTimes` `UnregisterWait` `RaiseException` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `WriteFile` `CreateFileW` `GetTickCount64` `CloseHandle` `WaitForMultipleObjects` `SetThreadPriority` `CreateEventW` `CreateProcessW` `CreateMutexW` `GetCommandLineW` `GetLastError` `ExitProcess` `Sleep` `GetFileAttributesW` `GetTickCount` `RegisterWaitForSingleObject` `SetThreadAffinityMask` `GetNumaHighestNodeNumber` `DeleteTimerQueueTimer` `lstrlenW` `PeekNamedPipe` `WaitNamedPipeW` `GetCurrentProcessId` `SleepEx` `WaitForSingleObjectEx` `GetSystemDirectoryA` `VerifyVersionInfoA` `ExpandEnvironmentStringsA` `GetFileSizeEx` `GetStdHandle` `FlushConsoleInputBuffer` `GetFileType` `LoadLibraryW` `GlobalMemoryStatus` `ReleaseMutex` `CreateMutexA` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `SystemTimeToFileTime` `GetACP` `GetLocaleInfoW` `IsValidLocale` `DuplicateHandle` `SetThreadLocale` `GetUserDefaultLCID` `GetExitCodeThread` `GetProcessAffinityMask` `GetEnvironmentVariableW` `GetDiskFreeSpaceExW` `IsDebuggerPresent` `TerminateProcess` `GetVersionExW` `IsValidCodePage` `GetCPInfo` `OutputDebugStringW` `GetFileTime` `GetLongPathNameW` `GetTempFileNameW` `GetTempPathW` `GetCurrentThread` `CopyFileW` `ExpandEnvironmentStringsW` `SetEvent` `IsBadReadPtr` `IsBadStringPtrA` `MulDiv` `FreeConsole` `WriteConsoleA` `WriteConsoleW` `FillConsoleOutputCharacterW` `GetConsoleScreenBufferInfo` `SetConsoleCursorPosition` `ReadConsoleOutputCharacterA` `HeapSize` `GlobalSize` `MoveFileExW` `SetFilePointerEx` `FindFirstFileExW` `AreFileApisANSI` `CreateHardLinkW` `ChangeTimerQueueTimer` `SwitchToThread` `EncodePointer` `IsProcessorFeaturePresent` `QueueUserWorkItem` `GetModuleHandleExW` `ReleaseSRWLockShared` `AcquireSRWLockShared` `TryAcquireSRWLockShared` `GetStringTypeW` `GetFullPathNameW` `RemoveDirectoryW` `InitializeCriticalSectionAndSpinCount` `CompareStringW` `LCMapStringW` `UnhandledExceptionFilter` `InitializeSListHead` `GetStartupInfoW` `CreateTimerQueue` `SignalObjectAndWait` `GetThreadPriority` `GetLogicalProcessorInformation` `CreateTimerQueueTimer`
USER32.dll	`WindowFromPoint` `ChildWindowFromPointEx` `GetSysColor` `FillRect` `InflateRect` `PtInRect` `GetWindowLongW` `SetWindowLongW` `GetWindowLongPtrW` `SetWindowLongPtrW` `GetParent` `SetParent` `GetWindow` `SetWindowsHookExW` `UnhookWindowsHookEx` `CallNextHookEx` `IsDialogMessageW` `SetScrollInfo` `GetScrollInfo` `SystemParametersInfoW` `SetLayeredWindowAttributes` `FlashWindowEx` `GetWindowPlacement` `IsIconic` `IsZoomed` `CreateDialogIndirectParamW` `GetDialogBaseUnits` `DrawMenuBar` `GetSystemMenu` `EnableMenuItem` `SetForegroundWindow` `GetDesktopWindow` `DrawTextW` `DrawFocusRect` `RegisterWindowMessageW` `SetMenu` `DrawEdge` `DrawFrameControl` `GetMenuState` `CheckMenuItem` `GetSubMenu` `GetMenuItemID` `SetMenuItemInfoW` `DrawStateW` `GetSysColorBrush` `SetRect` `CheckMenuRadioItem` `CreateMenu` `CreatePopupMenu` `DestroyMenu` `InsertMenuW` `AppendMenuW` `ModifyMenuW` `RemoveMenu` `SetMenuInfo` `InsertMenuItemW` `CreateDialogParamW` `GetDlgItem` `SetWindowRgn` `FindWindowExW` `CreateIconIndirect` `GetIconInfo` `SetRectEmpty` `CopyRect` `OffsetRect` `LoadBitmapW` `LoadIconW` `LoadImageW` `DestroyCursor` `DestroyIcon` `GetComboBoxInfo` `ChildWindowFromPoint` `keybd_event` `GetWindowTextLengthW` `HideCaret` `ShowCaret` `GetDoubleClickTime` `GetProcessDefaultLayout` `DrawIconEx` `RegisterClipboardFormatW` `GetClipboardFormatNameW` `UnionRect` `NotifyWinEvent` `GetWindowTextW` `MessageBeep` `GetClassNameW` `ChangeDisplaySettingsExW` `EnumDisplaySettingsW` `MonitorFromPoint` `MonitorFromWindow` `GetMonitorInfoW` `EnumDisplayMonitors` `GetWindowDC` `GetWindowRect` `EndPaint` `CreateAcceleratorTableW` `DestroyAcceleratorTable` `TranslateAcceleratorW` `ValidateRgn` `IsRectEmpty` `GetMessageW` `ValidateRect` `AdjustWindowRectEx` `IsClipboardFormatAvailable` `ScrollWindow` `RedrawWindow` `InvalidateRect` `GetUpdateRgn` `UpdateWindow` `GetMenuItemInfoW` `TrackPopupMenu` `GetMenuItemCount` `IsWindowEnabled` `EnableWindow` `VkKeyScanW` `GetFocus` `GetActiveWindow` `SetFocus` `IsWindowVisible` `EndDeferWindowPos` `DeferWindowPos` `BeginDeferWindowPos` `SetWindowPos` `MoveWindow` `AnimateWindow` `ShowWindow` `IsWindow` `CallWindowProcW` `PostQuitMessage` `GetMessageTime` `GetMessagePos` `UnregisterHotKey` `RegisterHotKey` `TranslateMessage` `GetClassInfoW` `DdeFreeStringHandle` `DdeQueryStringW` `DdeCreateStringHandleW` `DdeGetLastError` `DdeFreeDataHandle` `DdeGetData` `DdeCreateDataHandle` `DdeClientTransaction` `DdeNameService` `DdePostAdvise` `DdeDisconnect` `DdeConnect` `DdeUninitialize` `DdeInitializeW` `KillTimer` `SetTimer` `MsgWaitForMultipleObjects` `DispatchMessageW` `DestroyWindow` `DefWindowProcW` `PeekMessageW` `BringWindowToTop` `CreateWindowExW` `RegisterClassW` `PostMessageW` `PostThreadMessageW` `ReleaseDC` `GetDC` `GetUserObjectInformationW` `GetProcessWindowStation` `GetClipboardData` `SetWindowTextW` `UnregisterClassW` `GetAsyncKeyState` `SetCursor` `LoadCursorW` `ClientToScreen` `SetCursorPos` `GetCursorPos` `ScreenToClient` `GetClientRect` `GetKeyState` `GetCapture` `SetCapture` `ReleaseCapture` `wsprintfW` `GetSystemMetrics` `MapWindowPoints` `BeginPaint` `LoadImageA` `SendMessageW` `GetCursorInfo` `ShowCursor` `MessageBoxW` `OpenClipboard` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `MapVirtualKeyW` `GetKeyNameTextW` `EnableScrollBar`
GDI32.dll	`StretchDIBits` `SetPolyFillMode` `SetPixel` `GetLayout` `SetLayout` `SetMapMode` `SetGraphicsMode` `ExtSelectClipRgn` `RoundRect` `Rectangle` `PolyPolygon` `Pie` `MaskBlt` `GetObjectType` `GetClipBox` `GetBkColor` `SetStretchBltMode` `Ellipse` `Arc` `ExtCreatePen` `GetStockObject` `CreateICW` `CreatePatternBrush` `SelectClipRgn` `RectInRegion` `CreateRectRgnIndirect` `CombineRgn` `StretchBlt` `GetPixel` `Polyline` `PolyBezier` `SetViewportExtEx` `SetViewportOrgEx` `SetWindowExtEx` `SetWindowOrgEx` `CreateHatchBrush` `DeleteObject` `GetDeviceCaps` `GetDIBits` `GetObjectW` `CreateFontIndirectW` `GetOutlineTextMetricsW` `GetWorldTransform` `GetRgnBox` `PtInRegion` `LineTo` `MoveToEx` `CreatePalette` `GetNearestPaletteIndex` `GetPaletteEntries` `GetCharABCWidthsW` `GetTextExtentExPointW` `CreateDIBitmap` `CreateDIBSection` `SetROP2` `Polygon` `SetWorldTransform` `ModifyWorldTransform` `GetDIBColorTable` `EnumFontFamiliesExW` `GetSystemPaletteEntries` `SetAbortProc` `CreateDCW` `StartDocW` `EndDoc` `StartPage` `EndPage` `CloseEnhMetaFile` `CreateEnhMetaFileW` `DeleteEnhMetaFile` `GetEnhMetaFileW` `GetEnhMetaFileHeader` `PlayEnhMetaFile` `ChoosePixelFormat` `DescribePixelFormat` `GetPixelFormat` `SetPixelFormat` `UnrealizeObject` `ExtFloodFill` `CreatePen` `OffsetRgn` `SwapBuffers` `ExtTextOutW` `EqualRgn` `GetRegionData` `ExtCreateRegion` `GetTextExtentPoint32W` `DeleteDC` `CreateSolidBrush` `CreateCompatibleDC` `CreateBitmap` `BitBlt` `SetTextColor` `SetBkMode` `SetBkColor` `GdiFlush` `SetBrushOrgEx` `SelectPalette` `RealizePalette` `ExcludeClipRect` `CreateRectRgn` `GetTextMetricsW` `SelectObject` `CreateCompatibleBitmap`
ADVAPI32.dll	`GetUserNameW` `RegDeleteKeyW` `RegDeleteValueW` `RegEnumKeyW` `RegEnumValueW` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `CryptDestroyHash` `CryptHashData` `CryptCreateHash` `CryptGenRandom` `CryptGetHashParam` `CryptReleaseContext` `CryptAcquireContextA` `RegSetValueExW` `RegQueryValueExW` `RegOpenKeyExW` `RegCreateKeyExW` `RegCloseKey` `GetSecurityInfo`
SHELL32.dll	`ExtractIconW` `DragQueryFileW` `SHBrowseForFolderW` `ExtractIconExW` `SHGetFileInfoW` `SHGetPathFromIDListW` `SHGetMalloc` `DragAcceptFiles` `DragFinish` `DragQueryPoint` `SHGetFolderPathW` `ShellExecuteExW` `ShellExecuteW` `CommandLineToArgvW`
ole32.dll	`CoSetProxyBlanket` `OleIsCurrentClipboard` `OleUninitialize` `OleFlushClipboard` `OleGetClipboard` `OleSetClipboard` `RegisterDragDrop` `CoLockObjectExternal` `CoCreateInstance` `DoDragDrop` `ReleaseStgMedium` `RevokeDragDrop` `CoTaskMemAlloc` `CoTaskMemFree` `OleInitialize` `CoInitializeEx` `CoUninitialize`
OLEAUT32.dll	`#113` `#77` `#16` `#21` `#8` `#7` `#184` `#15` `#22` `#6` `#2`
OLEACC.dll	`CreateStdAccessibleObject`
UxTheme.dll	`DrawThemeParentBackground` `GetThemeColor` `IsThemeBackgroundPartiallyTransparent` `GetThemeBackgroundContentRect` `DrawThemeBackground` `CloseThemeData` `OpenThemeData` `SetWindowTheme` `GetThemeSysFont` `GetThemeSysColor` `GetThemeMargins` `IsThemePartDefined` `IsAppThemed` `IsThemeActive` `GetCurrentThemeName` `GetThemeBackgroundExtent` `GetThemeInt` `GetThemePartSize` `GetThemeFont`
DSOUND.dll	`#3` `#11`
SHLWAPI.dll	`AssocQueryStringW` `SHAutoComplete`
ntdll.dll	`RtlCaptureContext` `RtlVirtualUnwind` `VerSetConditionMask` `RtlPcToFileHeader` `RtlLookupFunctionEntry` `NtQuerySystemInformation`
dxva2.dll	`DXVA2CreateDirect3DDeviceManager9`
d3d9.dll	`Direct3DCreate9Ex`
SETUPAPI.dll	`SetupDiDestroyDeviceInfoList` `SetupDiEnumDeviceInterfaces` `SetupDiGetClassDevsW` `SetupDiGetDeviceInterfaceDetailW`
HID.DLL	`HidP_GetCaps` `HidD_FreePreparsedData` `HidD_SetOutputReport` `HidD_GetHidGuid` `HidD_GetPreparsedData` `HidD_GetAttributes`
dbghelp.dll	`SymInitialize` `SymFromAddr`
IMM32.dll	`ImmGetContext` `ImmReleaseContext` `ImmSetCompositionWindow`
MSIMG32.dll	`AlphaBlend` `GradientFill`
CRYPT32.dll	`CertFreeCertificateContext` `CertOpenStore` `CryptStringToBinaryA` `CertAddCertificateContextToStore` `CertGetNameStringA` `CryptQueryObject` `CertCreateCertificateChainEngine` `CertFreeCertificateChainEngine` `CertGetCertificateChain` `CertCloseStore` `CertFreeCertificateChain` `CertFindCertificateInStore`
RPCRT4.dll	`UuidToStringW` `RpcStringFreeW`
COMCTL32.dll	`ImageList_BeginDrag` `ImageList_DragLeave` `ImageList_DragMove` `ImageList_EndDrag` `ImageList_DragEnter` `#16` `#17` `ImageList_Copy` `ImageList_SetDragCursorImage` `ImageList_GetImageInfo` `ImageList_GetIconSize` `ImageList_Remove` `ImageList_Replace` `ImageList_Draw` `ImageList_SetBkColor` `ImageList_ReplaceIcon` `ImageList_Create` `ImageList_Destroy` `ImageList_GetImageCount` `ImageList_Add`
WINSPOOL.DRV	`DocumentPropertiesW` `OpenPrinterW` `ClosePrinter`
COMDLG32.dll	`PrintDlgW` `ChooseColorW` `ChooseFontW` `CommDlgExtendedError` `GetSaveFileNameW` `GetOpenFileNameW` `PageSetupDlgW`

Delayed Imports

??0wxCheckTree@@QEAA@PEAVwxWindow@@HAEBVwxPoint@@AEBVwxSize@@J@Z

Ordinal	`1`
Address	`0x633c50`

??0wxCheckTree@@QEAA@XZ

Ordinal	`2`
Address	`0x633b50`

??1wxCheckTree@@UEAA@XZ

Ordinal	`3`
Address	`0x116050`

??_7wxCheckTree@@6BwxControl@@@

Ordinal	`4`
Address	`0xf8b3a8`

??_7wxCheckTree@@6BwxSystemThemedControlBase@@@

Ordinal	`5`
Address	`0xf8b390`

?Activate@GraphicPack2@@AEAA_NXZ

Ordinal	`6`
Address	`0x109180`

?Check@wxCheckTree@@QEAAXAEBVwxTreeItemId@@_N@Z

Ordinal	`7`
Address	`0x634a40`

?Deactivate@GraphicPack2@@AEAA_NXZ

Ordinal	`8`
Address	`0x10ad00`

?DisableCheckBox@wxCheckTree@@QEAA_NAEBVwxTreeItemId@@@Z

Ordinal	`9`
Address	`0x6349b0`

?EnableCheckBox@wxCheckTree@@QEAA_NAEBVwxTreeItemId@@_N@Z

Ordinal	`10`
Address	`0x634790`

?ExpressionParser_AddConstantDouble@@YAXPEAVExpressionParser@@PEBDN@Z

Ordinal	`11`
Address	`0xd5e00`

?ExpressionParser_AddConstantString@@YAXPEAVExpressionParser@@PEBD1@Z

Ordinal	`12`
Address	`0xd5e80`

?ExpressionParser_Create@@YAPEAVExpressionParser@@XZ

Ordinal	`13`
Address	`0xd5cf0`

?ExpressionParser_CreateCopy@@YAPEAVExpressionParser@@PEAV1@@Z

Ordinal	`14`
Address	`0xd5d40`

?ExpressionParser_Delete@@YAXPEAVExpressionParser@@@Z

Ordinal	`15`
Address	`0xd5dd0`

?ExpressionParser_EvaluateToDouble@@YA_NPEAVExpressionParser@@PEBDPEAN@Z

Ordinal	`16`
Address	`0xd5f50`

?GetClassInfo@wxCheckTree@@UEBAPEAVwxClassInfo@@XZ

Ordinal	`17`
Address	`0x633b40`

?GetTranslationWChar@@YAPEB_WPEB_W@Z

Ordinal	`18`
Address	`0x633550`

?GraphicPack2_CreateExpressionParser@@YAPEAVExpressionParser@@PEAVGraphicPack2@@@Z

Ordinal	`19`
Address	`0x10c200`

?GraphicPack2_GetDescription@@YAPEBDPEAVGraphicPack2@@@Z

Ordinal	`20`
Address	`0x10c1c0`

?GraphicPack2_GetFilename@@YAPEB_WPEAVGraphicPack2@@@Z

Ordinal	`21`
Address	`0x10c180`

?GraphicPack2_GetName@@YAPEBDPEAVGraphicPack2@@@Z

Ordinal	`22`
Address	`0x10c190`

?GraphicPack2_GetPath@@YAPEBDPEAVGraphicPack2@@@Z

Ordinal	`23`
Address	`0x10c1b0`

?GraphicPack2_GetTitleIdCount@@YA?BHPEAVGraphicPack2@@@Z

Ordinal	`24`
Address	`0x10c1d0`

?GraphicPack2_GetTitleIdList@@YAPEB_KPEAVGraphicPack2@@@Z

Ordinal	`25`
Address	`0x10c1f0`

?GraphicPack2_notifyActivate@@YAXPEAVGraphicPack2@@PEAVExpressionParser@@@Z

Ordinal	`26`
Address	`0x1080b0`

?GraphicPack2_notifyDeactivate@@YAXPEAVGraphicPack2@@@Z

Ordinal	`27`
Address	`0x1080d0`

?Init@wxCheckTree@@QEAAXXZ

Ordinal	`28`
Address	`0x633dc0`

?IsCheckable@wxCheckTree@@QEAA_NAEBVwxTreeItemId@@@Z

Ordinal	`29`
Address	`0x634a10`

?MakeCheckable@wxCheckTree@@QEAAXAEBVwxTreeItemId@@_N@Z

Ordinal	`30`
Address	`0x6349c0`

?OnCompareItems@wxCheckTree@@UEAAHAEBVwxTreeItemId@@0@Z

Ordinal	`31`
Address	`0x634430`

?On_Char@wxCheckTree@@AEAAXAEAVwxKeyEvent@@@Z

Ordinal	`32`
Address	`0x634bf0`

?On_KeyDown@wxCheckTree@@AEAAXAEAVwxKeyEvent@@@Z

Ordinal	`33`
Address	`0x634cb0`

?On_KeyUp@wxCheckTree@@AEAAXAEAVwxKeyEvent@@@Z

Ordinal	`34`
Address	`0x634d50`

?On_Left_DClick@wxCheckTree@@AEAAXAEAVwxMouseEvent@@@Z

Ordinal	`35`
Address	`0x634ea0`

?On_Left_Down@wxCheckTree@@AEAAXAEAVwxMouseEvent@@@Z

Ordinal	`36`
Address	`0x634f00`

?On_Left_Up@wxCheckTree@@AEAAXAEAVwxMouseEvent@@@Z

Ordinal	`37`
Address	`0x634ff0`

?On_Mouse_Enter_Tree@wxCheckTree@@AEAAXAEAVwxMouseEvent@@@Z

Ordinal	`38`
Address	`0x634de0`

?On_Mouse_Leave_Tree@wxCheckTree@@AEAAXAEAVwxMouseEvent@@@Z

Ordinal	`39`
Address	`0x634df0`

?On_Mouse_Motion@wxCheckTree@@AEAAXAEAVwxMouseEvent@@@Z

Ordinal	`40`
Address	`0x635250`

?On_Mouse_Wheel@wxCheckTree@@AEAAXAEAVwxMouseEvent@@@Z

Ordinal	`41`
Address	`0x635420`

?On_Tree_Focus_Lost@wxCheckTree@@AEAAXAEAVwxFocusEvent@@@Z

Ordinal	`42`
Address	`0x635430`

?On_Tree_Focus_Set@wxCheckTree@@AEAAXAEAVwxFocusEvent@@@Z

Ordinal	`43`
Address	`0x7b5d0`

?On_Tree_Sel_Changed@wxCheckTree@@AEAAXAEAVwxTreeEvent@@@Z

Ordinal	`44`
Address	`0x634b20`

?PPCCore_executeCallback@@YAXI@Z

Ordinal	`45`
Address	`0x253510`

?PPCRecompiler_findFuncRanges@@YA_NIPEAUppcRecompilerFuncRange_t@@PEA_K@Z

Ordinal	`46`
Address	`0x22cb40`

?PPCRecompiler_getJumpTableBase@@YAPEA_KXZ

Ordinal	`47`
Address	`0x22cc10`

?PPCRecompiler_init@@YAXXZ

Ordinal	`48`
Address	`0x22c4e0`

?PPCRecompiler_invalidateRange@@YAXII@Z

Ordinal	`49`
Address	`0x22cc30`

?SetFocusFromKbd@wxCheckTree@@UEAAXXZ

Ordinal	`50`
Address	`0x6354b0`

?SetItemTextColour@wxCheckTree@@UEAAXAEBVwxTreeItemId@@AEBVwxColour@@@Z

Ordinal	`51`
Address	`0x6345e0`

?Sort@wxCheckTree@@QEAAXAEBVwxTreeItemId@@_N@Z

Ordinal	`52`
Address	`0x634380`

?Uncheck@wxCheckTree@@QEAAXAEBVwxTreeItemId@@@Z

Ordinal	`53`
Address	`0x634ac0`

?alwaysDisplayDRC@@3_NA

Ordinal	`54`
Address	`0x13cccbb`

?cemuLog_log@@YAXXZ

Ordinal	`55`
Address	`0x211800`

?config_isGraphicPackEnabled@@YA_N_K@Z

Ordinal	`56`
Address	`0x1cedb0`

?coreinitAPI_OSGetCurrentThread@@YAIXZ

Ordinal	`57`
Address	`0x633670`

?coreinitAPI_OSYieldThread@@YAXXZ

Ordinal	`58`
Address	`0x633660`

?gameMeta_getTitleId@@YA_KXZ

Ordinal	`59`
Address	`0x1d6630`

?gameMeta_loadForCurrent@@YAXXZ

Ordinal	`60`
Address	`0x1d61e0`

?gameProfile_categoryBegin@@YAXPEAUsPref_t@@@Z

Ordinal	`61`
Address	`0x1d6b30`

?gameProfile_getCurrentCategoryName@@YAPEADPEAUsPref_t@@@Z

Ordinal	`62`
Address	`0x1d6a40`

?gameProfile_load@@YAXXZ

Ordinal	`63`
Address	`0x1d6b40`

?gameProfile_loadBooleanOption@@YA_NPEAUsPref_t@@PEADPEAUgameProfileBooleanOption_t@@@Z

Ordinal	`64`
Address	`0x1d6800`

?gameProfile_loadIntegerNamedOption@@YA_NPEAUsPref_t@@PEADPEAUgameProfileIntegerOption_t@@HPEBUgpNamedOptionEntry_t@@H@Z

Ordinal	`65`
Address	`0x1d6a50`

?gameProfile_loadIntegerOption@@YA_NPEAUsPref_t@@PEADPEAUgameProfileIntegerOption_t@@HHH@Z

Ordinal	`66`
Address	`0x1d6990`

?gameProfile_loadStringOption@@YAPEADPEAUsPref_t@@PEAD@Z

Ordinal	`67`
Address	`0x1d6a30`

?gpu7Texture_forceInvalidateByImagePtr@@YAXI@Z

Ordinal	`68`
Address	`0x1f4db0`

?graphicPack_loadGraphicPackShaders@@YAXPEAUgraphicPack_t@@PEA_W@Z

Ordinal	`69`
Address	`0x1f61b0`

?hasAVXSupport@@3_NA

Ordinal	`70`
Address	`0x13a5b47`

?hasBMI2Support@@3_NA

Ordinal	`71`
Address	`0x13a5b46`

?hasLZCNTSupport@@3_NA

Ordinal	`72`
Address	`0x13a5b45`

?hasMOVBESupport@@3_NA

Ordinal	`73`
Address	`0x13a5b44`

?loadSharedData@@YAIXZ

Ordinal	`74`
Address	`0x212a30`

?memory_getBase@@YAPEAXXZ

Ordinal	`75`
Address	`0x257280`

?memory_init@@YAXXZ

Ordinal	`76`
Address	`0x2569b0`

?ms_classInfo@wxCheckTree@@2VwxClassInfo@@A

Ordinal	`77`
Address	`0x12cc590`

?osLib_registerHLEFunction@@YAXPEBD0P6AXPEAUPPCInterpreter_t@@@Z@Z

Ordinal	`78`
Address	`0x647250`

?ppcCyclesSince2000@@3_KA

Ordinal	`79`
Address	`0x13cae78`

?ppcMainThreadCycleCounter@@3_KC

Ordinal	`80`
Address	`0x13cae88`

?ppcRecompilerInstanceData@@3PEAUPPCRecompilerInstanceData_t@@EA

Ordinal	`81`
Address	`0x13aa5b8`

?rplModuleCount@@3HA

Ordinal	`82`
Address	`0x136d5cc`

?rplModuleList@@3PAPEAU_rplLoaderContext_t@@A

Ordinal	`83`
Address	`0x136d620`

?rpl_loadFromMem@@YAPEAU_rplLoaderContext_t@@PEAEHPEAD@Z

Ordinal	`84`
Address	`0x1af730`

?wxEVT_CHECKTREE_CHOICE@@3V?$wxEventTypeTag@VwxTreeEvent@@@@B

Ordinal	`85`
Address	`0x14618dc`

?wxEVT_CHECKTREE_FOCUS@@3V?$wxEventTypeTag@VwxTreeEvent@@@@B

Ordinal	`86`
Address	`0x14618d8`

?wxEVT_COMMAND_LIST_ITEM_CHECKED@@3HB

Ordinal	`87`
Address	`0x14618d0`

?wxEVT_COMMAND_LIST_ITEM_UNCHECKED@@3HB

Ordinal	`88`
Address	`0x14618d4`

?wxEvtHandler_Connect@@YAXPEAVwxEvtHandler@@HHHP81@EAAXAEAVwxEvent@@@ZPEAVwxObject@@0@Z

Ordinal	`89`
Address	`0x633450`

?wxEvtHandler_Disconnect@@YAXPEAVwxEvtHandler@@HHHP81@EAAXAEAVwxEvent@@@ZPEAVwxObject@@0@Z

Ordinal	`90`
Address	`0x6334e0`

?wxEvtHandler_Initialize@@YAPEAVwxEvtHandler@@PEAE@Z

Ordinal	`91`
Address	`0x633440`

?wxGetEventByName@@YAHPEBD@Z

Ordinal	`92`
Address	`0x631890`

?wxMainWindowCreated@@YAPEAVwxTopLevelWindow@@PEAV1@@Z

Ordinal	`93`
Address	`0x8b780`

ActivateGraphicPack

Ordinal	`94`
Address	`0x109180`

AmdPowerXpressRequestHighPerformance

Ordinal	`95`
Address	`0x123c6b0`

DeactivateGraphicPack

Ordinal	`96`
Address	`0x10ad00`

ExpressionParser_AddConstantDouble

Ordinal	`97`
Address	`0xd5e00`

ExpressionParser_AddConstantString

Ordinal	`98`
Address	`0xd5e80`

ExpressionParser_Create

Ordinal	`99`
Address	`0xd5cf0`

ExpressionParser_CreateCopy

Ordinal	`100`
Address	`0xd5d40`

ExpressionParser_Delete

Ordinal	`101`
Address	`0xd5dd0`

ExpressionParser_EvaluateToDouble

Ordinal	`102`
Address	`0xd5f50`

GetTranslationWChar

Ordinal	`103`
Address	`0x633550`

GraphicPack2_CreateExpressionParser

Ordinal	`104`
Address	`0x10c200`

GraphicPack2_GetDescription

Ordinal	`105`
Address	`0x10c1c0`

GraphicPack2_GetFilename

Ordinal	`106`
Address	`0x10c180`

GraphicPack2_GetName

Ordinal	`107`
Address	`0x10c190`

GraphicPack2_GetPath

Ordinal	`108`
Address	`0x10c1b0`

GraphicPack2_GetTitleIdCount

Ordinal	`109`
Address	`0x10c1d0`

GraphicPack2_GetTitleIdList

Ordinal	`110`
Address	`0x10c1f0`

GraphicPack2_notifyActivate

Ordinal	`111`
Address	`0x1080b0`

GraphicPack2_notifyDeactivate

Ordinal	`112`
Address	`0x1080d0`

NvOptimusEnablement

Ordinal	`113`
Address	`0x123c668`

PPCCore_executeCallback

Ordinal	`114`
Address	`0x253510`

PPCRecompiler_findFuncRanges

Ordinal	`115`
Address	`0x22cb40`

PPCRecompiler_getJumpTableBase

Ordinal	`116`
Address	`0x22cc10`

PPCRecompiler_init

Ordinal	`117`
Address	`0x22c4e0`

PPCRecompiler_invalidateRange

Ordinal	`118`
Address	`0x22cc30`

alwaysDisplayDRC

Ordinal	`119`
Address	`0x13cccbb`

cemuLog_log

Ordinal	`120`
Address	`0x211800`

config_isGraphicPackEnabled

Ordinal	`121`
Address	`0x1cedb0`

coreinitAPI_OSGetCurrentThread

Ordinal	`122`
Address	`0x633670`

coreinitAPI_OSYieldThread

Ordinal	`123`
Address	`0x633660`

currentTLSModuleIndex

Ordinal	`124`
Address	`0x123c394`

gameMeta_getTitleId

Ordinal	`125`
Address	`0x1d6630`

gameMeta_loadForCurrent

Ordinal	`126`
Address	`0x1d61e0`

gameProfile_categoryBegin

Ordinal	`127`
Address	`0x1d6b30`

gameProfile_getCurrentCategoryName

Ordinal	`128`
Address	`0x1d6a40`

gameProfile_load

Ordinal	`129`
Address	`0x1d6b40`

gameProfile_loadBooleanOption

Ordinal	`130`
Address	`0x1d6800`

gameProfile_loadIntegerNamedOption

Ordinal	`131`
Address	`0x1d6a50`

gameProfile_loadIntegerOption

Ordinal	`132`
Address	`0x1d6990`

gameProfile_loadStringOption

Ordinal	`133`
Address	`0x1d6a30`

graphicPack_loadGraphicPackShaders

Ordinal	`134`
Address	`0x1f61b0`

hasAVXSupport

Ordinal	`135`
Address	`0x13a5b47`

hasLZCNTSupport

Ordinal	`136`
Address	`0x13a5b45`

hasMOVBESupport

Ordinal	`137`
Address	`0x13a5b44`

loadSharedData

Ordinal	`138`
Address	`0x212a30`

memory_getBase

Ordinal	`139`
Address	`0x257280`

memory_init

Ordinal	`140`
Address	`0x2569b0`

osLib_registerHLEFunction

Ordinal	`141`
Address	`0x647250`

ppcCyclesSince2000

Ordinal	`142`
Address	`0x13cae78`

ppcMainThreadCycleCounter

Ordinal	`143`
Address	`0x13cae88`

ppcRecompilerInstanceData

Ordinal	`144`
Address	`0x13aa5b8`

rplModuleCount

Ordinal	`145`
Address	`0x136d5cc`

rplModuleList

Ordinal	`146`
Address	`0x136d620`

rpl_loadFromMem

Ordinal	`147`
Address	`0x1af730`

wxEvtHandler_Connect

Ordinal	`148`
Address	`0x633450`

wxEvtHandler_Disconnect

Ordinal	`149`
Address	`0x6334e0`

wxEvtHandler_Initialize

Ordinal	`150`
Address	`0x633440`

wxGetEventByName

Ordinal	`151`
Address	`0x631890`

wxMainWindowCreated

Ordinal	`152`
Address	`0x8b780`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.88332`
MD5	`df3d74f365bef2ebc008ccd7e5950cf5`
SHA1	`74efcd880d318aab41ccec116627c6116356d769`
SHA256	`bf0cef7d7e8819d024081f4051c98a22004b883a7e71e63c280d5fae6e6fcd27`
SHA3	`5cb5574d26abda6a20c5e8676fa429fe04aa4262cf02817cf79a47037d976b7d`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.77431`
MD5	`043d3472063b7d71bd7ad93e64f83b6d`
SHA1	`6bee3271732ec4618bfda7e522ba69e4fcbb1e2d`
SHA256	`c58205af71bbd0230e55ce79503732317a77b150226fd6843222f1362d1a6976`
SHA3	`2010c4516e2c0c57a242b2a1e33530e4a0dc0dfe27023e56aca6a785ce6d4c10`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.53525`
MD5	`8fe3ef8924a7d96dabdc2d0e68930d3a`
SHA1	`3afa870d91f6d0b9d20904b2c94654484a444746`
SHA256	`c35519067ce3993b63697bbdc42437a6fec9504c4bfd08f72655f84b81f31037`
SHA3	`23f1a71e020590026fa38dbf750a2d1fee538177e0315489cbddab16e563351b`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.47392`
MD5	`33320c9f34ea10ad820c1643c77092ef`
SHA1	`5c95b8090312857a49d71761d15ad4b7195573ee`
SHA256	`e35a7cf8e626a2ff2e727791e79f4eba97b80d9fd929fe287f71b98d390c34c9`
SHA3	`41912fae90def04a9f464cb87059c89c2924e7b55026d86fd39be3a5de96fd57`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33057`
MD5	`c107f2b5ba58367f913eed38add6e3ab`
SHA1	`b7d1a5eb58c41ecedc95f25d36f45a51e3f1f5d2`
SHA256	`015ca664247cd3b0faa574301828ee70d8f9a3e558ef15e8d4d114fab88773f1`
SHA3	`6e5a6a7a2949a6f9d983b5fb44a9763f64c564e9e0f0dc211e34b125b5b8baa0`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.88322`
MD5	`ffc80db629ffe25a3da2e5f968489f92`
SHA1	`6b5a9d9929ed791d7f79119e4847c679e9c17e2a`
SHA256	`02edec42e06ef61da502fdbd45ca0accdfed9e01659a0b195de6158acf40f648`
SHA3	`4af176e3645a6ed4ed4ede558e7a0a94813477ecc0b31f0e0eb6b5b058aea85b`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.56075`
MD5	`002568245f43f273d1dc10366ad5fa07`
SHA1	`1f9c0956f72630651a823c2d2eab41369456f8b4`
SHA256	`2efbf5e970c2bfee08429b9a736c5a92f2ac0dfe7b3d5857c4fd9cd1310a49f8`
SHA3	`b80d040ec06f2774b75a1206cab4328e5f441bbe19bb551cc769e9e4251f6fe6`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.05461`
MD5	`82425e15ae3145e64e688d25867c40ec`
SHA1	`b4557f49b7f1013e0fee2a5614dccf42da29b07d`
SHA256	`a4a86d4ccad4e006a6d1816ae1de33bdc7e256952449550ab44ab3a71a654a14`
SHA3	`6e858d6f66e98ea175d146b004696650171dd8e1e43e366c4953867dcf7fb1e3`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.46838`
MD5	`42f1e780f172bc7a84f8a8c60abaf1a0`
SHA1	`e445c865d3b8d15fb5632375430f5f00c2682144`
SHA256	`0ac21f58be07383d6d832f36ff24466217055739c14f58194cf81d9cf5f89dac`
SHA3	`4a1981921267d0311a568d6a3eeb7dfeb14cb0fa1d7dde40bfe79fa25bae5819`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.39666`
MD5	`24f1dec2ebfed43f445ddb940002580b`
SHA1	`75fdfcc7db890498712aaab14806c5ec7a61cc6f`
SHA256	`a73d9138eef48184204228e6e031ead2b2dce6d40bf80f33bad53a2c9764cfc7`
SHA3	`f3025f3db90527246fa2b54c1e26b9d51893883312b5648941c559a195d6851b`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.05461`
MD5	`82425e15ae3145e64e688d25867c40ec`
SHA1	`b4557f49b7f1013e0fee2a5614dccf42da29b07d`
SHA256	`a4a86d4ccad4e006a6d1816ae1de33bdc7e256952449550ab44ab3a71a654a14`
SHA3	`6e858d6f66e98ea175d146b004696650171dd8e1e43e366c4953867dcf7fb1e3`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.36288`
MD5	`47e28bb50189f23c044dab6b2bcfdd40`
SHA1	`03135b7bf36a0023ebe41911a70bf20d48ff45f3`
SHA256	`dc19dee24369559d534073c9afb9c82de74980fb054fa2da1cc5c18ddfe09c77`
SHA3	`d599de134877d44c074625ebbf62316383c90169556bbef24237eb7daa9aa6d6`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.97488`
MD5	`90a5d6f0268d57b1366ea508acaa2ec4`
SHA1	`3078c019ff832d59c8b5b6595064be4b6e8742d0`
SHA256	`9d60b019a72cd37e182f79562db2680e9c65515d4a9585ca2a7dc6666e2da677`
SHA3	`342eedb7f6c1c957f9190297aef48f8fccf21003504fcb6b42862b7c75c9f97e`

14

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.51679`
MD5	`f7d10ba812791238910017340c2a1030`
SHA1	`88b801a650686a2112233face9f57ccbe3bb6e0d`
SHA256	`58906eea23b636fb567ec51dbdc24eddf964b1a52b780789411ae467e8233b09`
SHA3	`939271360b1dc6d835705ccb2dc8834304e96225919d783100c8ef4d6467983a`

DEBUGGER_BP

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.08373`
Detected Filetype	PNG graphic file
MD5	`0bca69ab05fad8e6ffb17a6507fd62ca`
SHA1	`69376db1218497c9313699775debf351b06fe316`
SHA256	`2325b02252d0e7fdd4577bf312eef3541612e5c3f25400ff24af414fcacc57f4`
SHA3	`e641b0a8780a57009be3d82ff6c21265f48bcf873778a0de25e9331fefbb7766`

DEBUGGER_BP_RED

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.27962`
Detected Filetype	PNG graphic file
MD5	`85117546d321c27b6cb77960c543ac2d`
SHA1	`9cf8e1dc55373a55d06f20ceaa9ff2de0fd0da1b`
SHA256	`b978dede6c57724661fad08e3d750bfe10fecda600437f17fbe7c1e15e933c7a`
SHA3	`cf7d4afce959beebbdcfa16f747efcdea94cfdf692d59f8fc8fe5a6a47395b67`

DEBUGGER_GOTO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x124`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.60311`
Detected Filetype	PNG graphic file
MD5	`ba9a1890aacc46c231cc6b55218c6023`
SHA1	`3a88a1de85bf2be5d2d37c341f447b52042c74f4`
SHA256	`c3764dc22ec40234c18c006cde419f58dddb413604ea45d8e6d5dcaa777cf873`
SHA3	`97fef21ad9a507456023aa1abd0f3da581c29a563c5508df5c8364f02fd6f40b`

DEBUGGER_PAUSE

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.82876`
Detected Filetype	PNG graphic file
MD5	`000aaa90e6736ca6cc110d4e4c4dca44`
SHA1	`f68d5b185d75bab462f99d943da9c20deb53588b`
SHA256	`1f80317632cf718cb3f26dd01bfb048084907d183b4b839bd99b1d8f162d35ca`
SHA3	`6b5f5836439e4509c775037d6c8bd3c0d20821f1d573d2a92ed8ef8a45abcded`

DEBUGGER_PLAY

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x132`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.70612`
Detected Filetype	PNG graphic file
MD5	`cb412b9c6124087c11a10c587063bd21`
SHA1	`5d79dc0a482a56f3de9c20a04fb8c5fc65948696`
SHA256	`05e65acbfee4a796a88fcc744e119d60135c3b1c2f41cf5eee6aed8dd5595820`
SHA3	`8797fd0725f00e66461b0130b65bc8cf479c0e11bdae72eb59d5aa53900084b0`

DEBUGGER_STEP_INTO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x129`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.71878`
Detected Filetype	PNG graphic file
MD5	`0637667975443da2edccf03c60cb76f7`
SHA1	`35f18c2126a5a81c40299f8242d73b70402db30d`
SHA256	`b57f3dc5ec2d8945bdb72a195d470c843a673b80baacf42b08e89a3cf789d6d3`
SHA3	`79dd2b01958dff16d995348073e66071a4a897b2fe8e2fff71896aebe4d4d727`

DEBUGGER_STEP_OUT

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.32304`
Detected Filetype	PNG graphic file
MD5	`ee35f81d59f06715f6d172ee5f4ed139`
SHA1	`61ac9912176bdc6878b108e3fa03da1fd7187540`
SHA256	`8957687c057e1676d83e04e413252f7c397665a35d9e565e9bfb13284e8214d2`
SHA3	`f7f20bec00a7785aad792374a3f8405a610af84b7ec03a9ef894aa9ac3695a81`

DEBUGGER_STEP_OVER

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.35695`
Detected Filetype	PNG graphic file
MD5	`a620f6cfad596d84c5f5628ab03f8e7d`
SHA1	`26dd79e82e674a163c27fe85bc4c37ff9391d931`
SHA256	`10c0c5fd516238a0b1bd206c53cfcbba8ee09352b9a2f9458ea49ac4e86de3df`
SHA3	`78cf6dba00a7af4e9ddba946c44479f4afe9087fe060fb76f3c4887a4c352482`

INPUT_CONNECTED

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x190`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.05343`
Detected Filetype	PNG graphic file
MD5	`66c2804414974b49578ca7867a44a02d`
SHA1	`3da0c5d28c4a81ed6cdab8a2a2976b7a52764acd`
SHA256	`1b76dd6e390131cc088ad24853ef75530309f4bb766c96249f6b928df56388c8`
SHA3	`6cc2e64148db5a238b8a66b2749103d0160d893f293758604db0edb409c2319a`

INPUT_DISCONNECTED

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x19a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.04383`
Detected Filetype	PNG graphic file
MD5	`80dca549eeb71589c322ee64f616b4d7`
SHA1	`5043e1b2af6b4a9b9c5ac8f4703ab6dd17b99442`
SHA256	`b48600fd2aa11b52d8b88b531e590e847aea8bc605cd0428fd5810b051eb45c8`
SHA3	`77c6c5ae377ff60439bb0225a43f79626d2fb8e3c3a663b55f9253cd9ac92037`

INPUT_LOW_BATTERY

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x154`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.98989`
Detected Filetype	PNG graphic file
MD5	`d9a377eb826e12c61177cbfb2254ac0d`
SHA1	`bfec786ab39aee6ca28a651199b3a4bba0c3ea7e`
SHA256	`a4111b433f2fdb93e043ec7b8d88867a5866cc50ff9db0deaaf04a496d476f66`
SHA3	`29afc405d736795fe8ad02b04938ac23b744c86cd28e5286822886531f54af01`

116

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x286ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.70682`
Detected Filetype	TrueType font file
MD5	`b06871f281fee6b241d60582ae9369b9`
SHA1	`13b1eab65a983c7a73bc7997c479d66943f7c6cb`
SHA256	`aa58f33f239a0fb02f5c7a6c45c043d7a9ac9a093335806694ecd6d4edc0d6a8`
SHA3	`a41e9cfa3c8595c4c5117dc8a31a2de78e320b2505b15bfc8e1266ae8781cad8`

M_WND_ICON128

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80283`
Detected Filetype	Icon file
MD5	`da9b70665374e3394540c51191a2dfd6`
SHA1	`c91b3f6407149e322850f6a257923abb260adeb5`
SHA256	`9595be7d246f12c7356d15b8facc45ea482de63d316af484c99156170b9d7362`
SHA3	`d75e51b150e9bb574412de784a1ecf652c36717a52f920f529a2c01e2dfce6af`

M_WND_ICON16

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`5f51cbb6145d3a4c36cffa3b028b0199`
SHA1	`b2bbd2afcfa1c44725bf90df8948792d3bc7fb97`
SHA256	`fbb52a958caa73dce023ce27649d69f8886e86b5706e767153c41dde7b5eebf9`
SHA3	`93f253b05e0e42147b5a9000d421c3e105df42f9fafae5147c4e9a09958e3f79`

X_BOX

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.94375`
Detected Filetype	Icon file
MD5	`506938ff7391ea08381e474abf1eea18`
SHA1	`3a6bd212d5fdcc79136eaa59b0384c9f1ccd2a53`
SHA256	`e158cd645390fa6d27697ecc23cc6877e24fc2940bdf94819b2dd40f7aa2cac1`
SHA3	`64e6cc049bfbc46cca97aa4dd3a0717e19fd19be6bef2cf0f733ed57428c32d9`

X_GAME_PROFILE

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.94375`
Detected Filetype	Icon file
MD5	`58f2b3e7788b1d44512dbe4a9780ce72`
SHA1	`b39edfeac25e8ce79390c776a94d47781cfbc3ee`
SHA256	`d062839525a88466dfa32c79c95c0bb80d08aa3bff105e4ad47889cbbbcc037f`
SHA3	`6f3c2909854b1b14614ed5a8967bcd3afea37ad07a6f4cfadc66a08bf7de0bd6`

X_INPUT_CONTROLLER

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76369`
Detected Filetype	Icon file
MD5	`992b26774505423a4fbd4cdbe7740736`
SHA1	`1cb4ad5c0dc888923394b4e17fb1265995b5f4f2`
SHA256	`0eb91eb34b449400ebad584570eb0583213b799ca737224f729ba6b7789f89f2`
SHA3	`6663126017413df9c082fb13936c5a9c0386a441dbd2faca5082655963bb5369`

X_SETTINGS

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`5ab6dbfe92ad7e1796b2485ae73ead28`
SHA1	`cb37d89cf9caf98d64d9f419f338b5b43cbff0a4`
SHA256	`8c3fde3587fb44a776acb23ae9079e960996a54f3ae5644be338b3288186d59c`
SHA3	`b3cbd40351a2cff75e26048a5fe4a81e1d9cfd4ca268809d8288185b1d4bc729`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x240`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28654`
MD5	`cd6636dbe0c7368a0a8162ebfd88e50a`
SHA1	`38d3cf8bdb475c02c4391ea972a5ef89129e2eeb`
SHA256	`172e33f503bdc27f3c29c62cd940da79bb976ba89df11f59fd1cacfe24b1f18a`
SHA3	`c3982414413030f1cc4fa393f1265f9715f8b577b76f68b35e7e54f5943b7a45`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x31e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11673`
MD5	`f180bf36c92968767ce1b354441ef2cc`
SHA1	`434b8a298f3af4fbd16c71d8ca0a601d199366a7`
SHA256	`f0247a0621b4007c7ea536026c5297c6f1c1777dde8c763e9d7b690999f754c0`
SHA3	`7c9c7f681da91a71b3010c8ba06c2ad6e6f46f0d6d65b7f9d5bfea2fea14548d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.16.0.0
ProductVersion	1.16.0.0
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_APP`
Language	English - United States
FileDescription	Wii U emulator
InternalName	Cemu
LegalCopyright	Team Cemu
OriginalFilename	Cemu.exe
ProductName	Cemu
ProductVersion (#2)	1.16.0 WIP 14 Patreon

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Nov-02 17:54:58
Version	`34484.54472`
SizeofData	`45`
AddressOfRawData	`0xfe4f60`
PointerToRawData	`0xfe3760`
Referenced File	C:\cemu\bin\Cemu.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Nov-02 17:54:58
Version	`0.0`
SizeofData	`1036`
AddressOfRawData	`0xfe4f90`
PointerToRawData	`0xfe3790`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2019-Nov-02 17:54:58
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140fe53d0`
EndAddressOfRawData	`0x140fe5414`
AddressOfIndex	`0x141360130`
AddressOfCallbacks	`0x140d111a8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001405DB230`

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1411d5998`

RICH Header

XOR Key	`0x4574b405`
Unmarked objects	`0`
ASM objects (26213)	`27`
199 (41118)	`8`
ASM objects (VS 2015/2017 runtime 26706)	`11`
C++ objects (VS 2015/2017 runtime 26706)	`137`
C objects (VS 2015/2017 runtime 26706)	`39`
C objects (VS2017 v15.9.4 compiler 27025)	`136`
C objects (VS2017 v15.9.2-3 compiler 27024)	`648`
Unmarked objects (#2)	`42`
C++ objects (VS2017 v15.9.2-3 compiler 27024)	`5`
C++ objects (VS2017 v15.9.4 compiler 27025)	`393`
C objects (26213)	`53`
C++ objects (26213)	`233`
262 (26213)	`2`
Imports (26213)	`57`
Total imports	`844`
265 (VS2017 v15.9.4 compiler 27025)	`341`
ASM objects (VS2017 v15.9.4 compiler 27025)	`1`
Exports (VS2017 v15.9.4 compiler 27025)	`1`
Resource objects (VS2017 v15.9.4 compiler 27025)	`1`
151	`1`
Linker (VS2017 v15.9.4 compiler 27025)	`1`