Manalyze report for f11635da44c833dc920c26bbd38e339f695abe5ac3ba0f42dbf6f4e7f4e198ed

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2037-Jun-18 20:15:49
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
Debug artifacts	D:\dbs\sh\odct\0905_112315_0\client\onedrive\Product\StandaloneUpdater\exe\obj\amd64\OneDriveStandaloneUpdater.pdb
CompanyName	Microsoft Corporation
FileDescription	Standalone Updater
InternalName	OneDriveStandaloneUpdater.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	OneDriveStandaloneUpdater.exe
ProductName	Microsoft OneDrive
FileVersion	`24.166.0818.0003`
ProductVersion	`24.166.0818.0003`
SpecialBuild	b/build/84e690d0-e12e-e41c-50fb-a841e09085a1

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Tries to detect virtualized environments: SYSTEM\CurrentControlSet\Control\SystemInformation` `May have dropper capabilities: CurrentVersion\Run` `Miscellaneous malware strings: cmd.exe` `References the BITS service` Contains domain names: clients.config.office.net config.office.net config.teams.microsoft.com data.microsoft.com dc.services.visualstudio.com ecs.office.com events.data.microsoft.com fpc.msedge.net g.live.com go.microsoft.com http://schemas.microsoft.com http://schemas.microsoft.com/windows/2004/02/mit/task http://www.microsoft.com https://clients.config.office.net https://clients.config.office.net/collector/v1.0/inventoryodb https://clients.config.office.net/user/v1.0/tenantassociationkey https://config.teams.microsoft.com https://config.teams.microsoft.com/config/v1/ODSP_Sync_Client/ https://dc.services.visualstudio.com https://dc.services.visualstudio.com/v2/track https://ecs.office.com https://ecs.office.com/config/v1/ODSP_Sync_Client/ https://g.live.com https://g.live.com/1rewlive5skydrive/BootstrapperEnterprise https://g.live.com/1rewlive5skydrive/BootstrapperInsiders https://g.live.com/1rewlive5skydrive/BootstrapperMsitFast https://g.live.com/1rewlive5skydrive/BootstrapperMsitSlow https://g.live.com/1rewlive5skydrive/BootstrapperProduction https://g.live.com/1rewlive5skydrive/MsitFastV2 https://g.live.com/1rewlive5skydrive/MsitSlowV2 https://g.live.com/1rewlive5skydrive/ODSUEnterpriseV2 https://g.live.com/1rewlive5skydrive/ODSUInsiderV2 https://g.live.com/1rewlive5skydrive/ODSUMsitFastV2 https://g.live.com/1rewlive5skydrive/ODSUMsitSlowV2 https://g.live.com/1rewlive5skydrive/ODSUProductionV2 https://g.live.com/1rewlive5skydrive/OneDriveEnterpriseV2 https://g.live.com/1rewlive5skydrive/OneDriveInsiderV2 https://g.live.com/1rewlive5skydrive/OneDriveProductionV2 https://g.live.com/odclientsettings/EnterpriseV2 https://g.live.com/odclientsettings/InsidersV2 https://g.live.com/odclientsettings/MsitFastV2 https://g.live.com/odclientsettings/MsitSlowV2 https://g.live.com/odclientsettings/ProdV2 https://go.microsoft.com https://go.microsoft.com/fwlink/?linkid https://officeclient.microsoft.com https://officeclient.microsoft.com/config16Processed?&lcid https://oneclient.sfx.ms https://self.events.data.microsoft.com https://self.events.data.microsoft.com/OneCollector/1.0/ microsoft.com msedge.net office.com office.net officeapps.live.com officeclient.microsoft.com roaming.officeapps.live.com schemas.microsoft.com self.events.data.microsoft.com services.visualstudio.com teams.microsoft.com visualstudio.com www.microsoft.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryExA LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Can access the registry: SHRegGetValueW SHRegGetPathW SHGetValueA SHGetValueW SHRegGetUSValueW SHDeleteKeyW SHRegGetBoolUSValueW RegOpenKeyExW RegQueryValueExW RegCloseKey RegCreateKeyExW RegSetValueExW RegGetValueA RegDeleteValueW RegEnumKeyExW RegEnumValueW RegQueryInfoKeyW RegSetKeyValueW RegGetValueW RegCreateKeyTransactedW RegDeleteKeyExW RegEnumKeyW RegLoadKeyW RegUnLoadKeyW` `Possibly launches other programs: CreateProcessW CreateProcessAsUserW CreateProcessWithTokenW` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptReleaseContext CryptGetHashParam CryptCreateHash CryptHashData CryptDestroyHash CryptDestroyKey CryptSetHashParam CryptImportKey CryptStringToBinaryW CryptBinaryToStringW` `Can create temporary files: CreateFileW GetTempPathA CreateFileA GetTempPathW` `Has Internet access capabilities: WinHttpConnect WinHttpCrackUrl WinHttpGetIEProxyConfigForCurrentUser WinHttpGetProxyForUrl WinHttpSetCredentials WinHttpSetOption WinHttpQueryHeaders WinHttpReceiveResponse WinHttpSendRequest WinHttpOpen WinHttpQueryDataAvailable WinHttpReadData WinHttpOpenRequest WinHttpCloseHandle URLOpenStreamW InternetCloseHandle InternetSetStatusCallbackW InternetReadFile InternetQueryOptionW InternetOpenW InternetCrackUrlA InternetConnectA InternetCheckConnectionW` `Leverages the raw socket API to access the Internet: listen closesocket htonl htons socket WSAStartup WSAGetLastError bind send accept setsockopt` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges DuplicateTokenEx` `Interacts with services: QueryServiceStatusEx QueryServiceStatus QueryServiceConfigW OpenServiceW OpenSCManagerW DeleteService CreateServiceW ControlService ChangeServiceConfigW` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: Process32NextW OpenProcess Process32FirstW ReadProcessMemory` `Changes object ACLs: SetFileSecurityW SetNamedSecurityInfoW`
Info	The PE is digitally signed.	`Signer: Microsoft Corporation` `Issuer: Microsoft Code Signing PCA 2010`
Safe	VirusTotal score: 0/74 (Scanned on 2024-09-06 08:15:53)	`All the AVs think this file is safe.`

Hashes

MD5	`765aeaca7be76f6873b94e253b56e30c`
SHA1	`0bc2f818846f4b630e80f27d9492764fa3bce40f`
SHA256	`f11635da44c833dc920c26bbd38e339f695abe5ac3ba0f42dbf6f4e7f4e198ed`
SHA3	`78a1877cad8272b8a3cf38157b1abac5ca1a23a8d32ae919a2f8398067d306b3`
SSDeep	`49152:6Lrn8Kc9iwH/lou7pVWGCOz8NGWpMHhA8y7U8Ck6eR7+vcT2yXbXPDRZ+Tdvn6fD:A8h9FHZsUkn++Lbf0vnKD`
Imports Hash	`9a2d5440b063e8676db8dfe74df09534`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2037-Jun-18 20:15:49
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2de800`
SizeOfInitializedData	`0x128a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000036380 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x40d000`
SizeOfHeaders	`0x400`
Checksum	`0x40f86f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1ef8332b584b5e80d2b0570e0a3c529e`
SHA1	`632b2e83a832a23fee595c27cabf90e8ac3ab48b`
SHA256	`c5de11ddf05f832af61a1a31772d5f983ddb9929b441d3c86117d33de3035048`
SHA3	`447c7a690bfe2cafbf6e14d7ebb30978bf06ccf6389642ea7a808d91ab187f14`
VirtualSize	`0x2de73c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2de800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.27054`

.rdata

MD5	`a7d010f9def4375298f7f80a09ad4c65`
SHA1	`bbbb3f1fe6e7017fc0b415d7f9be9eb43142cd78`
SHA256	`1f19bcaf0e156951cc17e4370ce12ac48f8954ea6ff20b9c1da680ad7393904a`
SHA3	`265246a7b73eed2d51c5d49d7c4951e60a30e51dd6fbae14293f7d4850729091`
VirtualSize	`0xe228a`
VirtualAddress	`0x2e0000`
SizeOfRawData	`0xe2400`
PointerToRawData	`0x2dec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.96833`

.data

MD5	`e9732a26e3849e052f0a525dc3371eaf`
SHA1	`5a83556cd046c43a733a81c641fc193b4a3e44bd`
SHA256	`dd533e719b573810172557663bd788654f57bc9d7aec83aa5150124f3fdbe2cc`
SHA3	`ed7eab613d54cf6d921a852533f0644ca30782038a58090bd684a6f1e728a7be`
VirtualSize	`0x234e4`
VirtualAddress	`0x3c3000`
SizeOfRawData	`0x1d400`
PointerToRawData	`0x3c1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.92809`

.pdata

MD5	`26c0bcf55c11d903d9da0cf88e6311c0`
SHA1	`f352d475da8d9c725f19a4f783250be48b7fae5b`
SHA256	`e5405758f691b144183b2a45df7dfe5ad53e1bcf3e09d5916e5e8abad9e8b3b2`
SHA3	`c952522f0465e300364c459f26ced752a15a34e0844f5b5f7b4062c2cd37a6ec`
VirtualSize	`0x1cd28`
VirtualAddress	`0x3e7000`
SizeOfRawData	`0x1ce00`
PointerToRawData	`0x3de400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.29159`

.didat

MD5	`3bd5269c58e5777a989b49e029ac67f8`
SHA1	`9d974a0085ebf65279a2876a74dd65948f60c681`
SHA256	`5c0d1ced6c31040f75d4722c9e6c32dc16d5cfd8b64809cf34fa59018fc91d0c`
SHA3	`9ea38388e06f33d298ccd3371bfc3ab4064b7651f02aa9c58b2e08c735ac16fa`
VirtualSize	`0x48`
VirtualAddress	`0x404000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3fb200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.576687`

_RDATA

MD5	`c2953a82164d9be2d307829f9269308b`
SHA1	`09dddff479bdc80f329715578ac1d692814ad72d`
SHA256	`0c7ff8c0ddf4fc9056ec0ad691d54e08b174e30975b245e48028e93b18624ae6`
SHA3	`ab2f316099c451047e9f2d4db4b3b5a28f1916e94cb4897e27dade736c62a59f`
VirtualSize	`0x15c`
VirtualAddress	`0x405000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3fb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.31323`

.rsrc

MD5	`09262f8875c4b351b9566634ecd73390`
SHA1	`a6b1c1d93ff03adbe3dfc6732d56df9bab21feb6`
SHA256	`f39f29e3df987b924628badb527b371c9cc81a1758d14a5668600b8a5dc331f0`
SHA3	`fd867c2faeffb0ac5e06209667297be6124bf38fc3e4fd3896b99789ddd66b80`
VirtualSize	`0xb60`
VirtualAddress	`0x406000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x3fb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.64189`

.reloc

MD5	`0871c9f9d191b305eab789a93272c1cf`
SHA1	`76dcaa314e2c7cd9e569506d2a48fca6ffa617c4`
SHA256	`d37291998aad1428a407aeddd465c87f7b32758f1d9bbe5a9da280dd0a4b0b94`
SHA3	`db9a6f296e8b193f66fa8e9f53195752157b0e3093000755f7aa3fe2f6f7ca34`
VirtualSize	`0x50b0`
VirtualAddress	`0x407000`
SizeOfRawData	`0x5200`
PointerToRawData	`0x3fc200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44184`

Imports

KERNEL32.dll	`ExitProcess` `GetModuleFileNameW` `GetStdHandle` `WriteFile` `FindFirstFileExW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetFileType` `SetStdHandle` `GetStringTypeW` `GetTimeZoneInformation` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `GetFileSizeEx` `SetFilePointerEx` `ReadFile` `ReadConsoleW` `CreateFileW` `WriteConsoleW` `LoadLibraryExW` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `EncodePointer` `SetLastError` `InterlockedPushEntrySList` `RtlUnwindEx` `RtlPcToFileHeader` `CompareFileTime` `FindClose` `FindNextFileW` `FindFirstFileW` `GetFileAttributesExW` `RemoveDirectoryW` `Process32NextW` `OpenProcess` `Process32FirstW` `CreateToolhelp32Snapshot` `LocalFree` `OpenMutexW` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `IsWow64Process` `GetTickCount64` `GetVolumePathNameW` `Sleep` `GetCommandLineW` `GetModuleHandleExW` `FreeLibrary` `GetEnvironmentVariableW` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `TerminateProcess` `GetCurrentProcess` `IsProcessorFeaturePresent` `GetStartupInfoW` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetProcAddress` `GetModuleHandleW` `CreateEventW` `WaitForSingleObjectEx` `ResetEvent` `SetEvent` `InitializeCriticalSectionAndSpinCount` `CloseHandle` `LeaveCriticalSection` `EnterCriticalSection` `RaiseException` `OutputDebugStringW` `IsDebuggerPresent` `SystemTimeToTzSpecificLocalTime` `PeekNamedPipe` `GetDriveTypeW` `FreeLibraryAndExitThread` `DeleteCriticalSection` `InitializeCriticalSectionEx` `GetProcessHeap` `HeapSize` `HeapFree` `HeapReAlloc` `HeapAlloc` `HeapDestroy` `ResumeThread` `ExitThread` `CreateThread` `RtlUnwind` `LoadLibraryExA` `VirtualQuery` `VirtualProtect` `InitializeCriticalSection` `HeapCreate` `GetDiskFreeSpaceW` `LockFile` `GetFullPathNameA` `UnmapViewOfFile` `HeapValidate` `GetTempPathA` `FormatMessageW` `GetDiskFreeSpaceA` `GetFileAttributesA` `FlushViewOfFile` `CreateFileA` `LoadLibraryA` `DeleteFileA` `GetSystemInfo` `HeapCompact` `UnlockFile` `CreateFileMappingW` `MapViewOfFile` `GetSystemPowerStatus` `GetModuleFileNameA` `OutputDebugStringA` `CompareStringEx` `LCMapStringEx` `InitOnceExecuteOnce` `CreateHardLinkW` `AreFileApisANSI` `SetEndOfFile` `GetCurrentDirectoryW` `GetLocaleInfoEx` `AcquireSRWLockShared` `ReleaseSRWLockShared` `SleepConditionVariableSRW` `SleepConditionVariableCS` `WakeAllConditionVariable` `WakeConditionVariable` `InitializeConditionVariable` `GetNativeSystemInfo` `GetExitCodeThread` `SwitchToThread` `TryEnterCriticalSection` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `InitializeSRWLock` `FormatMessageA` `QueryPerformanceFrequency` `GetDllDirectoryW` `CreateEventExW` `GetLastError` `DecodePointer` `DeleteFileW` `GetSystemTime` `LocalAlloc` `CreateDirectoryW` `GetFullPathNameW` `GetTempFileNameW` `SetFileTime` `GetTempPathW` `CopyFileW` `MoveFileExW` `SystemTimeToFileTime` `LockFileEx` `UnlockFileEx` `DeviceIoControl` `LoadLibraryW` `WerRegisterFile` `WerUnregisterFile` `GetTickCount` `K32GetModuleFileNameExW` `WaitForSingleObject` `WaitForMultipleObjects` `QueueUserWorkItem` `CreateMutexW` `GetVersionExW` `MoveFileW` `LCIDToLocaleName` `GetUserGeoID` `GetUserDefaultLocaleName` `GetComputerNameW` `ReleaseMutex` `FindFirstVolumeW` `FindNextVolumeW` `FindVolumeClose` `GetDiskFreeSpaceExW` `GetFileAttributesW` `GetFileInformationByHandle` `GetFileSize` `GetFinalPathNameByHandleW` `GetLongPathNameW` `SetFileAttributesW` `SetFileInformationByHandle` `SetFilePointer` `GetCompressedFileSizeW` `FindFirstFileNameW` `SetHandleInformation` `CreatePipe` `CreateIoCompletionPort` `GetQueuedCompletionStatus` `PostQueuedCompletionStatus` `GlobalAlloc` `GlobalUnlock` `GlobalLock` `GlobalFree` `ReadDirectoryChangesW` `CreateSymbolicLinkW` `CompareStringOrdinal` `GetPrivateProfileStringW` `WritePrivateProfileStringW` `SetDllDirectoryW` `ReplaceFileW` `RegisterApplicationRestart` `GetFileInformationByHandleEx` `OpenFileById` `GetProcessTimes` `GetExitCodeProcess` `CreateProcessW` `SetProcessShutdownParameters` `GetSystemTimes` `SetThreadInformation` `GetProductInfo` `VerifyVersionInfoW` `ReadProcessMemory` `ExpandEnvironmentStringsW` `WaitForMultipleObjectsEx`
USER32.dll	`TranslateMessage` `DispatchMessageW` `RegisterPowerSettingNotification` `UnregisterPowerSettingNotification` `RegisterClassW` `CreateWindowExW` `DestroyWindow` `ShowWindow` `OpenClipboard` `CloseClipboard` `SetClipboardData` `GetMessageW` `SendMessageTimeoutW` `PeekMessageW` `PostQuitMessage` `MsgWaitForMultipleObjectsEx` `SetCursor` `LoadCursorW` `PostThreadMessageW` `GetWindowThreadProcessId` `GetClassNameW` `EnumWindows` `PostMessageW` `RegisterClipboardFormatW` `SystemParametersInfoW`
OLEAUT32.dll	`SetErrorInfo` `GetErrorInfo` `GetRecordInfoFromTypeInfo` `LoadRegTypeLib` `LoadTypeLib` `VarBstrCmp` `VariantChangeType` `VariantClear` `VariantInit` `SysAllocStringByteLen` `SysStringByteLen` `SysStringLen` `SysAllocStringLen` `SysAllocString` `SysFreeString`
ntdll.dll	`RtlLookupFunctionEntry` `RtlCaptureContext` `VerSetConditionMask` `RtlVirtualUnwind`
SHLWAPI.dll	`PathIsDirectoryW` `SHSetValueW` `SHRegGetValueW` `SHRegGetPathW` `PathRemoveFileSpecW` `AssocQueryStringW` `StrStrIW` `PathIsPrefixW` `#219` `PathFileExistsW` `SHCreateStreamOnFileEx` `PathIsRelativeW` `PathFindFileNameW` `PathStripPathW` `SHCreateStreamOnFileW` `SHGetValueA` `SHGetValueW` `SHRegGetUSValueW` `PathIsDirectoryEmptyW` `SHDeleteKeyW` `SHRegGetBoolUSValueW` `SHDeleteValueW`
VERSION.dll	`VerQueryValueW` `GetFileVersionInfoSizeW` `GetFileVersionInfoW`
USERENV.dll	`GetProfileType` `GetDefaultUserProfileDirectoryW` `CreateEnvironmentBlock`
ADVAPI32.dll	`OpenProcessToken` `EventUnregister` `EventWriteTransfer` `GetUserNameW` `RegOpenKeyExW` `RegQueryValueExW` `RegCloseKey` `RegCreateKeyExW` `RegSetValueExW` `GetTokenInformation` `RegGetValueA` `CreateProcessAsUserW` `CreateProcessWithTokenW` `SetFileSecurityW` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `GetNamedSecurityInfoW` `StartServiceW` `StartServiceCtrlDispatcherW` `SetServiceStatus` `RegisterServiceCtrlHandlerW` `QueryServiceStatusEx` `QueryServiceStatus` `QueryServiceConfigW` `OpenServiceW` `OpenSCManagerW` `DeleteService` `CreateServiceW` `ControlService` `CryptAcquireContextW` `CryptReleaseContext` `CryptGetHashParam` `CryptCreateHash` `CryptHashData` `CryptDestroyHash` `AdjustTokenPrivileges` `AllocateAndInitializeSid` `FreeSid` `LookupPrivilegeValueW` `SetEntriesInAclW` `SetNamedSecurityInfoW` `ImpersonateLoggedOnUser` `RevertToSelf` `RegDeleteValueW` `RegEnumKeyExW` `RegEnumValueW` `RegQueryInfoKeyW` `RegSetKeyValueW` `RegGetValueW` `LookupAccountNameW` `CryptDestroyKey` `CryptSetHashParam` `CryptImportKey` `CreateWellKnownSid` `DuplicateTokenEx` `GetAclInformation` `RegCreateKeyTransactedW` `RegDeleteKeyExW` `RegEnumKeyW` `RegLoadKeyW` `RegUnLoadKeyW` `RegDeleteTreeW` `ChangeServiceConfigW` `ChangeServiceConfig2W` `CloseServiceHandle` `ConvertSidToStringSidW` `EventRegister`
SHELL32.dll	`ShellExecuteExW` `SHGetFolderPathAndSubDirW` `SHCreateDirectoryExW` `SHGetSpecialFolderPathW` `CommandLineToArgvW` `SHCreateItemFromParsingName` `SHParseDisplayName` `SHChangeNotify` `SHFileOperationW` `SHLoadNonloadedIconOverlayIdentifiers` `SHGetKnownFolderPath` `SHGetFolderPathW` `SHSetKnownFolderPath` `SHAssocEnumHandlers` `#526`
ole32.dll	`CoSetProxyBlanket` `CreateBindCtx` `CoWaitForMultipleHandles` `CoInitialize` `CLSIDFromString` `StringFromCLSID` `CoTaskMemAlloc` `StringFromGUID2` `CoCreateInstance` `CoInitializeEx` `CoUninitialize` `CoCreateGuid` `CreateItemMoniker` `GetRunningObjectTable` `CoTaskMemFree` `CoCreateFreeThreadedMarshaler`
WINHTTP.dll	`WinHttpConnect` `WinHttpCrackUrl` `WinHttpGetIEProxyConfigForCurrentUser` `WinHttpGetProxyForUrl` `WinHttpSetCredentials` `WinHttpSetOption` `WinHttpQueryHeaders` `WinHttpReceiveResponse` `WinHttpSendRequest` `WinHttpOpen` `WinHttpQueryDataAvailable` `WinHttpReadData` `WinHttpOpenRequest` `WinHttpCloseHandle`
RstrtMgr.DLL	`RmRegisterResources` `RmGetList` `RmEndSession` `RmStartSession`
WINTRUST.dll	`WTHelperGetProvSignerFromChain` `WTHelperProvDataFromStateData` `WinVerifyTrustEx`
WTSAPI32.dll	`WTSQueryUserToken` `WTSEnumerateSessionsW` `WTSFreeMemory` `WTSQuerySessionInformationW`
bcrypt.dll	`BCryptGenerateSymmetricKey` `BCryptCloseAlgorithmProvider` `BCryptEncrypt` `BCryptGenRandom` `BCryptSetProperty` `BCryptDestroyKey` `BCryptOpenAlgorithmProvider`
CRYPT32.dll	`CertVerifyCertificateChainPolicy` `CertFindExtension` `CryptStringToBinaryW` `CryptBinaryToStringW` `CertFreeCertificateChain`
RPCRT4.dll	`RpcBindingSetAuthInfoExW` `RpcStringFreeW` `UuidToStringW` `RpcExceptionFilter` `RpcBindingFree` `RpcBindingFromStringBindingW` `RpcBindingVectorFree` `RpcEpRegisterW` `RpcStringBindingComposeW` `RpcEpUnregister` `RpcServerInqCallAttributesW` `RpcServerInqBindings` `RpcServerRegisterIfEx` `RpcServerUnregisterIf` `RpcServerUseProtseqW`
Secur32.dll	`GetUserNameExW`
urlmon.dll	`URLOpenStreamW`
WININET.dll	`InternetCloseHandle` `InternetSetStatusCallbackW` `HttpOpenRequestA` `HttpAddRequestHeadersA` `InternetReadFile` `HttpSendRequestW` `HttpQueryInfoA` `InternetQueryOptionW` `InternetOpenW` `InternetCrackUrlA` `InternetConnectA` `InternetCheckConnectionW`
WS2_32.dll	`listen` `closesocket` `htonl` `htons` `socket` `WSAStartup` `WSAGetLastError` `bind` `send` `accept` `setsockopt`
IPHLPAPI.DLL	`GetAdaptersInfo`
api-ms-win-core-winrt-string-l1-1-0.dll (delay-loaded)	`WindowsCreateString` `WindowsDeleteString` `WindowsCreateStringReference`

Delayed Imports

Attributes	`0x1`
Name	`api-ms-win-core-winrt-string-l1-1-0.dll`
ModuleHandle	`0x3e6268`
DelayImportAddressTable	`0x404028`
DelayImportNameTable	`0x3b73a0`
BoundDelayImportTable	`0x3b7460`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

?$TSS0@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ@4HA

Ordinal	`1`
Address	`0x3e5800`

??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z

Ordinal	`2`
Address	`0x15ffb0`

??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`3`
Address	`0x15ffb0`

??0DebugEventListener@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z

Ordinal	`4`
Address	`0x15ffc0`

??0DebugEventListener@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`5`
Address	`0x15ffc0`

??0DebugEventSource@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z

Ordinal	`6`
Address	`0x15ffd0`

??0DebugEventSource@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z

Ordinal	`7`
Address	`0x160090`

??0DebugEventSource@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`8`
Address	`0x91d80`

??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z

Ordinal	`9`
Address	`0x167a40`

??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`10`
Address	`0x167a90`

??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@5@@Z

Ordinal	`11`
Address	`0x167ac0`

??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@E@Z

Ordinal	`12`
Address	`0x167b10`

??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@5@@Z

Ordinal	`13`
Address	`0x167c10`

??0EventProperties@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`14`
Address	`0x167c70`

??0EventProperty@Events@Applications@Microsoft@@QEAA@$$QEAU0123@@Z

Ordinal	`15`
Address	`0x16ce00`

??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@NV?$allocator@N@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`16`
Address	`0x16ce50`

??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`17`
Address	`0x16cec0`

??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@W4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`18`
Address	`0x16cf30`

??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@_JV?$allocator@_J@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`19`
Address	`0x16cfa0`

??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z

Ordinal	`20`
Address	`0x16ce00`

??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`21`
Address	`0x16d010`

??0EventProperty@Events@Applications@Microsoft@@QEAA@CW4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`22`
Address	`0x16d090`

??0EventProperty@Events@Applications@Microsoft@@QEAA@EW4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`23`
Address	`0x16d0c0`

??0EventProperty@Events@Applications@Microsoft@@QEAA@FW4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`24`
Address	`0x16d0f0`

??0EventProperty@Events@Applications@Microsoft@@QEAA@GW4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`25`
Address	`0x16d120`

??0EventProperty@Events@Applications@Microsoft@@QEAA@HW4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`26`
Address	`0x16d150`

??0EventProperty@Events@Applications@Microsoft@@QEAA@IW4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`27`
Address	`0x16d180`

??0EventProperty@Events@Applications@Microsoft@@QEAA@JW4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`28`
Address	`0x16d150`

??0EventProperty@Events@Applications@Microsoft@@QEAA@NW4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`29`
Address	`0x16d1b0`

??0EventProperty@Events@Applications@Microsoft@@QEAA@PEBDW4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`30`
Address	`0x16d1e0`

??0EventProperty@Events@Applications@Microsoft@@QEAA@UGUID_t@123@W4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`31`
Address	`0x16d270`

??0EventProperty@Events@Applications@Microsoft@@QEAA@Utime_ticks_t@123@W4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`32`
Address	`0x16d2b0`

??0EventProperty@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`33`
Address	`0x16d2e0`

??0EventProperty@Events@Applications@Microsoft@@QEAA@_JW4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`34`
Address	`0x16d350`

??0EventProperty@Events@Applications@Microsoft@@QEAA@_KW4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`35`
Address	`0x16d350`

??0EventProperty@Events@Applications@Microsoft@@QEAA@_NW4PiiKind@123@W4DataCategory@123@@Z

Ordinal	`36`
Address	`0x16d380`

??0GUID_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z

Ordinal	`37`
Address	`0x16d3a0`

??0GUID_t@Events@Applications@Microsoft@@QEAA@HHHAEBV?$initializer_list@E@std@@@Z

Ordinal	`38`
Address	`0x16d3e0`

??0GUID_t@Events@Applications@Microsoft@@QEAA@PEBD@Z

Ordinal	`39`
Address	`0x16d420`

??0GUID_t@Events@Applications@Microsoft@@QEAA@QEBE_N@Z

Ordinal	`40`
Address	`0x16d500`

??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z

Ordinal	`41`
Address	`0x16d5e0`

??0GUID_t@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`42`
Address	`0x16d650`

??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z

Ordinal	`43`
Address	`0x160100`

??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`44`
Address	`0x160100`

??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z

Ordinal	`45`
Address	`0x160110`

??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z

Ordinal	`46`
Address	`0x1601b0`

??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@std@@@Z

Ordinal	`47`
Address	`0x16a8b0`

??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`48`
Address	`0x91f10`

??0ILogController@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z

Ordinal	`49`
Address	`0x160200`

??0ILogController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z

Ordinal	`50`
Address	`0x160200`

??0ILogController@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`51`
Address	`0x160200`

??0ILogManager@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z

Ordinal	`52`
Address	`0x160210`

??0ILogManager@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`53`
Address	`0x160210`

??0ILogger@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z

Ordinal	`54`
Address	`0x160240`

??0ILogger@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`55`
Address	`0x160240`

??0IModule@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z

Ordinal	`56`
Address	`0x160250`

??0IModule@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`57`
Address	`0x160250`

??0ISemanticContext@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z

Ordinal	`58`
Address	`0x160260`

??0ISemanticContext@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`59`
Address	`0x160260`

??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@$$QEAU0123@@Z

Ordinal	`60`
Address	`0x160270`

??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@AEBU0123@@Z

Ordinal	`61`
Address	`0x160370`

??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ

Ordinal	`62`
Address	`0x160430`

??0time_ticks_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z

Ordinal	`63`
Address	`0x160ea0`

??0time_ticks_t@Events@Applications@Microsoft@@QEAA@PEB_J@Z

Ordinal	`64`
Address	`0x16d660`

??0time_ticks_t@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`65`
Address	`0x16d680`

??0time_ticks_t@Events@Applications@Microsoft@@QEAA@_K@Z

Ordinal	`66`
Address	`0x16d690`

??1DebugEventDispatcher@Events@Applications@Microsoft@@UEAA@XZ

Ordinal	`67`
Address	`0x24d70`

??1DebugEventListener@Events@Applications@Microsoft@@UEAA@XZ

Ordinal	`68`
Address	`0x24d70`

??1DebugEventSource@Events@Applications@Microsoft@@UEAA@XZ

Ordinal	`69`
Address	`0x93240`

??1EventProperties@Events@Applications@Microsoft@@UEAA@XZ

Ordinal	`70`
Address	`0x168030`

??1EventProperty@Events@Applications@Microsoft@@UEAA@XZ

Ordinal	`71`
Address	`0x16d6d0`

??1IAuthTokensController@Events@Applications@Microsoft@@UEAA@XZ

Ordinal	`72`
Address	`0x160820`

??1ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ

Ordinal	`73`
Address	`0xa48b0`

??1ILogManager@Events@Applications@Microsoft@@UEAA@XZ

Ordinal	`74`
Address	`0x160830`

??1ILogger@Events@Applications@Microsoft@@UEAA@XZ

Ordinal	`75`
Address	`0x160860`

??1IModule@Events@Applications@Microsoft@@UEAA@XZ

Ordinal	`76`
Address	`0x24d70`

??1ISemanticContext@Events@Applications@Microsoft@@UEAA@XZ

Ordinal	`77`
Address	`0x160870`

??1LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ

Ordinal	`78`
Address	`0x160880`

??4DebugEventDispatcher@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z

Ordinal	`79`
Address	`0x17420`

??4DebugEventListener@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z

Ordinal	`80`
Address	`0x17420`

??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z

Ordinal	`81`
Address	`0x160b30`

??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z

Ordinal	`82`
Address	`0x160be0`

??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z

Ordinal	`83`
Address	`0x168160`

??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@@Z

Ordinal	`84`
Address	`0x168180`

??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@std@@@Z

Ordinal	`85`
Address	`0x1681c0`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z

Ordinal	`86`
Address	`0x16d6e0`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`87`
Address	`0x16d720`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@NV?$allocator@N@std@@@std@@@Z

Ordinal	`88`
Address	`0x16d7a0`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@std@@@Z

Ordinal	`89`
Address	`0x16d800`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z

Ordinal	`90`
Address	`0x16d860`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@_JV?$allocator@_J@std@@@std@@@Z

Ordinal	`91`
Address	`0x16d8c0`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@C@Z

Ordinal	`92`
Address	`0x16d920`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@E@Z

Ordinal	`93`
Address	`0x16d930`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@F@Z

Ordinal	`94`
Address	`0x16d940`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@G@Z

Ordinal	`95`
Address	`0x16d950`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@H@Z

Ordinal	`96`
Address	`0x16d960`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@I@Z

Ordinal	`97`
Address	`0x16d970`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@J@Z

Ordinal	`98`
Address	`0x16d960`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@N@Z

Ordinal	`99`
Address	`0x16d980`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@PEBD@Z

Ordinal	`100`
Address	`0x16d9b0`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@UGUID_t@123@@Z

Ordinal	`101`
Address	`0x16da10`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@Utime_ticks_t@123@@Z

Ordinal	`102`
Address	`0x16da50`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_J@Z

Ordinal	`103`
Address	`0x16da90`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_K@Z

Ordinal	`104`
Address	`0x16dac0`

??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_N@Z

Ordinal	`105`
Address	`0x16dad0`

??4GUID_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z

Ordinal	`106`
Address	`0x160c70`

??4IAuthTokensController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z

Ordinal	`107`
Address	`0x17420`

??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z

Ordinal	`108`
Address	`0x160c80`

??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z

Ordinal	`109`
Address	`0x160d10`

??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z

Ordinal	`110`
Address	`0x17420`

??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z

Ordinal	`111`
Address	`0x17420`

??4ILogManager@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z

Ordinal	`112`
Address	`0x17420`

??4ILogger@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z

Ordinal	`113`
Address	`0x17420`

??4IModule@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z

Ordinal	`114`
Address	`0x17420`

??4ISemanticContext@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z

Ordinal	`115`
Address	`0x17420`

??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@$$QEAU0123@@Z

Ordinal	`116`
Address	`0x160d80`

??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z

Ordinal	`117`
Address	`0x160e10`

??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z

Ordinal	`118`
Address	`0x17420`

??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z

Ordinal	`119`
Address	`0x17420`

??4time_ticks_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z

Ordinal	`120`
Address	`0x160ea0`

??8EventProperty@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z

Ordinal	`121`
Address	`0x16db00`

??8GUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z

Ordinal	`122`
Address	`0x16e020`

??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z

Ordinal	`123`
Address	`0x16a940`

??DILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@2@@std@@XZ

Ordinal	`124`
Address	`0x17420`

??MGUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z

Ordinal	`125`
Address	`0x16e070`

??YEventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@@Z

Ordinal	`126`
Address	`0x1683a0`

??_7DebugEventDispatcher@Events@Applications@Microsoft@@6B@

Ordinal	`127`
Address	`0x2f51d0`

??_7DebugEventListener@Events@Applications@Microsoft@@6B@

Ordinal	`128`
Address	`0x2f6348`

??_7DebugEventSource@Events@Applications@Microsoft@@6B@

Ordinal	`129`
Address	`0x2f51e8`

??_7EventProperties@Events@Applications@Microsoft@@6B@

Ordinal	`130`
Address	`0x3315b0`

??_7EventProperty@Events@Applications@Microsoft@@6B@

Ordinal	`131`
Address	`0x331cd0`

??_7IAuthTokensController@Events@Applications@Microsoft@@6B@

Ordinal	`132`
Address	`0x330d08`

??_7ILogController@Events@Applications@Microsoft@@6B@

Ordinal	`133`
Address	`0x330d50`

??_7ILogManager@Events@Applications@Microsoft@@6BDebugEventDispatcher@123@@

Ordinal	`134`
Address	`0x330f30`

??_7ILogManager@Events@Applications@Microsoft@@6BIContextProvider@123@@

Ordinal	`135`
Address	`0x330f18`

??_7ILogManager@Events@Applications@Microsoft@@6BILogController@123@@

Ordinal	`136`
Address	`0x330db8`

??_7ILogger@Events@Applications@Microsoft@@6B@

Ordinal	`137`
Address	`0x330bb0`

??_7IModule@Events@Applications@Microsoft@@6B@

Ordinal	`138`
Address	`0x330870`

??_7ISemanticContext@Events@Applications@Microsoft@@6B@

Ordinal	`139`
Address	`0x3308a0`

?AddEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z

Ordinal	`140`
Address	`0x166720`

?AddModule@ILogConfiguration@Events@Applications@Microsoft@@QEAAXPEBDAEBV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@@Z

Ordinal	`141`
Address	`0x16a9f0`

?AttachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z

Ordinal	`142`
Address	`0x1667d0`

?ClearExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXXZ

Ordinal	`143`
Address	`0x24d70`

?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z

Ordinal	`144`
Address	`0x1614f0`

?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBDAEAW4status_t@234@_K@Z

Ordinal	`145`
Address	`0x161500`

?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBD_NAEAVILogConfiguration@234@AEAW4status_t@234@_K@Z

Ordinal	`146`
Address	`0x161510`

?DecrementActiveHydrationsCount@QoS@@YAXXZ

Ordinal	`147`
Address	`0x82430`

?DestroyLogManager@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z

Ordinal	`148`
Address	`0x161620`

?DetachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z

Ordinal	`149`
Address	`0x166870`

?DispatchEvent@DebugEventSource@Events@Applications@Microsoft@@UEAA_NVDebugEvent@234@@Z

Ordinal	`150`
Address	`0x1668f0`

?DispatchEventBroadcast@ILogManager@Events@Applications@Microsoft@@SA_NVDebugEvent@234@@Z

Ordinal	`151`
Address	`0x182c50`

?FromJSON@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@PEBD@Z

Ordinal	`152`
Address	`0x179ed0`

?FromLogConfiguration@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@AEAULogConfiguration@Telemetry@23@@Z

Ordinal	`153`
Address	`0x17a090`

?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z

Ordinal	`154`
Address	`0x16b090`

?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@PEBDAEAW4status_t@234@@Z

Ordinal	`155`
Address	`0x16b0d0`

?GetActiveHydrationsCount@QoS@@YAIXZ

Ordinal	`156`
Address	`0x82440`

?GetApplicationPropertyId@QoS@@YA?AW4Id@PropertyId@TelemetryConstants@@XZ

Ordinal	`157`
Address	`0x82450`

?GetDefaultConfiguration@Events@Applications@Microsoft@@YAAEBVILogConfiguration@123@XZ

Ordinal	`158`
Address	`0x17a480`

?GetErrorType@QoS@@YA?AW4Type@ErrorType@TelemetryConstants@@JI@Z

Ordinal	`159`
Address	`0x82460`

?GetErrorType@QoS@@YA?AW4Type@ErrorType@TelemetryConstants@@JIAEBV?$set@IU?$less@I@std@@V?$allocator@I@2@@std@@@Z

Ordinal	`160`
Address	`0x824d0`

?GetInstance@Telemetry@@CAPEAV1@XZ

Ordinal	`161`
Address	`0x8e9c0`

?GetLatency@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventLatency@234@XZ

Ordinal	`162`
Address	`0x168580`

?GetLogObfuscationKeyManger@@YAJPEAPEAVILogObfuscationKeyManager@@@Z

Ordinal	`163`
Address	`0xa85c0`

?GetLogObfuscatorAes@@YAJPEAPEAVILogObfuscatorAes@@@Z

Ordinal	`164`
Address	`0xa5da0`

?GetModule@ILogConfiguration@Events@Applications@Microsoft@@QEAA?AV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@PEBD@Z

Ordinal	`165`
Address	`0x16aac0`

?GetModules@ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@@std@@@2@@std@@XZ

Ordinal	`166`
Address	`0x16ad10`

?GetName@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

Ordinal	`167`
Address	`0x82c10`

?GetPersistence@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPersistence@234@XZ

Ordinal	`168`
Address	`0x168590`

?GetPiiProperties@EventProperties@Events@Applications@Microsoft@@QEBA?BV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Events@Applications@Microsoft@@@2@@std@@@2@@std@@W4DataCategory@234@@Z

Ordinal	`169`
Address	`0x1685a0`

?GetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEBA_KXZ

Ordinal	`170`
Address	`0x168810`

?GetPopSample@EventProperties@Events@Applications@Microsoft@@QEBANXZ

Ordinal	`171`
Address	`0x168820`

?GetPriority@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPriority@234@XZ

Ordinal	`172`
Address	`0x168580`

?GetProperties@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@W4DataCategory@234@@Z

Ordinal	`173`
Address	`0x168830`

?GetResultType@QoS@@YAPEB_WJI@Z

Ordinal	`174`
Address	`0x825f0`

?GetResultType@QoS@@YAPEB_WW4Type@ErrorType@TelemetryConstants@@@Z

Ordinal	`175`
Address	`0x82610`

?GetTimestamp@EventProperties@Events@Applications@Microsoft@@QEBA_JXZ

Ordinal	`176`
Address	`0x168850`

?GetType@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

Ordinal	`177`
Address	`0x168860`

?HasConfig@ILogConfiguration@Events@Applications@Microsoft@@QEAA_NPEBD@Z

Ordinal	`178`
Address	`0x16ad20`

?Hash@GUID_t@Events@Applications@Microsoft@@QEBA_KXZ

Ordinal	`179`
Address	`0x16e250`

?IncrementActiveHydrationsCount@QoS@@YAXXZ

Ordinal	`180`
Address	`0x82640`

?Initialize@IModule@Events@Applications@Microsoft@@UEAAXPEAVILogManager@234@@Z

Ordinal	`181`
Address	`0x24d70`

?InsertIntoIrmEnabledLibrarySet@QoS@@YAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

Ordinal	`182`
Address	`0x82650`

?IsAnyLibraryIrmEnabled@QoS@@YA_NXZ

Ordinal	`183`
Address	`0x82660`

?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@AEAVILogConfiguration@234@@Z

Ordinal	`184`
Address	`0x16b190`

?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z

Ordinal	`185`
Address	`0x16b1c0`

?RemoveEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z

Ordinal	`186`
Address	`0x166ab0`

?RemoveFromIrmEnabledLibrarySet@QoS@@YAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

Ordinal	`187`
Address	`0x82670`

?SetAppEnv@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`188`
Address	`0x161630`

?SetAppExperimentETag@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`189`
Address	`0x161720`

?SetAppExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`190`
Address	`0x161820`

?SetAppExperimentImpressionId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`191`
Address	`0x161910`

?SetAppId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`192`
Address	`0x161a00`

?SetAppLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`193`
Address	`0x161af0`

?SetAppName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`194`
Address	`0x161be0`

?SetAppVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`195`
Address	`0x161cd0`

?SetApplicationId@QoS@@YAXI@Z

Ordinal	`196`
Address	`0x82680`

?SetCommercialId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`197`
Address	`0x161dc0`

?SetCommonField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBUEventProperty@234@@Z

Ordinal	`198`
Address	`0x24d70`

?SetCustomField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBUEventProperty@234@@Z

Ordinal	`199`
Address	`0x24d70`

?SetDeviceClass@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`200`
Address	`0x161eb0`

?SetDeviceId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`201`
Address	`0x161fa0`

?SetDeviceMake@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`202`
Address	`0x162090`

?SetDeviceModel@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`203`
Address	`0x162180`

?SetDeviceOrgId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`204`
Address	`0x162270`

?SetEventExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z

Ordinal	`205`
Address	`0x24d70`

?SetLatency@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventLatency@234@@Z

Ordinal	`206`
Address	`0x168870`

?SetLevel@EventProperties@Events@Applications@Microsoft@@QEAAXE@Z

Ordinal	`207`
Address	`0x162360`

?SetName@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`208`
Address	`0x168880`

?SetNetworkCost@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkCost@234@@Z

Ordinal	`209`
Address	`0x162420`

?SetNetworkProvider@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`210`
Address	`0x162550`

?SetNetworkType@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkType@234@@Z

Ordinal	`211`
Address	`0x162640`

?SetOsBuild@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`212`
Address	`0x162770`

?SetOsName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`213`
Address	`0x162860`

?SetOsVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`214`
Address	`0x162950`

?SetPersistence@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPersistence@234@@Z

Ordinal	`215`
Address	`0x1689c0`

?SetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEAAX_K@Z

Ordinal	`216`
Address	`0x1689d0`

?SetPopsample@EventProperties@Events@Applications@Microsoft@@QEAAXN@Z

Ordinal	`217`
Address	`0x1689e0`

?SetPriority@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPriority@234@@Z

Ordinal	`218`
Address	`0x1689f0`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`219`
Address	`0x168a30`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@NV?$allocator@N@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`220`
Address	`0x168a80`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`221`
Address	`0x168ad0`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@6@W4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`222`
Address	`0x168b20`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@_JV?$allocator@_J@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`223`
Address	`0x168b70`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CW4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`224`
Address	`0x162a40`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EW4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`225`
Address	`0x162a50`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@FW4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`226`
Address	`0x162a60`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GW4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`227`
Address	`0x162a70`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HW4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`228`
Address	`0x162a80`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IW4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`229`
Address	`0x162a90`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NW4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`230`
Address	`0x168bc0`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBDW4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`231`
Address	`0x168c10`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z

Ordinal	`232`
Address	`0x168c60`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`233`
Address	`0x168d60`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Utime_ticks_t@234@W4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`234`
Address	`0x168db0`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`235`
Address	`0x168e10`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KW4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`236`
Address	`0x162aa0`

?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NW4PiiKind@234@W4DataCategory@234@@Z

Ordinal	`237`
Address	`0x168e60`

?SetTicket@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4TicketType@234@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`238`
Address	`0x24d70`

?SetTimestamp@EventProperties@Events@Applications@Microsoft@@QEAAX_J@Z

Ordinal	`239`
Address	`0x168eb0`

?SetType@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`240`
Address	`0x168ec0`

?SetUserANID@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`241`
Address	`0x162ab0`

?SetUserAdvertisingId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`242`
Address	`0x162ba0`

?SetUserId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@234@@Z

Ordinal	`243`
Address	`0x162c90`

?SetUserLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`244`
Address	`0x162d70`

?SetUserMsaId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`245`
Address	`0x162e60`

?SetUserTimeZone@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Ordinal	`246`
Address	`0x162f50`

?SizeUnknown@QoS@@YAIXZ

Ordinal	`247`
Address	`0x18ea0`

?Teardown@IModule@Events@Applications@Microsoft@@UEAAXXZ

Ordinal	`248`
Address	`0x24d70`

?TryGetLevel@EventProperties@Events@Applications@Microsoft@@QEBA?AV?$tuple@_NE@std@@XZ

Ordinal	`249`
Address	`0x169060`

?clear@EventProperty@Events@Applications@Microsoft@@QEAAXXZ

Ordinal	`250`
Address	`0x16e4a0`

?convertUintVectorToGUID@GUID_t@Events@Applications@Microsoft@@SA?AU_GUID@@AEBV?$vector@EV?$allocator@E@std@@@std@@@Z

Ordinal	`251`
Address	`0x16e550`

?copydata@EventProperty@Events@Applications@Microsoft@@AEAAXPEBU1234@@Z

Ordinal	`252`
Address	`0x16e5b0`

?empty@EventProperty@Events@Applications@Microsoft@@QEAA_NXZ

Ordinal	`253`
Address	`0x16e740`

?erase@EventProperties@Events@Applications@Microsoft@@QEAA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4DataCategory@234@@Z

Ordinal	`254`
Address	`0x169440`

?lock@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ@4V67@A

Ordinal	`255`
Address	`0x3e57b0`

?pack@EventProperties@Events@Applications@Microsoft@@QEAAPEAUevt_prop@@XZ

Ordinal	`256`
Address	`0x169460`

?stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ

Ordinal	`257`
Address	`0x165aa0`

?to_bytes@GUID_t@Events@Applications@Microsoft@@QEBAXAEAY0BA@E@Z

Ordinal	`258`
Address	`0x16e860`

?to_string@EventProperty@Events@Applications@Microsoft@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

Ordinal	`259`
Address	`0x16e8b0`

?to_string@GUID_t@Events@Applications@Microsoft@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

Ordinal	`260`
Address	`0x16f160`

?type_name@EventProperty@Events@Applications@Microsoft@@SAPEBDI@Z

Ordinal	`261`
Address	`0x16f180`

?unpack@EventProperties@Events@Applications@Microsoft@@QEAA_NPEAUevt_prop@@_K@Z

Ordinal	`262`
Address	`0x169730`

evt_api_call_default

Ordinal	`263`
Address	`0x15d340`

MICROSOFTEDPENLIGHTENEDAPPINFO

Type	`EDPENLIGHTENEDAPPINFOID`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

MICROSOFTEDPPERMISSIVEAPPINFO

Type	`EDPPERMISSIVEAPPINFOID`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x408`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49588`
MD5	`6e05529326838c88ae7eb3063a97b925`
SHA1	`1c9e9aec85beb9d9e888681c35a46421066cadb6`
SHA256	`2c0b845984240726510b747b9c0e656c284a6b44128da17b8339f7392ac60885`
SHA3	`f6b91e234f85cba79e95406777d33bfeb8064f9d72e5b2ac6a704f72816ab1e6`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x533`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23485`
MD5	`bec4ecc6ac24100ed7f5d5f36880bfec`
SHA1	`e3d80ad75c486acb36d1bd6aacf8f9a99d2d4a00`
SHA256	`1666cfa9882fcf182dfcf36b0267b9c85181fc5d2bf53a14fa10b8743b104c62`
SHA3	`12634204f0f94a8b1d4646b804209a3ab381f4565f547b757903a7cd2f2230a8`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	24.166.818.3
ProductVersion	24.166.818.3
FileFlags	`VS_FF_SPECIALBUILD`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Standalone Updater
InternalName	OneDriveStandaloneUpdater.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	OneDriveStandaloneUpdater.exe
ProductName	Microsoft OneDrive
FileVersion (#2)	24.166.0818.0003
ProductVersion (#2)	24.166.0818.0003
SpecialBuild	b/build/84e690d0-e12e-e41c-50fb-a841e09085a1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2037-Jun-18 20:15:49
Version	`0.0`
SizeofData	`139`
AddressOfRawData	`0x37b534`
PointerToRawData	`0x37a134`
Referenced File	D:\dbs\sh\odct\0905_112315_0\client\onedrive\Product\StandaloneUpdater\exe\obj\amd64\OneDriveStandaloneUpdater.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2037-Jun-18 20:15:49
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x37b5c0`
PointerToRawData	`0x37a1c0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2037-Jun-18 20:15:49
Version	`0.0`
SizeofData	`1372`
AddressOfRawData	`0x37b5d4`
PointerToRawData	`0x37a1d4`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2037-Jun-18 20:15:49
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x37bb30`
PointerToRawData	`0x37a730`

TLS Callbacks

StartAddressOfRawData	`0x14037bb80`
EndAddressOfRawData	`0x14037bcc0`
AddressOfIndex	`0x1403e0338`
AddressOfCallbacks	`0x1402e1ab8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x000000014015D100` `0x000000014015D180`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1403c3018`
GuardCFCheckFunctionPointer	`5371727848`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x6d926225`
Unmarked objects	`0`
C++ objects (29395)	`203`
C objects (27049)	`9`
C++ objects (27049)	`59`
C++ objects (LTCG) (VS2022 Update 3 (17.3.0-3) compiler 31629)	`11`
C objects (VS2022 Update 3 (17.3.0) compiler 31616)	`19`
ASM objects (VS2022 Update 3 (17.3.0) compiler 31616)	`8`
C++ objects (VS2022 Update 3 (17.3.0) compiler 31616)	`121`
ASM objects (29395)	`14`
C objects (29395)	`30`
C objects (CVTCIL) (29395)	`2`
Imports (29395)	`45`
Total imports	`538`
C++ objects (VS2022 Update 3 (17.3.0-3) compiler 31629)	`155`
Exports (VS2022 Update 3 (17.3.0-3) compiler 31629)	`1`
Resource objects (VS2022 Update 3 (17.3.0-3) compiler 31629)	`1`
Linker (VS2022 Update 3 (17.3.0-3) compiler 31629)	`1`

Errors

Leave a comment

No comments yet.