8c97aee27d76f899a5c615ffc0a63a31_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c97aee27d76f899a5c615ffc0a63a31_JaffaCakes118
Size

29.9MB
MD5

8c97aee27d76f899a5c615ffc0a63a31
SHA1

a43873f1124d833c4942f0a2ede61268053d9a27
SHA256

ee2cd9096999c3ac61a74f40dfc42888876c3522f15a443b77d89c9bc4116422
SHA512

218144fbcfb6677f593033c53ba6d3f396ac5df23d42276dd3056df0d6f09b5b0ca0ec517495b100d4573d7f6d5c1b2d033e4cfe5880a875d33d20c12cd60ff5
SSDEEP

786432:zbS8Bz3x22KrY6QUxoTSlVwVW7obE9B/vu:XzctePV4oo9B3u

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/LinkButton.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/$PLUGINSDIR/nsWindows$_16_.dll
unpack002/$SYSDIR/winhttp.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UserInfo.dll
unpack003/$PLUGINSDIR/nsDialogs.dll

Files

8c97aee27d76f899a5c615ffc0a63a31_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bd0641e21b10edfc0a54866bde1ee66c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:e1:c2:d9:3b:3c:fb:bd:84:50:10:8a:58:a6:4f:76
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/05/2015, 00:00

Not After

22/07/2017, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:36:bf:a3:cd:ce:46:78:77:69:b9:ed:64:08:e4:92:43:9c:bc:28
Signer

Actual PE Digest

81:36:bf:a3:cd:ce:46:78:77:69:b9:ed:64:08:e4:92:43:9c:bc:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
CreateFileW
lstrcatW
lstrcpyW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
GetVersionExW
GetEnvironmentVariableW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
MessageBoxExW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Setup.exe
.exe windows:5 windows x86 arch:x86

bd0641e21b10edfc0a54866bde1ee66c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:e1:c2:d9:3b:3c:fb:bd:84:50:10:8a:58:a6:4f:76
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/05/2015, 00:00

Not After

22/07/2017, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:ae:2a:b7:6f:7d:cc:0c:b9:13:d2:73:5f:19:b3:73:38:22:4a:cf
Signer

Actual PE Digest

74:ae:2a:b7:6f:7d:cc:0c:b9:13:d2:73:5f:19:b3:73:38:22:4a:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
CreateFileW
lstrcatW
lstrcpyW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
GetVersionExW
GetEnvironmentVariableW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
MessageBoxExW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 244KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LinkButton.dll
.dll windows:5 windows x86 arch:x86

0b13a0800f2601c8945258e2533ea47e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfW
ClientToScreen
GetWindowRect
SetCapture
PtInRect
ReleaseCapture

comctl32

ord410
ord413

kernel32

lstrcpynW
GlobalFree
GlobalAlloc
lstrcpyW

Exports

Exports

BindLinkToAction

Sections

.text
Size: 1024B - Virtual size: 942B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsWindows$_16_.dll
.dll windows:4 windows x86 arch:x86

6281e52b0c4bb0e07b335d86fc902d2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcmpiW
MulDiv
lstrlenW
HeapAlloc
GetProcessHeap
lstrcpyW
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
GetCurrentDirectoryW
HeapFree
SetCurrentDirectoryW

user32

IsIconic
GetDlgItem
RemovePropW
DestroyWindow
DrawFocusRect
GetWindowLongW
ShowWindow
GetWindowTextW
CallWindowProcW
SetCursor
LoadCursorW
SetWindowPos
MapWindowPoints
CreateWindowExW
RegisterClassW
LoadIconW
GetWindowRect
IsWindow
SetWindowLongW
SetPropW
SetTimer
KillTimer
SetLayeredWindowAttributes
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
wsprintfW
SetForegroundWindow
GetPropW
GetClientRect
CharPrevW
MapDialogRect
CharNextW
SendMessageW
DrawTextW

gdi32

SetTextColor
GetStockObject

shell32

DragQueryFileW
DragAcceptFiles
SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetTransparent
SetUserData
Show
onDropFiles

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/winhttp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

86660019029121b29ff1b3398c0c83d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

winhttp.pdb

Imports

msvcrt

_wcsicmp
wcscpy
wcsncmp
_ltoa
wcsstr
wcscat
sprintf
isalpha
iscntrl
isspace
time
islower
iswlower
iswdigit
iswxdigit
wcstol
wcschr
isdigit
memchr
wcstok
_wtoi
wcsncpy
wcsncat
_wcsnicmp
wcscmp
rand
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
_purecall
isxdigit
wcsrchr
_except_handler3

shlwapi

StrStrW
StrCmpW
StrCmpNIW
StrCpyNW
StrStrIA
StrCmpIW
StrChrA
ord342
ord151
SHGetValueA
StrToIntA
StrCmpNIA
StrNCatA
StrRChrA
UrlCombineA
UrlCanonicalizeA
ord153
StrStrA
UrlUnescapeA

advapi32

RegOpenKeyA
RegCreateKeyExW
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
GetUserNameA
OpenProcessToken
GetTokenInformation
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
OpenThreadToken
RevertToSelf
SetThreadToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueA

kernel32

ResetEvent
RtlMoveMemory
CreateFileA
lstrcpynA
SetFilePointer
SetEndOfFile
WriteFile
OutputDebugStringA
SetErrorMode
GetDateFormatA
GetSystemTime
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatus
CreateThread
FreeLibraryAndExitThread
Sleep
SetEvent
InterlockedCompareExchange
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
LocalAlloc
LocalFree
InterlockedIncrement
GetCPInfo
IsDBCSLeadByteEx
WaitForSingleObject
ReleaseMutex
CreateMutexA
GlobalAlloc
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
InterlockedExchangeAdd
GetExitCodeThread
LocalFileTimeToFileTime
GetModuleHandleA
lstrcmpA
FormatMessageW
GlobalUnlock
GlobalLock
LoadLibraryW
CompareFileTime
GlobalSize
DeviceIoControl
GetComputerNameA
VirtualFree
VirtualAlloc
CreateSemaphoreA
ReleaseSemaphore
RaiseException
GlobalMemoryStatus
IsBadStringPtrA
PostQueuedCompletionStatus
GetLastError
MultiByteToWideChar
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
lstrlenA
lstrcatA
lstrcpyA
InterlockedExchange
GetVersionExA
GlobalFree
SetLastError
IsBadWritePtr
IsBadStringPtrW
IsBadReadPtr
WideCharToMultiByte
lstrlenW
IsBadCodePtr
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
lstrcmpiA
CreateEventA
CloseHandle
GetCurrentThread
lstrcmpiW
GetModuleFileNameW

user32

wsprintfW
CreateWindowExA
SetWindowLongA
MsgWaitForMultipleObjects
UnregisterClassA
RegisterClassA
PostMessageA
GetWindowLongA
DefWindowProcA
DestroyWindow
PeekMessageA
TranslateMessage
DispatchMessageA
CharLowerA
CharUpperA
CharToOemA
wsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
WinHttpAddRequestHeaders
WinHttpCheckPlatform
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpCreateUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetDefaultProxyConfiguration
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
WinHttpWriteData

Sections

.text
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Origin.VisualElementsManifest.xml
$TEMP/Origin.exe
.exe windows:5 windows x86 arch:x86

87c2f22aaa051eea5d178e91d7470c6d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:e1:c2:d9:3b:3c:fb:bd:84:50:10:8a:58:a6:4f:76
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/05/2015, 00:00

Not After

22/07/2017, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:91:d0:50:bb:4c:25:05:ea:13:2c:bf:f1:27:99:73:5e:5d:9c:f6
Signer

Actual PE Digest

7d:91:d0:50:bb:4c:25:05:ea:13:2c:bf:f1:27:99:73:5e:5d:9c:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\ebisu\hudson\workspace\Origin-HL\origin\HL\originClient\dev\runtime\Origin.pdb

Imports

gdi32

SetTextColor
BitBlt
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateFontW
CreateSolidBrush

user32

IsDlgButtonChecked
GetDlgItemTextW
MapWindowPoints
EnableWindow
EndPaint
ClientToScreen
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
GetMessageW
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
UnregisterClassW
GetFocus
GetParent
InvalidateRgn
LoadCursorW
GetClientRect
CreateAcceleratorTableW
SetFocus
CheckDlgButton
GetClassInfoExW
GetDC
TranslateMessage
RegisterClassExW
InvalidateRect
MapDialogRect
GetWindowTextW
ReleaseDC
SetWindowLongW
RedrawWindow
GetDesktopWindow
GetSysColor
SetWindowPos
CreateDialogParamW
IsWindow
ReleaseCapture
SendMessageW
SetWindowTextW
CallWindowProcW
GetWindow
MoveWindow
DispatchMessageW
SendNotifyMessageW
PostMessageW
EndDialog
LoadIconW
ShowWindow
IsDialogMessageW
SetDlgItemTextW
MessageBoxExW
DestroyWindow
SetForegroundWindow
FindWindowW
EnumWindows
PeekMessageW
GetClassNameW
SendMessageTimeoutW
CreateWindowExW
RegisterClassW
GetWindowRect
wsprintfW
GetWindowLongW
GetDlgItem
IsWindowVisible
DefWindowProcW
GetWindowThreadProcessId
BeginPaint

advapi32

ConvertStringSidToSidW
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
GetUserNameW
RegSetValueExW

winhttp

WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msvcp120

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z

msvcr120

__iob_func
_get_osfhandle
_wrmdir
_rmdir
_wunlink
_unlink
wcsncat
wcsrchr
isalpha
_wopen
_open
_open_osfhandle
fprintf
abort
_finite
_isnan
__daylight
__timezone
_tzset
_strtoui64
_ecvt
_fcvt
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
_stricmp
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_ismbblead
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_acmdln
_fmode
_commode
_except_handler4_common
_except1
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
wcsncpy
realloc
_setmode
calloc
memcpy
_umask
_close
strrchr
mbtowc
_strdup
_errno
_mktime64
memset
_CxxThrowException
__CxxFrameHandler3
mbstowcs_s
_itow_s
_wchdir
vsprintf_s
_wcslwr_s
wcstombs_s
strncmp
__argc
_recalloc
_snprintf_s
__argv
wcsncpy_s
towlower
sprintf
swprintf_s
exit
fclose
_localtime64
fwrite
memcpy_s
strftime
wcsftime
_lock_file
setvbuf
fsetpos
tolower
_vswprintf
fgetc
fflush
_fseeki64
fgetpos
ungetc
malloc
_unlock_file
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
fputc
_time64
wcstok_s
clock
??_V@YAXPAX@Z
wcsstr
free
_wtoi
_wcsicmp
wcschr
??2@YAPAXI@Z
wcscpy_s
wcscat_s
??3@YAXPAX@Z
_purecall
memmove
_strnicmp
toupper

kernel32

TlsFree
GetExitCodeThread
IsDebuggerPresent
GetPriorityClass
SetPriorityClass
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateMutexA
WaitForSingleObjectEx
SleepEx
ReleaseMutex
GetProcessHeap
HeapFree
HeapAlloc
SetEnvironmentVariableA
GetEnvironmentVariableA
GetFileInformationByHandle
EncodePointer
IsProcessorFeaturePresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
OutputDebugStringW
RemoveDirectoryW
TlsAlloc
GetNamedPipeHandleStateA
PeekNamedPipe
CreateDirectoryA
GetFileAttributesA
SetFileAttributesW
SetFilePointerEx
SetEndOfFile
GetFileAttributesW
GetFileType
SetFileTime
LoadLibraryA
CreateFileA
GetFullPathNameW
lstrlenA
LocalAlloc
GetTempPathW
CopyFileW
WideCharToMultiByte
SetFileAttributesA
CreateThread
GetCurrentProcessId
GetCurrentThreadId
lstrcmpiW
DecodePointer
FindClose
GetProcAddress
RaiseException
FlushInstructionCache
lstrcmpW
GetModuleFileNameW
MulDiv
LoadLibraryW
GetPrivateProfileStringW
GetSystemTimeAsFileTime
WaitForSingleObject
SetEnvironmentVariableW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
CreateProcessW
FreeLibrary
FindFirstFileW
LocalFree
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GetLocaleInfoW
GlobalAlloc
GlobalLock
DeleteFileW
GetDiskFreeSpaceExW
QueryPerformanceFrequency
LockResource
MoveFileW
MultiByteToWideChar
CreateFileW
ReadFile
GetVersionExW
SizeofResource
InitializeCriticalSectionAndSpinCount
WriteFile
CreateDirectoryW
QueryPerformanceCounter
MoveFileExW
LoadResource
FindResourceW
FreeResource
GetFileSize
GetCommandLineW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
SetLastError
GetLastError
TerminateProcess
Sleep
OpenProcess
GetTickCount
GetModuleHandleW
CreateMutexW
FindNextFileW

ole32

CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
CoUninitialize
CoTaskMemRealloc
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
OleInitialize
OleUninitialize
CoTaskMemFree
CoGetClassObject
CoTaskMemAlloc
CoInitializeEx

shell32

ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteExW

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString
SysStringLen
LoadTypeLi
OleCreateFontIndirect
VarUI4FromStr
LoadRegTypeLi
VariantChangeType
SysAllocStringLen

shlwapi

PathFileExistsW
StrStrIW
wnsprintfW

comctl32

InitCommonControlsEx

wintrust

WinVerifyTrust

crypt32

CertFindCertificateInStore
CryptMsgGetParam
CertGetNameStringW
CryptQueryObject
CryptMsgClose
CertFreeCertificateContext
CertCloseStore

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/OriginUninstall.exe
.exe windows:5 windows x86 arch:x86

bd0641e21b10edfc0a54866bde1ee66c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:e1:c2:d9:3b:3c:fb:bd:84:50:10:8a:58:a6:4f:76
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/05/2015, 00:00

Not After

22/07/2017, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f9:85:0f:28:d6:20:b0:7c:69:34:3c:75:03:84:32:9e:58:3a:6a:e4
Signer

Actual PE Digest

f9:85:0f:28:d6:20:b0:7c:69:34:3c:75:03:84:32:9e:58:3a:6a:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
CreateFileW
lstrcatW
lstrcpyW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
GetVersionExW
GetEnvironmentVariableW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
MessageBoxExW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 264KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/installerdll$_18_.dll
.dll windows:6 windows x86 arch:x86

6706a3794a9800386a1895fc34eccde5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:e1:c2:d9:3b:3c:fb:bd:84:50:10:8a:58:a6:4f:76
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/05/2015, 00:00

Not After

22/07/2017, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:01:85:f4:28:62:88:46:23:88:8a:ef:d6:0e:b3:54:25:fd:56:60
Signer

Actual PE Digest

55:01:85:f4:28:62:88:46:23:88:8a:ef:d6:0e:b3:54:25:fd:56:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\ebisu\hudson\workspace\Origin-HL\origin\HL\InstallerDLL\dev\bin\InstallerDLL.pdb

Imports

user32

MapVirtualKeyW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
SetWindowRgn
UnionRect
IsMenu
UpdateLayeredWindow
IsRectEmpty
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetKeyNameTextW
TrackMouseEvent
GetComboBoxInfo
IsZoomed
GetSystemMenu
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
GetMenuDefaultItem
SetRect
SetParent
LockWindowUpdate
SetClassLongW
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
FrameRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
MapDialogRect
DestroyCursor
GetWindowRgn
DispatchMessageW
SendMessageW
SetDlgItemTextW
CreateDialogParamW
ShowWindow
GetDlgItem
PeekMessageW
TranslateMessage
DestroyWindow
LoadImageW
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
OffsetRect
SetRectEmpty
DrawFocusRect
UnregisterClassW
WindowFromPoint
ReleaseCapture
GetNextDlgGroupItem
SetCapture
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
IsIconic
IntersectRect
DestroyMenu
GetMenuItemInfoW
PostQuitMessage
SendDlgItemMessageA
CopyImage
SetCursorPos
SystemParametersInfoW
DrawIconEx
GetIconInfo
MessageBeep
GetAsyncKeyState
MonitorFromPoint
DrawIcon
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
CharUpperW
GetSystemMetrics
UnhookWindowsHookEx
GetMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
GetWindowTextW
GetWindowTextLengthW
EnableWindow
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
FillRect
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
RegisterWindowMessageW
GetMessagePos
GetMessageTime
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
MapWindowPoints
CopyRect
EqualRect
PtInRect
SetWindowLongW
GetClassLongW
GetClassNameW
GetTopWindow
GetWindow
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
MoveWindow
CheckDlgButton
SetWindowTextW
IsDialogMessageW
GetDesktopWindow
RealChildWindowFromPoint
DestroyIcon
InflateRect

advapi32

CryptGenRandom
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
OpenThreadToken
IsTextUnicode
RegQueryValueExW
RegOpenKeyW
ConvertStringSidToSidW
LookupPrivilegeValueW
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclW
AdjustTokenPrivileges
RegCloseKey
CryptAcquireContextA
CryptReleaseContext

kernel32

QueryPerformanceCounter
GetEnvironmentVariableA
SetEnvironmentVariableA
QueryPerformanceFrequency
ReleaseMutex
SleepEx
WaitForSingleObjectEx
CreateMutexA
GetThreadPriority
SetPriorityClass
GetPriorityClass
GetSystemTimeAsFileTime
GetTimeZoneInformation
IsDebuggerPresent
TryEnterCriticalSection
InterlockedDecrement
InterlockedExchange
GetExitCodeThread
GetSystemInfo
SetThreadIdealProcessor
GetNativeSystemInfo
CreateProcessW
Thread32First
GetExitCodeProcess
Thread32Next
OpenThread
IsProcessorFeaturePresent
GetCommandLineA
RtlUnwind
ExitThread
HeapQueryInformation
ExitProcess
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetStdHandle
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
ReadConsoleW
IsValidLocale
EnumSystemLocalesW
LCMapStringW
OutputDebugStringW
WriteConsoleW
SetFilePointerEx
RemoveDirectoryW
HeapAlloc
LoadResource
GetDriveTypeW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
GetCurrentDirectoryW
GetVersionExW
CreateEventA
GetLocaleInfoW
CompareStringW
GlobalFlags
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
FreeResource
GetUserDefaultLangID
GetGeoInfoA
lstrlenA
FindResourceW
HeapReAlloc
GetSystemDirectoryW
EncodePointer
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
GlobalGetAtomNameW
lstrcmpA
HeapFree
ResumeThread
SuspendThread
SetThreadPriority
GetCurrentThreadId
SetErrorMode
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
LoadLibraryA
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
DuplicateHandle
OutputDebugStringA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
DeleteFileW
CopyFileW
FormatMessageW
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
WideCharToMultiByte
CreateThread
lstrcpyW
LocalFree
GetCurrentProcessId
CloseHandle
Module32NextW
GetShortPathNameW
CreateToolhelp32Snapshot
FindNextFileW
lstrcmpiW
Process32NextW
Module32FirstW
Process32FirstW
FindClose
GetProcAddress
SetLastError
GetLongPathNameW
WritePrivateProfileStringW
MultiByteToWideChar
CreateFileW
TerminateProcess
Sleep
LoadLibraryW
OpenProcess
GetUserGeoID
GetPrivateProfileStringW
GetCurrentThread
WaitForSingleObject
GetCurrentProcess
MoveFileExW
FreeLibrary
FindFirstFileW
DeleteCriticalSection
DecodePointer
LockResource
HeapSize
GetLastError
RaiseException
GetUserDefaultUILanguage
SizeofResource
InitializeCriticalSectionAndSpinCount
GetProcessHeap
GetModuleHandleExW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteExW

comctl32

InitCommonControlsEx

shlwapi

UrlEscapeW
PathFileExistsW
SHGetValueW
PathAppendW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW
UrlUnescapeW

uxtheme

DrawThemeParentBackground
OpenThemeData
GetThemePartSize
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
DrawThemeText

ole32

OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoDisconnectObject
CoCreateInstance
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VarBstrFromDate
VariantInit
SysAllocString
VariantChangeType
VariantCopy
VariantClear
LoadTypeLi
SysFreeString
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipCreateBitmapFromStream
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImagePaletteSize
GdipGetImageWidth

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

iphlpapi

GetNetworkParams
GetAdaptersAddresses

winmm

waveInGetNumDevs
PlaySoundW
timeGetTime

gdi32

GetTextFaceW
CopyMetaFileW
CreateDCW
GetDeviceCaps
BitBlt
CreateBitmap
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateFontIndirectW
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32W
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
GetTextMetricsW
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx

ws2_32

bind
ioctlsocket
getpeername
getsockname
getsockopt
connect
closesocket
socket
freeaddrinfo
getaddrinfo
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSARecvFrom
WSARecv
recv
WSAGetOverlappedResult
WSACreateEvent
WSACloseEvent
WSAGetLastError
WSACleanup
WSAStartup
gethostname
WSAIoctl
shutdown
setsockopt
sendto
send
select
recvfrom

Exports

Exports

??0EbisuTelemetryAPI@@QAE@XZ
??1EbisuTelemetryAPI@@UAE@XZ
??_7EbisuTelemetryAPI@@6B@
?CalculateIdFromString16@EbisuTelemetryAPI@@QAE_KPBG@Z
?CalculateIdFromString8@EbisuTelemetryAPI@@QAE_KPBD@Z
?GetMacAddr@EbisuTelemetryAPI@@QBE?BV?$basic_string@DVallocator@eastl@@@eastl@@XZ
?GetTelemetryEnum@EbisuTelemetryAPI@@AAEHPAD@Z
?GetTelemetryInterface@@YAPAVEbisuTelemetryAPI@@XZ
?GetTelemetryMachineHash@EbisuTelemetryAPI@@QBE?BV?$basic_string@DVallocator@eastl@@@eastl@@XZ
?HandleTelemetryBreakpoint@EbisuTelemetryAPI@@IAEXPBW4TelemetryDataFormatTypes@@PAD@Z
?IgnoreTelemetryBreakpoint@EbisuTelemetryAPI@@AAEXH@Z
?IsComputerSurfacePro@EbisuTelemetryAPI@@QBE_NXZ
?Metric_3PDD_INSTALL_COPYCDKEY@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_INSTALL_DIALOG_CANCEL@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_INSTALL_DIALOG_SHOW@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_INSTALL_TYPE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_3PDD_PLAY_COPYCDKEY@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_PLAY_DIALOG_CANCEL@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_PLAY_DIALOG_SHOW@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_PLAY_TYPE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACHIEVEMENT_ACHIEVED@EbisuTelemetryAPI@@QAEXHHH@Z
?Metric_ACHIEVEMENT_ACHIEVED_PER_GAME@EbisuTelemetryAPI@@QAEXPBD0HHH@Z
?Metric_ACHIEVEMENT_ACH_POST_FAIL@EbisuTelemetryAPI@@QAEXPBD00H0@Z
?Metric_ACHIEVEMENT_ACH_POST_SUCCESS@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_ACHIEVEMENT_COMPARISON_VIEW@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_ACHIEVEMENT_GRANT_DETECTED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_ACHIEVEMENT_SHARE_ACHIEVEMENT_DISMISSED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACHIEVEMENT_SHARE_ACHIEVEMENT_SHOW@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACHIEVEMENT_WC_POST_FAIL@EbisuTelemetryAPI@@QAEXPBD00H0@Z
?Metric_ACHIEVEMENT_WIDGET_PAGE_VIEW@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_ACHIEVEMENT_WIDGET_PURCHASE_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACTIVATION_CODE_REDEEM_ERROR@EbisuTelemetryAPI@@QAEXH@Z
?Metric_ACTIVATION_CODE_REDEEM_SUCCESS@EbisuTelemetryAPI@@QAEXXZ
?Metric_ACTIVATION_FAQ_PAGE_REQUEST@EbisuTelemetryAPI@@QAEXXZ
?Metric_ACTIVATION_REDEEM_PAGE_ERROR@EbisuTelemetryAPI@@QAEXHH@Z
?Metric_ACTIVATION_REDEEM_PAGE_REQUEST@EbisuTelemetryAPI@@QAEXXZ
?Metric_ACTIVATION_REDEEM_PAGE_SUCCESS@EbisuTelemetryAPI@@QAEXXZ
?Metric_ACTIVATION_WINDOW_CLOSE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACTIVE_TIMER_END@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_ACTIVE_TIMER_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_ALTLAUNCHER_SESSION_FAIL@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_APP_ADDITIONAL_CLIENT_LOG@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_APP_CMD@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_APP_CONFIG@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_APP_CONNECTION_LOST@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_DYNAMIC_URL_LOAD@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_APP_END@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_ESCALATION_ERROR@EbisuTelemetryAPI@@QAEXPBDHH00@Z
?Metric_APP_ESCALATION_SUCCESS@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_APP_INSTALL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_APP_MAC_ESCALATION_DENIED@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_MCID@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_MOTD_CLOSE@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_MOTD_SHOW@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_APP_POWER_MODE@EbisuTelemetryAPI@@QAEXW4PowerModeEnum@1@@Z
?Metric_APP_PREMATURE_TERMINATION@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_SESSION_ID@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_APP_SETTINGS@EbisuTelemetryAPI@@QAEX_N000@Z
?Metric_APP_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_UNINSTALL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_AUTHENTICATION_LOST@EbisuTelemetryAPI@@QAEXHHPBD@Z
?Metric_AUTOPATCH_CONFIGVERSION_DIPVERSION_DONTMATCH@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_AUTOPATCH_DOWNLOAD_SKIP@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_AUTOPATCH_DOWNLOAD_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_AUTOREPAIR_DOWNLOAD_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_AUTOREPAIR_NEEDS_REPAIR@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_AUTOREPAIR_TASK_ACCEPTED@EbisuTelemetryAPI@@QAEXXZ
?Metric_AUTOREPAIR_TASK_DECLINED@EbisuTelemetryAPI@@QAEXXZ
?Metric_BROADCAST_ACCOUNT_LINKED@EbisuTelemetryAPI@@QAEXG@Z
?Metric_BROADCAST_JOINED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_BROADCAST_STREAM_ERROR@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_BROADCAST_STREAM_START@EbisuTelemetryAPI@@QAEXPBD0_KG0@Z
?Metric_BROADCAST_STREAM_STOP@EbisuTelemetryAPI@@QAEXPBD0_KIII@Z
?Metric_BUG_REPORT@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_CAPTCHA_FAIL@EbisuTelemetryAPI@@QAEXXZ
?Metric_CAPTCHA_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_CATALOG_DEFINTION_CDN_LOOKUP_STATS@EbisuTelemetryAPI@@QAEXIIII@Z
?Metric_CATALOG_DEFINTION_LOOKUP_ERROR@EbisuTelemetryAPI@@QAEXPBDHH_N@Z
?Metric_CATALOG_DEFINTION_PARSE_ERROR@EbisuTelemetryAPI@@QAEXPBD0_N1H@Z
?Metric_CHATROOM_CREATE_GROUP@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_DEACTIVATED@EbisuTelemetryAPI@@QAEXPBD0H0@Z
?Metric_CHATROOM_DELETE_GROUP@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_DELETE_GROUP_FAILED@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_ENTER_ROOM@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_CHATROOM_ENTER_ROOM_FAIL@EbisuTelemetryAPI@@QAEXPBD0H@Z
?Metric_CHATROOM_EXIT_ROOM@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_CHATROOM_GROUP_COUNT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_CHATROOM_GROUP_WAS_DELETED@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_INVITE_ACCEPTED@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_INVITE_DECLINED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CHATROOM_INVITE_RECEIVED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CHATROOM_INVITE_SENT@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_CHATROOM_KICKED_FROM_GROUP@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_LEAVE_GROUP@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHAT_SESSION_END@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_CHAT_SESSION_START@EbisuTelemetryAPI@@QAEX_N_K@Z
?Metric_CLOUD_ACTION_GAME_NEW_CONTENT_DOWNLOADED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_ACTION_OBJECT_DELETION@EbisuTelemetryAPI@@QAEXPBDI@Z
?Metric_CLOUD_AUTOMATIC_RECOVERY_SUCCESS@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_AUTOMATIC_SAVE_SUCCESS@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_ERROR_PULL_FAILED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_ERROR_PUSH_FAILED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_ERROR_SYNC_LOCKING_UNSUCCESFUL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_MANUAL_RECOVERY@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_MIGRATION_SUCCESS@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_PUSH_MONITORING@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_CLOUD_WARNING_SPACE_CLOUD_LOW@EbisuTelemetryAPI@@QAEXPBDI@Z
?Metric_CLOUD_WARNING_SPACE_CLOUD_MAX_CAPACITY@EbisuTelemetryAPI@@QAEXPBDI@Z
?Metric_CLOUD_WARNING_SYNC_CONFLICT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CONTENTSALES_PURCHASE@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_CONTENTSALES_VIEW_IN_STORE@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_CUSTOMIZE_BOXART_APPLY@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_CUSTOMIZE_BOXART_CANCEL@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_CUSTOMIZE_BOXART_START@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_DEVMODE_ACTIVATE_ERROR@EbisuTelemetryAPI@@QAEXPBD0I@Z
?Metric_DEVMODE_ACTIVATE_SUCCESS@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_DEVMODE_DEACTIVATE_ERROR@EbisuTelemetryAPI@@QAEXPBD0I@Z
?Metric_DEVMODE_DEACTIVATE_SUCCESS@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_DIRTYBITS_MESSAGE_COUNTER@EbisuTelemetryAPI@@QAEXPBD0000000000@Z
?Metric_DIRTYBITS_NETWORK_CONNECTED@EbisuTelemetryAPI@@QAEXXZ
?Metric_DIRTYBITS_NETWORK_DISCONNECTED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_DIRTYBITS_NETWORK_SUDDEN_DISCONNECTION@EbisuTelemetryAPI@@QAEX_J@Z
?Metric_DIRTYBITS_RETRIES_CAPPED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_DL_CANCEL@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_DL_CONNECTION_STATS@EbisuTelemetryAPI@@QAEXPBD000_K11G@Z
?Metric_DL_CONTENT_LENGTH@EbisuTelemetryAPI@@QAEXPBD000000@Z
?Metric_DL_CRC_FAILURE@EbisuTelemetryAPI@@QAEXPBD0IIIII@Z
?Metric_DL_DATA_ERROR@EbisuTelemetryAPI@@QAEXPBD000I@Z
?Metric_DL_DIP3_CANCELED@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_DL_DIP3_ERROR@EbisuTelemetryAPI@@QAEXPBDII0@Z
?Metric_DL_DIP3_PREPARE@EbisuTelemetryAPI@@QAEXPBDI@Z
?Metric_DL_DIP3_SUCCESS@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_DL_DIP3_SUMMARY@EbisuTelemetryAPI@@QAEXPBDIII_K111111@Z
?Metric_DL_ELAPSEDTIME_TO_READYTOPLAY@EbisuTelemetryAPI@@QAEXPBD_K_N222@Z
?Metric_DL_ERROR@EbisuTelemetryAPI@@QAEXPBD00HH0I_N@Z
?Metric_DL_ERRORBOX@EbisuTelemetryAPI@@QAEXPBDHH@Z
?Metric_DL_ERROR_PREALLOCATE@EbisuTelemetryAPI@@QAEXPBD00II@Z
?Metric_DL_ERROR_VENDOR_IP@EbisuTelemetryAPI@@QAEXPBD0HH@Z
?Metric_DL_IMMEDIATE_ERROR@EbisuTelemetryAPI@@QAEXPBD000I@Z
?Metric_DL_OPTI_DATA@EbisuTelemetryAPI@@QAEXPBD0000I0FFII@Z
?Metric_DL_PAUSE@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_DL_POPULATE_ERROR@EbisuTelemetryAPI@@QAEXPBD0H0I@Z
?Metric_DL_PROXY_DETECTED@EbisuTelemetryAPI@@QAEXXZ
?Metric_DL_REDOWNLOAD@EbisuTelemetryAPI@@QAEXPBD00HII@Z
?Metric_DL_START@EbisuTelemetryAPI@@QAEXPBD00000_K00_N22@Z
?Metric_DL_SUCCESS@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_DYNAMICDOWNLOAD_GAMELAUNCH@EbisuTelemetryAPI@@QAEXPBD00_K11@Z
?Metric_EMAIL_VERIFICATION_DISMISSED@EbisuTelemetryAPI@@QAEXXZ
?Metric_EMAIL_VERIFICATION_STARTS_BANNER@EbisuTelemetryAPI@@QAEXXZ
?Metric_EMAIL_VERIFICATION_STARTS_CLIENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_ENTITLEMENTS_NONE_GOTO_STORE@EbisuTelemetryAPI@@QAEXW4EntitlementNoneEnum@1@@Z
?Metric_ENTITLEMENT_CATALOG_MASTERTITLE_UPDATE_DETECTED@EbisuTelemetryAPI@@QAEXPBD_K@Z
?Metric_ENTITLEMENT_CATALOG_OFFER_UPDATE_DETECTED@EbisuTelemetryAPI@@QAEXPBD_K@Z
?Metric_ENTITLEMENT_CATALOG_UPDATE_DBIT_PARSE_ERROR@EbisuTelemetryAPI@@QAEXXZ
?Metric_ENTITLEMENT_DIRTYBIT_NOTIFICATION@EbisuTelemetryAPI@@QAEXXZ
?Metric_ENTITLEMENT_DIRTYBIT_REFRESH@EbisuTelemetryAPI@@QAEXXZ
?Metric_ENTITLEMENT_EXTRACONTENT_REFRESH_COMPLETED@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_ENTITLEMENT_EXTRACONTENT_REFRESH_ERROR@EbisuTelemetryAPI@@QAEXPBDHHH@Z
?Metric_ENTITLEMENT_FAVORITE@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_ENTITLEMENT_FREE_TRIAL_ERROR@EbisuTelemetryAPI@@QAEXHH@Z
?Metric_ENTITLEMENT_GAME_COUNT_LOGIN@EbisuTelemetryAPI@@QAEXHH@Z
?Metric_ENTITLEMENT_GAME_COUNT_LOGOUT@EbisuTelemetryAPI@@QAEXHHHHH@Z
?Metric_ENTITLEMENT_HIDE@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_ENTITLEMENT_OFFER_VERSION_UPDATE_CHECK@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_ENTITLEMENT_OFFER_VERSION_UPDATE_CHECK_COMPLETED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_ENTITLEMENT_OFFER_VERSION_UPDATE_CHECK_TIMEOUT@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_ENTITLEMENT_REFRESH_COMPLETED@EbisuTelemetryAPI@@QAEXIIH@Z
?Metric_ENTITLEMENT_REFRESH_ERROR@EbisuTelemetryAPI@@QAEXHHH@Z
?Metric_ENTITLEMENT_REFRESH_REQUEST_REFUSED@EbisuTelemetryAPI@@QAEXII@Z
?Metric_ENTITLEMENT_RELOAD@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ENTITLEMENT_UNFAVORITE@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_ENTITLEMENT_UNHIDE@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_ERROR_CRASH@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_ERROR_DELETE_FILE@EbisuTelemetryAPI@@QAEXPBD0H@Z
?Metric_ERROR_NOTIFY@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_ERROR_REST@EbisuTelemetryAPI@@QAEXHHHPBD0@Z
?Metric_FEATURE_CALLOUT_DISMISSED@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_FEATURE_CALLOUT_SERIES_COMPLETE@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_FREETRIAL_PURCHASE@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_FRIEND_BLOCK_ADD_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_BLOCK_REMOVE_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_COUNT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_FRIEND_IMPORT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_INVITE_ACCEPTED@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_FRIEND_INVITE_IGNORED@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_FRIEND_INVITE_SENT@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_FRIEND_REMOVAL_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_REPORT_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_USERNAME_MISSING@EbisuTelemetryAPI@@QAEXH@Z
?Metric_FRIEND_VIEWSOURCE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAMEPROPERTIES_ADDON_BUY_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAMEPROPERTIES_ADDON_DESCR_EXPANDED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAMEPROPERTIES_APPLY_CHANGES@EbisuTelemetryAPI@@QAEX_NPBD110@Z
?Metric_GAMEPROPERTIES_AUTO_DOWNLOAD_EXTRA_CONTENT@EbisuTelemetryAPI@@QAEXPBDAB_N0@Z
?Metric_GAMEPROPERTIES_LANG_CHANGES@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GAMEPROPERTIES_UPDATE_COUNT_LOGOUT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_GAME_ALTLAUNCHER_FAIL@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_GAME_INSTALL_ERROR@EbisuTelemetryAPI@@QAEXPBD0HH@Z
?Metric_GAME_INSTALL_START@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GAME_INSTALL_SUCCESS@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GAME_INVITE_ACCEPTED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_INVITE_DECLINE_RECEIVED@EbisuTelemetryAPI@@QAEXXZ
?Metric_GAME_INVITE_DECLINE_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_GAME_INVITE_SENT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_LAUNCH_CANCELLED@EbisuTelemetryAPI@@QAEXPBDPAD@Z
?Metric_GAME_SESSION_END@EbisuTelemetryAPI@@QAEXPBDH_N0001@Z
?Metric_GAME_SESSION_START@EbisuTelemetryAPI@@QAEXPBD000_N0001@Z
?Metric_GAME_SESSION_UNMONITORED@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_GAME_UNINSTALL_CANCEL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_UNINSTALL_CLICKED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_UNINSTALL_START@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_ZERO_LENGTH_UPDATE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GC_ACCEPTING_CR_INVITE@EbisuTelemetryAPI@@QAEXXZ
?Metric_GC_ACCEPTING_MUC_INVITE@EbisuTelemetryAPI@@QAEXXZ
?Metric_GC_CREATE_BORN_MUC_ROOM@EbisuTelemetryAPI@@QAEXXZ
?Metric_GC_DECLINING_MUC_INVITE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GC_MUC_EXIT@EbisuTelemetryAPI@@QAEXHHH@Z
?Metric_GC_MUC_UPGRADE_AUTO_ACCEPT@EbisuTelemetryAPI@@QAEXXZ
?Metric_GC_MUC_UPGRADE_INITIATING@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_GC_RECEIVE_MUC_INVITE@EbisuTelemetryAPI@@QAEXXZ
?Metric_GREYMARKET_BYPASS_FILTER@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_GREYMARKET_LANGUAGE_LIST@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GREYMARKET_LANGUAGE_SELECTION@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_GREYMARKET_LANGUAGE_SELECTION_BYPASS@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_GREYMARKET_LANGUAGE_SELECTION_ERROR@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_GUI_DETAILS_UPDATE_CLICKED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GUI_MYGAMESDETAILSPAGEVIEW@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GUI_MYGAMES_CLOUD_STORAGE_TAB_VIEW@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GUI_MYGAMES_HTTP_ERROR@EbisuTelemetryAPI@@QAEXHHHPBD@Z
?Metric_GUI_MYGAMES_MANUAL_LINK_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GUI_MYGAMES_PLAY_SOURCE@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GUI_MYGAMEVIEWSTATEEXIT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_GUI_MYGAMEVIEWSTATETOGGLE@EbisuTelemetryAPI@@QAEXH@Z
?Metric_GUI_SETTINGS_VIEW@EbisuTelemetryAPI@@QAEXW4GUISettingsViewEnum@1@@Z
?Metric_GUI_TAB_VIEW@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_HELP_ORIGIN_ER@EbisuTelemetryAPI@@QAEXXZ
?Metric_HELP_ORIGIN_FORUM@EbisuTelemetryAPI@@QAEXXZ
?Metric_HELP_ORIGIN_HELP@EbisuTelemetryAPI@@QAEXXZ
?Metric_HELP_WHATS_NEW@EbisuTelemetryAPI@@QAEXXZ
?Metric_HOME_NAVIGATE_URL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_ACHIEVEMENTS_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_BUYNOW_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_BUY_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_DETAILS_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_DOWNLOAD_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_UPDATE_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HW_CPU@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_DISPLAY@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_HDD@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_MEM@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_MICROPHONE@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_ODD@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_OS@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_RESOLUTION@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_VIDEO@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_WEBCAM@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_ADDTAB@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_CLOSETAB@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_END@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_MAPP@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_IGO_BROWSER_PAGELOAD@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_URLSHORTCUT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_IGO_HOOKING_BEGIN@EbisuTelemetryAPI@@QAEXPBD_JI_N@Z
?Metric_IGO_HOOKING_END@EbisuTelemetryAPI@@QAEXPBD_JI@Z
?Metric_IGO_HOOKING_FAIL@EbisuTelemetryAPI@@QAEXPBD_JI000@Z
?Metric_IGO_HOOKING_INFO@EbisuTelemetryAPI@@QAEXPBD_JI000@Z
?Metric_IGO_INJECTION_FAIL@EbisuTelemetryAPI@@QAEXPBD_N1@Z
?Metric_IGO_OVERLAY_3RDPARTY_DLL@EbisuTelemetryAPI@@QAEX_N0PBD@Z
?Metric_IGO_OVERLAY_END@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_OVERLAY_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_INVALID_SETTINGS_PATH_CHAR@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ITE_CLIENT_CANCELLED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ITE_CLIENT_FAILED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ITE_CLIENT_RUNNING@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_ITE_CLIENT_SUCCESS@EbisuTelemetryAPI@@QAEXXZ
?Metric_JUMPLIST_ACTION@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_LOCALHOST_AUTH_SSO_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_LOCALHOST_SECURITY_FAILURE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_LOCALHOST_SERVER_DISABLED@EbisuTelemetryAPI@@QAEXXZ
?Metric_LOCALHOST_SERVER_START@EbisuTelemetryAPI@@QAEXII@Z
?Metric_LOCALHOST_SERVER_STOP@EbisuTelemetryAPI@@QAEXXZ
?Metric_LOGIN_COOKIE_LOAD@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_LOGIN_COOKIE_SAVE@EbisuTelemetryAPI@@QAEXPBD00II@Z
?Metric_LOGIN_FAIL@EbisuTelemetryAPI@@QAEXPBD00H0II00@Z
?Metric_LOGIN_FAVORITES@EbisuTelemetryAPI@@QAEXH@Z
?Metric_LOGIN_HIDDEN@EbisuTelemetryAPI@@QAEXH@Z
?Metric_LOGIN_INVISIBLE@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_LOGIN_OEM@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_LOGIN_OK@EbisuTelemetryAPI@@QAEX_N0PBD0@Z
?Metric_LOGIN_START@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_LOGIN_UNKNOWN@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_LOGOUT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_MANUALPATCH_DOWNLOAD_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_METRIC_FOOTPRINT_INFO_STORE@EbisuTelemetryAPI@@QAEXII@Z
?Metric_NETWORK_SSL_ERROR@EbisuTelemetryAPI@@QAEXPBDI000@Z
?Metric_NET_PROMOTER_GAME_SCORE@EbisuTelemetryAPI@@QAEXPBD000_N@Z
?Metric_NET_PROMOTER_SCORE@EbisuTelemetryAPI@@QAEXPBD00_N@Z
?Metric_NET_PROMOTER_SUBS_SCORE@EbisuTelemetryAPI@@QAEXPBD00_N@Z
?Metric_NON_ORIGIN_GAME_ADD@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NON_ORIGIN_GAME_COUNT_LOGIN@EbisuTelemetryAPI@@QAEXH@Z
?Metric_NON_ORIGIN_GAME_COUNT_LOGOUT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_NON_ORIGIN_GAME_ID_LOGIN@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NON_ORIGIN_GAME_ID_LOGOUT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NUX_CANCEL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NUX_EMAILDUPLICATE@EbisuTelemetryAPI@@QAEXXZ
?Metric_NUX_END@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NUX_OEM@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NUX_PROFILE@EbisuTelemetryAPI@@QAEX_N0000@Z
?Metric_NUX_START@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_ODT_APPLY_CHANGES@EbisuTelemetryAPI@@QAEXXZ
?Metric_ODT_BUTTON_PRESSED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ODT_LAUNCH@EbisuTelemetryAPI@@QAEXXZ
?Metric_ODT_NAVIGATE_URL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ODT_OVERRIDE_MODIFIED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_ODT_RESTART_CLIENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_ODT_TELEMETRY_VIEWER_CLOSED@EbisuTelemetryAPI@@QAEXXZ
?Metric_ODT_TELEMETRY_VIEWER_OPENED@EbisuTelemetryAPI@@QAEXXZ
?Metric_OER_ERROR@EbisuTelemetryAPI@@QAEXXZ
?Metric_OER_LAUNCHED@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_OER_REPORT_SENT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ORIGIN_SDK_UNFILTERED_ENTITLEMENTS_REQUEST@EbisuTelemetryAPI@@QAEXPAD0@Z
?Metric_ORIGIN_SDK_VERSION_CONNECTED@EbisuTelemetryAPI@@QAEXPAD0@Z
?Metric_OTH_BANNER_LOADED@EbisuTelemetryAPI@@QAEXXZ
?Metric_PASSWORD_RESET@EbisuTelemetryAPI@@QAEXXZ
?Metric_PASSWORD_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_PERFORMANCE_TIMER_CLEAR@EbisuTelemetryAPI@@QAEXW4PerformanceTimerEnum@1@@Z
?Metric_PERFORMANCE_TIMER_END@EbisuTelemetryAPI@@QAEXW4PerformanceTimerEnum@1@II@Z
?Metric_PERFORMANCE_TIMER_START@EbisuTelemetryAPI@@QAEXW4PerformanceTimerEnum@1@_K@Z
?Metric_PERFORMANCE_TIMER_STOP@EbisuTelemetryAPI@@QAEXW4PerformanceTimerEnum@1@@Z
?Metric_PINNED_WIDGETS_COUNT@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_PINNED_WIDGETS_HOTKEY_TOGGLED@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_PINNED_WIDGETS_STATE_CHANGED@EbisuTelemetryAPI@@QAEXPBDGGG@Z
?Metric_PLUGIN_LOAD_FAILED@EbisuTelemetryAPI@@QAEXPBD00HH@Z
?Metric_PLUGIN_LOAD_SUCCESS@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_PLUGIN_OPERATION@EbisuTelemetryAPI@@QAEXPBD000H@Z
?Metric_PRIVACY_CANCEL@EbisuTelemetryAPI@@QAEXXZ
?Metric_PRIVACY_END@EbisuTelemetryAPI@@QAEXXZ
?Metric_PRIVACY_SETTINGS@EbisuTelemetryAPI@@QAEXXZ
?Metric_PRIVACY_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_PROMOMANAGER_END@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_PROMOMANAGER_MANUAL_OPEN@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_PROMOMANAGER_MANUAL_RESULT@EbisuTelemetryAPI@@QAEXIPBD00@Z
?Metric_PROMOMANAGER_MANUAL_VIEW_IN_STORE@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_PROMOMANAGER_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_QUEUE_CALLOUT_SHOWN@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_QUEUE_ENTITLMENT_COUNT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_QUEUE_GUI_HTTP_ERROR@EbisuTelemetryAPI@@QAEXHHHPBD@Z
?Metric_QUEUE_HEAD_BUSY_WARNING_SHOWN@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_QUEUE_ITEM_REMOVED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_QUEUE_ORDER_CHANGED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_QUEUE_WINDOW_OPENED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_QUIETMODE_ENABLED@EbisuTelemetryAPI@@QAEX_N00@Z
?Metric_REPAIRINSTALL_FILES_STATS@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_REPAIRINSTALL_REPLACECANCELED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_REPLACINGFILES@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_REPLACINGFILESCOMPLETED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_REQUESTED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_VERIFYCANCELED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_VERIFYFILESCOMPLETED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SECURITY_QUESTION_CANCEL@EbisuTelemetryAPI@@QAEXXZ
?Metric_SECURITY_QUESTION_SET@EbisuTelemetryAPI@@QAEXXZ
?Metric_SECURITY_QUESTION_SHOW@EbisuTelemetryAPI@@QAEXXZ
?Metric_SELFPATCH_DECLINED@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_DL_FINISHED@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_DL_START@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_FOUND@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_LAUNCHED@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_OFFLINE_MODE@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_SIGNATURE_INVALID_HASH@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_SIGNATURE_UNTRUSTED_SIGNER@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SETTINGS@EbisuTelemetryAPI@@QAEX_N000000W4DefaultTabSetting@1@W4IGOEnableSetting@1@@Z
?Metric_SETTINGS_FILE_FIX_RESULT@EbisuTelemetryAPI@@QAEXW4SettingFixResult@1@IIIPBD@Z
?Metric_SETTINGS_PROP_READ_ERROR@EbisuTelemetryAPI@@QAEXXZ
?Metric_SETTINGS_SYNC_FAILED@EbisuTelemetryAPI@@QAEXPBD0IIII00@Z
?Metric_SINGLE_LOGIN_FIRST_USER_LOGGING_OUT@EbisuTelemetryAPI@@QAEXXZ
?Metric_SINGLE_LOGIN_GO_OFFLINE_ACTION@EbisuTelemetryAPI@@QAEXXZ
?Metric_SINGLE_LOGIN_GO_ONLINE_ACTION@EbisuTelemetryAPI@@QAEXXZ
?Metric_SINGLE_LOGIN_SECOND_USER_LOGGING_IN@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SONAR_CLIENT_CONNECTED@EbisuTelemetryAPI@@QAEXPBD0CFF0FI0@Z
?Metric_SONAR_CLIENT_DISCONNECTED@EbisuTelemetryAPI@@QAEXPBD00IIIIIIIIIIIIIHHHHIIIIIIIIIIIIIIIII0HH@Z
?Metric_SONAR_CLIENT_STATS@EbisuTelemetryAPI@@QAEXPBDIIIIIIIIIII@Z
?Metric_SONAR_ERROR@EbisuTelemetryAPI@@QAEXPBD0I@Z
?Metric_SONAR_MESSAGE@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_SONAR_STAT@EbisuTelemetryAPI@@QAEXPBD0I@Z
?Metric_SSO_FLOW_ERROR@EbisuTelemetryAPI@@QAEXPBD0HI0@Z
?Metric_SSO_FLOW_INFO@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SSO_FLOW_RESULT@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_SSO_FLOW_START@EbisuTelemetryAPI@@QAEXPBD00I@Z
?Metric_STORE_LOAD_STATUS@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_STORE_NAVIGATE_OTH@EbisuTelemetryAPI@@QAEXW4OnTheHouseEnum@1@@Z
?Metric_STORE_NAVIGATE_URL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SUBSCRIPTION_ENT_REMOVED@EbisuTelemetryAPI@@QAEXPBD_N0@Z
?Metric_SUBSCRIPTION_ENT_REMOVE_START@EbisuTelemetryAPI@@QAEXPBD0_N0@Z
?Metric_SUBSCRIPTION_ENT_UPGRADED@EbisuTelemetryAPI@@QAEXPBD00_N0@Z
?Metric_SUBSCRIPTION_FAQ_PAGE_REQUEST@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SUBSCRIPTION_INFO@EbisuTelemetryAPI@@QAEXHPBD0@Z
?Metric_SUBSCRIPTION_UPSELL@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_SUBSCRIPTION_USER_GOES_ONLINE@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_TRIAL_BURNTIME_CALLED@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_TRIAL_BURNTIME_FAILED@EbisuTelemetryAPI@@QAEXPBDH00@Z
?Metric_TRIAL_BURNTIME_GRANTED@EbisuTelemetryAPI@@QAEXPBD0HH@Z
?Metric_TRIAL_BURNTIME_NOTENTITLED@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_TRIAL_CHECKTIME_CALLED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_TRIAL_CHECKTIME_FAILED@EbisuTelemetryAPI@@QAEXPBDH00@Z
?Metric_TRIAL_CHECKTIME_SUCCEEDED@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_USER_PRESENCE_SET@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_USER_PROFILE_VIEW@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_USER_PROFILE_VIEWGAMESOURCE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_VC_CHANNEL_ERROR@EbisuTelemetryAPI@@QAEXPBD0H@Z
?Metric_WEBWIDGET_DL_ERROR@EbisuTelemetryAPI@@QAEXPADH@Z
?Metric_WEBWIDGET_DL_START@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_WEBWIDGET_DL_SUCCESS@EbisuTelemetryAPI@@QAEXPADI@Z
?Metric_WEBWIDGET_LOADED@EbisuTelemetryAPI@@QAEXPAD0@Z
?Metric_WEB_APPLICATION_CACHE_CLEAR@EbisuTelemetryAPI@@QAEXXZ
?Metric_WEB_APPLICATION_CACHE_DOWNLOAD@EbisuTelemetryAPI@@QAEXXZ
?RUNNING_TIMER_CLEAR@EbisuTelemetryAPI@@QAEXXZ
?RUNNING_TIMER_START@EbisuTelemetryAPI@@QAEX_K@Z
?SetBootstrapVersion@EbisuTelemetryAPI@@QAEXPBD@Z
?SetGameLaunchSource@EbisuTelemetryAPI@@QAEXW4LaunchSource@1@@Z
?SetIsFreeToPlayITO@EbisuTelemetryAPI@@QAEX_N@Z
?SetLocale@EbisuTelemetryAPI@@QAEXPBD@Z
?UpdateDownloadSession@EbisuTelemetryAPI@@QAEXPBD_K1@Z
?init@OriginTelemetry@@YAXPBD@Z
?release@OriginTelemetry@@YAXXZ
?setAlternateSoftwareIDLaunch@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@0@Z
?setCountriesBlacklist@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@@Z
?setHooksBlacklist@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@@Z
?setSDKStartGameLaunch@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@0@Z
?setTelemetryServer@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@@Z
CleanUserConfigDir
DoPendingDownloadsExist
FindProcess
GetCurrentCachePath
GetCurrentLocale
GetLockingProcessList
GrabDBGPrivilege
GrantEveryoneAccessToFile
IsUpdate
IsUserInCanada
KillProcess
MigrateCacheAndSettings
RelativizeManifestPaths
RunProcess
ShowProgressWindow

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 455KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/WindowsInstaller-KB893803-v2-x86.exe
.exe windows:6 windows x86 arch:x86

f676e16c67a815430fbcd6d520ece6e4

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

02:b7:21:1e:39:9a:28:2f:be:ca:b5:cc:b9:f9:79:df:cd:15:97:7f
Signer

Actual PE Digest

02:b7:21:1e:39:9a:28:2f:be:ca:b5:cc:b9:f9:79:df:cd:15:97:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb

Imports

msvcrt

strncpy
toupper
sprintf
strchr
_strnicmp
_stricmp
strrchr
_strcmpi
strstr
_strlwr
_snprintf

advapi32

InitiateSystemShutdownA
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid

kernel32

ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
MoveFileA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
DosDateTimeToFileTime
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetCurrentDirectoryA
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime

user32

ShowWindow
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
LoadStringA
EndDialog

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/installerdll$_18_.dll
.dll windows:6 windows x86 arch:x86

6706a3794a9800386a1895fc34eccde5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:e1:c2:d9:3b:3c:fb:bd:84:50:10:8a:58:a6:4f:76
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/05/2015, 00:00

Not After

22/07/2017, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:01:85:f4:28:62:88:46:23:88:8a:ef:d6:0e:b3:54:25:fd:56:60
Signer

Actual PE Digest

55:01:85:f4:28:62:88:46:23:88:8a:ef:d6:0e:b3:54:25:fd:56:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\ebisu\hudson\workspace\Origin-HL\origin\HL\InstallerDLL\dev\bin\InstallerDLL.pdb

Imports

user32

MapVirtualKeyW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
SetWindowRgn
UnionRect
IsMenu
UpdateLayeredWindow
IsRectEmpty
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetKeyNameTextW
TrackMouseEvent
GetComboBoxInfo
IsZoomed
GetSystemMenu
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
GetMenuDefaultItem
SetRect
SetParent
LockWindowUpdate
SetClassLongW
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
FrameRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
MapDialogRect
DestroyCursor
GetWindowRgn
DispatchMessageW
SendMessageW
SetDlgItemTextW
CreateDialogParamW
ShowWindow
GetDlgItem
PeekMessageW
TranslateMessage
DestroyWindow
LoadImageW
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
OffsetRect
SetRectEmpty
DrawFocusRect
UnregisterClassW
WindowFromPoint
ReleaseCapture
GetNextDlgGroupItem
SetCapture
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
IsIconic
IntersectRect
DestroyMenu
GetMenuItemInfoW
PostQuitMessage
SendDlgItemMessageA
CopyImage
SetCursorPos
SystemParametersInfoW
DrawIconEx
GetIconInfo
MessageBeep
GetAsyncKeyState
MonitorFromPoint
DrawIcon
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
CharUpperW
GetSystemMetrics
UnhookWindowsHookEx
GetMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
GetWindowTextW
GetWindowTextLengthW
EnableWindow
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
FillRect
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
RegisterWindowMessageW
GetMessagePos
GetMessageTime
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
MapWindowPoints
CopyRect
EqualRect
PtInRect
SetWindowLongW
GetClassLongW
GetClassNameW
GetTopWindow
GetWindow
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
MoveWindow
CheckDlgButton
SetWindowTextW
IsDialogMessageW
GetDesktopWindow
RealChildWindowFromPoint
DestroyIcon
InflateRect

advapi32

CryptGenRandom
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
OpenThreadToken
IsTextUnicode
RegQueryValueExW
RegOpenKeyW
ConvertStringSidToSidW
LookupPrivilegeValueW
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclW
AdjustTokenPrivileges
RegCloseKey
CryptAcquireContextA
CryptReleaseContext

kernel32

QueryPerformanceCounter
GetEnvironmentVariableA
SetEnvironmentVariableA
QueryPerformanceFrequency
ReleaseMutex
SleepEx
WaitForSingleObjectEx
CreateMutexA
GetThreadPriority
SetPriorityClass
GetPriorityClass
GetSystemTimeAsFileTime
GetTimeZoneInformation
IsDebuggerPresent
TryEnterCriticalSection
InterlockedDecrement
InterlockedExchange
GetExitCodeThread
GetSystemInfo
SetThreadIdealProcessor
GetNativeSystemInfo
CreateProcessW
Thread32First
GetExitCodeProcess
Thread32Next
OpenThread
IsProcessorFeaturePresent
GetCommandLineA
RtlUnwind
ExitThread
HeapQueryInformation
ExitProcess
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetStdHandle
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
ReadConsoleW
IsValidLocale
EnumSystemLocalesW
LCMapStringW
OutputDebugStringW
WriteConsoleW
SetFilePointerEx
RemoveDirectoryW
HeapAlloc
LoadResource
GetDriveTypeW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
GetCurrentDirectoryW
GetVersionExW
CreateEventA
GetLocaleInfoW
CompareStringW
GlobalFlags
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
FreeResource
GetUserDefaultLangID
GetGeoInfoA
lstrlenA
FindResourceW
HeapReAlloc
GetSystemDirectoryW
EncodePointer
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
GlobalGetAtomNameW
lstrcmpA
HeapFree
ResumeThread
SuspendThread
SetThreadPriority
GetCurrentThreadId
SetErrorMode
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
LoadLibraryA
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
DuplicateHandle
OutputDebugStringA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
DeleteFileW
CopyFileW
FormatMessageW
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
WideCharToMultiByte
CreateThread
lstrcpyW
LocalFree
GetCurrentProcessId
CloseHandle
Module32NextW
GetShortPathNameW
CreateToolhelp32Snapshot
FindNextFileW
lstrcmpiW
Process32NextW
Module32FirstW
Process32FirstW
FindClose
GetProcAddress
SetLastError
GetLongPathNameW
WritePrivateProfileStringW
MultiByteToWideChar
CreateFileW
TerminateProcess
Sleep
LoadLibraryW
OpenProcess
GetUserGeoID
GetPrivateProfileStringW
GetCurrentThread
WaitForSingleObject
GetCurrentProcess
MoveFileExW
FreeLibrary
FindFirstFileW
DeleteCriticalSection
DecodePointer
LockResource
HeapSize
GetLastError
RaiseException
GetUserDefaultUILanguage
SizeofResource
InitializeCriticalSectionAndSpinCount
GetProcessHeap
GetModuleHandleExW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteExW

comctl32

InitCommonControlsEx

shlwapi

UrlEscapeW
PathFileExistsW
SHGetValueW
PathAppendW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW
UrlUnescapeW

uxtheme

DrawThemeParentBackground
OpenThemeData
GetThemePartSize
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
DrawThemeText

ole32

OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoDisconnectObject
CoCreateInstance
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VarBstrFromDate
VariantInit
SysAllocString
VariantChangeType
VariantCopy
VariantClear
LoadTypeLi
SysFreeString
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipCreateBitmapFromStream
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImagePaletteSize
GdipGetImageWidth

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

iphlpapi

GetNetworkParams
GetAdaptersAddresses

winmm

waveInGetNumDevs
PlaySoundW
timeGetTime

gdi32

GetTextFaceW
CopyMetaFileW
CreateDCW
GetDeviceCaps
BitBlt
CreateBitmap
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateFontIndirectW
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32W
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
GetTextMetricsW
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx

ws2_32

bind
ioctlsocket
getpeername
getsockname
getsockopt
connect
closesocket
socket
freeaddrinfo
getaddrinfo
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSARecvFrom
WSARecv
recv
WSAGetOverlappedResult
WSACreateEvent
WSACloseEvent
WSAGetLastError
WSACleanup
WSAStartup
gethostname
WSAIoctl
shutdown
setsockopt
sendto
send
select
recvfrom

Exports

Exports

??0EbisuTelemetryAPI@@QAE@XZ
??1EbisuTelemetryAPI@@UAE@XZ
??_7EbisuTelemetryAPI@@6B@
?CalculateIdFromString16@EbisuTelemetryAPI@@QAE_KPBG@Z
?CalculateIdFromString8@EbisuTelemetryAPI@@QAE_KPBD@Z
?GetMacAddr@EbisuTelemetryAPI@@QBE?BV?$basic_string@DVallocator@eastl@@@eastl@@XZ
?GetTelemetryEnum@EbisuTelemetryAPI@@AAEHPAD@Z
?GetTelemetryInterface@@YAPAVEbisuTelemetryAPI@@XZ
?GetTelemetryMachineHash@EbisuTelemetryAPI@@QBE?BV?$basic_string@DVallocator@eastl@@@eastl@@XZ
?HandleTelemetryBreakpoint@EbisuTelemetryAPI@@IAEXPBW4TelemetryDataFormatTypes@@PAD@Z
?IgnoreTelemetryBreakpoint@EbisuTelemetryAPI@@AAEXH@Z
?IsComputerSurfacePro@EbisuTelemetryAPI@@QBE_NXZ
?Metric_3PDD_INSTALL_COPYCDKEY@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_INSTALL_DIALOG_CANCEL@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_INSTALL_DIALOG_SHOW@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_INSTALL_TYPE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_3PDD_PLAY_COPYCDKEY@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_PLAY_DIALOG_CANCEL@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_PLAY_DIALOG_SHOW@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_PLAY_TYPE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACHIEVEMENT_ACHIEVED@EbisuTelemetryAPI@@QAEXHHH@Z
?Metric_ACHIEVEMENT_ACHIEVED_PER_GAME@EbisuTelemetryAPI@@QAEXPBD0HHH@Z
?Metric_ACHIEVEMENT_ACH_POST_FAIL@EbisuTelemetryAPI@@QAEXPBD00H0@Z
?Metric_ACHIEVEMENT_ACH_POST_SUCCESS@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_ACHIEVEMENT_COMPARISON_VIEW@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_ACHIEVEMENT_GRANT_DETECTED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_ACHIEVEMENT_SHARE_ACHIEVEMENT_DISMISSED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACHIEVEMENT_SHARE_ACHIEVEMENT_SHOW@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACHIEVEMENT_WC_POST_FAIL@EbisuTelemetryAPI@@QAEXPBD00H0@Z
?Metric_ACHIEVEMENT_WIDGET_PAGE_VIEW@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_ACHIEVEMENT_WIDGET_PURCHASE_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACTIVATION_CODE_REDEEM_ERROR@EbisuTelemetryAPI@@QAEXH@Z
?Metric_ACTIVATION_CODE_REDEEM_SUCCESS@EbisuTelemetryAPI@@QAEXXZ
?Metric_ACTIVATION_FAQ_PAGE_REQUEST@EbisuTelemetryAPI@@QAEXXZ
?Metric_ACTIVATION_REDEEM_PAGE_ERROR@EbisuTelemetryAPI@@QAEXHH@Z
?Metric_ACTIVATION_REDEEM_PAGE_REQUEST@EbisuTelemetryAPI@@QAEXXZ
?Metric_ACTIVATION_REDEEM_PAGE_SUCCESS@EbisuTelemetryAPI@@QAEXXZ
?Metric_ACTIVATION_WINDOW_CLOSE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACTIVE_TIMER_END@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_ACTIVE_TIMER_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_ALTLAUNCHER_SESSION_FAIL@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_APP_ADDITIONAL_CLIENT_LOG@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_APP_CMD@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_APP_CONFIG@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_APP_CONNECTION_LOST@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_DYNAMIC_URL_LOAD@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_APP_END@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_ESCALATION_ERROR@EbisuTelemetryAPI@@QAEXPBDHH00@Z
?Metric_APP_ESCALATION_SUCCESS@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_APP_INSTALL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_APP_MAC_ESCALATION_DENIED@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_MCID@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_MOTD_CLOSE@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_MOTD_SHOW@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_APP_POWER_MODE@EbisuTelemetryAPI@@QAEXW4PowerModeEnum@1@@Z
?Metric_APP_PREMATURE_TERMINATION@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_SESSION_ID@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_APP_SETTINGS@EbisuTelemetryAPI@@QAEX_N000@Z
?Metric_APP_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_UNINSTALL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_AUTHENTICATION_LOST@EbisuTelemetryAPI@@QAEXHHPBD@Z
?Metric_AUTOPATCH_CONFIGVERSION_DIPVERSION_DONTMATCH@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_AUTOPATCH_DOWNLOAD_SKIP@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_AUTOPATCH_DOWNLOAD_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_AUTOREPAIR_DOWNLOAD_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_AUTOREPAIR_NEEDS_REPAIR@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_AUTOREPAIR_TASK_ACCEPTED@EbisuTelemetryAPI@@QAEXXZ
?Metric_AUTOREPAIR_TASK_DECLINED@EbisuTelemetryAPI@@QAEXXZ
?Metric_BROADCAST_ACCOUNT_LINKED@EbisuTelemetryAPI@@QAEXG@Z
?Metric_BROADCAST_JOINED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_BROADCAST_STREAM_ERROR@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_BROADCAST_STREAM_START@EbisuTelemetryAPI@@QAEXPBD0_KG0@Z
?Metric_BROADCAST_STREAM_STOP@EbisuTelemetryAPI@@QAEXPBD0_KIII@Z
?Metric_BUG_REPORT@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_CAPTCHA_FAIL@EbisuTelemetryAPI@@QAEXXZ
?Metric_CAPTCHA_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_CATALOG_DEFINTION_CDN_LOOKUP_STATS@EbisuTelemetryAPI@@QAEXIIII@Z
?Metric_CATALOG_DEFINTION_LOOKUP_ERROR@EbisuTelemetryAPI@@QAEXPBDHH_N@Z
?Metric_CATALOG_DEFINTION_PARSE_ERROR@EbisuTelemetryAPI@@QAEXPBD0_N1H@Z
?Metric_CHATROOM_CREATE_GROUP@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_DEACTIVATED@EbisuTelemetryAPI@@QAEXPBD0H0@Z
?Metric_CHATROOM_DELETE_GROUP@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_DELETE_GROUP_FAILED@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_ENTER_ROOM@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_CHATROOM_ENTER_ROOM_FAIL@EbisuTelemetryAPI@@QAEXPBD0H@Z
?Metric_CHATROOM_EXIT_ROOM@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_CHATROOM_GROUP_COUNT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_CHATROOM_GROUP_WAS_DELETED@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_INVITE_ACCEPTED@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_INVITE_DECLINED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CHATROOM_INVITE_RECEIVED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CHATROOM_INVITE_SENT@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_CHATROOM_KICKED_FROM_GROUP@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_LEAVE_GROUP@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHAT_SESSION_END@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_CHAT_SESSION_START@EbisuTelemetryAPI@@QAEX_N_K@Z
?Metric_CLOUD_ACTION_GAME_NEW_CONTENT_DOWNLOADED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_ACTION_OBJECT_DELETION@EbisuTelemetryAPI@@QAEXPBDI@Z
?Metric_CLOUD_AUTOMATIC_RECOVERY_SUCCESS@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_AUTOMATIC_SAVE_SUCCESS@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_ERROR_PULL_FAILED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_ERROR_PUSH_FAILED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_ERROR_SYNC_LOCKING_UNSUCCESFUL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_MANUAL_RECOVERY@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_MIGRATION_SUCCESS@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_PUSH_MONITORING@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_CLOUD_WARNING_SPACE_CLOUD_LOW@EbisuTelemetryAPI@@QAEXPBDI@Z
?Metric_CLOUD_WARNING_SPACE_CLOUD_MAX_CAPACITY@EbisuTelemetryAPI@@QAEXPBDI@Z
?Metric_CLOUD_WARNING_SYNC_CONFLICT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CONTENTSALES_PURCHASE@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_CONTENTSALES_VIEW_IN_STORE@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_CUSTOMIZE_BOXART_APPLY@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_CUSTOMIZE_BOXART_CANCEL@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_CUSTOMIZE_BOXART_START@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_DEVMODE_ACTIVATE_ERROR@EbisuTelemetryAPI@@QAEXPBD0I@Z
?Metric_DEVMODE_ACTIVATE_SUCCESS@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_DEVMODE_DEACTIVATE_ERROR@EbisuTelemetryAPI@@QAEXPBD0I@Z
?Metric_DEVMODE_DEACTIVATE_SUCCESS@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_DIRTYBITS_MESSAGE_COUNTER@EbisuTelemetryAPI@@QAEXPBD0000000000@Z
?Metric_DIRTYBITS_NETWORK_CONNECTED@EbisuTelemetryAPI@@QAEXXZ
?Metric_DIRTYBITS_NETWORK_DISCONNECTED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_DIRTYBITS_NETWORK_SUDDEN_DISCONNECTION@EbisuTelemetryAPI@@QAEX_J@Z
?Metric_DIRTYBITS_RETRIES_CAPPED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_DL_CANCEL@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_DL_CONNECTION_STATS@EbisuTelemetryAPI@@QAEXPBD000_K11G@Z
?Metric_DL_CONTENT_LENGTH@EbisuTelemetryAPI@@QAEXPBD000000@Z
?Metric_DL_CRC_FAILURE@EbisuTelemetryAPI@@QAEXPBD0IIIII@Z
?Metric_DL_DATA_ERROR@EbisuTelemetryAPI@@QAEXPBD000I@Z
?Metric_DL_DIP3_CANCELED@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_DL_DIP3_ERROR@EbisuTelemetryAPI@@QAEXPBDII0@Z
?Metric_DL_DIP3_PREPARE@EbisuTelemetryAPI@@QAEXPBDI@Z
?Metric_DL_DIP3_SUCCESS@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_DL_DIP3_SUMMARY@EbisuTelemetryAPI@@QAEXPBDIII_K111111@Z
?Metric_DL_ELAPSEDTIME_TO_READYTOPLAY@EbisuTelemetryAPI@@QAEXPBD_K_N222@Z
?Metric_DL_ERROR@EbisuTelemetryAPI@@QAEXPBD00HH0I_N@Z
?Metric_DL_ERRORBOX@EbisuTelemetryAPI@@QAEXPBDHH@Z
?Metric_DL_ERROR_PREALLOCATE@EbisuTelemetryAPI@@QAEXPBD00II@Z
?Metric_DL_ERROR_VENDOR_IP@EbisuTelemetryAPI@@QAEXPBD0HH@Z
?Metric_DL_IMMEDIATE_ERROR@EbisuTelemetryAPI@@QAEXPBD000I@Z
?Metric_DL_OPTI_DATA@EbisuTelemetryAPI@@QAEXPBD0000I0FFII@Z
?Metric_DL_PAUSE@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_DL_POPULATE_ERROR@EbisuTelemetryAPI@@QAEXPBD0H0I@Z
?Metric_DL_PROXY_DETECTED@EbisuTelemetryAPI@@QAEXXZ
?Metric_DL_REDOWNLOAD@EbisuTelemetryAPI@@QAEXPBD00HII@Z
?Metric_DL_START@EbisuTelemetryAPI@@QAEXPBD00000_K00_N22@Z
?Metric_DL_SUCCESS@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_DYNAMICDOWNLOAD_GAMELAUNCH@EbisuTelemetryAPI@@QAEXPBD00_K11@Z
?Metric_EMAIL_VERIFICATION_DISMISSED@EbisuTelemetryAPI@@QAEXXZ
?Metric_EMAIL_VERIFICATION_STARTS_BANNER@EbisuTelemetryAPI@@QAEXXZ
?Metric_EMAIL_VERIFICATION_STARTS_CLIENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_ENTITLEMENTS_NONE_GOTO_STORE@EbisuTelemetryAPI@@QAEXW4EntitlementNoneEnum@1@@Z
?Metric_ENTITLEMENT_CATALOG_MASTERTITLE_UPDATE_DETECTED@EbisuTelemetryAPI@@QAEXPBD_K@Z
?Metric_ENTITLEMENT_CATALOG_OFFER_UPDATE_DETECTED@EbisuTelemetryAPI@@QAEXPBD_K@Z
?Metric_ENTITLEMENT_CATALOG_UPDATE_DBIT_PARSE_ERROR@EbisuTelemetryAPI@@QAEXXZ
?Metric_ENTITLEMENT_DIRTYBIT_NOTIFICATION@EbisuTelemetryAPI@@QAEXXZ
?Metric_ENTITLEMENT_DIRTYBIT_REFRESH@EbisuTelemetryAPI@@QAEXXZ
?Metric_ENTITLEMENT_EXTRACONTENT_REFRESH_COMPLETED@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_ENTITLEMENT_EXTRACONTENT_REFRESH_ERROR@EbisuTelemetryAPI@@QAEXPBDHHH@Z
?Metric_ENTITLEMENT_FAVORITE@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_ENTITLEMENT_FREE_TRIAL_ERROR@EbisuTelemetryAPI@@QAEXHH@Z
?Metric_ENTITLEMENT_GAME_COUNT_LOGIN@EbisuTelemetryAPI@@QAEXHH@Z
?Metric_ENTITLEMENT_GAME_COUNT_LOGOUT@EbisuTelemetryAPI@@QAEXHHHHH@Z
?Metric_ENTITLEMENT_HIDE@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_ENTITLEMENT_OFFER_VERSION_UPDATE_CHECK@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_ENTITLEMENT_OFFER_VERSION_UPDATE_CHECK_COMPLETED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_ENTITLEMENT_OFFER_VERSION_UPDATE_CHECK_TIMEOUT@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_ENTITLEMENT_REFRESH_COMPLETED@EbisuTelemetryAPI@@QAEXIIH@Z
?Metric_ENTITLEMENT_REFRESH_ERROR@EbisuTelemetryAPI@@QAEXHHH@Z
?Metric_ENTITLEMENT_REFRESH_REQUEST_REFUSED@EbisuTelemetryAPI@@QAEXII@Z
?Metric_ENTITLEMENT_RELOAD@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ENTITLEMENT_UNFAVORITE@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_ENTITLEMENT_UNHIDE@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_ERROR_CRASH@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_ERROR_DELETE_FILE@EbisuTelemetryAPI@@QAEXPBD0H@Z
?Metric_ERROR_NOTIFY@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_ERROR_REST@EbisuTelemetryAPI@@QAEXHHHPBD0@Z
?Metric_FEATURE_CALLOUT_DISMISSED@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_FEATURE_CALLOUT_SERIES_COMPLETE@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_FREETRIAL_PURCHASE@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_FRIEND_BLOCK_ADD_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_BLOCK_REMOVE_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_COUNT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_FRIEND_IMPORT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_INVITE_ACCEPTED@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_FRIEND_INVITE_IGNORED@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_FRIEND_INVITE_SENT@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_FRIEND_REMOVAL_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_REPORT_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_USERNAME_MISSING@EbisuTelemetryAPI@@QAEXH@Z
?Metric_FRIEND_VIEWSOURCE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAMEPROPERTIES_ADDON_BUY_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAMEPROPERTIES_ADDON_DESCR_EXPANDED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAMEPROPERTIES_APPLY_CHANGES@EbisuTelemetryAPI@@QAEX_NPBD110@Z
?Metric_GAMEPROPERTIES_AUTO_DOWNLOAD_EXTRA_CONTENT@EbisuTelemetryAPI@@QAEXPBDAB_N0@Z
?Metric_GAMEPROPERTIES_LANG_CHANGES@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GAMEPROPERTIES_UPDATE_COUNT_LOGOUT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_GAME_ALTLAUNCHER_FAIL@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_GAME_INSTALL_ERROR@EbisuTelemetryAPI@@QAEXPBD0HH@Z
?Metric_GAME_INSTALL_START@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GAME_INSTALL_SUCCESS@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GAME_INVITE_ACCEPTED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_INVITE_DECLINE_RECEIVED@EbisuTelemetryAPI@@QAEXXZ
?Metric_GAME_INVITE_DECLINE_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_GAME_INVITE_SENT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_LAUNCH_CANCELLED@EbisuTelemetryAPI@@QAEXPBDPAD@Z
?Metric_GAME_SESSION_END@EbisuTelemetryAPI@@QAEXPBDH_N0001@Z
?Metric_GAME_SESSION_START@EbisuTelemetryAPI@@QAEXPBD000_N0001@Z
?Metric_GAME_SESSION_UNMONITORED@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_GAME_UNINSTALL_CANCEL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_UNINSTALL_CLICKED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_UNINSTALL_START@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_ZERO_LENGTH_UPDATE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GC_ACCEPTING_CR_INVITE@EbisuTelemetryAPI@@QAEXXZ
?Metric_GC_ACCEPTING_MUC_INVITE@EbisuTelemetryAPI@@QAEXXZ
?Metric_GC_CREATE_BORN_MUC_ROOM@EbisuTelemetryAPI@@QAEXXZ
?Metric_GC_DECLINING_MUC_INVITE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GC_MUC_EXIT@EbisuTelemetryAPI@@QAEXHHH@Z
?Metric_GC_MUC_UPGRADE_AUTO_ACCEPT@EbisuTelemetryAPI@@QAEXXZ
?Metric_GC_MUC_UPGRADE_INITIATING@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_GC_RECEIVE_MUC_INVITE@EbisuTelemetryAPI@@QAEXXZ
?Metric_GREYMARKET_BYPASS_FILTER@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_GREYMARKET_LANGUAGE_LIST@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GREYMARKET_LANGUAGE_SELECTION@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_GREYMARKET_LANGUAGE_SELECTION_BYPASS@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_GREYMARKET_LANGUAGE_SELECTION_ERROR@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_GUI_DETAILS_UPDATE_CLICKED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GUI_MYGAMESDETAILSPAGEVIEW@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GUI_MYGAMES_CLOUD_STORAGE_TAB_VIEW@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GUI_MYGAMES_HTTP_ERROR@EbisuTelemetryAPI@@QAEXHHHPBD@Z
?Metric_GUI_MYGAMES_MANUAL_LINK_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GUI_MYGAMES_PLAY_SOURCE@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GUI_MYGAMEVIEWSTATEEXIT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_GUI_MYGAMEVIEWSTATETOGGLE@EbisuTelemetryAPI@@QAEXH@Z
?Metric_GUI_SETTINGS_VIEW@EbisuTelemetryAPI@@QAEXW4GUISettingsViewEnum@1@@Z
?Metric_GUI_TAB_VIEW@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_HELP_ORIGIN_ER@EbisuTelemetryAPI@@QAEXXZ
?Metric_HELP_ORIGIN_FORUM@EbisuTelemetryAPI@@QAEXXZ
?Metric_HELP_ORIGIN_HELP@EbisuTelemetryAPI@@QAEXXZ
?Metric_HELP_WHATS_NEW@EbisuTelemetryAPI@@QAEXXZ
?Metric_HOME_NAVIGATE_URL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_ACHIEVEMENTS_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_BUYNOW_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_BUY_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_DETAILS_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_DOWNLOAD_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_UPDATE_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HW_CPU@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_DISPLAY@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_HDD@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_MEM@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_MICROPHONE@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_ODD@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_OS@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_RESOLUTION@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_VIDEO@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_WEBCAM@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_ADDTAB@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_CLOSETAB@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_END@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_MAPP@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_IGO_BROWSER_PAGELOAD@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_URLSHORTCUT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_IGO_HOOKING_BEGIN@EbisuTelemetryAPI@@QAEXPBD_JI_N@Z
?Metric_IGO_HOOKING_END@EbisuTelemetryAPI@@QAEXPBD_JI@Z
?Metric_IGO_HOOKING_FAIL@EbisuTelemetryAPI@@QAEXPBD_JI000@Z
?Metric_IGO_HOOKING_INFO@EbisuTelemetryAPI@@QAEXPBD_JI000@Z
?Metric_IGO_INJECTION_FAIL@EbisuTelemetryAPI@@QAEXPBD_N1@Z
?Metric_IGO_OVERLAY_3RDPARTY_DLL@EbisuTelemetryAPI@@QAEX_N0PBD@Z
?Metric_IGO_OVERLAY_END@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_OVERLAY_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_INVALID_SETTINGS_PATH_CHAR@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ITE_CLIENT_CANCELLED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ITE_CLIENT_FAILED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ITE_CLIENT_RUNNING@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_ITE_CLIENT_SUCCESS@EbisuTelemetryAPI@@QAEXXZ
?Metric_JUMPLIST_ACTION@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_LOCALHOST_AUTH_SSO_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_LOCALHOST_SECURITY_FAILURE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_LOCALHOST_SERVER_DISABLED@EbisuTelemetryAPI@@QAEXXZ
?Metric_LOCALHOST_SERVER_START@EbisuTelemetryAPI@@QAEXII@Z
?Metric_LOCALHOST_SERVER_STOP@EbisuTelemetryAPI@@QAEXXZ
?Metric_LOGIN_COOKIE_LOAD@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_LOGIN_COOKIE_SAVE@EbisuTelemetryAPI@@QAEXPBD00II@Z
?Metric_LOGIN_FAIL@EbisuTelemetryAPI@@QAEXPBD00H0II00@Z
?Metric_LOGIN_FAVORITES@EbisuTelemetryAPI@@QAEXH@Z
?Metric_LOGIN_HIDDEN@EbisuTelemetryAPI@@QAEXH@Z
?Metric_LOGIN_INVISIBLE@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_LOGIN_OEM@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_LOGIN_OK@EbisuTelemetryAPI@@QAEX_N0PBD0@Z
?Metric_LOGIN_START@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_LOGIN_UNKNOWN@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_LOGOUT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_MANUALPATCH_DOWNLOAD_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_METRIC_FOOTPRINT_INFO_STORE@EbisuTelemetryAPI@@QAEXII@Z
?Metric_NETWORK_SSL_ERROR@EbisuTelemetryAPI@@QAEXPBDI000@Z
?Metric_NET_PROMOTER_GAME_SCORE@EbisuTelemetryAPI@@QAEXPBD000_N@Z
?Metric_NET_PROMOTER_SCORE@EbisuTelemetryAPI@@QAEXPBD00_N@Z
?Metric_NET_PROMOTER_SUBS_SCORE@EbisuTelemetryAPI@@QAEXPBD00_N@Z
?Metric_NON_ORIGIN_GAME_ADD@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NON_ORIGIN_GAME_COUNT_LOGIN@EbisuTelemetryAPI@@QAEXH@Z
?Metric_NON_ORIGIN_GAME_COUNT_LOGOUT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_NON_ORIGIN_GAME_ID_LOGIN@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NON_ORIGIN_GAME_ID_LOGOUT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NUX_CANCEL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NUX_EMAILDUPLICATE@EbisuTelemetryAPI@@QAEXXZ
?Metric_NUX_END@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NUX_OEM@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NUX_PROFILE@EbisuTelemetryAPI@@QAEX_N0000@Z
?Metric_NUX_START@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_ODT_APPLY_CHANGES@EbisuTelemetryAPI@@QAEXXZ
?Metric_ODT_BUTTON_PRESSED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ODT_LAUNCH@EbisuTelemetryAPI@@QAEXXZ
?Metric_ODT_NAVIGATE_URL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ODT_OVERRIDE_MODIFIED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_ODT_RESTART_CLIENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_ODT_TELEMETRY_VIEWER_CLOSED@EbisuTelemetryAPI@@QAEXXZ
?Metric_ODT_TELEMETRY_VIEWER_OPENED@EbisuTelemetryAPI@@QAEXXZ
?Metric_OER_ERROR@EbisuTelemetryAPI@@QAEXXZ
?Metric_OER_LAUNCHED@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_OER_REPORT_SENT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ORIGIN_SDK_UNFILTERED_ENTITLEMENTS_REQUEST@EbisuTelemetryAPI@@QAEXPAD0@Z
?Metric_ORIGIN_SDK_VERSION_CONNECTED@EbisuTelemetryAPI@@QAEXPAD0@Z
?Metric_OTH_BANNER_LOADED@EbisuTelemetryAPI@@QAEXXZ
?Metric_PASSWORD_RESET@EbisuTelemetryAPI@@QAEXXZ
?Metric_PASSWORD_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_PERFORMANCE_TIMER_CLEAR@EbisuTelemetryAPI@@QAEXW4PerformanceTimerEnum@1@@Z
?Metric_PERFORMANCE_TIMER_END@EbisuTelemetryAPI@@QAEXW4PerformanceTimerEnum@1@II@Z
?Metric_PERFORMANCE_TIMER_START@EbisuTelemetryAPI@@QAEXW4PerformanceTimerEnum@1@_K@Z
?Metric_PERFORMANCE_TIMER_STOP@EbisuTelemetryAPI@@QAEXW4PerformanceTimerEnum@1@@Z
?Metric_PINNED_WIDGETS_COUNT@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_PINNED_WIDGETS_HOTKEY_TOGGLED@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_PINNED_WIDGETS_STATE_CHANGED@EbisuTelemetryAPI@@QAEXPBDGGG@Z
?Metric_PLUGIN_LOAD_FAILED@EbisuTelemetryAPI@@QAEXPBD00HH@Z
?Metric_PLUGIN_LOAD_SUCCESS@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_PLUGIN_OPERATION@EbisuTelemetryAPI@@QAEXPBD000H@Z
?Metric_PRIVACY_CANCEL@EbisuTelemetryAPI@@QAEXXZ
?Metric_PRIVACY_END@EbisuTelemetryAPI@@QAEXXZ
?Metric_PRIVACY_SETTINGS@EbisuTelemetryAPI@@QAEXXZ
?Metric_PRIVACY_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_PROMOMANAGER_END@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_PROMOMANAGER_MANUAL_OPEN@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_PROMOMANAGER_MANUAL_RESULT@EbisuTelemetryAPI@@QAEXIPBD00@Z
?Metric_PROMOMANAGER_MANUAL_VIEW_IN_STORE@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_PROMOMANAGER_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_QUEUE_CALLOUT_SHOWN@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_QUEUE_ENTITLMENT_COUNT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_QUEUE_GUI_HTTP_ERROR@EbisuTelemetryAPI@@QAEXHHHPBD@Z
?Metric_QUEUE_HEAD_BUSY_WARNING_SHOWN@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_QUEUE_ITEM_REMOVED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_QUEUE_ORDER_CHANGED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_QUEUE_WINDOW_OPENED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_QUIETMODE_ENABLED@EbisuTelemetryAPI@@QAEX_N00@Z
?Metric_REPAIRINSTALL_FILES_STATS@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_REPAIRINSTALL_REPLACECANCELED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_REPLACINGFILES@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_REPLACINGFILESCOMPLETED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_REQUESTED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_VERIFYCANCELED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_VERIFYFILESCOMPLETED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SECURITY_QUESTION_CANCEL@EbisuTelemetryAPI@@QAEXXZ
?Metric_SECURITY_QUESTION_SET@EbisuTelemetryAPI@@QAEXXZ
?Metric_SECURITY_QUESTION_SHOW@EbisuTelemetryAPI@@QAEXXZ
?Metric_SELFPATCH_DECLINED@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_DL_FINISHED@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_DL_START@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_FOUND@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_LAUNCHED@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_OFFLINE_MODE@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_SIGNATURE_INVALID_HASH@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_SIGNATURE_UNTRUSTED_SIGNER@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SETTINGS@EbisuTelemetryAPI@@QAEX_N000000W4DefaultTabSetting@1@W4IGOEnableSetting@1@@Z
?Metric_SETTINGS_FILE_FIX_RESULT@EbisuTelemetryAPI@@QAEXW4SettingFixResult@1@IIIPBD@Z
?Metric_SETTINGS_PROP_READ_ERROR@EbisuTelemetryAPI@@QAEXXZ
?Metric_SETTINGS_SYNC_FAILED@EbisuTelemetryAPI@@QAEXPBD0IIII00@Z
?Metric_SINGLE_LOGIN_FIRST_USER_LOGGING_OUT@EbisuTelemetryAPI@@QAEXXZ
?Metric_SINGLE_LOGIN_GO_OFFLINE_ACTION@EbisuTelemetryAPI@@QAEXXZ
?Metric_SINGLE_LOGIN_GO_ONLINE_ACTION@EbisuTelemetryAPI@@QAEXXZ
?Metric_SINGLE_LOGIN_SECOND_USER_LOGGING_IN@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SONAR_CLIENT_CONNECTED@EbisuTelemetryAPI@@QAEXPBD0CFF0FI0@Z
?Metric_SONAR_CLIENT_DISCONNECTED@EbisuTelemetryAPI@@QAEXPBD00IIIIIIIIIIIIIHHHHIIIIIIIIIIIIIIIII0HH@Z
?Metric_SONAR_CLIENT_STATS@EbisuTelemetryAPI@@QAEXPBDIIIIIIIIIII@Z
?Metric_SONAR_ERROR@EbisuTelemetryAPI@@QAEXPBD0I@Z
?Metric_SONAR_MESSAGE@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_SONAR_STAT@EbisuTelemetryAPI@@QAEXPBD0I@Z
?Metric_SSO_FLOW_ERROR@EbisuTelemetryAPI@@QAEXPBD0HI0@Z
?Metric_SSO_FLOW_INFO@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SSO_FLOW_RESULT@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_SSO_FLOW_START@EbisuTelemetryAPI@@QAEXPBD00I@Z
?Metric_STORE_LOAD_STATUS@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_STORE_NAVIGATE_OTH@EbisuTelemetryAPI@@QAEXW4OnTheHouseEnum@1@@Z
?Metric_STORE_NAVIGATE_URL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SUBSCRIPTION_ENT_REMOVED@EbisuTelemetryAPI@@QAEXPBD_N0@Z
?Metric_SUBSCRIPTION_ENT_REMOVE_START@EbisuTelemetryAPI@@QAEXPBD0_N0@Z
?Metric_SUBSCRIPTION_ENT_UPGRADED@EbisuTelemetryAPI@@QAEXPBD00_N0@Z
?Metric_SUBSCRIPTION_FAQ_PAGE_REQUEST@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SUBSCRIPTION_INFO@EbisuTelemetryAPI@@QAEXHPBD0@Z
?Metric_SUBSCRIPTION_UPSELL@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_SUBSCRIPTION_USER_GOES_ONLINE@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_TRIAL_BURNTIME_CALLED@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_TRIAL_BURNTIME_FAILED@EbisuTelemetryAPI@@QAEXPBDH00@Z
?Metric_TRIAL_BURNTIME_GRANTED@EbisuTelemetryAPI@@QAEXPBD0HH@Z
?Metric_TRIAL_BURNTIME_NOTENTITLED@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_TRIAL_CHECKTIME_CALLED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_TRIAL_CHECKTIME_FAILED@EbisuTelemetryAPI@@QAEXPBDH00@Z
?Metric_TRIAL_CHECKTIME_SUCCEEDED@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_USER_PRESENCE_SET@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_USER_PROFILE_VIEW@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_USER_PROFILE_VIEWGAMESOURCE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_VC_CHANNEL_ERROR@EbisuTelemetryAPI@@QAEXPBD0H@Z
?Metric_WEBWIDGET_DL_ERROR@EbisuTelemetryAPI@@QAEXPADH@Z
?Metric_WEBWIDGET_DL_START@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_WEBWIDGET_DL_SUCCESS@EbisuTelemetryAPI@@QAEXPADI@Z
?Metric_WEBWIDGET_LOADED@EbisuTelemetryAPI@@QAEXPAD0@Z
?Metric_WEB_APPLICATION_CACHE_CLEAR@EbisuTelemetryAPI@@QAEXXZ
?Metric_WEB_APPLICATION_CACHE_DOWNLOAD@EbisuTelemetryAPI@@QAEXXZ
?RUNNING_TIMER_CLEAR@EbisuTelemetryAPI@@QAEXXZ
?RUNNING_TIMER_START@EbisuTelemetryAPI@@QAEX_K@Z
?SetBootstrapVersion@EbisuTelemetryAPI@@QAEXPBD@Z
?SetGameLaunchSource@EbisuTelemetryAPI@@QAEXW4LaunchSource@1@@Z
?SetIsFreeToPlayITO@EbisuTelemetryAPI@@QAEX_N@Z
?SetLocale@EbisuTelemetryAPI@@QAEXPBD@Z
?UpdateDownloadSession@EbisuTelemetryAPI@@QAEXPBD_K1@Z
?init@OriginTelemetry@@YAXPBD@Z
?release@OriginTelemetry@@YAXXZ
?setAlternateSoftwareIDLaunch@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@0@Z
?setCountriesBlacklist@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@@Z
?setHooksBlacklist@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@@Z
?setSDKStartGameLaunch@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@0@Z
?setTelemetryServer@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@@Z
CleanUserConfigDir
DoPendingDownloadsExist
FindProcess
GetCurrentCachePath
GetCurrentLocale
GetLockingProcessList
GrabDBGPrivilege
GrantEveryoneAccessToFile
IsUpdate
IsUserInCanada
KillProcess
MigrateCacheAndSettings
RelativizeManifestPaths
RunProcess
ShowProgressWindow

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 455KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/rootsupd.exe
.exe windows:5 windows x86 arch:x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8b:19:2e:a1:ae:af:97:83:51:ae:23:e4:88:59:dc:6d:f7:6a:30:70
Signer

Actual PE Digest

8b:19:2e:a1:ae:af:97:83:51:ae:23:e4:88:59:dc:6d:f7:6a:30:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/vcredist_x64.exe
.exe windows:5 windows x86 arch:x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7e:e6:b3:26:a0:5b:83:d2:4a:74:47:94:80:1b:e6:8c:ef:59:05:96
Signer

Actual PE Digest

7e:e6:b3:26:a0:5b:83:d2:4a:74:47:94:80:1b:e6:8c:ef:59:05:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

sfxcab.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.4MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/vcredist_x64_vs2013.exe
.exe windows:5 windows x86 arch:x86

dcbe94b8cc54b8e53867c61cc96811d6

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:41

Not After

24/12/2014, 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:f8:ab:c0:0e:bd:66:17:f3:88:d4:c2:ed:ee:9e:c8:b7:72:a3:88:31:d9:3b:3b:8f:74:9b:40:1e:cc:4a:48
Signer

Actual PE Digest

2b:f8:ab:c0:0e:bd:66:17:f3:88:d4:c2:ed:ee:9e:c8:b7:72:a3:88:31:d9:3b:3b:8f:74:9b:40:1e:cc:4a:48

Digest Algorithm

sha256

PE Digest Matches

true

9f:b7:ab:91:35:d2:5f:20:d4:e3:b8:4e:41:38:9b:0b:57:4d:91:b9
Signer

Actual PE Digest

9f:b7:ab:91:35:d2:5f:20:d4:e3:b8:4e:41:38:9b:0b:57:4d:91:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\delivery\Dev\wix37\build\ship\x86\burn.pdb

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
GetUserNameW
InitiateSystemShutdownExW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
DecryptFileW
ChangeServiceConfigW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
SetEntriesInAclA
SetSecurityDescriptorGroup
RegOpenKeyExW
GetTokenInformation
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
LookupAccountNameW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
QueryServiceConfigW

user32

GetMessageW
PeekMessageW
PostMessageW
PostThreadMessageW
PostQuitMessage
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
GetMonitorInfoW
IsDialogMessageW
MessageBoxW
GetWindowLongW
RegisterClassW
IsWindow
MsgWaitForMultipleObjects
WaitForInputIdle
LoadCursorW
LoadBitmapW
GetCursorPos
MonitorFromPoint
CreateWindowExW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
DeleteDC
StretchBlt

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID
CoCreateInstance
CoInitialize
StringFromGUID2
CoInitializeEx
CoUninitialize

kernel32

ReadFile
SetFilePointerEx
CreateFileW
GetCurrentProcessId
GetProcessId
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
CompareStringW
LocalFree
CreateNamedPipeW
WaitForSingleObject
OpenProcess
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
VerifyVersionInfoW
VerSetConditionMask
GetComputerNameW
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
GetWindowsDirectoryW
GetSystemDefaultLangID
RtlUnwind
GetDateFormatW
GetSystemTime
InterlockedExchange
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetModuleHandleW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
DuplicateHandle
SetThreadExecutionState
CopyFileExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetEndOfFile
ResetEvent
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
CompareStringA
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
DeleteFileW
GetThreadLocale
GetVersionExW
GetCurrentThreadId
TlsAlloc
TlsSetValue
ReleaseMutex
GetLastError
Sleep
TlsGetValue
CloseHandle
DeleteCriticalSection
GetTimeZoneInformation
GetACP
GetCPInfo
RaiseException
HeapAlloc
HeapFree
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GlobalAlloc
GlobalFree
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
TlsFree
InitializeCriticalSection
GetCurrentProcess
HeapSetInformation
GetOEMCP
SetFileAttributesW
IsValidCodePage
HeapSize
HeapReAlloc
LCMapStringW
MultiByteToWideChar
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetLocalTime
FormatMessageW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetProcessHeap
GetModuleHandleA
GetFileSizeEx
GetUserDefaultLangID
GetTickCount
QueryPerformanceCounter
HeapCreate
SetLastError
EncodePointer
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
MoveFileExW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
DecodePointer
GetCommandLineW
GetStartupInfoW
SetUnhandledExceptionFilter
ExitProcess
CopyFileW

cabinet

ord23
ord22
ord20

crypt32

CryptHashPublicKeyInfo
CertGetCertificateContextProperty

msi

ord116
ord17
ord125
ord171
ord8
ord115
ord118
ord205
ord45
ord137
ord141
ord238
ord190
ord88
ord90
ord173
ord111
ord70
ord169

rpcrt4

UuidCreate

wininet

InternetCrackUrlW
HttpQueryInfoW
InternetCloseHandle
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW
InternetSetOptionW
InternetConnectW
InternetOpenW

wintrust

CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5f:c8:53:53:4b:f3:8d:17:29:22:b7:77:39:d5:7a:e2:70:d6:a5:b8
Signer

Actual PE Digest

5f:c8:53:53:4b:f3:8d:17:29:22:b7:77:39:d5:7a:e2:70:d6:a5:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

sfxcab.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.7MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/vcredist_x86_vs2013.exe
.exe windows:5 windows x86 arch:x86

dcbe94b8cc54b8e53867c61cc96811d6

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:41

Not After

24/12/2014, 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:c4:25:81:d5:e9:9a:60:b6:34:e2:5c:4c:27:94:7c:7d:b2:b0:62:45:49:72:9f:27:6e:3a:f5:b9:e7:7f:bd
Signer

Actual PE Digest

3f:c4:25:81:d5:e9:9a:60:b6:34:e2:5c:4c:27:94:7c:7d:b2:b0:62:45:49:72:9f:27:6e:3a:f5:b9:e7:7f:bd

Digest Algorithm

sha256

PE Digest Matches

true

85:c8:56:1b:b1:ff:1a:0a:28:75:4d:7c:00:d4:94:b5:a4:ea:82:68
Signer

Actual PE Digest

85:c8:56:1b:b1:ff:1a:0a:28:75:4d:7c:00:d4:94:b5:a4:ea:82:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\delivery\Dev\wix37\build\ship\x86\burn.pdb

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
GetUserNameW
InitiateSystemShutdownExW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
DecryptFileW
ChangeServiceConfigW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
SetEntriesInAclA
SetSecurityDescriptorGroup
RegOpenKeyExW
GetTokenInformation
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
LookupAccountNameW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
QueryServiceConfigW

user32

GetMessageW
PeekMessageW
PostMessageW
PostThreadMessageW
PostQuitMessage
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
GetMonitorInfoW
IsDialogMessageW
MessageBoxW
GetWindowLongW
RegisterClassW
IsWindow
MsgWaitForMultipleObjects
WaitForInputIdle
LoadCursorW
LoadBitmapW
GetCursorPos
MonitorFromPoint
CreateWindowExW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
DeleteDC
StretchBlt

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID
CoCreateInstance
CoInitialize
StringFromGUID2
CoInitializeEx
CoUninitialize

kernel32

ReadFile
SetFilePointerEx
CreateFileW
GetCurrentProcessId
GetProcessId
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
CompareStringW
LocalFree
CreateNamedPipeW
WaitForSingleObject
OpenProcess
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
VerifyVersionInfoW
VerSetConditionMask
GetComputerNameW
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
GetWindowsDirectoryW
GetSystemDefaultLangID
RtlUnwind
GetDateFormatW
GetSystemTime
InterlockedExchange
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetModuleHandleW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
DuplicateHandle
SetThreadExecutionState
CopyFileExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetEndOfFile
ResetEvent
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
CompareStringA
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
DeleteFileW
GetThreadLocale
GetVersionExW
GetCurrentThreadId
TlsAlloc
TlsSetValue
ReleaseMutex
GetLastError
Sleep
TlsGetValue
CloseHandle
DeleteCriticalSection
GetTimeZoneInformation
GetACP
GetCPInfo
RaiseException
HeapAlloc
HeapFree
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GlobalAlloc
GlobalFree
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
TlsFree
InitializeCriticalSection
GetCurrentProcess
HeapSetInformation
GetOEMCP
SetFileAttributesW
IsValidCodePage
HeapSize
HeapReAlloc
LCMapStringW
MultiByteToWideChar
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetLocalTime
FormatMessageW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetProcessHeap
GetModuleHandleA
GetFileSizeEx
GetUserDefaultLangID
GetTickCount
QueryPerformanceCounter
HeapCreate
SetLastError
EncodePointer
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
MoveFileExW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
DecodePointer
GetCommandLineW
GetStartupInfoW
SetUnhandledExceptionFilter
ExitProcess
CopyFileW

cabinet

ord23
ord22
ord20

crypt32

CryptHashPublicKeyInfo
CertGetCertificateContextProperty

msi

ord116
ord17
ord125
ord171
ord8
ord115
ord118
ord205
ord45
ord137
ord141
ord238
ord190
ord88
ord90
ord173
ord111
ord70
ord169

rpcrt4

UuidCreate

wininet

InternetCrackUrlW
HttpQueryInfoW
InternetCloseHandle
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW
InternetSetOptionW
InternetConnectW
InternetOpenW

wintrust

CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/installerdll$_16_.dll
.dll windows:6 windows x86 arch:x86

6706a3794a9800386a1895fc34eccde5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:e1:c2:d9:3b:3c:fb:bd:84:50:10:8a:58:a6:4f:76
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/05/2015, 00:00

Not After

22/07/2017, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:01:85:f4:28:62:88:46:23:88:8a:ef:d6:0e:b3:54:25:fd:56:60
Signer

Actual PE Digest

55:01:85:f4:28:62:88:46:23:88:8a:ef:d6:0e:b3:54:25:fd:56:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\ebisu\hudson\workspace\Origin-HL\origin\HL\InstallerDLL\dev\bin\InstallerDLL.pdb

Imports

user32

MapVirtualKeyW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
SetWindowRgn
UnionRect
IsMenu
UpdateLayeredWindow
IsRectEmpty
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetKeyNameTextW
TrackMouseEvent
GetComboBoxInfo
IsZoomed
GetSystemMenu
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
GetMenuDefaultItem
SetRect
SetParent
LockWindowUpdate
SetClassLongW
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
FrameRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
MapDialogRect
DestroyCursor
GetWindowRgn
DispatchMessageW
SendMessageW
SetDlgItemTextW
CreateDialogParamW
ShowWindow
GetDlgItem
PeekMessageW
TranslateMessage
DestroyWindow
LoadImageW
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
OffsetRect
SetRectEmpty
DrawFocusRect
UnregisterClassW
WindowFromPoint
ReleaseCapture
GetNextDlgGroupItem
SetCapture
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
IsIconic
IntersectRect
DestroyMenu
GetMenuItemInfoW
PostQuitMessage
SendDlgItemMessageA
CopyImage
SetCursorPos
SystemParametersInfoW
DrawIconEx
GetIconInfo
MessageBeep
GetAsyncKeyState
MonitorFromPoint
DrawIcon
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
CharUpperW
GetSystemMetrics
UnhookWindowsHookEx
GetMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
GetWindowTextW
GetWindowTextLengthW
EnableWindow
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
FillRect
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
RegisterWindowMessageW
GetMessagePos
GetMessageTime
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
MapWindowPoints
CopyRect
EqualRect
PtInRect
SetWindowLongW
GetClassLongW
GetClassNameW
GetTopWindow
GetWindow
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
MoveWindow
CheckDlgButton
SetWindowTextW
IsDialogMessageW
GetDesktopWindow
RealChildWindowFromPoint
DestroyIcon
InflateRect

advapi32

CryptGenRandom
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
OpenThreadToken
IsTextUnicode
RegQueryValueExW
RegOpenKeyW
ConvertStringSidToSidW
LookupPrivilegeValueW
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclW
AdjustTokenPrivileges
RegCloseKey
CryptAcquireContextA
CryptReleaseContext

kernel32

QueryPerformanceCounter
GetEnvironmentVariableA
SetEnvironmentVariableA
QueryPerformanceFrequency
ReleaseMutex
SleepEx
WaitForSingleObjectEx
CreateMutexA
GetThreadPriority
SetPriorityClass
GetPriorityClass
GetSystemTimeAsFileTime
GetTimeZoneInformation
IsDebuggerPresent
TryEnterCriticalSection
InterlockedDecrement
InterlockedExchange
GetExitCodeThread
GetSystemInfo
SetThreadIdealProcessor
GetNativeSystemInfo
CreateProcessW
Thread32First
GetExitCodeProcess
Thread32Next
OpenThread
IsProcessorFeaturePresent
GetCommandLineA
RtlUnwind
ExitThread
HeapQueryInformation
ExitProcess
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetStdHandle
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
ReadConsoleW
IsValidLocale
EnumSystemLocalesW
LCMapStringW
OutputDebugStringW
WriteConsoleW
SetFilePointerEx
RemoveDirectoryW
HeapAlloc
LoadResource
GetDriveTypeW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
GetCurrentDirectoryW
GetVersionExW
CreateEventA
GetLocaleInfoW
CompareStringW
GlobalFlags
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
FreeResource
GetUserDefaultLangID
GetGeoInfoA
lstrlenA
FindResourceW
HeapReAlloc
GetSystemDirectoryW
EncodePointer
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
GlobalGetAtomNameW
lstrcmpA
HeapFree
ResumeThread
SuspendThread
SetThreadPriority
GetCurrentThreadId
SetErrorMode
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
LoadLibraryA
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
DuplicateHandle
OutputDebugStringA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
DeleteFileW
CopyFileW
FormatMessageW
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
WideCharToMultiByte
CreateThread
lstrcpyW
LocalFree
GetCurrentProcessId
CloseHandle
Module32NextW
GetShortPathNameW
CreateToolhelp32Snapshot
FindNextFileW
lstrcmpiW
Process32NextW
Module32FirstW
Process32FirstW
FindClose
GetProcAddress
SetLastError
GetLongPathNameW
WritePrivateProfileStringW
MultiByteToWideChar
CreateFileW
TerminateProcess
Sleep
LoadLibraryW
OpenProcess
GetUserGeoID
GetPrivateProfileStringW
GetCurrentThread
WaitForSingleObject
GetCurrentProcess
MoveFileExW
FreeLibrary
FindFirstFileW
DeleteCriticalSection
DecodePointer
LockResource
HeapSize
GetLastError
RaiseException
GetUserDefaultUILanguage
SizeofResource
InitializeCriticalSectionAndSpinCount
GetProcessHeap
GetModuleHandleExW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteExW

comctl32

InitCommonControlsEx

shlwapi

UrlEscapeW
PathFileExistsW
SHGetValueW
PathAppendW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW
UrlUnescapeW

uxtheme

DrawThemeParentBackground
OpenThemeData
GetThemePartSize
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
DrawThemeText

ole32

OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoDisconnectObject
CoCreateInstance
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VarBstrFromDate
VariantInit
SysAllocString
VariantChangeType
VariantCopy
VariantClear
LoadTypeLi
SysFreeString
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipCreateBitmapFromStream
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImagePaletteSize
GdipGetImageWidth

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

iphlpapi

GetNetworkParams
GetAdaptersAddresses

winmm

waveInGetNumDevs
PlaySoundW
timeGetTime

gdi32

GetTextFaceW
CopyMetaFileW
CreateDCW
GetDeviceCaps
BitBlt
CreateBitmap
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateFontIndirectW
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32W
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
GetTextMetricsW
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx

ws2_32

bind
ioctlsocket
getpeername
getsockname
getsockopt
connect
closesocket
socket
freeaddrinfo
getaddrinfo
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSARecvFrom
WSARecv
recv
WSAGetOverlappedResult
WSACreateEvent
WSACloseEvent
WSAGetLastError
WSACleanup
WSAStartup
gethostname
WSAIoctl
shutdown
setsockopt
sendto
send
select
recvfrom

Exports

Exports

??0EbisuTelemetryAPI@@QAE@XZ
??1EbisuTelemetryAPI@@UAE@XZ
??_7EbisuTelemetryAPI@@6B@
?CalculateIdFromString16@EbisuTelemetryAPI@@QAE_KPBG@Z
?CalculateIdFromString8@EbisuTelemetryAPI@@QAE_KPBD@Z
?GetMacAddr@EbisuTelemetryAPI@@QBE?BV?$basic_string@DVallocator@eastl@@@eastl@@XZ
?GetTelemetryEnum@EbisuTelemetryAPI@@AAEHPAD@Z
?GetTelemetryInterface@@YAPAVEbisuTelemetryAPI@@XZ
?GetTelemetryMachineHash@EbisuTelemetryAPI@@QBE?BV?$basic_string@DVallocator@eastl@@@eastl@@XZ
?HandleTelemetryBreakpoint@EbisuTelemetryAPI@@IAEXPBW4TelemetryDataFormatTypes@@PAD@Z
?IgnoreTelemetryBreakpoint@EbisuTelemetryAPI@@AAEXH@Z
?IsComputerSurfacePro@EbisuTelemetryAPI@@QBE_NXZ
?Metric_3PDD_INSTALL_COPYCDKEY@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_INSTALL_DIALOG_CANCEL@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_INSTALL_DIALOG_SHOW@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_INSTALL_TYPE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_3PDD_PLAY_COPYCDKEY@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_PLAY_DIALOG_CANCEL@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_PLAY_DIALOG_SHOW@EbisuTelemetryAPI@@QAEXXZ
?Metric_3PDD_PLAY_TYPE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACHIEVEMENT_ACHIEVED@EbisuTelemetryAPI@@QAEXHHH@Z
?Metric_ACHIEVEMENT_ACHIEVED_PER_GAME@EbisuTelemetryAPI@@QAEXPBD0HHH@Z
?Metric_ACHIEVEMENT_ACH_POST_FAIL@EbisuTelemetryAPI@@QAEXPBD00H0@Z
?Metric_ACHIEVEMENT_ACH_POST_SUCCESS@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_ACHIEVEMENT_COMPARISON_VIEW@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_ACHIEVEMENT_GRANT_DETECTED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_ACHIEVEMENT_SHARE_ACHIEVEMENT_DISMISSED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACHIEVEMENT_SHARE_ACHIEVEMENT_SHOW@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACHIEVEMENT_WC_POST_FAIL@EbisuTelemetryAPI@@QAEXPBD00H0@Z
?Metric_ACHIEVEMENT_WIDGET_PAGE_VIEW@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_ACHIEVEMENT_WIDGET_PURCHASE_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACTIVATION_CODE_REDEEM_ERROR@EbisuTelemetryAPI@@QAEXH@Z
?Metric_ACTIVATION_CODE_REDEEM_SUCCESS@EbisuTelemetryAPI@@QAEXXZ
?Metric_ACTIVATION_FAQ_PAGE_REQUEST@EbisuTelemetryAPI@@QAEXXZ
?Metric_ACTIVATION_REDEEM_PAGE_ERROR@EbisuTelemetryAPI@@QAEXHH@Z
?Metric_ACTIVATION_REDEEM_PAGE_REQUEST@EbisuTelemetryAPI@@QAEXXZ
?Metric_ACTIVATION_REDEEM_PAGE_SUCCESS@EbisuTelemetryAPI@@QAEXXZ
?Metric_ACTIVATION_WINDOW_CLOSE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ACTIVE_TIMER_END@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_ACTIVE_TIMER_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_ALTLAUNCHER_SESSION_FAIL@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_APP_ADDITIONAL_CLIENT_LOG@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_APP_CMD@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_APP_CONFIG@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_APP_CONNECTION_LOST@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_DYNAMIC_URL_LOAD@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_APP_END@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_ESCALATION_ERROR@EbisuTelemetryAPI@@QAEXPBDHH00@Z
?Metric_APP_ESCALATION_SUCCESS@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_APP_INSTALL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_APP_MAC_ESCALATION_DENIED@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_MCID@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_MOTD_CLOSE@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_MOTD_SHOW@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_APP_POWER_MODE@EbisuTelemetryAPI@@QAEXW4PowerModeEnum@1@@Z
?Metric_APP_PREMATURE_TERMINATION@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_SESSION_ID@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_APP_SETTINGS@EbisuTelemetryAPI@@QAEX_N000@Z
?Metric_APP_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_APP_UNINSTALL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_AUTHENTICATION_LOST@EbisuTelemetryAPI@@QAEXHHPBD@Z
?Metric_AUTOPATCH_CONFIGVERSION_DIPVERSION_DONTMATCH@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_AUTOPATCH_DOWNLOAD_SKIP@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_AUTOPATCH_DOWNLOAD_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_AUTOREPAIR_DOWNLOAD_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_AUTOREPAIR_NEEDS_REPAIR@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_AUTOREPAIR_TASK_ACCEPTED@EbisuTelemetryAPI@@QAEXXZ
?Metric_AUTOREPAIR_TASK_DECLINED@EbisuTelemetryAPI@@QAEXXZ
?Metric_BROADCAST_ACCOUNT_LINKED@EbisuTelemetryAPI@@QAEXG@Z
?Metric_BROADCAST_JOINED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_BROADCAST_STREAM_ERROR@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_BROADCAST_STREAM_START@EbisuTelemetryAPI@@QAEXPBD0_KG0@Z
?Metric_BROADCAST_STREAM_STOP@EbisuTelemetryAPI@@QAEXPBD0_KIII@Z
?Metric_BUG_REPORT@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_CAPTCHA_FAIL@EbisuTelemetryAPI@@QAEXXZ
?Metric_CAPTCHA_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_CATALOG_DEFINTION_CDN_LOOKUP_STATS@EbisuTelemetryAPI@@QAEXIIII@Z
?Metric_CATALOG_DEFINTION_LOOKUP_ERROR@EbisuTelemetryAPI@@QAEXPBDHH_N@Z
?Metric_CATALOG_DEFINTION_PARSE_ERROR@EbisuTelemetryAPI@@QAEXPBD0_N1H@Z
?Metric_CHATROOM_CREATE_GROUP@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_DEACTIVATED@EbisuTelemetryAPI@@QAEXPBD0H0@Z
?Metric_CHATROOM_DELETE_GROUP@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_DELETE_GROUP_FAILED@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_ENTER_ROOM@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_CHATROOM_ENTER_ROOM_FAIL@EbisuTelemetryAPI@@QAEXPBD0H@Z
?Metric_CHATROOM_EXIT_ROOM@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_CHATROOM_GROUP_COUNT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_CHATROOM_GROUP_WAS_DELETED@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_INVITE_ACCEPTED@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_INVITE_DECLINED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CHATROOM_INVITE_RECEIVED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CHATROOM_INVITE_SENT@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_CHATROOM_KICKED_FROM_GROUP@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHATROOM_LEAVE_GROUP@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_CHAT_SESSION_END@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_CHAT_SESSION_START@EbisuTelemetryAPI@@QAEX_N_K@Z
?Metric_CLOUD_ACTION_GAME_NEW_CONTENT_DOWNLOADED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_ACTION_OBJECT_DELETION@EbisuTelemetryAPI@@QAEXPBDI@Z
?Metric_CLOUD_AUTOMATIC_RECOVERY_SUCCESS@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_AUTOMATIC_SAVE_SUCCESS@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_ERROR_PULL_FAILED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_ERROR_PUSH_FAILED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_ERROR_SYNC_LOCKING_UNSUCCESFUL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_MANUAL_RECOVERY@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_MIGRATION_SUCCESS@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CLOUD_PUSH_MONITORING@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_CLOUD_WARNING_SPACE_CLOUD_LOW@EbisuTelemetryAPI@@QAEXPBDI@Z
?Metric_CLOUD_WARNING_SPACE_CLOUD_MAX_CAPACITY@EbisuTelemetryAPI@@QAEXPBDI@Z
?Metric_CLOUD_WARNING_SYNC_CONFLICT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_CONTENTSALES_PURCHASE@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_CONTENTSALES_VIEW_IN_STORE@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_CUSTOMIZE_BOXART_APPLY@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_CUSTOMIZE_BOXART_CANCEL@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_CUSTOMIZE_BOXART_START@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_DEVMODE_ACTIVATE_ERROR@EbisuTelemetryAPI@@QAEXPBD0I@Z
?Metric_DEVMODE_ACTIVATE_SUCCESS@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_DEVMODE_DEACTIVATE_ERROR@EbisuTelemetryAPI@@QAEXPBD0I@Z
?Metric_DEVMODE_DEACTIVATE_SUCCESS@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_DIRTYBITS_MESSAGE_COUNTER@EbisuTelemetryAPI@@QAEXPBD0000000000@Z
?Metric_DIRTYBITS_NETWORK_CONNECTED@EbisuTelemetryAPI@@QAEXXZ
?Metric_DIRTYBITS_NETWORK_DISCONNECTED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_DIRTYBITS_NETWORK_SUDDEN_DISCONNECTION@EbisuTelemetryAPI@@QAEX_J@Z
?Metric_DIRTYBITS_RETRIES_CAPPED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_DL_CANCEL@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_DL_CONNECTION_STATS@EbisuTelemetryAPI@@QAEXPBD000_K11G@Z
?Metric_DL_CONTENT_LENGTH@EbisuTelemetryAPI@@QAEXPBD000000@Z
?Metric_DL_CRC_FAILURE@EbisuTelemetryAPI@@QAEXPBD0IIIII@Z
?Metric_DL_DATA_ERROR@EbisuTelemetryAPI@@QAEXPBD000I@Z
?Metric_DL_DIP3_CANCELED@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_DL_DIP3_ERROR@EbisuTelemetryAPI@@QAEXPBDII0@Z
?Metric_DL_DIP3_PREPARE@EbisuTelemetryAPI@@QAEXPBDI@Z
?Metric_DL_DIP3_SUCCESS@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_DL_DIP3_SUMMARY@EbisuTelemetryAPI@@QAEXPBDIII_K111111@Z
?Metric_DL_ELAPSEDTIME_TO_READYTOPLAY@EbisuTelemetryAPI@@QAEXPBD_K_N222@Z
?Metric_DL_ERROR@EbisuTelemetryAPI@@QAEXPBD00HH0I_N@Z
?Metric_DL_ERRORBOX@EbisuTelemetryAPI@@QAEXPBDHH@Z
?Metric_DL_ERROR_PREALLOCATE@EbisuTelemetryAPI@@QAEXPBD00II@Z
?Metric_DL_ERROR_VENDOR_IP@EbisuTelemetryAPI@@QAEXPBD0HH@Z
?Metric_DL_IMMEDIATE_ERROR@EbisuTelemetryAPI@@QAEXPBD000I@Z
?Metric_DL_OPTI_DATA@EbisuTelemetryAPI@@QAEXPBD0000I0FFII@Z
?Metric_DL_PAUSE@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_DL_POPULATE_ERROR@EbisuTelemetryAPI@@QAEXPBD0H0I@Z
?Metric_DL_PROXY_DETECTED@EbisuTelemetryAPI@@QAEXXZ
?Metric_DL_REDOWNLOAD@EbisuTelemetryAPI@@QAEXPBD00HII@Z
?Metric_DL_START@EbisuTelemetryAPI@@QAEXPBD00000_K00_N22@Z
?Metric_DL_SUCCESS@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_DYNAMICDOWNLOAD_GAMELAUNCH@EbisuTelemetryAPI@@QAEXPBD00_K11@Z
?Metric_EMAIL_VERIFICATION_DISMISSED@EbisuTelemetryAPI@@QAEXXZ
?Metric_EMAIL_VERIFICATION_STARTS_BANNER@EbisuTelemetryAPI@@QAEXXZ
?Metric_EMAIL_VERIFICATION_STARTS_CLIENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_ENTITLEMENTS_NONE_GOTO_STORE@EbisuTelemetryAPI@@QAEXW4EntitlementNoneEnum@1@@Z
?Metric_ENTITLEMENT_CATALOG_MASTERTITLE_UPDATE_DETECTED@EbisuTelemetryAPI@@QAEXPBD_K@Z
?Metric_ENTITLEMENT_CATALOG_OFFER_UPDATE_DETECTED@EbisuTelemetryAPI@@QAEXPBD_K@Z
?Metric_ENTITLEMENT_CATALOG_UPDATE_DBIT_PARSE_ERROR@EbisuTelemetryAPI@@QAEXXZ
?Metric_ENTITLEMENT_DIRTYBIT_NOTIFICATION@EbisuTelemetryAPI@@QAEXXZ
?Metric_ENTITLEMENT_DIRTYBIT_REFRESH@EbisuTelemetryAPI@@QAEXXZ
?Metric_ENTITLEMENT_EXTRACONTENT_REFRESH_COMPLETED@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_ENTITLEMENT_EXTRACONTENT_REFRESH_ERROR@EbisuTelemetryAPI@@QAEXPBDHHH@Z
?Metric_ENTITLEMENT_FAVORITE@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_ENTITLEMENT_FREE_TRIAL_ERROR@EbisuTelemetryAPI@@QAEXHH@Z
?Metric_ENTITLEMENT_GAME_COUNT_LOGIN@EbisuTelemetryAPI@@QAEXHH@Z
?Metric_ENTITLEMENT_GAME_COUNT_LOGOUT@EbisuTelemetryAPI@@QAEXHHHHH@Z
?Metric_ENTITLEMENT_HIDE@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_ENTITLEMENT_OFFER_VERSION_UPDATE_CHECK@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_ENTITLEMENT_OFFER_VERSION_UPDATE_CHECK_COMPLETED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_ENTITLEMENT_OFFER_VERSION_UPDATE_CHECK_TIMEOUT@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_ENTITLEMENT_REFRESH_COMPLETED@EbisuTelemetryAPI@@QAEXIIH@Z
?Metric_ENTITLEMENT_REFRESH_ERROR@EbisuTelemetryAPI@@QAEXHHH@Z
?Metric_ENTITLEMENT_REFRESH_REQUEST_REFUSED@EbisuTelemetryAPI@@QAEXII@Z
?Metric_ENTITLEMENT_RELOAD@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ENTITLEMENT_UNFAVORITE@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_ENTITLEMENT_UNHIDE@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_ERROR_CRASH@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_ERROR_DELETE_FILE@EbisuTelemetryAPI@@QAEXPBD0H@Z
?Metric_ERROR_NOTIFY@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_ERROR_REST@EbisuTelemetryAPI@@QAEXHHHPBD0@Z
?Metric_FEATURE_CALLOUT_DISMISSED@EbisuTelemetryAPI@@QAEXPBD0_N@Z
?Metric_FEATURE_CALLOUT_SERIES_COMPLETE@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_FREETRIAL_PURCHASE@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_FRIEND_BLOCK_ADD_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_BLOCK_REMOVE_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_COUNT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_FRIEND_IMPORT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_INVITE_ACCEPTED@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_FRIEND_INVITE_IGNORED@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_FRIEND_INVITE_SENT@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_FRIEND_REMOVAL_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_REPORT_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_FRIEND_USERNAME_MISSING@EbisuTelemetryAPI@@QAEXH@Z
?Metric_FRIEND_VIEWSOURCE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAMEPROPERTIES_ADDON_BUY_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAMEPROPERTIES_ADDON_DESCR_EXPANDED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAMEPROPERTIES_APPLY_CHANGES@EbisuTelemetryAPI@@QAEX_NPBD110@Z
?Metric_GAMEPROPERTIES_AUTO_DOWNLOAD_EXTRA_CONTENT@EbisuTelemetryAPI@@QAEXPBDAB_N0@Z
?Metric_GAMEPROPERTIES_LANG_CHANGES@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GAMEPROPERTIES_UPDATE_COUNT_LOGOUT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_GAME_ALTLAUNCHER_FAIL@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_GAME_INSTALL_ERROR@EbisuTelemetryAPI@@QAEXPBD0HH@Z
?Metric_GAME_INSTALL_START@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GAME_INSTALL_SUCCESS@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GAME_INVITE_ACCEPTED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_INVITE_DECLINE_RECEIVED@EbisuTelemetryAPI@@QAEXXZ
?Metric_GAME_INVITE_DECLINE_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_GAME_INVITE_SENT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_LAUNCH_CANCELLED@EbisuTelemetryAPI@@QAEXPBDPAD@Z
?Metric_GAME_SESSION_END@EbisuTelemetryAPI@@QAEXPBDH_N0001@Z
?Metric_GAME_SESSION_START@EbisuTelemetryAPI@@QAEXPBD000_N0001@Z
?Metric_GAME_SESSION_UNMONITORED@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_GAME_UNINSTALL_CANCEL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_UNINSTALL_CLICKED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_UNINSTALL_START@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GAME_ZERO_LENGTH_UPDATE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GC_ACCEPTING_CR_INVITE@EbisuTelemetryAPI@@QAEXXZ
?Metric_GC_ACCEPTING_MUC_INVITE@EbisuTelemetryAPI@@QAEXXZ
?Metric_GC_CREATE_BORN_MUC_ROOM@EbisuTelemetryAPI@@QAEXXZ
?Metric_GC_DECLINING_MUC_INVITE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GC_MUC_EXIT@EbisuTelemetryAPI@@QAEXHHH@Z
?Metric_GC_MUC_UPGRADE_AUTO_ACCEPT@EbisuTelemetryAPI@@QAEXXZ
?Metric_GC_MUC_UPGRADE_INITIATING@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_GC_RECEIVE_MUC_INVITE@EbisuTelemetryAPI@@QAEXXZ
?Metric_GREYMARKET_BYPASS_FILTER@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_GREYMARKET_LANGUAGE_LIST@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GREYMARKET_LANGUAGE_SELECTION@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_GREYMARKET_LANGUAGE_SELECTION_BYPASS@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_GREYMARKET_LANGUAGE_SELECTION_ERROR@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_GUI_DETAILS_UPDATE_CLICKED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GUI_MYGAMESDETAILSPAGEVIEW@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GUI_MYGAMES_CLOUD_STORAGE_TAB_VIEW@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GUI_MYGAMES_HTTP_ERROR@EbisuTelemetryAPI@@QAEXHHHPBD@Z
?Metric_GUI_MYGAMES_MANUAL_LINK_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_GUI_MYGAMES_PLAY_SOURCE@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_GUI_MYGAMEVIEWSTATEEXIT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_GUI_MYGAMEVIEWSTATETOGGLE@EbisuTelemetryAPI@@QAEXH@Z
?Metric_GUI_SETTINGS_VIEW@EbisuTelemetryAPI@@QAEXW4GUISettingsViewEnum@1@@Z
?Metric_GUI_TAB_VIEW@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_HELP_ORIGIN_ER@EbisuTelemetryAPI@@QAEXXZ
?Metric_HELP_ORIGIN_FORUM@EbisuTelemetryAPI@@QAEXXZ
?Metric_HELP_ORIGIN_HELP@EbisuTelemetryAPI@@QAEXXZ
?Metric_HELP_WHATS_NEW@EbisuTelemetryAPI@@QAEXXZ
?Metric_HOME_NAVIGATE_URL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_ACHIEVEMENTS_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_BUYNOW_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_BUY_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_DETAILS_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_DOWNLOAD_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HOVERCARD_UPDATE_CLICK@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_HW_CPU@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_DISPLAY@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_HDD@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_MEM@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_MICROPHONE@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_ODD@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_OS@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_RESOLUTION@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_VIDEO@EbisuTelemetryAPI@@QAEXXZ
?Metric_HW_WEBCAM@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_ADDTAB@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_CLOSETAB@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_END@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_MAPP@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_IGO_BROWSER_PAGELOAD@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_BROWSER_URLSHORTCUT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_IGO_HOOKING_BEGIN@EbisuTelemetryAPI@@QAEXPBD_JI_N@Z
?Metric_IGO_HOOKING_END@EbisuTelemetryAPI@@QAEXPBD_JI@Z
?Metric_IGO_HOOKING_FAIL@EbisuTelemetryAPI@@QAEXPBD_JI000@Z
?Metric_IGO_HOOKING_INFO@EbisuTelemetryAPI@@QAEXPBD_JI000@Z
?Metric_IGO_INJECTION_FAIL@EbisuTelemetryAPI@@QAEXPBD_N1@Z
?Metric_IGO_OVERLAY_3RDPARTY_DLL@EbisuTelemetryAPI@@QAEX_N0PBD@Z
?Metric_IGO_OVERLAY_END@EbisuTelemetryAPI@@QAEXXZ
?Metric_IGO_OVERLAY_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_INVALID_SETTINGS_PATH_CHAR@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ITE_CLIENT_CANCELLED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ITE_CLIENT_FAILED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ITE_CLIENT_RUNNING@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_ITE_CLIENT_SUCCESS@EbisuTelemetryAPI@@QAEXXZ
?Metric_JUMPLIST_ACTION@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_LOCALHOST_AUTH_SSO_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_LOCALHOST_SECURITY_FAILURE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_LOCALHOST_SERVER_DISABLED@EbisuTelemetryAPI@@QAEXXZ
?Metric_LOCALHOST_SERVER_START@EbisuTelemetryAPI@@QAEXII@Z
?Metric_LOCALHOST_SERVER_STOP@EbisuTelemetryAPI@@QAEXXZ
?Metric_LOGIN_COOKIE_LOAD@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_LOGIN_COOKIE_SAVE@EbisuTelemetryAPI@@QAEXPBD00II@Z
?Metric_LOGIN_FAIL@EbisuTelemetryAPI@@QAEXPBD00H0II00@Z
?Metric_LOGIN_FAVORITES@EbisuTelemetryAPI@@QAEXH@Z
?Metric_LOGIN_HIDDEN@EbisuTelemetryAPI@@QAEXH@Z
?Metric_LOGIN_INVISIBLE@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_LOGIN_OEM@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_LOGIN_OK@EbisuTelemetryAPI@@QAEX_N0PBD0@Z
?Metric_LOGIN_START@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_LOGIN_UNKNOWN@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_LOGOUT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_MANUALPATCH_DOWNLOAD_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_METRIC_FOOTPRINT_INFO_STORE@EbisuTelemetryAPI@@QAEXII@Z
?Metric_NETWORK_SSL_ERROR@EbisuTelemetryAPI@@QAEXPBDI000@Z
?Metric_NET_PROMOTER_GAME_SCORE@EbisuTelemetryAPI@@QAEXPBD000_N@Z
?Metric_NET_PROMOTER_SCORE@EbisuTelemetryAPI@@QAEXPBD00_N@Z
?Metric_NET_PROMOTER_SUBS_SCORE@EbisuTelemetryAPI@@QAEXPBD00_N@Z
?Metric_NON_ORIGIN_GAME_ADD@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NON_ORIGIN_GAME_COUNT_LOGIN@EbisuTelemetryAPI@@QAEXH@Z
?Metric_NON_ORIGIN_GAME_COUNT_LOGOUT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_NON_ORIGIN_GAME_ID_LOGIN@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NON_ORIGIN_GAME_ID_LOGOUT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NUX_CANCEL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NUX_EMAILDUPLICATE@EbisuTelemetryAPI@@QAEXXZ
?Metric_NUX_END@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NUX_OEM@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_NUX_PROFILE@EbisuTelemetryAPI@@QAEX_N0000@Z
?Metric_NUX_START@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_ODT_APPLY_CHANGES@EbisuTelemetryAPI@@QAEXXZ
?Metric_ODT_BUTTON_PRESSED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ODT_LAUNCH@EbisuTelemetryAPI@@QAEXXZ
?Metric_ODT_NAVIGATE_URL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ODT_OVERRIDE_MODIFIED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_ODT_RESTART_CLIENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_ODT_TELEMETRY_VIEWER_CLOSED@EbisuTelemetryAPI@@QAEXXZ
?Metric_ODT_TELEMETRY_VIEWER_OPENED@EbisuTelemetryAPI@@QAEXXZ
?Metric_OER_ERROR@EbisuTelemetryAPI@@QAEXXZ
?Metric_OER_LAUNCHED@EbisuTelemetryAPI@@QAEX_N@Z
?Metric_OER_REPORT_SENT@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_ORIGIN_SDK_UNFILTERED_ENTITLEMENTS_REQUEST@EbisuTelemetryAPI@@QAEXPAD0@Z
?Metric_ORIGIN_SDK_VERSION_CONNECTED@EbisuTelemetryAPI@@QAEXPAD0@Z
?Metric_OTH_BANNER_LOADED@EbisuTelemetryAPI@@QAEXXZ
?Metric_PASSWORD_RESET@EbisuTelemetryAPI@@QAEXXZ
?Metric_PASSWORD_SENT@EbisuTelemetryAPI@@QAEXXZ
?Metric_PERFORMANCE_TIMER_CLEAR@EbisuTelemetryAPI@@QAEXW4PerformanceTimerEnum@1@@Z
?Metric_PERFORMANCE_TIMER_END@EbisuTelemetryAPI@@QAEXW4PerformanceTimerEnum@1@II@Z
?Metric_PERFORMANCE_TIMER_START@EbisuTelemetryAPI@@QAEXW4PerformanceTimerEnum@1@_K@Z
?Metric_PERFORMANCE_TIMER_STOP@EbisuTelemetryAPI@@QAEXW4PerformanceTimerEnum@1@@Z
?Metric_PINNED_WIDGETS_COUNT@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_PINNED_WIDGETS_HOTKEY_TOGGLED@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_PINNED_WIDGETS_STATE_CHANGED@EbisuTelemetryAPI@@QAEXPBDGGG@Z
?Metric_PLUGIN_LOAD_FAILED@EbisuTelemetryAPI@@QAEXPBD00HH@Z
?Metric_PLUGIN_LOAD_SUCCESS@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_PLUGIN_OPERATION@EbisuTelemetryAPI@@QAEXPBD000H@Z
?Metric_PRIVACY_CANCEL@EbisuTelemetryAPI@@QAEXXZ
?Metric_PRIVACY_END@EbisuTelemetryAPI@@QAEXXZ
?Metric_PRIVACY_SETTINGS@EbisuTelemetryAPI@@QAEXXZ
?Metric_PRIVACY_START@EbisuTelemetryAPI@@QAEXXZ
?Metric_PROMOMANAGER_END@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_PROMOMANAGER_MANUAL_OPEN@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_PROMOMANAGER_MANUAL_RESULT@EbisuTelemetryAPI@@QAEXIPBD00@Z
?Metric_PROMOMANAGER_MANUAL_VIEW_IN_STORE@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_PROMOMANAGER_START@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_QUEUE_CALLOUT_SHOWN@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_QUEUE_ENTITLMENT_COUNT@EbisuTelemetryAPI@@QAEXH@Z
?Metric_QUEUE_GUI_HTTP_ERROR@EbisuTelemetryAPI@@QAEXHHHPBD@Z
?Metric_QUEUE_HEAD_BUSY_WARNING_SHOWN@EbisuTelemetryAPI@@QAEXPBD000@Z
?Metric_QUEUE_ITEM_REMOVED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_QUEUE_ORDER_CHANGED@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_QUEUE_WINDOW_OPENED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_QUIETMODE_ENABLED@EbisuTelemetryAPI@@QAEX_N00@Z
?Metric_REPAIRINSTALL_FILES_STATS@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_REPAIRINSTALL_REPLACECANCELED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_REPLACINGFILES@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_REPLACINGFILESCOMPLETED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_REQUESTED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_VERIFYCANCELED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_REPAIRINSTALL_VERIFYFILESCOMPLETED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SECURITY_QUESTION_CANCEL@EbisuTelemetryAPI@@QAEXXZ
?Metric_SECURITY_QUESTION_SET@EbisuTelemetryAPI@@QAEXXZ
?Metric_SECURITY_QUESTION_SHOW@EbisuTelemetryAPI@@QAEXXZ
?Metric_SELFPATCH_DECLINED@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_DL_FINISHED@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_DL_START@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_FOUND@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_LAUNCHED@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_OFFLINE_MODE@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_SIGNATURE_INVALID_HASH@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SELFPATCH_SIGNATURE_UNTRUSTED_SIGNER@EbisuTelemetryAPI@@QAEXPBDGG@Z
?Metric_SETTINGS@EbisuTelemetryAPI@@QAEX_N000000W4DefaultTabSetting@1@W4IGOEnableSetting@1@@Z
?Metric_SETTINGS_FILE_FIX_RESULT@EbisuTelemetryAPI@@QAEXW4SettingFixResult@1@IIIPBD@Z
?Metric_SETTINGS_PROP_READ_ERROR@EbisuTelemetryAPI@@QAEXXZ
?Metric_SETTINGS_SYNC_FAILED@EbisuTelemetryAPI@@QAEXPBD0IIII00@Z
?Metric_SINGLE_LOGIN_FIRST_USER_LOGGING_OUT@EbisuTelemetryAPI@@QAEXXZ
?Metric_SINGLE_LOGIN_GO_OFFLINE_ACTION@EbisuTelemetryAPI@@QAEXXZ
?Metric_SINGLE_LOGIN_GO_ONLINE_ACTION@EbisuTelemetryAPI@@QAEXXZ
?Metric_SINGLE_LOGIN_SECOND_USER_LOGGING_IN@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SONAR_CLIENT_CONNECTED@EbisuTelemetryAPI@@QAEXPBD0CFF0FI0@Z
?Metric_SONAR_CLIENT_DISCONNECTED@EbisuTelemetryAPI@@QAEXPBD00IIIIIIIIIIIIIHHHHIIIIIIIIIIIIIIIII0HH@Z
?Metric_SONAR_CLIENT_STATS@EbisuTelemetryAPI@@QAEXPBDIIIIIIIIIII@Z
?Metric_SONAR_ERROR@EbisuTelemetryAPI@@QAEXPBD0I@Z
?Metric_SONAR_MESSAGE@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_SONAR_STAT@EbisuTelemetryAPI@@QAEXPBD0I@Z
?Metric_SSO_FLOW_ERROR@EbisuTelemetryAPI@@QAEXPBD0HI0@Z
?Metric_SSO_FLOW_INFO@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SSO_FLOW_RESULT@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_SSO_FLOW_START@EbisuTelemetryAPI@@QAEXPBD00I@Z
?Metric_STORE_LOAD_STATUS@EbisuTelemetryAPI@@QAEXPBDII@Z
?Metric_STORE_NAVIGATE_OTH@EbisuTelemetryAPI@@QAEXW4OnTheHouseEnum@1@@Z
?Metric_STORE_NAVIGATE_URL@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SUBSCRIPTION_ENT_REMOVED@EbisuTelemetryAPI@@QAEXPBD_N0@Z
?Metric_SUBSCRIPTION_ENT_REMOVE_START@EbisuTelemetryAPI@@QAEXPBD0_N0@Z
?Metric_SUBSCRIPTION_ENT_UPGRADED@EbisuTelemetryAPI@@QAEXPBD00_N0@Z
?Metric_SUBSCRIPTION_FAQ_PAGE_REQUEST@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_SUBSCRIPTION_INFO@EbisuTelemetryAPI@@QAEXHPBD0@Z
?Metric_SUBSCRIPTION_UPSELL@EbisuTelemetryAPI@@QAEXPBD_N@Z
?Metric_SUBSCRIPTION_USER_GOES_ONLINE@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_TRIAL_BURNTIME_CALLED@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_TRIAL_BURNTIME_FAILED@EbisuTelemetryAPI@@QAEXPBDH00@Z
?Metric_TRIAL_BURNTIME_GRANTED@EbisuTelemetryAPI@@QAEXPBD0HH@Z
?Metric_TRIAL_BURNTIME_NOTENTITLED@EbisuTelemetryAPI@@QAEXPBD0@Z
?Metric_TRIAL_CHECKTIME_CALLED@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_TRIAL_CHECKTIME_FAILED@EbisuTelemetryAPI@@QAEXPBDH00@Z
?Metric_TRIAL_CHECKTIME_SUCCEEDED@EbisuTelemetryAPI@@QAEXPBDH@Z
?Metric_USER_PRESENCE_SET@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_USER_PROFILE_VIEW@EbisuTelemetryAPI@@QAEXPBD00@Z
?Metric_USER_PROFILE_VIEWGAMESOURCE@EbisuTelemetryAPI@@QAEXPBD@Z
?Metric_VC_CHANNEL_ERROR@EbisuTelemetryAPI@@QAEXPBD0H@Z
?Metric_WEBWIDGET_DL_ERROR@EbisuTelemetryAPI@@QAEXPADH@Z
?Metric_WEBWIDGET_DL_START@EbisuTelemetryAPI@@QAEXPAD@Z
?Metric_WEBWIDGET_DL_SUCCESS@EbisuTelemetryAPI@@QAEXPADI@Z
?Metric_WEBWIDGET_LOADED@EbisuTelemetryAPI@@QAEXPAD0@Z
?Metric_WEB_APPLICATION_CACHE_CLEAR@EbisuTelemetryAPI@@QAEXXZ
?Metric_WEB_APPLICATION_CACHE_DOWNLOAD@EbisuTelemetryAPI@@QAEXXZ
?RUNNING_TIMER_CLEAR@EbisuTelemetryAPI@@QAEXXZ
?RUNNING_TIMER_START@EbisuTelemetryAPI@@QAEX_K@Z
?SetBootstrapVersion@EbisuTelemetryAPI@@QAEXPBD@Z
?SetGameLaunchSource@EbisuTelemetryAPI@@QAEXW4LaunchSource@1@@Z
?SetIsFreeToPlayITO@EbisuTelemetryAPI@@QAEX_N@Z
?SetLocale@EbisuTelemetryAPI@@QAEXPBD@Z
?UpdateDownloadSession@EbisuTelemetryAPI@@QAEXPBD_K1@Z
?init@OriginTelemetry@@YAXPBD@Z
?release@OriginTelemetry@@YAXXZ
?setAlternateSoftwareIDLaunch@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@0@Z
?setCountriesBlacklist@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@@Z
?setHooksBlacklist@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@@Z
?setSDKStartGameLaunch@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@0@Z
?setTelemetryServer@EbisuTelemetryAPI@@QAEXABV?$basic_string@DVallocator@eastl@@@eastl@@@Z
CleanUserConfigDir
DoPendingDownloadsExist
FindProcess
GetCurrentCachePath
GetCurrentLocale
GetLockingProcessList
GrabDBGPrivilege
GrantEveryoneAccessToFile
IsUpdate
IsUserInCanada
KillProcess
MigrateCacheAndSettings
RelativizeManifestPaths
RunProcess
ShowProgressWindow

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 455KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd0641e21b10edfc0a54866bde1ee66c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4e:e1:c2:d9:3b:3c:fb:bd:84:50:10:8a:58:a6:4f:76Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

81:36:bf:a3:cd:ce:46:78:77:69:b9:ed:64:08:e4:92:43:9c:bc:28Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 133KB

.ndata Size: - Virtual size: 108KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 3KB - Virtual size: 2KB

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

bd0641e21b10edfc0a54866bde1ee66c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4e:e1:c2:d9:3b:3c:fb:bd:84:50:10:8a:58:a6:4f:76Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

74:ae:2a:b7:6f:7d:cc:0c:b9:13:d2:73:5f:19:b3:73:38:22:4a:cfSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4e:e1:c2:d9:3b:3c:fb:bd:84:50:10:8a:58:a6:4f:76
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

81:36:bf:a3:cd:ce:46:78:77:69:b9:ed:64:08:e4:92:43:9c:bc:28
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 133KB

.ndata
Size: - Virtual size: 108KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4e:e1:c2:d9:3b:3c:fb:bd:84:50:10:8a:58:a6:4f:76
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

74:ae:2a:b7:6f:7d:cc:0c:b9:13:d2:73:5f:19:b3:73:38:22:4a:cf
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 133KB

.ndata
Size: - Virtual size: 244KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 1024B - Virtual size: 942B

.rdata
Size: 512B - Virtual size: 482B

.data
Size: - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 194B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 1024B - Virtual size: 686B

.rdata
Size: 1024B - Virtual size: 753B

.data
Size: 512B - Virtual size: 48B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 8KB