1bbf6108505884106877824e403def3f6162d63f.bin - LogUploader.dll

info
MZ
PE
resources
imports
exports
foremost
version info
signature
hexdump
disasm
log
discuss
donate

filename	1bbf6108505884106877824e403def3f6162d63f.bin
size	596328 (0x91968)
md5	0800e511af0b4125a2cc2ea2504fe36c

type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x138

Rich Header

lib id	version	times used
147	30729	20
199	41118	4
260	28117	11
259	28117	11
257	28117	4
261	28117	30
260	28314	8
263	25711	1
260	25711	3
262	25711	1
257	28314	9
257	25711	38
1	0	758
265	28314	98
256	28314	1
255	28314	1
258	28314	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	5
TimeDateStamp	0xee9ad527
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x2122
Magic	0x10b
LinkerVersion	14.24
SizeOfCode	0x57600
SizeOfInitializedData	0x3a400
SizeOfUninitializedData	0
AddressOfEntryPoint	0x4f860
BaseOfCode	0x1000
BaseOfData	0x59000
ImageBase	0x10000000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	6.0
ImageVersion	0.0
SubsystemVersion	6.0
Reserved1	0
SizeOfImage	0x95000
SizeOfHeaders	0x400
CheckSum	0x9712d
Subsystem	2
DllCharacteristics	0x4140
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C++ 6.0 - 8.0

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x5750a	0x57600	R-X CODE
.rdata	0x59000	0x2a7fc	0x2a800	R-- IDATA
.data	0x84000	0x6e78	0x4a00	RW- IDATA
.rsrc	0x8b000	0x450	0x600	R-- IDATA
.reloc	0x8c000	0x847c	0x8600	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0x7dbc0	0x1424
IMPORT	0x7efe4	0x258
RESOURCE	0x8b000	0x450
EXCEPTION	0	0
SECURITY	0x8f800	0x2168
BASERELOC	0x8c000	0x847c
DEBUG	0x72690	0x8c
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0x727c4	0x18
LOAD_CONFIG	0x72720	0x40
Bound_IAT	0	0
IAT	0x59000	0x800
Delay_IAT	0	0
CLR_Header	0	0

TLS

raw start	raw end	index	callbks	zero fill	flags
0x1007738c	0x10077398	0x10088d20	0x100599a8	0	0x300000

show previews

type	name	size	cp
VERSION	#1	1004	0

module_name	hint	ord	function_name
LoggingPlatform.DLL	11		public: __thiscall ScenarioTracking::TransferScope::~TransferScope(void) ??1TransferScope@ScenarioTracking@@QAE@XZ
LoggingPlatform.DLL	6		public: __thiscall ScenarioTracking::TransferScope::TransferScope(class ScenarioTracking::ITrace const * const) ??0TransferScope@ScenarioTracking@@QAE@QBVITrace@1@@Z
LoggingPlatform.DLL	16		class std::unique_ptr<class ScenarioTracking::ITrace, struct std::default_delete<class ScenarioTracking::ITrace> > __stdcall ScenarioTracking::CaptureTrace(void) ?CaptureTrace@ScenarioTracking@@YG?AV?$unique_ptr@VITrace@ScenarioTracking@@U?$default_delete@VITrace@ScenarioTracking@@@std@@@std@@XZ
LoggingPlatform.DLL	46		void __stdcall LoggingRecordAssert(wchar_t const , wchar_t const , wchar_t const , unsigned int, wchar_t const , bool, unsigned int, bool) ?LoggingRecordAssert@@YGXPB_W00I0_NI1@Z
LoggingPlatform.DLL	38		bool __cdecl QoS::IsAnyLibraryIrmEnabled(void) ?IsAnyLibraryIrmEnabled@QoS@@YA_NXZ
LoggingPlatform.DLL	22		unsigned int __cdecl QoS::GetActiveHydrationsCount(void) ?GetActiveHydrationsCount@QoS@@YAIXZ
LoggingPlatform.DLL	71		class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > __stdcall NarrowStringToWideString(char const *) ?NarrowStringToWideString@@YG?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBD@Z
LoggingPlatform.DLL	30		class ILoggingSession * __stdcall GetLoggingSession(void) ?GetLoggingSession@@YGPAVILoggingSession@@XZ
LoggingPlatform.DLL	55		void __stdcall LoggingSendTelemetryEvent(struct TelemetryEvent const &, struct StructuredEventParameter * const) ?LoggingSendTelemetryEvent@@YGXABUTelemetryEvent@@QAUStructuredEventParameter@@@Z
LoggingPlatform.DLL	35		class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > __stdcall GuidToString(struct _GUID const &) ?GuidToString@@YG?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABU_GUID@@@Z
LoggingPlatform.DLL	5		public: __thiscall TelemetryEvent::TelemetryEvent(char const , char const , struct _GUID const &, unsigned int, unsigned int, char const , char const , unsigned int, unsigned int) ??0TelemetryEvent@@QAE@PBD0ABU_GUID@@II00II@Z
LoggingPlatform.DLL	85		class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > __stdcall StripPrivateInfoFromString(wchar_t const *) ?StripPrivateInfoFromString@@YG?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z
LoggingPlatform.DLL	89		class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char> > __stdcall WideStringToNarrowString(wchar_t const *) ?WideStringToNarrowString@@YG?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_W@Z
LoggingPlatform.DLL	73		void __cdecl OneDriveAssertWorker(wchar_t const , enum OneDriveAssertType, wchar_t const , unsigned int, wchar_t const , wchar_t const , wchar_t const *, ...) ?OneDriveAssertWorker@@YAXPB_WW4OneDriveAssertType@@0I000ZZ
LoggingPlatform.DLL	24		long __stdcall GetDefaultLoggingPath(class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > &, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > const &) ?GetDefaultLoggingPath@@YGJAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV12@@Z
LoggingPlatform.DLL	53		void __stdcall LoggingRotateIfNeeded(void) ?LoggingRotateIfNeeded@@YGXXZ
LoggingPlatform.DLL	68		void __stdcall LoggingWriteStructuredEvent(struct StructuredEvent const &, struct StructuredEventParameter * const) ?LoggingWriteStructuredEvent@@YGXABUStructuredEvent@@QAUStructuredEventParameter@@@Z
LoggingPlatform.DLL	4		public: __thiscall StructuredEvent::StructuredEvent(char const , int, char const , struct _GUID const &, unsigned int, unsigned int, unsigned int, unsigned int) ??0StructuredEvent@@QAE@PBDH0ABU_GUID@@IIII@Z
LoggingPlatform.DLL	52		void __stdcall LoggingRotate(void) ?LoggingRotate@@YGXXZ
Telemetry.dll	111		public: virtual __thiscall QoS::ScenarioQosSyncWrapper::~ScenarioQosSyncWrapper(void) ??1ScenarioQosSyncWrapper@QoS@@UAE@XZ
Telemetry.dll	177		public: virtual void __thiscall QoS::ScenarioQosSyncWrapper::RecordScenario(int, enum TelemetryConstants::ErrorType::Type) ?RecordScenario@ScenarioQosSyncWrapper@QoS@@UAEXHW4Type@ErrorType@TelemetryConstants@@@Z
Telemetry.dll	181		public: virtual void __thiscall QoS::ScenarioQosSyncWrapper::RecordScenarioWithSize(int, enum TelemetryConstants::ErrorType::Type, unsigned int, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> >, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> >) ?RecordScenarioWithSize@ScenarioQosSyncWrapper@QoS@@UAEXHW4Type@ErrorType@TelemetryConstants@@IV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1@Z
Telemetry.dll	49		public: __thiscall QoS::ScenarioQosSyncWrapper::ScenarioQosSyncWrapper(class QoS::QosSyncWrapperConfig const &, wchar_t const *) ??0ScenarioQosSyncWrapper@QoS@@QAE@ABVQosSyncWrapperConfig@1@PB_W@Z
Telemetry.dll	184		public: virtual void __thiscall QoS::ScenarioQosSyncWrapper::RecordUploadDownloadScenario(int, enum TelemetryConstants::ErrorType::Type, unsigned int, int, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > const &, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > const &, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > const &, unsigned int, unsigned int) ?RecordUploadDownloadScenario@ScenarioQosSyncWrapper@QoS@@UAEXHW4Type@ErrorType@TelemetryConstants@@IHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@11II@Z
Telemetry.dll	185		public: virtual void __thiscall QoS::ScenarioQosSyncWrapper::RecordUploadDownloadTransferTestScenario(int, enum TelemetryConstants::ErrorType::Type, unsigned int, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > const &, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > const &, unsigned int, unsigned int, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > const &) ?RecordUploadDownloadTransferTestScenario@ScenarioQosSyncWrapper@QoS@@UAEXHW4Type@ErrorType@TelemetryConstants@@IABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1II1@Z
Telemetry.dll	169		public: virtual void __thiscall QoS::ScenarioQosSyncWrapper::RecordLogBatchUploadScenario(int, enum TelemetryConstants::ErrorType::Type, unsigned int, int, int, int, int, int, bool, bool, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, bool, bool, bool, unsigned __int64, unsigned __int64, int, int, int, int, int, int, int, int, int, int, int, bool) ?RecordLogBatchUploadScenario@ScenarioQosSyncWrapper@QoS@@UAEXHW4Type@ErrorType@TelemetryConstants@@IHHHHH_N1HHHHHHHHHHHHHHHH111_K2HHHHHHHHHHH1@Z
Telemetry.dll	167		public: virtual void __thiscall QoS::ScenarioQosSyncWrapper::RecordApiWithSize(long, unsigned int, unsigned int, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > const &, class std::set<unsigned int, struct std::less<unsigned int>, class std::allocator<unsigned int> > const &) ?RecordApiWithSize@ScenarioQosSyncWrapper@QoS@@UAEXJIIABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$set@IU?$less@I@std@@V?$allocator@I@2@@4@@Z
Telemetry.dll	182		public: virtual void __thiscall QoS::ScenarioQosSyncWrapper::RecordServiceApiResponse(long, unsigned int, unsigned int, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > const &, class std::set<unsigned int, struct std::less<unsigned int>, class std::allocator<unsigned int> > const &, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > const &, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > const &, bool, class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > const &) ?RecordServiceApiResponse@ScenarioQosSyncWrapper@QoS@@UAEXJIIABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$set@IU?$less@I@std@@V?$allocator@I@2@@4@00_N0@Z
Telemetry.dll	48		public: __thiscall QoS::ScenarioQosSyncWrapper::ScenarioQosSyncWrapper(class QoS::QosSyncWrapperConfig const &, wchar_t const , wchar_t const ) ??0ScenarioQosSyncWrapper@QoS@@QAE@ABVQosSyncWrapperConfig@1@PB_W1@Z
Telemetry.dll	72		public: __thiscall QoS::QosSyncWrapperConfig::~QosSyncWrapperConfig(void) ??1QosSyncWrapperConfig@QoS@@QAE@XZ
Telemetry.dll	151		public: wchar_t const * __thiscall QoS::QosSyncWrapperConfig::GetUploadFileScenarioName(bool)const ?GetUploadFileScenarioName@QosSyncWrapperConfig@QoS@@QBEPB_W_N@Z
Telemetry.dll	136		public: wchar_t const * __thiscall QoS::QosSyncWrapperConfig::GetDownloadFileScenarioName(bool)const ?GetDownloadFileScenarioName@QosSyncWrapperConfig@QoS@@QBEPB_W_N@Z
Telemetry.dll	144		public: wchar_t const * __thiscall QoS::QosSyncWrapperConfig::GetPollingChangeEnumerationScenarioName(void)const ?GetPollingChangeEnumerationScenarioName@QosSyncWrapperConfig@QoS@@QBEPB_WXZ
Telemetry.dll	153		public: wchar_t const * __thiscall QoS::QosSyncWrapperConfig::GetWnsChangeEnumerationScenarioName(void)const ?GetWnsChangeEnumerationScenarioName@QosSyncWrapperConfig@QoS@@QBEPB_WXZ
Telemetry.dll	148		public: wchar_t const * __thiscall QoS::QosSyncWrapperConfig::GetStartupChangeEnumerationScenarioName(void)const ?GetStartupChangeEnumerationScenarioName@QosSyncWrapperConfig@QoS@@QBEPB_WXZ
Telemetry.dll	135		public: wchar_t const * __thiscall QoS::QosSyncWrapperConfig::GetChangeEnumerationScenarioName(void)const ?GetChangeEnumerationScenarioName@QosSyncWrapperConfig@QoS@@QBEPB_WXZ
Telemetry.dll	145		public: wchar_t const * __thiscall QoS::QosSyncWrapperConfig::GetQuotaStatusScenarioName(void)const ?GetQuotaStatusScenarioName@QosSyncWrapperConfig@QoS@@QBEPB_WXZ
Telemetry.dll	152		public: wchar_t const * __thiscall QoS::QosSyncWrapperConfig::GetUploadMetadataScenarioName(bool, bool)const ?GetUploadMetadataScenarioName@QosSyncWrapperConfig@QoS@@QBEPB_W_N0@Z
Telemetry.dll	172		protected: virtual void __thiscall QoS::ScenarioQosWrapper::RecordQosTelemetry(wchar_t const , wchar_t const , enum TelemetryConstants::PropertyId::Id, __int64, unsigned int, int, enum TelemetryConstants::ErrorType::Type, wchar_t const , class std::vector<class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> >, class std::allocator<class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > > >, wchar_t const , struct QoS::ScenarioQosWrapper::ScenarioQosWrapperAdditionalInfo const &) ?RecordQosTelemetry@ScenarioQosWrapper@QoS@@MAEXPB_W0W4Id@PropertyId@TelemetryConstants@@_JIHW4Type@ErrorType@5@0V?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@0ABUScenarioQosWrapperAdditionalInfo@12@@Z
Telemetry.dll	192		public: void __thiscall QoS::ScenarioQosWrapper::SetComponent(wchar_t const *) ?SetComponent@ScenarioQosWrapper@QoS@@QAEXPB_W@Z
Telemetry.dll	133		public: virtual void __thiscall QoS::ScenarioQosWrapper::FreeTxnContextString(wchar_t const *) ?FreeTxnContextString@ScenarioQosWrapper@QoS@@UAEXPB_W@Z
Telemetry.dll	150		public: virtual wchar_t const * __thiscall QoS::ScenarioQosWrapper::GetTxnContextString(void) ?GetTxnContextString@ScenarioQosWrapper@QoS@@UAEPB_WXZ
Telemetry.dll	170		public: virtual void __thiscall QoS::ScenarioQosLogUploadBatch::RecordQosTelemetry(wchar_t const , wchar_t const , enum TelemetryConstants::PropertyId::Id, __int64, unsigned int, int, enum TelemetryConstants::ErrorType::Type, wchar_t const , class std::vector<class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> >, class std::allocator<class std::basic_string<wchar_t, struct std::char_traits<wchar_t>, class std::allocator<wchar_t> > > >, wchar_t const , struct QoS::ScenarioQosWrapper::ScenarioQosWrapperAdditionalInfo const &) ?RecordQosTelemetry@ScenarioQosLogUploadBatch@QoS@@UAEXPB_W0W4Id@PropertyId@TelemetryConstants@@_JIHW4Type@ErrorType@5@0V?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@0ABUScenarioQosWrapperAdditionalInfo@ScenarioQosWrapper@2@@Z
Telemetry.dll	241		public: void __thiscall QoS::ScenarioQosSyncWrapper::StartUploadLogBatch(void) ?StartUploadLogBatch@ScenarioQosSyncWrapper@QoS@@QAEXXZ
Telemetry.dll	223		public: void __thiscall QoS::ScenarioQosSyncWrapper::StartGetLogUploadLocation(void) ?StartGetLogUploadLocation@ScenarioQosSyncWrapper@QoS@@QAEXXZ
FileSyncSessions.dll	129		GetIAuthInstance
UpdateRingSettings.dll	1		class IUpdateRingSettingsManager * __stdcall GetUpdateRingSettingsManager(void) ?GetUpdateRingSettingsManager@@YGPAVIUpdateRingSettingsManager@@XZ
KERNEL32.dll	217		CreateMutexW
KERNEL32.dll	534		GetCurrentProcessId
KERNEL32.dll	1412		TerminateProcess
KERNEL32.dll	1487		WaitForSingleObject
KERNEL32.dll	741		GetSystemTimeAsFileTime
KERNEL32.dll	228		CreateProcessW
KERNEL32.dll	959		LoadLibraryW
KERNEL32.dll	908		IsWow64Process
KERNEL32.dll	425		FreeLibrary
KERNEL32.dll	382		FindFirstFileW
KERNEL32.dll	371		FindClose
KERNEL32.dll	275		DeleteFileW
KERNEL32.dll	940		LCMapStringW
KERNEL32.dll	394		FindNextFileW
KERNEL32.dll	550		GetDiskFreeSpaceExW
KERNEL32.dll	1052		PostQueuedCompletionStatus
KERNEL32.dll	710		GetQueuedCompletionStatus
KERNEL32.dll	1131		ReadDirectoryChangesW
KERNEL32.dll	207		CreateIoCompletionPort
KERNEL32.dll	1020		OpenFileById
KERNEL32.dll	588		GetFinalPathNameByHandleW
KERNEL32.dll	579		GetFileInformationByHandle
KERNEL32.dll	580		GetFileInformationByHandleEx
KERNEL32.dll	1304		SetFileInformationByHandle
KERNEL32.dll	153		CompareStringOrdinal
KERNEL32.dll	577		GetFileAttributesW
KERNEL32.dll	568		GetExitCodeProcess
KERNEL32.dll	388		FindFirstVolumeW
KERNEL32.dll	399		FindNextVolumeW
KERNEL32.dll	406		FindVolumeClose
KERNEL32.dll	283		DeviceIoControl
KERNEL32.dll	584		GetFileSizeEx
KERNEL32.dll	1132		ReadFile
KERNEL32.dll	565		GetEnvironmentVariableW
KERNEL32.dll	469		GetCommandLineW
KERNEL32.dll	172		CopyFileW
KERNEL32.dll	104		BindIoCompletionCallback
KERNEL32.dll	1193		ReleaseMutex
KERNEL32.dll	1180		RegisterApplicationRestart
KERNEL32.dll	1322		SetLastError
KERNEL32.dll	1448		UnmapViewOfFile
KERNEL32.dll	190		CreateEventW
KERNEL32.dll	246		CreateThreadpoolWait
KERNEL32.dll	1377		SetThreadpoolWait
KERNEL32.dll	1491		WaitForThreadpoolWaitCallbacks
KERNEL32.dll	144		CloseThreadpoolWait
KERNEL32.dll	993		MoveFileExW
KERNEL32.dll	1211		ReplaceFileW
KERNEL32.dll	1301		SetFileAttributesW
KERNEL32.dll	798		GetVolumePathNameW
KERNEL32.dll	185		CreateDirectoryW
KERNEL32.dll	1202		RemoveDirectoryW
KERNEL32.dll	1307		SetFilePointerEx
KERNEL32.dll	413		FlushFileBuffers
KERNEL32.dll	1397		Sleep
KERNEL32.dll	796		GetVolumeNameForVolumeMountPointW
KERNEL32.dll	800		GetVolumePathNamesForVolumeNameW
KERNEL32.dll	794		GetVolumeInformationW
KERNEL32.dll	793		GetVolumeInformationByHandleW
KERNEL32.dll	1288		SetEndOfFile
KERNEL32.dll	586		GetFileType
KERNEL32.dll	473		GetCompressedFileSizeW
KERNEL32.dll	743		GetSystemTimes
KERNEL32.dll	822		GlobalMemoryStatusEx
KERNEL32.dll	928		K32GetPerformanceInfo
KERNEL32.dll	931		K32GetProcessMemoryInfo
KERNEL32.dll	687		GetProcessHandleCount
KERNEL32.dll	701		GetProcessWorkingSetSizeEx
KERNEL32.dll	736		GetSystemPowerStatus
KERNEL32.dll	527		GetCurrentDirectoryW
KERNEL32.dll	996		MoveFileW
KERNEL32.dll	926		K32GetModuleFileNameExW
KERNEL32.dll	1030		OpenProcess
KERNEL32.dll	897		IsProcessorFeaturePresent
KERNEL32.dll	284		DisableThreadLibraryCalls
KERNEL32.dll	862		InitializeSListHead
KERNEL32.dll	280		DeleteTimerQueueTimer
KERNEL32.dll	249		CreateTimerQueueTimer
KERNEL32.dll	1000		MultiByteToWideChar
KERNEL32.dll	641		GetNativeSystemInfo
KERNEL32.dll	935		K32QueryWorkingSet
KERNEL32.dll	969		LocalFree
KERNEL32.dll	790		GetVersionExA
KERNEL32.dll	842		HeapSize
KERNEL32.dll	836		HeapDestroy
KERNEL32.dll	403		FindResourceExW
KERNEL32.dll	404		FindResourceW
KERNEL32.dll	1396		SizeofResource
KERNEL32.dll	980		LockResource
KERNEL32.dll	962		LoadResource
KERNEL32.dll	352		ExpandEnvironmentStringsW
KERNEL32.dll	1588		lstrlenW
KERNEL32.dll	840		HeapReAlloc
KERNEL32.dll	833		HeapAlloc
KERNEL32.dll	688		GetProcessHeap
KERNEL32.dll	837		HeapFree
KERNEL32.dll	682		GetProcAddress
KERNEL32.dll	628		GetModuleHandleW
KERNEL32.dll	1094		QueryPerformanceCounter
KERNEL32.dll	1095		QueryPerformanceFrequency
KERNEL32.dll	1104		QueueUserWorkItem
KERNEL32.dll	816		GlobalFree
KERNEL32.dll	477		GetComputerNameW
KERNEL32.dll	303		EnterCriticalSection
KERNEL32.dll	952		LeaveCriticalSection
KERNEL32.dll	857		InitializeCriticalSection
KERNEL32.dll	1294		SetEvent
KERNEL32.dll	189		CreateEventExW
KERNEL32.dll	698		GetProcessTimes
KERNEL32.dll	769		GetThreadTimes
KERNEL32.dll	270		DeleteCriticalSection
KERNEL32.dll	1115		RaiseException
KERNEL32.dll	134		CloseHandle
KERNEL32.dll	537		GetCurrentThread
KERNEL32.dll	605		GetLastError
KERNEL32.dll	772		GetTickCount64
KERNEL32.dll	732		GetSystemDirectoryW
KERNEL32.dll	538		GetCurrentThreadId
KERNEL32.dll	202		CreateFileW
KERNEL32.dll	859		InitializeCriticalSectionEx
KERNEL32.dll	533		GetCurrentProcess
KERNEL32.dll	965		LocalAlloc
KERNEL32.dll	1469		VerifyVersionInfoW
KERNEL32.dll	1465		VerSetConditionMask
KERNEL32.dll	1310		SetFileTime
KERNEL32.dll	624		GetModuleFileNameW
KERNEL32.dll	1381		SetUnhandledExceptionFilter
KERNEL32.dll	1445		UnhandledExceptionFilter
KERNEL32.dll	1488		WaitForSingleObjectEx
KERNEL32.dll	1215		ResetEvent
KERNEL32.dll	858		InitializeCriticalSectionAndSpinCount
KERNEL32.dll	1042		OutputDebugStringW
KERNEL32.dll	890		IsDebuggerPresent
KERNEL32.dll	1286		SetDllDirectoryW
USER32.dll	795		SendMessageTimeoutW
ADVAPI32.dll	732		SetFileSecurityW
ADVAPI32.dll	512		MapGenericMask
ADVAPI32.dll	240		DuplicateToken
ADVAPI32.dll	538		OpenThreadToken
ADVAPI32.dll	235		DeleteAce
ADVAPI32.dll	398		InitializeAcl
ADVAPI32.dll	129		ConvertStringSecurityDescriptorToSecurityDescriptorW
ADVAPI32.dll	308		FreeSid
ADVAPI32.dll	312		GetAclInformation
ADVAPI32.dll	763		StartServiceW
ADVAPI32.dll	587		QueryServiceConfigW
ADVAPI32.dll	147		CreateWellKnownSid
ADVAPI32.dll	106		ControlService
ADVAPI32.dll	593		QueryServiceStatusEx
ADVAPI32.dll	592		QueryServiceStatus
ADVAPI32.dll	236		DeleteService
ADVAPI32.dll	739		SetNamedSecurityInfoW
ADVAPI32.dll	728		SetEntriesInAclW
ADVAPI32.dll	32		AllocateAndInitializeSid
ADVAPI32.dll	343		GetNamedSecurityInfoW
ADVAPI32.dll	139		CreateProcessAsUserW
ADVAPI32.dll	241		DuplicateTokenEx
ADVAPI32.dll	537		OpenServiceW
ADVAPI32.dll	754		SetServiceStatus
ADVAPI32.dll	691		RegisterServiceCtrlHandlerW
ADVAPI32.dll	762		StartServiceCtrlDispatcherW
ADVAPI32.dll	101		CloseServiceHandle
ADVAPI32.dll	91		ChangeServiceConfig2W
ADVAPI32.dll	93		ChangeServiceConfigW
ADVAPI32.dll	145		CreateServiceW
ADVAPI32.dll	535		OpenSCManagerW
ADVAPI32.dll	684		RegUnLoadKeyW
ADVAPI32.dll	645		RegLoadKeyW
ADVAPI32.dll	635		RegEnumKeyW
ADVAPI32.dll	614		RegCreateKeyTransactedW
ADVAPI32.dll	31		AdjustTokenPrivileges
ADVAPI32.dll	431		LookupPrivilegeValueW
ADVAPI32.dll	637		RegEnumValueW
ADVAPI32.dll	133		CopySid
ADVAPI32.dll	331		GetLengthSid
ADVAPI32.dll	123		ConvertSidToStringSidW
ADVAPI32.dll	368		GetTokenInformation
ADVAPI32.dll	533		OpenProcessToken
ADVAPI32.dll	618		RegDeleteKeyExW
ADVAPI32.dll	625		RegDeleteTreeW
ADVAPI32.dll	634		RegEnumKeyExW
ADVAPI32.dll	641		RegGetValueW
ADVAPI32.dll	678		RegSetKeyValueW
ADVAPI32.dll	612		RegCreateKeyExW
ADVAPI32.dll	200		CryptDestroyKey
ADVAPI32.dll	221		CryptSetHashParam
ADVAPI32.dll	219		CryptImportKey
ADVAPI32.dll	213		CryptGetHashParam
ADVAPI32.dll	217		CryptHashData
ADVAPI32.dll	196		CryptCreateHash
ADVAPI32.dll	194		CryptAcquireContextW
ADVAPI32.dll	220		CryptReleaseContext
ADVAPI32.dll	199		CryptDestroyHash
ADVAPI32.dll	651		RegOpenKeyExA
ADVAPI32.dll	659		RegQueryInfoKeyW
ADVAPI32.dll	681		RegSetValueExW
ADVAPI32.dll	627		RegDeleteValueW
ADVAPI32.dll	665		RegQueryValueExW
ADVAPI32.dll	603		RegCloseKey
ADVAPI32.dll	652		RegOpenKeyExW
ADVAPI32.dll	423		LookupAccountNameW
ADVAPI32.dll	379		GetUserNameW
ADVAPI32.dll	311		GetAce
ADVAPI32.dll	22		AddAce
ADVAPI32.dll	291		EventUnregister
ADVAPI32.dll	5		AccessCheck
SHELL32.dll		155
SHELL32.dll	132		SHBindToParent
SHELL32.dll		526
SHELL32.dll	155		SHCreateDirectoryExW
SHELL32.dll	341		SHGetFolderPathAndSubDirW
SHELL32.dll	329		SHGetDataFromIDListW
SHELL32.dll	159		SHCreateItemFromParsingName
SHELL32.dll	437		ShellExecuteExW
SHELL32.dll	139		SHChangeNotify
SHELL32.dll	320		SHFileOperationW
SHELL32.dll	353		SHGetKnownFolderPath
SHELL32.dll	394		SHParseDisplayName
SHELL32.dll	373		SHGetSpecialFolderPathW
SHELL32.dll	343		SHGetFolderPathW
ole32.dll	155		CreateBindCtx
ole32.dll	132		CoSetProxyBlanket
ole32.dll	39		CoCreateGuid
ole32.dll	137		CoTaskMemFree
ole32.dll	94		CoInitializeEx
ole32.dll	458		StringFromGUID2
ole32.dll	148		CoWaitForMultipleHandles
ole32.dll	38		CoCreateFreeThreadedMarshaler
ole32.dll	141		CoUninitialize
ole32.dll	40		CoCreateInstance
OLEAUT32.dll		6
OLEAUT32.dll		2
OLEAUT32.dll		161
OLEAUT32.dll		162
OLEAUT32.dll		323
RPCRT4.dll	400		RpcEpUnregister
RPCRT4.dll	389		RpcBindingVectorFree
RPCRT4.dll	398		RpcEpRegisterW
RPCRT4.dll	455		RpcServerInqBindings
RPCRT4.dll	495		RpcServerUseProtseqW
RPCRT4.dll	474		RpcServerRegisterIfEx
RPCRT4.dll	534		UuidCreate
RPCRT4.dll	543		UuidToStringW
RPCRT4.dll	525		RpcStringFreeW
RPCRT4.dll	477		RpcServerUnregisterIf
RPCRT4.dll	458		RpcServerInqCallAttributesW
RPCRT4.dll	365		RpcBindingFree
RPCRT4.dll	521		RpcStringBindingComposeW
RPCRT4.dll	367		RpcBindingFromStringBindingW
RPCRT4.dll	382		RpcBindingSetAuthInfoExW
SHLWAPI.dll	73		PathFileExistsW
SHLWAPI.dll	199		SHGetValueW
SHLWAPI.dll	103		PathIsPrefixW
SHLWAPI.dll	328		StrRetToBufW
SHLWAPI.dll	232		SHRegGetBoolUSValueW
VERSION.dll	7		GetFileVersionInfoSizeW
VERSION.dll	8		GetFileVersionInfoW
VERSION.dll	16		VerQueryValueW
WININET.dll	147		InternetCheckConnectionW
WS2_32.dll	58		WSAIoctl
WS2_32.dll	87		WSASocketW
WS2_32.dll		111
WS2_32.dll		3
WS2_32.dll		115
WTSAPI32.dll	38		WTSQuerySessionInformationW
WTSAPI32.dll	41		WTSQueryUserToken
WTSAPI32.dll	23		WTSFreeMemory
WTSAPI32.dll	22		WTSEnumerateSessionsW
MSVCP140.dll	136		public: virtual __thiscall std::basic_ostream<wchar_t, struct std::char_traits<wchar_t> >::~basic_ostream<wchar_t, struct std::char_traits<wchar_t> >(void) ??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
MSVCP140.dll	258		public: class std::basic_ostream<char, struct std::char_traits<char> > & __thiscall std::basic_ostream<char, struct std::char_traits<char> >::operator<<(unsigned long) ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
MSVCP140.dll	19		public: __thiscall std::basic_iostream<char, struct std::char_traits<char> >::basic_iostream<char, struct std::char_traits<char> >(class std::basic_streambuf<char, struct std::char_traits<char> > *) ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
MSVCP140.dll	12		protected: __thiscall std::basic_ios<char, struct std::char_traits<char> >::basic_ios<char, struct std::char_traits<char> >(void) ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
MSVCP140.dll	1221		public: void __thiscall std::basic_ios<char, struct std::char_traits<char> >::setstate(int, bool) ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
MSVCP140.dll	539		public: bool __thiscall std::basic_istream<wchar_t, struct std::char_traits<wchar_t> >::_Ipfx(bool) ?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
MSVCP140.dll	1175		public: unsigned short __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::sbumpc(void) ?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
MSVCP140.dll	1233		public: unsigned short __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::sgetc(void) ?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
MSVCP140.dll	1456		_Thrd_detach
MSVCP140.dll	872		public: class std::basic_ostream<char, struct std::char_traits<char> > & __thiscall std::basic_ostream<char, struct std::char_traits<char> >::flush(void) ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
MSVCP140.dll	580		public: void __thiscall std::basic_ostream<char, struct std::char_traits<char> >::_Osfx(void) ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
MSVCP140.dll	47		protected: __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::basic_streambuf<char, struct std::char_traits<char> >(void) ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
MSVCP140.dll	1249		public: __int64 __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::sputn(char const *, __int64) ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
MSVCP140.dll	1014		protected: virtual void __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::imbue(class std::locale const &) ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
MSVCP140.dll	1205		protected: virtual class std::basic_streambuf<char, struct std::char_traits<char> > * __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::setbuf(char *, __int64) ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
MSVCP140.dll	1347		protected: virtual __int64 __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::xsgetn(char *, __int64) ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
MSVCP140.dll	1307		protected: virtual int __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::uflow(void) ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
MSVCP140.dll	1237		protected: virtual __int64 __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::showmanyc(void) ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
MSVCP140.dll	1350		protected: virtual __int64 __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::xsputn(char const *, __int64) ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
MSVCP140.dll	1277		protected: virtual int __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::sync(void) ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
MSVCP140.dll	552		public: virtual void __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::_Lock(void) ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
MSVCP140.dll	639		public: virtual void __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::_Unlock(void) ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
MSVCP140.dll	1246		public: int __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::sputc(char) ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
MSVCP140.dll	128		public: virtual __thiscall std::basic_iostream<char, struct std::char_traits<char> >::~basic_iostream<char, struct std::char_traits<char> >(void) ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
MSVCP140.dll	137		public: virtual __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::~basic_streambuf<char, struct std::char_traits<char> >(void) ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
MSVCP140.dll	586		protected: char * __thiscall std::basic_streambuf<char, struct std::char_traits<char> >::_Pninc(void) ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
MSVCP140.dll	125		public: virtual __thiscall std::basic_ios<char, struct std::char_traits<char> >::~basic_ios<char, struct std::char_traits<char> >(void) ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
MSVCP140.dll	652		void __cdecl std::_Xbad_function_call(void) ?_Xbad_function_call@std@@YAXXZ
MSVCP140.dll	23		public: __thiscall std::basic_iostream<wchar_t, struct std::char_traits<wchar_t> >::basic_iostream<wchar_t, struct std::char_traits<wchar_t> >(class std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> > *) ??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
MSVCP140.dll	16		protected: __thiscall std::basic_ios<wchar_t, struct std::char_traits<wchar_t> >::basic_ios<wchar_t, struct std::char_traits<wchar_t> >(void) ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
MSVCP140.dll	290		public: class std::basic_ostream<wchar_t, struct std::char_traits<wchar_t> > & __thiscall std::basic_ostream<wchar_t, struct std::char_traits<wchar_t> >::operator<<(unsigned int) ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
MSVCP140.dll	43		public: __thiscall std::basic_ostream<wchar_t, struct std::char_traits<wchar_t> >::basic_ostream<wchar_t, struct std::char_traits<wchar_t> >(class std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> > *, bool) ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
MSVCP140.dll	1360		_Cnd_init_in_situ
MSVCP140.dll	1357		_Cnd_destroy_in_situ
MSVCP140.dll	1355		_Cnd_broadcast
MSVCP140.dll	1365		_Cnd_wait
MSVCP140.dll	1242		public: unsigned short __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::snextc(void) ?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
MSVCP140.dll	629		void __cdecl std::_Throw_Cpp_error(int) ?_Throw_Cpp_error@std@@YAXH@Z
MSVCP140.dll	651		void __cdecl std::_Xbad_alloc(void) ?_Xbad_alloc@std@@YAXXZ
MSVCP140.dll	655		void __cdecl std::_Xout_of_range(char const *) ?_Xout_of_range@std@@YAXPBD@Z
MSVCP140.dll	628		void __cdecl std::_Throw_C_error(int) ?_Throw_C_error@std@@YAXH@Z
MSVCP140.dll	654		void __cdecl std::_Xlength_error(char const *) ?_Xlength_error@std@@YAXPBD@Z
MSVCP140.dll	1409		_Mtx_destroy_in_situ
MSVCP140.dll	1413		_Mtx_lock
MSVCP140.dll	1412		_Mtx_init_in_situ
MSVCP140.dll	1358		_Cnd_do_broadcast_at_thread_exit
MSVCP140.dll	1460		_Thrd_id
MSVCP140.dll	1461		_Thrd_join
MSVCP140.dll	1417		_Mtx_unlock
MSVCP140.dll	127		public: virtual __thiscall std::basic_ios<wchar_t, struct std::char_traits<wchar_t> >::~basic_ios<wchar_t, struct std::char_traits<wchar_t> >(void) ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
MSVCP140.dll	877		protected: void __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::gbump(int) ?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
MSVCP140.dll	588		protected: wchar_t * __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::_Pninc(void) ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
MSVCP140.dll	139		public: virtual __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::~basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >(void) ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
MSVCP140.dll	130		public: virtual __thiscall std::basic_iostream<wchar_t, struct std::char_traits<wchar_t> >::~basic_iostream<wchar_t, struct std::char_traits<wchar_t> >(void) ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
MSVCP140.dll	1248		public: unsigned short __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::sputc(wchar_t) ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
MSVCP140.dll	1310		bool __cdecl std::uncaught_exception(void) ?uncaught_exception@std@@YA_NXZ
MSVCP140.dll	1352		protected: virtual __int64 __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::xsputn(wchar_t const *, __int64) ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
MSVCP140.dll	641		public: virtual void __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::_Unlock(void) ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
MSVCP140.dll	554		public: virtual void __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::_Lock(void) ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
MSVCP140.dll	1279		protected: virtual int __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::sync(void) ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
MSVCP140.dll	1239		protected: virtual __int64 __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::showmanyc(void) ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
MSVCP140.dll	1309		protected: virtual unsigned short __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::uflow(void) ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
MSVCP140.dll	1349		protected: virtual __int64 __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::xsgetn(wchar_t *, __int64) ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
MSVCP140.dll	1207		protected: virtual class std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> > * __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::setbuf(wchar_t *, __int64) ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
MSVCP140.dll	1016		protected: virtual void __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::imbue(class std::locale const &) ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
MSVCP140.dll	582		public: void __thiscall std::basic_ostream<wchar_t, struct std::char_traits<wchar_t> >::_Osfx(void) ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
MSVCP140.dll	874		public: class std::basic_ostream<wchar_t, struct std::char_traits<wchar_t> > & __thiscall std::basic_ostream<wchar_t, struct std::char_traits<wchar_t> >::flush(void) ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
MSVCP140.dll	1251		public: __int64 __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::sputn(wchar_t const *, __int64) ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
MSVCP140.dll	1225		public: void __thiscall std::basic_ios<wchar_t, struct std::char_traits<wchar_t> >::setstate(int, bool) ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
MSVCP140.dll	53		protected: __thiscall std::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >::basic_streambuf<wchar_t, struct std::char_traits<wchar_t> >(void) ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
USERENV.dll	3		CreateEnvironmentBlock
VCRUNTIME140.dll	53		_except_handler4_common
VCRUNTIME140.dll	29		__current_exception_context
VCRUNTIME140.dll	69		memcmp
VCRUNTIME140.dll	1		_CxxThrowException
VCRUNTIME140.dll	72		memset
VCRUNTIME140.dll	70		memcpy
VCRUNTIME140.dll	36		__std_type_info_compare
VCRUNTIME140.dll	71		memmove
VCRUNTIME140.dll	25		__RTDynamicCast
VCRUNTIME140.dll	28		__current_exception
VCRUNTIME140.dll	37		__std_type_info_destroy_list
VCRUNTIME140.dll	16		__CxxFrameHandler3
VCRUNTIME140.dll	34		__std_exception_destroy
VCRUNTIME140.dll	33		__std_exception_copy
VCRUNTIME140.dll	35		__std_terminate
VCRUNTIME140.dll	61		_purecall
VCRUNTIME140.dll	78		wcschr
VCRUNTIME140.dll	80		wcsstr
VCRUNTIME140.dll	79		wcsrchr
api-ms-win-crt-heap-l1-1-0.dll	8		_callnewh
api-ms-win-crt-heap-l1-1-0.dll	25		malloc
api-ms-win-crt-heap-l1-1-0.dll	24		free
api-ms-win-crt-convert-l1-1-0.dll	110		wcstol
api-ms-win-crt-convert-l1-1-0.dll	112		wcstoll
api-ms-win-crt-convert-l1-1-0.dll	71		_wtoi
api-ms-win-crt-stdio-l1-1-0.dll	11		__stdio_common_vsnprintf_s
api-ms-win-crt-stdio-l1-1-0.dll	47		_fseeki64
api-ms-win-crt-stdio-l1-1-0.dll	38		_fileno
api-ms-win-crt-stdio-l1-1-0.dll	13		__stdio_common_vsprintf
api-ms-win-crt-stdio-l1-1-0.dll	82		_read
api-ms-win-crt-stdio-l1-1-0.dll	55		_get_osfhandle
api-ms-win-crt-stdio-l1-1-0.dll	124		fgetws
api-ms-win-crt-stdio-l1-1-0.dll	99		_wfopen_s
api-ms-win-crt-stdio-l1-1-0.dll			__acrt_iob_func
api-ms-win-crt-stdio-l1-1-0.dll	74		_open_osfhandle
api-ms-win-crt-stdio-l1-1-0.dll	135		fseek
api-ms-win-crt-stdio-l1-1-0.dll	98		_wfopen
api-ms-win-crt-stdio-l1-1-0.dll	116		fclose
api-ms-win-crt-stdio-l1-1-0.dll	22		_chsize_s
api-ms-win-crt-stdio-l1-1-0.dll	17		__stdio_common_vswprintf
api-ms-win-crt-stdio-l1-1-0.dll	119		fflush
api-ms-win-crt-stdio-l1-1-0.dll	107		_write
api-ms-win-crt-stdio-l1-1-0.dll	131		fread
api-ms-win-crt-stdio-l1-1-0.dll	7		__stdio_common_vfwprintf
api-ms-win-crt-stdio-l1-1-0.dll	23		_close
api-ms-win-crt-runtime-l1-1-0.dll	21		_beginthreadex
api-ms-win-crt-runtime-l1-1-0.dll	106		terminate
api-ms-win-crt-runtime-l1-1-0.dll	35		_errno
api-ms-win-crt-runtime-l1-1-0.dll	59		_invalid_parameter_noinfo_noreturn
api-ms-win-crt-runtime-l1-1-0.dll	58		_invalid_parameter_noinfo
api-ms-win-crt-runtime-l1-1-0.dll	41		_get_errno
api-ms-win-crt-runtime-l1-1-0.dll	57		_initterm_e
api-ms-win-crt-runtime-l1-1-0.dll	65		_seh_filter_dll
api-ms-win-crt-runtime-l1-1-0.dll	25		_configure_narrow_argv
api-ms-win-crt-runtime-l1-1-0.dll	53		_initialize_narrow_environment
api-ms-win-crt-runtime-l1-1-0.dll	54		_initialize_onexit_table
api-ms-win-crt-runtime-l1-1-0.dll	62		_register_onexit_function
api-ms-win-crt-runtime-l1-1-0.dll	36		_execute_onexit_table
api-ms-win-crt-runtime-l1-1-0.dll	31		_crt_atexit
api-ms-win-crt-runtime-l1-1-0.dll	23		_cexit
api-ms-win-crt-runtime-l1-1-0.dll	56		_initterm
api-ms-win-crt-time-l1-1-0.dll	48		_time64
api-ms-win-crt-time-l1-1-0.dll	36		_localtime64_s
api-ms-win-crt-time-l1-1-0.dll	31		_gmtime64
api-ms-win-crt-string-l1-1-0.dll	161		wcscpy_s
api-ms-win-crt-string-l1-1-0.dll	84		_wcsnicmp
api-ms-win-crt-string-l1-1-0.dll	74		_wcsicmp
api-ms-win-crt-string-l1-1-0.dll	166		wcsncmp
api-ms-win-crt-string-l1-1-0.dll	168		wcsncpy_s
api-ms-win-crt-string-l1-1-0.dll	177		wmemmove_s
api-ms-win-crt-string-l1-1-0.dll	123		iswspace
api-ms-win-crt-string-l1-1-0.dll	155		towupper
api-ms-win-crt-string-l1-1-0.dll	154		towlower
api-ms-win-crt-string-l1-1-0.dll	176		wmemcpy_s
api-ms-win-crt-filesystem-l1-1-0.dll	44		_wfindfirst64i32
api-ms-win-crt-filesystem-l1-1-0.dll	49		_wfullpath
ntdll.dll	1233		RtlNtStatusToDosError
ntdll.dll	459		NtQueryDirectoryFile
WINHTTP.dll	47		WinHttpReceiveResponse
WINHTTP.dll	20		WinHttpCrackUrl
WINHTTP.dll	53		WinHttpSetOption
WINHTTP.dll	40		WinHttpQueryAuthSchemes
WINHTTP.dll	44		WinHttpReadData
WINHTTP.dll	7		WinHttpCloseHandle
WINHTTP.dll	41		WinHttpQueryDataAvailable
WINHTTP.dll	42		WinHttpQueryHeaders
WINHTTP.dll	50		WinHttpSendRequest
WINHTTP.dll	55		WinHttpSetTimeouts
WINHTTP.dll	54		WinHttpSetStatusCallback
WINHTTP.dll	64		WinHttpWriteData
WINHTTP.dll	4		WinHttpAddRequestHeaders
WINHTTP.dll	38		WinHttpOpenRequest
WINHTTP.dll	28		WinHttpGetIEProxyConfigForCurrentUser
WINHTTP.dll	29		WinHttpGetProxyForUrl
WINHTTP.dll	8		WinHttpConnect
WINHTTP.dll	37		WinHttpOpen
api-ms-win-crt-math-l1-1-0.dll	162		ceil

ord	entry_va	function_name
1	0x5850	??0QosSyncWrapperConfig@QoS@@QAE@XZ
2	0x5b30	??0ScenarioQosChangeEnumeration@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
3	0x5b60	??0ScenarioQosChangeEnumeration@QoS@@QAE@ABVQosSyncWrapperConfig@1@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
4	0x5ba0	??0ScenarioQosChangeEnumeration@QoS@@QAE@ABVQosSyncWrapperConfig@1@PB_W1@Z
5	0x5950	??0ScenarioQosClientPolicy@QoS@@QAE@ABVQosSyncWrapperConfig@1@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
6	0x5e20	??0ScenarioQosDownloadFile@QoS@@QAE@ABVQosSyncWrapperConfig@1@_N@Z
7	0x5f10	??0ScenarioQosDownloadSignature@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
8	0x5a50	??0ScenarioQosGetItemByPath@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
9	0x6fc0	??0ScenarioQosGetPlaceholderThumbnail@QoS@@QAE@XZ
10	0x65c0	??0ScenarioQosGetSpecialFolderInfo@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
11	0x6ee0	??0ScenarioQosGetVersionHistory@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
12	0x6c40	??0ScenarioQosLockVault@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
13	0x66a0	??0ScenarioQosLogUpload@QoS@@QAE@XZ
14	0x67a0	??0ScenarioQosLogUploadBatch@QoS@@QAE@XZ
15	0x5d00	??0ScenarioQosPollingChangeEnumeration@QoS@@QAE@ABVQosSyncWrapperConfig@1@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
16	0x62d0	??0ScenarioQosQuotaStatus@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
17	0x6e00	??0ScenarioQosRetrieveVaultKey@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
18	0x5d40	??0ScenarioQosSelectiveSyncEnumeration@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
19	0x5c80	??0ScenarioQosStartupChangeEnumeration@QoS@@QAE@ABVQosSyncWrapperConfig@1@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
20	0x5870	??0ScenarioQosStorageProvisioning@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
21	0x6d20	??0ScenarioQosStoreVaultKey@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
22	0x68a0	??0ScenarioQosSubScopeMapping@QoS@@QAE@XZ
23	0x63b0	??0ScenarioQosSyncVerification@QoS@@QAE@XZ
24	0x63d0	??0ScenarioQosSyncVerification@QoS@@QAE@_N@Z
25	0x69a0	??0ScenarioQosUploadCrossScopeCopy@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
26	0x64e0	??0ScenarioQosUploadExternalFile@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
27	0x5ff0	??0ScenarioQosUploadFile@QoS@@QAE@ABVQosSyncWrapperConfig@1@_N@Z
28	0x61e0	??0ScenarioQosUploadMetadata@QoS@@QAE@ABVQosSyncWrapperConfig@1@_N1@Z
29	0x60e0	??0ScenarioQosUploadTransferTest@QoS@@QAE@XZ
30	0x6a80	??0ScenarioQosVaultInitialization@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
31	0x6b60	??0ScenarioQosVaultUnlock@QoS@@QAE@ABVQosSyncWrapperConfig@1@@Z
32	0x5cc0	??0ScenarioQosWNSNotificationChangeEnumeration@QoS@@QAE@ABVQosSyncWrapperConfig@1@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
33	0x5bd0	??1ScenarioQosChangeEnumeration@QoS@@UAE@XZ
34	0x59a0	??1ScenarioQosClientPolicy@QoS@@UAE@XZ
35	0x5e60	??1ScenarioQosDownloadFile@QoS@@UAE@XZ
36	0x5f40	??1ScenarioQosDownloadSignature@QoS@@UAE@XZ
37	0x5a80	??1ScenarioQosGetItemByPath@QoS@@UAE@XZ
38	0x7010	??1ScenarioQosGetPlaceholderThumbnail@QoS@@UAE@XZ
39	0x65f0	??1ScenarioQosGetSpecialFolderInfo@QoS@@UAE@XZ
40	0x6f10	??1ScenarioQosGetVersionHistory@QoS@@UAE@XZ
41	0x6c70	??1ScenarioQosLockVault@QoS@@UAE@XZ
42	0x66f0	??1ScenarioQosLogUpload@QoS@@UAE@XZ
43	0x67f0	??1ScenarioQosLogUploadBatch@QoS@@UAE@XZ
44	0x5bd0	??1ScenarioQosPollingChangeEnumeration@QoS@@UAE@XZ
45	0x6300	??1ScenarioQosQuotaStatus@QoS@@UAE@XZ
46	0x6e30	??1ScenarioQosRetrieveVaultKey@QoS@@UAE@XZ
47	0x5d70	??1ScenarioQosSelectiveSyncEnumeration@QoS@@UAE@XZ
48	0x5bd0	??1ScenarioQosStartupChangeEnumeration@QoS@@UAE@XZ
49	0x58a0	??1ScenarioQosStorageProvisioning@QoS@@UAE@XZ
50	0x6d50	??1ScenarioQosStoreVaultKey@QoS@@UAE@XZ
51	0x68f0	??1ScenarioQosSubScopeMapping@QoS@@UAE@XZ
52	0x6430	??1ScenarioQosSyncVerification@QoS@@UAE@XZ
53	0x69d0	??1ScenarioQosUploadCrossScopeCopy@QoS@@UAE@XZ
54	0x6510	??1ScenarioQosUploadExternalFile@QoS@@UAE@XZ
55	0x6030	??1ScenarioQosUploadFile@QoS@@UAE@XZ
56	0x6220	??1ScenarioQosUploadMetadata@QoS@@UAE@XZ
57	0x6130	??1ScenarioQosUploadTransferTest@QoS@@UAE@XZ
58	0x6ab0	??1ScenarioQosVaultInitialization@QoS@@UAE@XZ
59	0x6b90	??1ScenarioQosVaultUnlock@QoS@@UAE@XZ
60	0x5bd0	??1ScenarioQosWNSNotificationChangeEnumeration@QoS@@UAE@XZ
61	0x118f0	?AdjustLogRotationParameters@@YGXIIIP6GXPB_W_J@Z@Z
62	0x5820	?DefaultOrMostSevereErrorTypeRecorded@ScenarioQosWrapper@QoS@@QAE?AW4Type@ErrorType@TelemetryConstants@@W4345@@Z
63	0x11810	?ForceLogRotationAndUpload@@YGX_NPB_W0@Z
64	0x11a30	?FreeLogUploaderSessionId@@YGXPAPA_W@Z
65	0x5840	?GetApiName@ScenarioQosWrapper@QoS@@IAEPB_WXZ
66	0x11990	?GetLogUploaderSessionId@@YGJPAPA_W@Z
67	0x5810	?GetMostSevereErrorCodeRecorded@ScenarioQosWrapper@QoS@@QAEHXZ
68	0x5800	?GetMostSevereErrorTypeRecorded@ScenarioQosWrapper@QoS@@QAE?AW4Type@ErrorType@TelemetryConstants@@XZ
69	0x57f0	?GetScenarioName@ScenarioQosWrapper@QoS@@QBEPB_WXZ
70	0x11730	?InitializeLogUploader@@YGXPB_W@Z
71	0x11880	?LogUploaderOnLogRotatedHandler@@YGXPB_W_J@Z
72	0x11940	?SetLogUploaderPauseState@@YGX_N@Z
73	0x11af0	?ShutdownLogUploader@@YGXXZ
74	0x11ab0	?UpdateLogUploaderRingSettings@@YGXXZ
75	0x11a60	?UpdateLogUploaderSettings@@YGXPB_W@Z

module_name	LogUploader.dll
flags	0
timestamp	2096-11-07 11:01:59
version	0.0
ordinal_base	1
nFunctions	75
nNames	75
Names(75)	0x7dd14
Functions(75)	0x7dbe8
NameOrdinals(75)	0x7de40

StringTable 040904b0

CompanyName	Microsoft Corporation
FileDescription	OneDrive Sync LogUploader Library
InternalName	LogUploader.dll
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	LogUploader.dll
ProductName	Microsoft OneDrive
FileVersion	20.052.0311.0002
ProductVersion	20.052.0311.0002
SpecialBuild	b/build/bf4a5933-4113-e6b8-7744-ede4eebe2960

VS_FIXEDFILEINFO

FileVersion	20.52.311.2
ProductVersion	20.52.311.2
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0x20
FileOS	4
FileType	1
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2010

serial: 33000002C2813CEF6A1E0924010000000002C2

Certificates (2)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:00:00:02:c2:81:3c:ef:6a:1e:09:24:01:00:00:00:00:02:c2
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2010
        Validity
            Not Before: May  2 21:25:29 2019 GMT
            Not After : May  2 21:25:29 2020 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ba:73:09:2d:a5:0a:58:f2:76:c1:ba:7e:98:58:
                    2f:21:9e:74:a2:29:14:17:e4:36:c2:2b:10:11:fe:
                    ff:e8:c3:07:88:bd:3b:0a:88:b7:b7:0e:5e:ff:43:
                    bc:dc:9e:5e:14:e2:2a:0f:08:24:b7:ea:be:fb:d2:
                    14:c3:9d:60:ec:02:3a:ce:7c:a7:17:05:9c:d8:49:
                    96:11:74:59:87:42:b3:cd:05:eb:aa:e6:66:1a:77:
                    93:df:d6:a6:d2:ba:e7:48:64:b8:4a:06:b2:1f:45:
                    73:0d:d0:aa:fe:9a:3f:aa:08:e1:12:5f:46:cf:16:
                    f9:c6:2c:1e:d3:ff:04:3f:a6:96:dd:aa:66:08:5c:
                    5b:a5:d7:1e:14:b5:a8:dc:07:27:7c:76:9f:39:42:
                    16:74:54:8d:eb:bb:e7:25:9b:7d:f6:6b:3b:ca:80:
                    82:4a:09:d0:77:85:7b:93:f0:69:32:89:d0:8c:db:
                    c5:c5:dc:02:f3:57:f7:64:ad:14:7e:18:09:24:3b:
                    0a:77:fe:2c:d4:2a:e8:96:81:93:17:e7:03:0c:7e:
                    6d:99:c3:5b:5e:fe:f9:ae:3e:cb:19:54:ab:fd:13:
                    12:52:58:cb:90:53:fa:24:1f:46:70:ce:a9:37:22:
                    50:77:ec:dc:f5:7d:48:32:9b:21:88:fa:91:28:76:
                    a3:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                1.3.6.1.4.1.311.10.3.21, Code Signing
            X509v3 Subject Key Identifier: 
                4C:02:C4:7A:66:81:C7:29:A5:61:49:B2:59:04:19:3A:3C:BF:11:8F
            X509v3 Subject Alternative Name: 
                DirName:/OU=Microsoft Operations Puerto Rico/serialNumber=229861\+454108
            X509v3 Authority Key Identifier: 
                E6:FC:5F:7B:BB:22:00:58:E4:72:4E:B5:F4:21:74:23:32:E6:EF:AC
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl
            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt
            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        58:5c:6b:28:ac:cb:a2:0c:c5:bd:b2:9c:c2:05:ab:dd:6a:9a:
        08:ae:ed:61:0d:49:2c:9b:92:c9:12:17:7b:a8:d9:e1:88:12:
        2e:9d:e8:f2:d8:38:14:cd:20:89:7d:bf:c1:78:a0:b6:07:4e:
        c1:e2:62:40:27:13:78:d8:76:90:0b:63:00:9d:94:51:4f:64:
        23:c2:00:3a:61:2b:78:a9:a7:f3:4c:18:f7:55:d3:3a:35:2a:
        da:12:18:46:a2:09:97:3d:bf:50:b1:f0:5e:1f:9c:ef:de:81:
        ac:ed:81:d8:67:ba:70:f9:fa:46:7f:79:69:38:75:78:ed:41:
        77:52:7c:74:ed:00:70:b2:dc:7a:58:4e:b3:a8:17:b9:a7:aa:
        88:e8:88:16:c4:47:41:c9:88:3d:01:b0:7a:29:f9:d5:4b:56:
        86:dc:5f:0d:ae:f5:3d:51:66:d2:c3:a6:12:42:a6:d2:72:c2:
        1c:c9:4d:d1:d6:d5:e2:49:d4:06:ab:7b:1f:71:14:14:28:b8:
        14:b2:15:fe:48:bc:bd:b4:32:c5:3e:69:37:ef:73:83:66:ae:
        fb:a1:50:a2:ff:3c:9b:43:91:ea:21:99:4d:91:f1:a0:f4:dc:
        22:9c:37:6e:e6:b3:f8:44:9c:fd:61:e9:af:e8:87:0d:3c:08:
        48:62:24:1e

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:0c:52:4c:00:00:00:00:00:03
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
        Validity
            Not Before: Jul  6 20:40:17 2010 GMT
            Not After : Jul  6 20:50:17 2025 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e9:0e:64:50:79:67:b5:c4:e3:fd:09:00:4c:9e:
                    94:ac:f7:56:68:ea:44:d8:cf:c5:58:4f:a9:a5:76:
                    7c:6d:45:ba:d3:39:92:b4:a4:1e:f9:f9:65:82:e4:
                    17:d2:8f:fd:44:9c:08:e8:65:93:ce:2c:55:84:bf:
                    7d:08:e3:2e:2b:a8:41:2b:18:b7:a2:4b:6e:49:4c:
                    6b:15:07:de:d1:d2:c2:89:1e:71:94:cd:b5:7f:4b:
                    b4:af:08:d8:cc:88:d6:6b:17:94:3a:93:ce:26:3f:
                    ec:e6:fe:34:98:57:d5:1d:5d:49:f6:b2:2a:2e:d5:
                    85:bb:59:3f:f8:90:b4:2b:83:74:ca:2b:b3:3b:46:
                    e3:f0:46:49:c1:17:66:54:c9:1c:bd:1d:c4:55:62:
                    57:72:f8:67:b9:25:20:34:de:5d:a6:a5:95:5e:ab:
                    28:80:cd:d5:b2:9e:e5:03:b5:63:d3:b2:14:c8:c1:
                    c8:8a:26:0a:59:7f:07:ec:ff:0e:ed:80:12:35:4c:
                    12:a6:be:52:5b:f5:a6:da:e0:8b:0b:48:77:d6:85:
                    47:d5:10:b9:c6:e8:aa:ee:8b:6a:2d:05:5c:60:c6:
                    b4:2a:5b:9c:23:1c:5f:45:e3:1a:14:1e:6f:37:cb:
                    19:33:80:6a:89:4d:a3:6a:66:63:78:93:d5:30:cf:
                    95:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            1.3.6.1.4.1.311.21.1: 
                ...
            X509v3 Subject Key Identifier: 
                E6:FC:5F:7B:BB:22:00:58:E4:72:4E:B5:F4:21:74:23:32:E6:EF:AC
            1.3.6.1.4.1.311.20.2: 
                .
.S.u.b.C.A
            X509v3 Key Usage: 
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Authority Key Identifier: 
                D5:F6:56:CB:8F:E8:A2:5C:62:68:D1:3D:94:90:5B:D7:CE:9A:18:C4
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.311.46.3
                  CPS: http://www.microsoft.com/PKI/docs/CPS/default.htm
                  User Notice:
                    Explicit Text:  
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        1a:74:ef:57:4f:29:7b:c4:16:85:78:b8:50:d3:22:fc:09:9d:
        ac:82:97:f8:34:ff:2a:2c:97:95:12:e5:e4:bf:cf:bf:93:c8:
        e3:34:a9:db:81:b8:dc:1e:00:be:d2:35:6f:af:e5:7f:79:95:
        77:e5:02:d4:f1:eb:d8:cd:4e:1e:1b:61:a2:c2:5a:23:1a:f0:
        8c:a8:62:51:45:67:08:e3:3f:3c:1e:93:f8:30:85:17:c8:39:
        40:a6:d7:0e:b3:21:29:e5:a5:a1:69:8c:22:93:cc:74:98:e7:
        a1:47:43:f2:53:ac:c0:0f:30:69:7f:fe:d2:25:20:6d:6f:61:
        d3:df:07:d5:d9:72:00:2c:69:86:76:3d:51:db:a6:39:48:c9:
        37:61:6d:07:dd:53:19:cb:a7:d6:61:c2:bf:e2:83:ab:0f:e0:
        6b:9b:95:d6:7d:28:51:b0:89:4a:51:a4:9a:6c:c8:b7:1f:4a:
        1a:0e:69:a9:d7:dc:c1:7e:d1:49:70:aa:b6:ad:bb:72:47:63:
        17:fa:a6:d6:a2:a6:86:ec:a8:10:44:9b:63:b6:b2:69:89:06:
        c7:46:86:7a:18:3f:e8:c5:1d:21:d5:7b:f9:02:23:2d:c5:41:
        cb:bf:1d:4c:c8:16:ef:b1:9c:7f:fc:22:4b:49:8a:6e:15:e3:
        a6:7f:76:5b:d1:53:79:91:85:9d:d5:d2:db:3d:73:35:f3:3c:
        ae:54:b2:52:47:6a:c0:aa:13:95:d2:8e:11:da:99:67:5e:32:
        8c:fb:37:85:d1:dc:75:85:9c:87:c6:5a:57:85:c2:bf:dd:0d:
        8f:8c:9b:2d:eb:b4:ee:cf:27:d3:b5:5e:69:fa:a4:16:04:01:
        a7:24:67:73:cf:4d:4f:b6:de:05:56:97:7a:f7:e9:52:4d:f4:
        77:05:4f:85:c6:d8:0b:f1:8e:ed:42:09:d1:0d:76:e3:23:56:
        78:22:26:36:be:ca:b1:8c:6e:aa:1d:e4:85:da:47:33:62:8f:
        a4:c9:91:33:5f:71:1e:40:af:98:65:c9:22:e8:42:21:25:8a:
        1c:2d:60:d9:37:89:41:89:2a:16:0f:d7:61:3c:94:68:60:52:
        ef:d6:47:99:a0:80:40:ee:15:81:77:3e:9c:e0:53:18:1a:50:
        1d:38:95:9b:1e:66:33:13:27:39:17:78:87:36:ce:4e:c3:5f:
        b2:f5:3d:47:53:b6:e0:e5:db:0b:61:3d:2a:d7:92:2c:ce:37:
        5a:3e:40:42:31:a4:1f:10:08:c2:56:9c:bf:24:5d:51:02:9d:
        6a:79:d2:17:d3:da:c1:94:8e:07:7b:25:71:44:ab:06:6a:e6:
        d4:c6:df:23:9a:96:75:c5

undefined method `first' for #

show previews

offset	size	type	comment
0	587776	DLL	11/07/2096 11:01:59	#
15c1	15	HTM		#
8f800	8552	PKCS7	Authenticode Signature	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] can't find file_offset of VA 0x88d20

1bbf6108505884106877824e403def3f6162d63f.bin-

MZ Header

Rich Header

DOS stub

PE Header

Packer / Compiler

Sections

Data Directory

TLS

StringTable 040904b0

VS_FIXEDFILEINFO

Signers (1)

Certificates (2)

1bbf6108505884106877824e403def3f6162d63f.bin
-