d:\dbs\sh\odct\0523_182848\client\onedrive\Product\StandaloneUpdater\exe\obj\i386\OneDriveStandaloneUpdater.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a658afd818e12f61c24672636857e116f16cc45be81d75595f42ab6a3fe04912.exe
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
a658afd818e12f61c24672636857e116f16cc45be81d75595f42ab6a3fe04912.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
a658afd818e12f61c24672636857e116f16cc45be81d75595f42ab6a3fe04912
-
Size
2.4MB
-
MD5
a12958b5ad03707ff2fb61937cdd9230
-
SHA1
992a05d7cd0fae25e744f2e5b498dfb48463e286
-
SHA256
a658afd818e12f61c24672636857e116f16cc45be81d75595f42ab6a3fe04912
-
SHA512
8a21b06ccea1a384d4e52b9feea067bd48ffc231bd0393dace6142987fd39a9fa8e27718385cfefd447c9ea6b54e1b351a9403d5d14dff85f21c7fd9fbb53ddf
-
SSDEEP
49152:9/H5uYWZ9lOsCEuHf5XvC8Ld/rZE671y3fX2irjCCD1ljA9zT1J6LvUeExh5Fmw:lWZ9lOVxvC8JIfmi+B
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a658afd818e12f61c24672636857e116f16cc45be81d75595f42ab6a3fe04912
Files
-
a658afd818e12f61c24672636857e116f16cc45be81d75595f42ab6a3fe04912.exe windows:6 windows x86 arch:x86
02a97b060fbfc3611ee366f02af6c93b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
Process32NextW
GetTickCount64
FindFirstFileW
FindNextFileW
FindClose
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
GetCurrentThread
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
OpenProcess
GetStringTypeW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
GetProductInfo
VerifyVersionInfoW
VerSetConditionMask
LoadLibraryExW
MoveFileExW
IsWow64Process
ExpandEnvironmentStringsW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
GetFileSize
CreateFileW
LocalFree
LocalAlloc
OpenMutexW
FileTimeToSystemTime
FileTimeToLocalFileTime
Sleep
ReleaseMutex
CreateMutexW
GetCommandLineW
GetModuleHandleExW
FreeLibrary
GetEnvironmentVariableW
WaitForSingleObject
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
DecodePointer
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CloseHandle
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
GetLongPathNameW
CompareStringOrdinal
GetDiskFreeSpaceExW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
ReadDirectoryChangesW
CreateIoCompletionPort
OpenFileById
GetFinalPathNameByHandleW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
GetModuleHandleA
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
ReadConsoleW
GetCurrentDirectoryW
VirtualAlloc
ReadProcessMemory
FreeLibraryAndExitThread
ExitThread
CreateThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
LoadLibraryExA
VirtualQuery
VirtualProtect
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
RaiseException
SetStdHandle
CompareFileTime
DeleteFileW
GetSystemTime
MapViewOfFile
CreateDirectoryW
GetFullPathNameW
GetTempFileNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
CopyFileW
SystemTimeToFileTime
LockFileEx
UnlockFileEx
GetFileSizeEx
ReadFile
DeviceIoControl
LoadLibraryW
WerRegisterFile
WerUnregisterFile
WaitForMultipleObjects
QueueUserWorkItem
SwitchToThread
GlobalMemoryStatusEx
GetSystemPowerStatus
GetVersionExW
GetNativeSystemInfo
GetTickCount
FormatMessageA
CreateFileMappingA
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileA
LoadLibraryA
CreateFileA
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
GetFileAttributesW
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
InitOnceExecuteOnce
DuplicateHandle
GetExitCodeThread
QueryPerformanceFrequency
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
MoveFileW
GetUserDefaultLocaleName
GetComputerNameW
GetExitCodeProcess
oleaut32
VariantInit
VariantClear
SysAllocStringLen
SysFreeString
LoadTypeLi
LoadRegTypeLi
VariantChangeType
SysAllocString
GetRecordInfoFromTypeInfo
crypt32
CertVerifyCertificateChainPolicy
CryptStringToBinaryW
CryptBinaryToStringW
shlwapi
StrStrIW
SHCreateStreamOnFileEx
SHGetValueW
SHCreateStreamOnFileW
PathIsPrefixW
SHRegGetBoolUSValueW
SHDeleteValueW
SHDeleteKeyW
PathIsRelativeW
PathFindFileNameW
SHSetValueW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsW
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
wininet
HttpOpenRequestA
InternetGetConnectedState
InternetCheckConnectionW
InternetCloseHandle
InternetSetStatusCallbackA
InternetSetOptionW
InternetQueryDataAvailable
InternetReadFile
HttpSendRequestA
HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpAddRequestHeadersA
userenv
GetProfileType
CreateEnvironmentBlock
advapi32
EventRegister
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegNotifyChangeKeyValue
CryptDestroyKey
CryptSetHashParam
CryptImportKey
RegSetKeyValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteTreeW
EventWriteTransfer
EventUnregister
RegDeleteKeyExW
RegDeleteValueW
FreeSid
GetAclInformation
StartServiceW
QueryServiceConfigW
CreateWellKnownSid
ControlService
QueryServiceStatusEx
RegEnumValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
LookupAccountNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetUserNameW
RegOpenKeyExW
RegCreateKeyTransactedW
RegEnumKeyW
RegLoadKeyW
RegUnLoadKeyW
CreateServiceW
ChangeServiceConfigW
ChangeServiceConfig2W
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
DuplicateTokenEx
CreateProcessAsUserW
AllocateAndInitializeSid
DeleteService
OpenProcessToken
ConvertSidToStringSidW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
GetTokenInformation
RegGetValueW
shell32
CommandLineToArgvW
SHCreateDirectoryExW
ShellExecuteExW
SHGetKnownFolderPath
SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathAndSubDirW
SHLoadNonloadedIconOverlayIdentifiers
ord526
SHGetFolderPathW
SHChangeNotify
ole32
CoCreateInstance
CoTaskMemAlloc
CLSIDFromString
CoSetProxyBlanket
StringFromGUID2
CoCreateGuid
CoUninitialize
CoTaskMemFree
CoInitializeEx
wintrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrustEx
wtsapi32
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
ktmw32
CreateTransaction
CommitTransaction
RollbackTransaction
psapi
GetModuleFileNameExW
rpcrt4
RpcServerUseProtseqW
RpcBindingVectorFree
RpcEpUnregister
RpcServerUnregisterIf
RpcServerRegisterIfEx
RpcBindingFree
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
UuidToStringW
RpcEpRegisterW
RpcStringFreeW
RpcServerInqCallAttributesW
RpcServerInqBindings
secur32
GetUserNameExW
urlmon
URLOpenStreamW
ws2_32
htonl
bind
setsockopt
listen
closesocket
htons
WSAStartup
accept
send
WSAGetLastError
socket
iphlpapi
GetAdaptersInfo
Exports
Exports
??0EventProperties@Telemetry@Applications@Microsoft@@QAE@ABV0123@@Z
??0EventProperties@Telemetry@Applications@Microsoft@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0EventProperties@Telemetry@Applications@Microsoft@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@@std@@@2@@5@@Z
??0EventProperties@Telemetry@Applications@Microsoft@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@@std@@@5@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@$$QAU0123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@ABU0123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@CW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@EW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@FW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@GW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@HW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@IW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@JW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@NW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@PBDW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@UGUID_t@123@W4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@Utime_ticks_t@123@W4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@XZ
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@_JW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@_KW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QAE@_NW4PiiKind@123@@Z
??0GUID_t@Telemetry@Applications@Microsoft@@QAE@ABU0123@@Z
??0GUID_t@Telemetry@Applications@Microsoft@@QAE@HHHABV?$initializer_list@E@std@@@Z
??0GUID_t@Telemetry@Applications@Microsoft@@QAE@PBD@Z
??0GUID_t@Telemetry@Applications@Microsoft@@QAE@QBE_N@Z
??0GUID_t@Telemetry@Applications@Microsoft@@QAE@U_GUID@@@Z
??0GUID_t@Telemetry@Applications@Microsoft@@QAE@XZ
??0ILogger@Telemetry@Applications@Microsoft@@QAE@$$QAV0123@@Z
??0ILogger@Telemetry@Applications@Microsoft@@QAE@ABV0123@@Z
??0ILogger@Telemetry@Applications@Microsoft@@QAE@XZ
??0LogConfiguration@Telemetry@Applications@Microsoft@@QAE@$$QAU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QAE@ABU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QAE@XZ
??0time_ticks_t@Telemetry@Applications@Microsoft@@QAE@ABU0123@@Z
??0time_ticks_t@Telemetry@Applications@Microsoft@@QAE@PB_J@Z
??0time_ticks_t@Telemetry@Applications@Microsoft@@QAE@XZ
??0time_ticks_t@Telemetry@Applications@Microsoft@@QAE@_K@Z
??1EventProperties@Telemetry@Applications@Microsoft@@UAE@XZ
??1EventProperty@Telemetry@Applications@Microsoft@@UAE@XZ
??1LogConfiguration@Telemetry@Applications@Microsoft@@UAE@XZ
??1LogManager@Telemetry@Applications@Microsoft@@MAE@XZ
??4EventProperties@Telemetry@Applications@Microsoft@@QAEAAV0123@ABV0123@@Z
??4EventProperties@Telemetry@Applications@Microsoft@@QAEAAV0123@ABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@@std@@@2@@std@@@Z
??4EventProperties@Telemetry@Applications@Microsoft@@QAEAAV0123@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@@std@@@std@@@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@ABU0123@@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@C@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@E@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@F@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@G@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@H@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@I@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@J@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@N@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@PBD@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@UGUID_t@123@@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@Utime_ticks_t@123@@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@_J@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@_K@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QAEAAU0123@_N@Z
??4GUID_t@Telemetry@Applications@Microsoft@@QAEAAU0123@ABU0123@@Z
??4ILogger@Telemetry@Applications@Microsoft@@QAEAAV0123@$$QAV0123@@Z
??4ILogger@Telemetry@Applications@Microsoft@@QAEAAV0123@ABV0123@@Z
??4LogConfiguration@Telemetry@Applications@Microsoft@@QAAAAU0123@ABU0123@@Z
??4time_ticks_t@Telemetry@Applications@Microsoft@@QAEAAU0123@ABU0123@@Z
??YEventProperties@Telemetry@Applications@Microsoft@@QAEAAV0123@ABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@@std@@@2@@std@@@Z
??_7EventProperties@Telemetry@Applications@Microsoft@@6B@
??_7EventProperty@Telemetry@Applications@Microsoft@@6B@
??_7ILogger@Telemetry@Applications@Microsoft@@6B@
??_7LogConfiguration@Telemetry@Applications@Microsoft@@6B@
??_7LogManager@Telemetry@Applications@Microsoft@@6B@
?AddEventListener@LogManager@Telemetry@Applications@Microsoft@@SAXW4DebugEventType@234@AAVDebugEventListener@234@@Z
?DispatchEvent@LogManager@Telemetry@Applications@Microsoft@@SA_NAAVDebugEvent@234@@Z
?DispatchEvent@LogManager@Telemetry@Applications@Microsoft@@SA_NW4DebugEventType@234@@Z
?Flush@LogManager@Telemetry@Applications@Microsoft@@SAXXZ
?FlushAndTeardown@LogManager@Telemetry@Applications@Microsoft@@SAXXZ
?GetLogger@LogManager@Telemetry@Applications@Microsoft@@SAPAVILogger@234@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?GetLogger@LogManager@Telemetry@Applications@Microsoft@@SAPAVILogger@234@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetLogger@LogManager@Telemetry@Applications@Microsoft@@SAPAVILogger@234@XZ
?GetName@EventProperties@Telemetry@Applications@Microsoft@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetPiiProperties@EventProperties@Telemetry@Applications@Microsoft@@QBEABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Telemetry@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Telemetry@Applications@Microsoft@@@2@@std@@@2@@std@@XZ
?GetPolicyBitFlags@EventProperties@Telemetry@Applications@Microsoft@@QBE_KXZ
?GetPriority@EventProperties@Telemetry@Applications@Microsoft@@QBE?AW4EventPriority@234@XZ
?GetProperties@EventProperties@Telemetry@Applications@Microsoft@@QBEABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@@std@@@2@@std@@XZ
?GetProperties@LogConfiguration@Telemetry@Applications@Microsoft@@QBAXAAV?$map@PBDPBDU?$less@PBD@std@@V?$allocator@U?$pair@QBDPBD@std@@@2@@std@@@Z
?GetProperty@LogConfiguration@Telemetry@Applications@Microsoft@@QBAPBDPBD@Z
?GetSemanticContext@LogManager@Telemetry@Applications@Microsoft@@SAPAVISemanticContext@234@XZ
?GetTimestamp@EventProperties@Telemetry@Applications@Microsoft@@QBE_JXZ
?GetTransmitProfileName@LogManager@Telemetry@Applications@Microsoft@@SAPBDW4TransmitProfile@234@@Z
?GetType@EventProperties@Telemetry@Applications@Microsoft@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Initialize@LogManager@Telemetry@Applications@Microsoft@@SAPAVILogger@234@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Initialize@LogManager@Telemetry@Applications@Microsoft@@SAPAVILogger@234@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABULogConfiguration@234@@Z
?LoadTransmitProfiles@LogManager@Telemetry@Applications@Microsoft@@SA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?PauseTransmission@LogManager@Telemetry@Applications@Microsoft@@SAXXZ
?RemoveEventListener@LogManager@Telemetry@Applications@Microsoft@@SAXW4DebugEventType@234@AAVDebugEventListener@234@@Z
?ResetTransmitProfiles@LogManager@Telemetry@Applications@Microsoft@@SAXXZ
?ResumeTransmission@LogManager@Telemetry@Applications@Microsoft@@SAXXZ
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CW4PiiKind@234@@Z
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EW4PiiKind@234@@Z
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@FW4PiiKind@234@@Z
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GW4PiiKind@234@@Z
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HW4PiiKind@234@@Z
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IW4PiiKind@234@@Z
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@FW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Utime_ticks_t@234@W4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NW4PiiKind@234@@Z
?SetName@EventProperties@Telemetry@Applications@Microsoft@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetPolicyBitFlags@EventProperties@Telemetry@Applications@Microsoft@@QAEX_K@Z
?SetPriority@EventProperties@Telemetry@Applications@Microsoft@@QAEXW4EventPriority@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@FW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Utime_ticks_t@234@W4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V56@W4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NW4PiiKind@234@@Z
?SetProperty@LogConfiguration@Telemetry@Applications@Microsoft@@QAAXPBD0@Z
?SetTimestamp@EventProperties@Telemetry@Applications@Microsoft@@QAEX_J@Z
?SetTransmitProfile@LogManager@Telemetry@Applications@Microsoft@@SAXW4TransmitProfile@234@@Z
?SetTransmitProfile@LogManager@Telemetry@Applications@Microsoft@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetType@EventProperties@Telemetry@Applications@Microsoft@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?UploadNow@LogManager@Telemetry@Applications@Microsoft@@SAXXZ
?checkup@LogManager@Telemetry@Applications@Microsoft@@KAXXZ
?clear@EventProperty@Telemetry@Applications@Microsoft@@QAEXXZ
?empty@EventProperty@Telemetry@Applications@Microsoft@@QAE_NXZ
?to_bytes@GUID_t@Telemetry@Applications@Microsoft@@QAEXAAY0BA@E@Z
?to_string@EventProperty@Telemetry@Applications@Microsoft@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?type_name@EventProperty@Telemetry@Applications@Microsoft@@SAPBDI@Z
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 519KB - Virtual size: 519KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 82KB - Virtual size: 95KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didat Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 96KB - Virtual size: 95KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ