Edit tour
Windows
Analysis Report
OneDriveSetUp.exe
Overview
General Information
| Sample name: | OneDriveSetUp.exe |
| Analysis ID: | 1365145 |
| MD5: | b471e4c796f44facbb40eac898b67503 |
| SHA1: | 83bb0594f58ecca19b42a86f35d70774f390d823 |
| SHA256: | 3084f8d75b253fd978855959eeb38bbd68f39dad1012486c73d4a9a91dfe4ddd |
 | |
Detection
| Score: | 1 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 60% |
Signatures
Binary contains a suspicious time stamp
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Program does not show much activity (idle)
Tries to load missing DLLs
Classification
Analysis Advice
| Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
| Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
- System is w10x64
OneDriveSetUp.exe (PID: 8 cmdline: C:\Users\u ser\Deskto p\OneDrive SetUp.exe MD5: B471E4C796F44FACBB40EAC898B67503)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Malware Analysis System Evasion
- • Anti Debugging
- • Language, Device and Operating System Detection
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Static PE information: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_00007FF69FF79D64 | |
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact | Resource Development | Reconnaissance |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Timestomp | OS Credential Dumping | 1 System Time Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Abuse Accessibility Features | Acquire Infrastructure | Gather Victim Identity Information |
| Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | SIM Card Swap | Obtain Device Cloud Backups | Network Denial of Service | Domains | Credentials |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
⊘No contacted IP infos
| Joe Sandbox version: | 38.0.0 Ammolite |
| Analysis ID: | 1365145 |
| Start date and time: | 2023-12-20 16:56:04 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 17s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 5 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | OneDriveSetUp.exe |
| Detection: | CLEAN |
| Classification: | clean1.winEXE@1/0@0/0 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, W MIADAP.exe, SIHClient.exe, con host.exe - Excluded domains from analysis
(whitelisted): ocsp.digicert. com, slscr.update.microsoft.co m, ctldl.windowsupdate.com, fe 3cr.delivery.mp.microsoft.com - Execution Graph export aborted
for target OneDriveSetUp.exe, PID 8 because there are no ex ecuted function - Not all processes where analyz
ed, report is missing behavior information
⊘No simulations
⊘No context
⊘No context
⊘No context
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 7.955559956136643 |
| TrID: |
|
| File name: | OneDriveSetUp.exe |
| File size: | 65'185'712 bytes |
| MD5: | b471e4c796f44facbb40eac898b67503 |
| SHA1: | 83bb0594f58ecca19b42a86f35d70774f390d823 |
| SHA256: | 3084f8d75b253fd978855959eeb38bbd68f39dad1012486c73d4a9a91dfe4ddd |
| SHA512: | e27e6642b78ff5e86571fa5e9a7ce2eb34dcd3d59d81368c83620f78bd0e2ce1ba07a10a20226f0b892168eb99b5b9ac73d8e0b7212173d5ffb6f27f67645215 |
| SSDEEP: | 1572864:WByu0K/9W9rHXaRJ6UdTpyNTTtMSmnpAmdzPIx:WBMMeHkIiTpyNTFkp5VIx |
| TLSH: | 96E72306A7F901F5E0FAE2388AB36617FA727C655B31DB9F4251160A0F37BA09D39311 |
| File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......-...i|..i|..i|.......|......z|......a|.......|......`|......R|......g|......k|......H|......^|..i|...~.......|.......|......h|. |
 | |
| Icon Hash: | 8e172d4461e84521 |
| Entrypoint: | 0x1401e9210 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x140000000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0xAF3B1A71 [Wed Feb 28 11:03:13 2063 UTC] |
| TLS Callbacks: | 0x401e9300, 0x1, 0x401e9380, 0x1 |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 830d771eb3cf1fc69dcd5afd0a4a2d9a |
| Signature Valid: | true |
| Signature Issuer: | CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
| Signature Validation Error: | The operation completed successfully |
| Error Number: | 0 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 85BB306029288A5127B76A61414E46CF |
| Thumbprint SHA-1: | 3DA3E1A591E67BAA377A31CC88CA4B3C4815478F |
| Thumbprint SHA-256: | BA06A2B3BA853A2F04C7099FDC3A20B8D5C46B9B57559FE87AB076E139C0456A |
| Serial: | 330000054E12B90A007B12499900000000054E |
| Instruction |
|---|
| dec eax |
| sub esp, 28h |
| call 00007FB458D3D2E0h |
| dec eax |
| add esp, 28h |
| jmp 00007FB458D3C60Fh |
| int3 |
| int3 |
| jmp 00007FB458D3BDACh |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| nop word ptr [eax+eax+00000000h] |
| dec eax |
| sub esp, 10h |
| dec esp |
| mov dword ptr [esp], edx |
| dec esp |
| mov dword ptr [esp+08h], ebx |
| dec ebp |
| xor ebx, ebx |
| dec esp |
| lea edx, dword ptr [esp+18h] |
| dec esp |
| sub edx, eax |
| dec ebp |
| cmovb edx, ebx |
| dec esp |
| mov ebx, dword ptr [00000010h] |
| dec ebp |
| cmp edx, ebx |
| jnc 00007FB458D3C7A8h |
| inc cx |
| and edx, 8D4DF000h |
| wait |
| add al, dh |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x4439e0 | 0x76a4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x44b084 | 0x230 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x498000 | 0x3995c70 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x476000 | 0x1f6f8 | .pdata |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x3e28200 | 0x25b0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3e2e000 | 0x5908 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x3e7a90 | 0x70 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x3e7b80 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x3e53f0 | 0x140 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x33f000 | 0x1398 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x443850 | 0x60 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x33ddbc | 0x33de00 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x33f000 | 0x1103d6 | 0x110400 | False | 0.3043565986570248 | data | 4.885497142158017 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x450000 | 0x2538c | 0x1e800 | False | 0.18097624231557377 | data | 4.957836810712879 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .pdata | 0x476000 | 0x1f6f8 | 0x1f800 | False | 0.5073707217261905 | data | 6.1853284173794165 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .didat | 0x496000 | 0x48 | 0x200 | False | 0.076171875 | data | 0.5649677521832702 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| _RDATA | 0x497000 | 0x15c | 0x200 | False | 0.41015625 | data | 3.3465500236752033 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0x498000 | 0x3995c70 | 0x3995e00 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x3e2e000 | 0x5908 | 0x5a00 | False | 0.24596354166666667 | data | 5.4520261661251945 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| EDPENLIGHTENEDAPPINFOID | 0x49a174 | 0x2 | data | English | United States | 5.0 |
| EDPPERMISSIVEAPPINFOID | 0x49a178 | 0x2 | data | English | United States | 5.0 |
| PAYLOAD | 0x49a17c | 0x38d91c0 | Microsoft Cabinet archive data, many, 59599736 bytes, 950 files, at 0x44 +A "adal.dll" +A "alertIcon.png", flags 0x4, number 1, extra bytes 20 in head, 7587 datablocks, 0x1503 compression | English | United States | 0.9651641845703125 |
| PNG | 0x3d7333c | 0x2906 | PNG image data, 321 x 84, 8-bit/color RGBA, non-interlaced | English | United States | 0.9824795277090078 |
| WEVT_TEMPLATE | 0x3d75c44 | 0x21a | data | English | United States | 0.5464684014869888 |
| RT_ICON | 0x3d75e60 | 0x8c6 | PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced | English | United States | 0.9652715939447908 |
| RT_ICON | 0x3d76728 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 0 | English | United States | 0.03626235022072735 |
| RT_ICON | 0x3d7fbd0 | 0x67e8 | Device independent bitmap graphic, 80 x 160 x 32, image size 0 | English | United States | 0.045526315789473686 |
| RT_ICON | 0x3d863b8 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 0 | English | United States | 0.0543221539914974 |
| RT_ICON | 0x3d8a5e0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.07385892116182573 |
| RT_ICON | 0x3d8cb88 | 0x1a68 | Device independent bitmap graphic, 40 x 80 x 32, image size 0 | English | United States | 0.08979289940828403 |
| RT_ICON | 0x3d8e5f0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.11280487804878049 |
| RT_ICON | 0x3d8f698 | 0xcd8 | Device independent bitmap graphic, 28 x 56 x 32, image size 0 | English | United States | 0.13351581508515814 |
| RT_ICON | 0x3d90370 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | English | United States | 0.16967213114754098 |
| RT_ICON | 0x3d90cf8 | 0x6b8 | Device independent bitmap graphic, 20 x 40 x 32, image size 0 | English | United States | 0.20116279069767443 |
| RT_ICON | 0x3d913b0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.2624113475177305 |
| RT_ICON | 0x3d91818 | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 270336 | English | United States | 0.045273988815575344 |
| RT_ICON | 0x3dd3840 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.1358644307982995 |
| RT_ICON | 0x3dd7a68 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.17240663900414938 |
| RT_ICON | 0x3dda010 | 0x1a68 | Device independent bitmap graphic, 40 x 80 x 32, image size 6720 | English | United States | 0.20029585798816568 |
| RT_ICON | 0x3ddba78 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.24835834896810507 |
| RT_ICON | 0x3ddcb20 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.3163934426229508 |
| RT_ICON | 0x3ddd4a8 | 0x6b8 | Device independent bitmap graphic, 20 x 40 x 32, image size 1680 | English | United States | 0.18953488372093022 |
| RT_ICON | 0x3dddb60 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.23847517730496454 |
| RT_DIALOG | 0x3dddfc8 | 0xc8 | data | English | United States | 0.68 |
| RT_STRING | 0x3dde090 | 0x21c | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.43333333333333335 | ||
| RT_STRING | 0x3dde2ac | 0x266 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4185667752442997 | ||
| RT_STRING | 0x3dde514 | 0x248 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4212328767123288 | ||
| RT_STRING | 0x3dde75c | 0x254 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.40939597315436244 | ||
| RT_STRING | 0x3dde9b0 | 0x23e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.44947735191637633 | ||
| RT_STRING | 0x3ddebf0 | 0x24a | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4351535836177474 | ||
| RT_STRING | 0x3ddee3c | 0x256 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4197324414715719 | ||
| RT_STRING | 0x3ddf094 | 0x242 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4083044982698962 | ||
| RT_STRING | 0x3ddf2d8 | 0x26e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4533762057877814 | ||
| RT_STRING | 0x3ddf548 | 0x254 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.42953020134228187 | ||
| RT_STRING | 0x3ddf79c | 0x284 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4363354037267081 | ||
| RT_STRING | 0x3ddfa20 | 0x242 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4463667820069204 | ||
| RT_STRING | 0x3ddfc64 | 0x24a | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.42662116040955633 | ||
| RT_STRING | 0x3ddfeb0 | 0x27e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4106583072100313 | ||
| RT_STRING | 0x3de0130 | 0x268 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4318181818181818 | ||
| RT_STRING | 0x3de0398 | 0x268 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.40584415584415584 | ||
| RT_STRING | 0x3de0600 | 0x218 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.47761194029850745 | ||
| RT_STRING | 0x3de0818 | 0x29a | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4084084084084084 | ||
| RT_STRING | 0x3de0ab4 | 0x260 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4144736842105263 | ||
| RT_STRING | 0x3de0d14 | 0x24a | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.41467576791808874 | ||
| RT_STRING | 0x3de0f60 | 0x250 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Catalan | Spain | 0.42567567567567566 |
| RT_STRING | 0x3de11b0 | 0x1dc | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Chinese | Taiwan | 0.4810924369747899 |
| RT_STRING | 0x3de138c | 0x23e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Czech | Czech Republic | 0.43902439024390244 |
| RT_STRING | 0x3de15cc | 0x232 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Danish | Denmark | 0.39679715302491103 |
| RT_STRING | 0x3de1800 | 0x248 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | German | Germany | 0.4178082191780822 |
| RT_STRING | 0x3de1a48 | 0x27c | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Greek | Greece | 0.45754716981132076 |
| RT_STRING | 0x3de1cc4 | 0x238 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | English | United States | 0.40669014084507044 |
| RT_STRING | 0x3de1efc | 0x254 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Finnish | Finland | 0.41442953020134227 |
| RT_STRING | 0x3de2150 | 0x274 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | French | France | 0.41878980891719747 |
| RT_STRING | 0x3de23c4 | 0x212 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Hebrew | Israel | 0.44150943396226416 |
| RT_STRING | 0x3de25d8 | 0x22c | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Hungarian | Hungary | 0.4172661870503597 |
| RT_STRING | 0x3de2804 | 0x288 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Italian | Italy | 0.4058641975308642 |
| RT_STRING | 0x3de2a8c | 0x1fc | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Japanese | Japan | 0.484251968503937 |
| RT_STRING | 0x3de2c88 | 0x1f8 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Korean | North Korea | 0.503968253968254 |
| RT_STRING | 0x3de2c88 | 0x1f8 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Korean | South Korea | 0.503968253968254 |
| RT_STRING | 0x3de2e80 | 0x24e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Dutch | Netherlands | 0.40508474576271186 |
| RT_STRING | 0x3de30d0 | 0x250 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Norwegian | Norway | 0.41047297297297297 |
| RT_STRING | 0x3de3320 | 0x272 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Polish | Poland | 0.4217252396166134 |
| RT_STRING | 0x3de3594 | 0x24e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Portuguese | Brazil | 0.4067796610169492 |
| RT_STRING | 0x3de37e4 | 0x252 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Romanian | Romania | 0.41414141414141414 |
| RT_STRING | 0x3de3a38 | 0x270 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Russian | Russia | 0.42788461538461536 |
| RT_STRING | 0x3de3ca8 | 0x288 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Croatian | Croatia | 0.41975308641975306 |
| RT_STRING | 0x3de3f30 | 0x23a | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Slovak | Slovakia | 0.43157894736842106 |
| RT_STRING | 0x3de416c | 0x24c | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Swedish | Sweden | 0.4064625850340136 |
| RT_STRING | 0x3de43b8 | 0x23e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Thai | Thailand | 0.4425087108013937 |
| RT_STRING | 0x3de45f8 | 0x224 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Turkish | Turkey | 0.4124087591240876 |
| RT_STRING | 0x3de481c | 0x23e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Indonesian | Indonesia | 0.40069686411149824 |
| RT_STRING | 0x3de4a5c | 0x272 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Ukrainian | Ukrain | 0.43450479233226835 |
| RT_STRING | 0x3de4cd0 | 0x264 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Slovenian | Slovenia | 0.4035947712418301 |
| RT_STRING | 0x3de4f34 | 0x284 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Estonian | Estonia | 0.40993788819875776 |
| RT_STRING | 0x3de51b8 | 0x248 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Latvian | Lativa | 0.4263698630136986 |
| RT_STRING | 0x3de5400 | 0x278 | Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0 | Lithuanian | Lithuania | 0.4161392405063291 |
| RT_STRING | 0x3de5678 | 0x27c | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Vietnamese | Vietnam | 0.42452830188679247 |
| RT_STRING | 0x3de58f4 | 0x248 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Azeri | Italy | 0.4332191780821918 |
| RT_STRING | 0x3de5b3c | 0x248 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Basque | France | 0.4092465753424658 |
| RT_STRING | 0x3de5b3c | 0x248 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Basque | Spain | 0.4092465753424658 |
| RT_STRING | 0x3de5d84 | 0x29e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Setsuana | South Africa | 0.3940298507462687 |
| RT_STRING | 0x3de6024 | 0x266 | Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0 | Xhosa | South Africa | 0.41205211726384366 |
| RT_STRING | 0x3de628c | 0x246 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Hindi | India | 0.4415807560137457 |
| RT_STRING | 0x3de64d4 | 0x274 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Maltese | Malta | 0.4124203821656051 |
| RT_STRING | 0x3de6748 | 0x28a | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Malay | Malaysia | 0.38769230769230767 |
| RT_STRING | 0x3de69d4 | 0x256 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Bengali | India | 0.46321070234113715 |
| RT_STRING | 0x3de6c2c | 0x254 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Gujarati | India | 0.46476510067114096 |
| RT_STRING | 0x3de6e80 | 0x284 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Oriya | India | 0.4394409937888199 |
| RT_STRING | 0x3de7104 | 0x274 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Tamil | India | 0.445859872611465 |
| RT_STRING | 0x3de7104 | 0x274 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Tamil | Sri Lanka | 0.445859872611465 |
| RT_STRING | 0x3de7378 | 0x240 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Telugu | India | 0.4375 |
| RT_STRING | 0x3de75b8 | 0x258 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Kannada | Kanada | 0.47 |
| RT_STRING | 0x3de7810 | 0x286 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Malayalam | India | 0.42260061919504643 |
| RT_STRING | 0x3de7a98 | 0x262 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Assamese | India | 0.47704918032786886 |
| RT_STRING | 0x3de7cfc | 0x24e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Marathi | India | 0.4288135593220339 |
| RT_STRING | 0x3de7f4c | 0x25e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Welsh | England | 0.41254125412541254 |
| RT_STRING | 0x3de81ac | 0x25a | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Khmer | Vietnam | 0.48172757475083056 |
| RT_STRING | 0x3de81ac | 0x25a | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Khmer | Thailand | 0.48172757475083056 |
| RT_STRING | 0x3de8408 | 0x230 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Amharic | Ethiopia | 0.46785714285714286 |
| RT_STRING | 0x3de8638 | 0x252 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Nepali | Nepal | 0.4377104377104377 |
| RT_STRING | 0x3de888c | 0x24e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Filipino | Philippines | 0.4016949152542373 |
| RT_STRING | 0x3de8adc | 0x250 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.44256756756756754 | ||
| RT_STRING | 0x3de8d2c | 0x250 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4172297297297297 | ||
| RT_STRING | 0x3de8f7c | 0x236 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Igbo | Nigeria | 0.4293286219081272 |
| RT_STRING | 0x3de91b4 | 0x240 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Maori | New Zealand | 0.3993055555555556 |
| RT_STRING | 0x3de93f4 | 0x258 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.42333333333333334 | ||
| RT_STRING | 0x3de964c | 0x1d8 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Chinese | China | 0.4788135593220339 |
| RT_STRING | 0x3de9824 | 0x238 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | English | Great Britain | 0.40669014084507044 |
| RT_STRING | 0x3de9a5c | 0x24e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Norwegian | Norway | 0.411864406779661 |
| RT_STRING | 0x3de9cac | 0x282 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Portuguese | Portugal | 0.40965732087227413 |
| RT_STRING | 0x3de9f30 | 0x26e | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Gaelic | Ireland | 0.41639871382636656 |
| RT_STRING | 0x3dea1a0 | 0x284 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.40993788819875776 | ||
| RT_STRING | 0x3dea424 | 0x244 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.40344827586206894 | ||
| RT_STRING | 0x3dea668 | 0x266 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | Bosnian | Bosnian | 0.41368078175895767 |
| RT_STRING | 0x3dea8d0 | 0x268 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.42857142857142855 | ||
| RT_STRING | 0x3deab38 | 0x25a | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4152823920265781 | ||
| RT_STRING | 0x3dead94 | 0x258 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.4266666666666667 | ||
| RT_STRING | 0x3deafec | 0x238 | Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0 | 0.45422535211267606 | ||
| RT_STRING | 0x3deb224 | 0x6f0 | data | 0.30743243243243246 | ||
| RT_STRING | 0x3deb914 | 0x842 | data | 0.2861873226111637 | ||
| RT_STRING | 0x3dec158 | 0x78e | data | 0.297311271975181 | ||
| RT_STRING | 0x3dec8e8 | 0x7de | data | 0.27805362462760674 | ||
| RT_STRING | 0x3ded0c8 | 0x870 | data | 0.3013888888888889 | ||
| RT_STRING | 0x3ded938 | 0x82a | data | 0.3004784688995215 | ||
| RT_STRING | 0x3dee164 | 0x8c8 | data | 0.26201067615658363 | ||
| RT_STRING | 0x3deea2c | 0x8a2 | data | 0.25927601809954753 | ||
| RT_STRING | 0x3def2d0 | 0x8ec | data | 0.28984238178633975 | ||
| RT_STRING | 0x3defbbc | 0x896 | data | 0.2857142857142857 | ||
| RT_STRING | 0x3df0454 | 0x7c2 | data | 0.30614300100704933 | ||
| RT_STRING | 0x3df0c18 | 0x784 | data | 0.3264033264033264 | ||
| RT_STRING | 0x3df139c | 0x818 | data | 0.2905405405405405 | ||
| RT_STRING | 0x3df1bb4 | 0x7b8 | data | 0.2768218623481781 | ||
| RT_STRING | 0x3df236c | 0x842 | data | 0.2899716177861873 | ||
| RT_STRING | 0x3df2bb0 | 0x8c4 | data | 0.24866310160427807 | ||
| RT_STRING | 0x3df3474 | 0x608 | data | 0.37823834196891193 | ||
| RT_STRING | 0x3df3a7c | 0x970 | data | 0.2582781456953642 | ||
| RT_STRING | 0x3df43ec | 0x81a | data | 0.2772420443587271 | ||
| RT_STRING | 0x3df4c08 | 0x6ba | AmigaOS bitmap font "a", fc_YSize 25856, 21248 elements, 2nd "b", 3rd "g" | 0.3118466898954704 | ||
| RT_STRING | 0x3df52c4 | 0x84a | data | Catalan | Spain | 0.28039585296889724 |
| RT_STRING | 0x3df5b10 | 0x380 | data | Chinese | Taiwan | 0.48214285714285715 |
| RT_STRING | 0x3df5e90 | 0x7d8 | data | Czech | Czech Republic | 0.3057768924302789 |
| RT_STRING | 0x3df6668 | 0x796 | data | Danish | Denmark | 0.27909371781668385 |
| RT_STRING | 0x3df6e00 | 0x992 | data | German | Germany | 0.2624489795918367 |
| RT_STRING | 0x3df7794 | 0xa1a | data | Greek | Greece | 0.2819025522041763 |
| RT_STRING | 0x3df81b0 | 0x7e2 | data | English | United States | 0.26858275520317143 |
| RT_STRING | 0x3df8994 | 0x81c | data | Finnish | Finland | 0.2866088631984586 |
| RT_STRING | 0x3df91b0 | 0x87e | data | French | France | 0.265869365225391 |
| RT_STRING | 0x3df9a30 | 0x656 | data | Hebrew | Israel | 0.31442663378545005 |
| RT_STRING | 0x3dfa088 | 0x834 | data | Hungarian | Hungary | 0.29619047619047617 |
| RT_STRING | 0x3dfa8bc | 0x81c | data | Italian | Italy | 0.26734104046242774 |
| RT_STRING | 0x3dfb0d8 | 0x570 | data | Japanese | Japan | 0.39080459770114945 |
| RT_STRING | 0x3dfb648 | 0x4b6 | data | Korean | North Korea | 0.4129353233830846 |
| RT_STRING | 0x3dfb648 | 0x4b6 | data | Korean | South Korea | 0.4129353233830846 |
| RT_STRING | 0x3dfbb00 | 0x84e | data | Dutch | Netherlands | 0.2704609595484478 |
| RT_STRING | 0x3dfc350 | 0x7b8 | data | Norwegian | Norway | 0.27479757085020245 |
| RT_STRING | 0x3dfcb08 | 0x89a | data | Polish | Poland | 0.2811080835603996 |
| RT_STRING | 0x3dfd3a4 | 0x862 | data | Portuguese | Brazil | 0.26887232059645855 |
| RT_STRING | 0x3dfdc08 | 0x848 | data | Romanian | Romania | 0.2759433962264151 |
| RT_STRING | 0x3dfe450 | 0x7ba | data | Russian | Russia | 0.3068756319514661 |
| RT_STRING | 0x3dfec0c | 0x810 | data | Croatian | Croatia | 0.2771317829457364 |
| RT_STRING | 0x3dff41c | 0x7f0 | data | Slovak | Slovakia | 0.30118110236220474 |
| RT_STRING | 0x3dffc0c | 0x78c | data | Swedish | Sweden | 0.2727743271221532 |
| RT_STRING | 0x3e00398 | 0x712 | data | Thai | Thailand | 0.30994475138121547 |
| RT_STRING | 0x3e00aac | 0x77c | data | Turkish | Turkey | 0.2954070981210856 |
| RT_STRING | 0x3e01228 | 0x73c | data | Indonesian | Indonesia | 0.2737580993520518 |
| RT_STRING | 0x3e01964 | 0x842 | data | Ukrainian | Ukrain | 0.30416272469252603 |
| RT_STRING | 0x3e021a8 | 0x8dc | data | Slovenian | Slovenia | 0.2724867724867725 |
| RT_STRING | 0x3e02a84 | 0x7ce | data | Estonian | Estonia | 0.2877877877877878 |
| RT_STRING | 0x3e03254 | 0x7d8 | data | Latvian | Lativa | 0.28336653386454186 |
| RT_STRING | 0x3e03a2c | 0x786 | data | Lithuanian | Lithuania | 0.3011422637590862 |
| RT_STRING | 0x3e041b4 | 0x7c6 | data | Vietnamese | Vietnam | 0.30954773869346736 |
| RT_STRING | 0x3e0497c | 0x8a0 | data | Azeri | Italy | 0.28125 |
| RT_STRING | 0x3e0521c | 0x768 | data | Basque | France | 0.2732067510548523 |
| RT_STRING | 0x3e0521c | 0x768 | data | Basque | Spain | 0.2732067510548523 |
| RT_STRING | 0x3e05984 | 0x8a8 | data | Setsuana | South Africa | 0.25406137184115524 |
| RT_STRING | 0x3e0622c | 0x870 | data | Xhosa | South Africa | 0.2740740740740741 |
| RT_STRING | 0x3e06a9c | 0x864 | data | Hindi | India | 0.29702048417132215 |
| RT_STRING | 0x3e07300 | 0x830 | data | Maltese | Malta | 0.27719465648854963 |
| RT_STRING | 0x3e07b30 | 0x902 | data | Malay | Malaysia | 0.2588898525585429 |
| RT_STRING | 0x3e08434 | 0x836 | data | Bengali | India | 0.31303520456707895 |
| RT_STRING | 0x3e08c6c | 0x84e | data | Gujarati | India | 0.3019755409219191 |
| RT_STRING | 0x3e094bc | 0x882 | data | Oriya | India | 0.29292929292929293 |
| RT_STRING | 0x3e09d40 | 0x962 | data | Tamil | India | 0.2656119900083264 |
| RT_STRING | 0x3e09d40 | 0x962 | data | Tamil | Sri Lanka | 0.2656119900083264 |
| RT_STRING | 0x3e0a6a4 | 0x86c | data | Telugu | India | 0.29916512059369205 |
| RT_STRING | 0x3e0af10 | 0x87a | data | Kannada | Kanada | 0.2894009216589862 |
| RT_STRING | 0x3e0b78c | 0x94a | data | Malayalam | India | 0.2767031118587048 |
| RT_STRING | 0x3e0c0d8 | 0x8ac | data | Assamese | India | 0.29954954954954954 |
| RT_STRING | 0x3e0c984 | 0x85a | data | Marathi | India | 0.2970065481758653 |
| RT_STRING | 0x3e0d1e0 | 0x87c | data | Welsh | England | 0.27992633517495397 |
| RT_STRING | 0x3e0da5c | 0x7a4 | data | Khmer | Vietnam | 0.3338445807770961 |
| RT_STRING | 0x3e0da5c | 0x7a4 | data | Khmer | Thailand | 0.3338445807770961 |
| RT_STRING | 0x3e0e200 | 0x5ba | data | Amharic | Ethiopia | 0.3813096862210095 |
| RT_STRING | 0x3e0e7bc | 0x852 | data | Nepali | Nepal | 0.28826291079812205 |
| RT_STRING | 0x3e0f010 | 0x8a4 | data | Filipino | Philippines | 0.26582278481012656 |
| RT_STRING | 0x3e0f8b4 | 0x7c6 | data | 0.31256281407035175 | ||
| RT_STRING | 0x3e1007c | 0x8ea | data | 0.27256792287467135 | ||
| RT_STRING | 0x3e10968 | 0x732 | data | Igbo | Nigeria | 0.2969598262757872 |
| RT_STRING | 0x3e1109c | 0x774 | data | Maori | New Zealand | 0.259958071278826 |
| RT_STRING | 0x3e11810 | 0x854 | data | 0.28095684803001875 | ||
| RT_STRING | 0x3e12064 | 0x376 | data | Chinese | China | 0.48419864559819414 |
| RT_STRING | 0x3e123dc | 0x7e2 | data | English | Great Britain | 0.26858275520317143 |
| RT_STRING | 0x3e12bc0 | 0x804 | data | Norwegian | Norway | 0.2699805068226121 |
| RT_STRING | 0x3e133c4 | 0x82a | data | Portuguese | Portugal | 0.26220095693779905 |
| RT_STRING | 0x3e13bf0 | 0x936 | data | Gaelic | Ireland | 0.2553011026293469 |
| RT_STRING | 0x3e14528 | 0x85c | data | 0.2672897196261682 | ||
| RT_STRING | 0x3e14d84 | 0x774 | data | 0.269916142557652 | ||
| RT_STRING | 0x3e154f8 | 0x896 | data | Bosnian | Bosnian | 0.27388535031847133 |
| RT_STRING | 0x3e15d90 | 0x8a2 | data | 0.2828054298642534 | ||
| RT_STRING | 0x3e16634 | 0x7ee | data | 0.2738916256157635 | ||
| RT_STRING | 0x3e16e24 | 0x7ec | data | 0.2859960552268245 | ||
| RT_STRING | 0x3e17610 | 0x7ba | data | 0.31648129423660265 | ||
| RT_STRING | 0x3e17dcc | 0x372 | data | 0.4308390022675737 | ||
| RT_STRING | 0x3e18140 | 0x442 | data | 0.39541284403669724 | ||
| RT_STRING | 0x3e18584 | 0x3fc | data | 0.3931372549019608 | ||
| RT_STRING | 0x3e18980 | 0x43e | data | 0.3720073664825046 | ||
| RT_STRING | 0x3e18dc0 | 0x41c | data | 0.4268060836501901 | ||
| RT_STRING | 0x3e191dc | 0x40e | data | 0.4046242774566474 | ||
| RT_STRING | 0x3e195ec | 0x426 | data | 0.3860640301318267 | ||
| RT_STRING | 0x3e19a14 | 0x434 | data | 0.36059479553903345 | ||
| RT_STRING | 0x3e19e48 | 0x44c | data | 0.4072727272727273 | ||
| RT_STRING | 0x3e1a294 | 0x49e | data | 0.4120135363790186 | ||
| RT_STRING | 0x3e1a734 | 0x3d4 | data | 0.41836734693877553 | ||
| RT_STRING | 0x3e1ab08 | 0x472 | data | 0.4112478031634446 | ||
| RT_STRING | 0x3e1af7c | 0x360 | data | 0.44560185185185186 | ||
| RT_STRING | 0x3e1b2dc | 0x406 | data | 0.3699029126213592 | ||
| RT_STRING | 0x3e1b6e4 | 0x49a | data | 0.3938879456706282 | ||
| RT_STRING | 0x3e1bb80 | 0xf2 | data | 0.5247933884297521 | ||
| RT_STRING | 0x3e1bc74 | 0xe2 | data | 0.5707964601769911 | ||
| RT_STRING | 0x3e1bd58 | 0xf2 | data | 0.5289256198347108 | ||
| RT_STRING | 0x3e1be4c | 0x106 | data | 0.5229007633587787 | ||
| RT_STRING | 0x3e1bf54 | 0xec | data | 0.5296610169491526 | ||
| RT_STRING | 0x3e1c040 | 0x3fc | data | Catalan | Spain | 0.35784313725490197 |
| RT_STRING | 0x3e1c43c | 0x234 | data | Chinese | Taiwan | 0.5939716312056738 |
| RT_STRING | 0x3e1c670 | 0x420 | data | Czech | Czech Republic | 0.4053030303030303 |
| RT_STRING | 0x3e1ca90 | 0x444 | data | Danish | Denmark | 0.36355311355311354 |
| RT_STRING | 0x3e1ced4 | 0x494 | data | German | Germany | 0.34897610921501704 |
| RT_STRING | 0x3e1d368 | 0x49a | data | Greek | Greece | 0.39813242784380304 |
| RT_STRING | 0x3e1d804 | 0x402 | data | English | United States | 0.37816764132553604 |
| RT_STRING | 0x3e1dc08 | 0x3c0 | data | Finnish | Finland | 0.38645833333333335 |
| RT_STRING | 0x3e1dfc8 | 0x488 | data | French | France | 0.38448275862068965 |
| RT_STRING | 0x3e1e450 | 0x38e | data | Hebrew | Israel | 0.43626373626373627 |
| RT_STRING | 0x3e1e7e0 | 0x3f0 | data | Hungarian | Hungary | 0.4117063492063492 |
| RT_STRING | 0x3e1ebd0 | 0x40c | data | Italian | Italy | 0.3590733590733591 |
| RT_STRING | 0x3e1efdc | 0x2f8 | data | Japanese | Japan | 0.48026315789473684 |
| RT_STRING | 0x3e1f2d4 | 0x2b6 | PCX ver. 2.5 image data bounding box [48708, 32] - [51473, 51077], 201-bit uncompressed | Korean | North Korea | 0.5446685878962536 |
| RT_STRING | 0x3e1f2d4 | 0x2b6 | PCX ver. 2.5 image data bounding box [48708, 32] - [51473, 51077], 201-bit uncompressed | Korean | South Korea | 0.5446685878962536 |
| RT_STRING | 0x3e1f58c | 0x3ec | data | Dutch | Netherlands | 0.37350597609561753 |
| RT_STRING | 0x3e1f978 | 0x414 | data | Norwegian | Norway | 0.3544061302681992 |
| RT_STRING | 0x3e1fd8c | 0x472 | data | Polish | Poland | 0.36994727592267135 |
| RT_STRING | 0x3e20200 | 0x44a | data | Portuguese | Brazil | 0.36885245901639346 |
| RT_STRING | 0x3e2064c | 0x422 | data | Romanian | Romania | 0.3629489603024575 |
| RT_STRING | 0x3e20a70 | 0x424 | data | Russian | Russia | 0.4028301886792453 |
| RT_STRING | 0x3e20e94 | 0x41e | data | Croatian | Croatia | 0.3766603415559772 |
| RT_STRING | 0x3e212b4 | 0x45c | data | Slovak | Slovakia | 0.3835125448028674 |
| RT_STRING | 0x3e21710 | 0x42a | data | Swedish | Sweden | 0.3630393996247655 |
| RT_STRING | 0x3e21b3c | 0x41a | data | Thai | Thailand | 0.42952380952380953 |
| RT_STRING | 0x3e21f58 | 0x3de | data | Turkish | Turkey | 0.4161616161616162 |
| RT_STRING | 0x3e22338 | 0x416 | data | Indonesian | Indonesia | 0.3632887189292543 |
| RT_STRING | 0x3e22750 | 0x430 | data | Ukrainian | Ukrain | 0.39738805970149255 |
| RT_STRING | 0x3e22b80 | 0x45e | data | Slovenian | Slovenia | 0.37209302325581395 |
| RT_STRING | 0x3e22fe0 | 0x424 | data | Estonian | Estonia | 0.36981132075471695 |
| RT_STRING | 0x3e23404 | 0x3da | data | Latvian | Lativa | 0.3995943204868154 |
| RT_STRING | 0x3e237e0 | 0x3fe | data | Lithuanian | Lithuania | 0.4021526418786693 |
| RT_STRING | 0x3e23be0 | 0x450 | data | Vietnamese | Vietnam | 0.42028985507246375 |
| RT_STRING | 0x3e24030 | 0x45c | data | Azeri | Italy | 0.3906810035842294 |
| RT_STRING | 0x3e2448c | 0x424 | data | Basque | France | 0.3745283018867924 |
| RT_STRING | 0x3e2448c | 0x424 | data | Basque | Spain | 0.3745283018867924 |
| RT_STRING | 0x3e248b0 | 0xfe | data | Setsuana | South Africa | 0.5 |
| RT_STRING | 0x3e249b0 | 0x110 | data | Xhosa | South Africa | 0.5147058823529411 |
| RT_STRING | 0x3e24ac0 | 0x468 | data | Hindi | India | 0.4033687943262411 |
| RT_STRING | 0x3e24f28 | 0x44c | data | Maltese | Malta | 0.3936363636363636 |
| RT_STRING | 0x3e25374 | 0x420 | data | Malay | Malaysia | 0.3740530303030303 |
| RT_STRING | 0x3e25794 | 0x45e | data | Bengali | India | 0.43112701252236135 |
| RT_STRING | 0x3e25bf4 | 0x470 | data | Gujarati | India | 0.4128521126760563 |
| RT_STRING | 0x3e26064 | 0x492 | data | Oriya | India | 0.3769230769230769 |
| RT_STRING | 0x3e264f8 | 0x446 | data | Tamil | India | 0.4113345521023766 |
| RT_STRING | 0x3e264f8 | 0x446 | data | Tamil | Sri Lanka | 0.4113345521023766 |
| RT_STRING | 0x3e26940 | 0x500 | data | Telugu | India | 0.39375 |
| RT_STRING | 0x3e26e40 | 0x4ae | data | Kannada | Kanada | 0.3964941569282137 |
| RT_STRING | 0x3e272f0 | 0x540 | data | Malayalam | India | 0.3757440476190476 |
| RT_STRING | 0x3e27830 | 0x43a | data | Assamese | India | 0.4565619223659889 |
| RT_STRING | 0x3e27c6c | 0x46a | data | Marathi | India | 0.3920353982300885 |
| RT_STRING | 0x3e280d8 | 0x42e | data | Welsh | England | 0.3897196261682243 |
| RT_STRING | 0x3e28508 | 0x406 | data | Khmer | Vietnam | 0.458252427184466 |
| RT_STRING | 0x3e28508 | 0x406 | data | Khmer | Thailand | 0.458252427184466 |
| RT_STRING | 0x3e28910 | 0x30c | data | Amharic | Ethiopia | 0.5153846153846153 |
| RT_STRING | 0x3e28c1c | 0x462 | data | Nepali | Nepal | 0.39572192513368987 |
| RT_STRING | 0x3e29080 | 0x464 | data | Filipino | Philippines | 0.3487544483985765 |
| RT_STRING | 0x3e294e4 | 0xe8 | data | 0.5431034482758621 | ||
| RT_STRING | 0x3e295cc | 0x4b4 | data | 0.36710963455149503 | ||
| RT_STRING | 0x3e29a80 | 0xec | data | Igbo | Nigeria | 0.5084745762711864 |
| RT_STRING | 0x3e29b6c | 0x426 | data | Maori | New Zealand | 0.3578154425612053 |
| RT_STRING | 0x3e29f94 | 0x430 | data | 0.3591417910447761 | ||
| RT_STRING | 0x3e2a3c4 | 0x21c | data | Chinese | China | 0.587037037037037 |
| RT_STRING | 0x3e2a5e0 | 0x402 | data | English | Great Britain | 0.37816764132553604 |
| RT_STRING | 0x3e2a9e4 | 0x436 | data | Norwegian | Norway | 0.349721706864564 |
| RT_STRING | 0x3e2ae1c | 0x444 | data | Portuguese | Portugal | 0.3782051282051282 |
| RT_STRING | 0x3e2b260 | 0x49a | data | Gaelic | Ireland | 0.3548387096774194 |
| RT_STRING | 0x3e2b6fc | 0x414 | data | 0.36302681992337166 | ||
| RT_STRING | 0x3e2bb10 | 0x3d4 | data | 0.38571428571428573 | ||
| RT_STRING | 0x3e2bee4 | 0x440 | data | Bosnian | Bosnian | 0.3795955882352941 |
| RT_STRING | 0x3e2c324 | 0x4a2 | data | 0.3802698145025295 | ||
| RT_STRING | 0x3e2c7c8 | 0x45a | data | 0.3734290843806104 | ||
| RT_STRING | 0x3e2cc24 | 0x454 | data | 0.4007220216606498 | ||
| RT_STRING | 0x3e2d078 | 0x102 | data | 0.5348837209302325 | ||
| RT_MESSAGETABLE | 0x3e2d17c | 0x64 | data | English | United States | 0.75 |
| RT_GROUP_ICON | 0x3e2d1e0 | 0xa0 | data | English | United States | 0.725 |
| RT_GROUP_ICON | 0x3e2d280 | 0x76 | data | English | United States | 0.7288135593220338 |
| RT_VERSION | 0x3e2d2f8 | 0x3f4 | data | English | United States | 0.43379446640316205 |
| RT_MANIFEST | 0x3e2d6ec | 0x584 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4468838526912181 |
| DLL | Import |
|---|---|
| bcrypt.dll | BCryptEncrypt, BCryptGenerateSymmetricKey, BCryptCloseAlgorithmProvider, BCryptSetProperty, BCryptGenRandom, BCryptDestroyKey, BCryptOpenAlgorithmProvider |
| ntdll.dll | RtlLookupFunctionEntry, RtlUnwind, RtlVirtualUnwind, RtlPcToFileHeader, RtlUnwindEx, VerSetConditionMask, RtlCaptureContext |
| wer.dll | WerReportCreate, WerReportCloseHandle, WerReportSubmit, WerReportSetParameter |
| KERNEL32.dll | WritePrivateProfileStringW, SetDllDirectoryW, MoveFileExW, ReplaceFileW, GetComputerNameW, RegisterApplicationRestart, GetFileInformationByHandleEx, OpenFileById, GetDllDirectoryW, GetTempFileNameW, CreateToolhelp32Snapshot, WriteConsoleW, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, ReadConsoleW, SetStdHandle, GetConsoleMode, GetConsoleOutputCP, GetFileSize, GetFileInformationByHandle, GetFileAttributesExW, GetFileAttributesW, GetDiskFreeSpaceExW, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, SetThreadInformation, GetSystemTimes, SetProcessShutdownParameters, CreateProcessW, GetExitCodeProcess, GetProcessTimes, WaitForMultipleObjects, Sleep, CreateEventW, ReleaseMutex, GetLongPathNameW, SetLastError, VerifyVersionInfoW, GetProductInfo, CopyFileW, ExpandEnvironmentStringsW, LCMapStringW, WideCharToMultiByte, MultiByteToWideChar, K32GetModuleFileNameExW, GetUserDefaultLocaleName, GetUserDefaultLCID, LCIDToLocaleName, MoveFileW, GetVersionExW, GetSystemTimeAsFileTime, OpenProcess, TerminateProcess, GetPrivateProfileStringW, CreateMutexW, WaitForSingleObject, GetModuleFileNameW, GetTempPathW, GetCommandLineW, CreateDirectoryW, WerUnregisterFile, WerRegisterFile, SystemTimeToFileTime, SetFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, DeviceIoControl, FindNextFileW, FindFirstFileW, FindClose, GetSystemTime, GetCurrentThreadId, GetCurrentProcessId, CloseHandle, WriteFile, DeleteFileW, CreateFileW, CompareFileTime, DeleteCriticalSection, InitializeCriticalSectionEx, GetProcessHeap, GetUserGeoID, HeapFree, EnumSystemLocalesW, IsValidLocale, GetLocaleInfoW, CompareStringW, GetTimeFormatW, GetDateFormatW, GetCurrentThread, GetStdHandle, ExitProcess, VirtualProtect, VirtualAlloc, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, PeekNamedPipe, GetDriveTypeW, CompareStringOrdinal, CreateSymbolicLinkW, ReadDirectoryChangesW, LoadLibraryExW, IsWow64Process, PostQueuedCompletionStatus, FreeLibraryAndExitThread, ResumeThread, ExitThread, CreateThread, HeapReAlloc, HeapAlloc, HeapDestroy, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, GetUserDefaultUILanguage, Process32NextW, GetCurrentProcess, InterlockedPushEntrySList, GetCPInfo, CompareStringEx, LCMapStringEx, GetQueuedCompletionStatus, CreateIoCompletionPort, CreatePipe, SetHandleInformation, IsDebuggerPresent, FindFirstFileNameW, GetCompressedFileSizeW, SetFilePointer, EncodePointer, GetTickCount64, GetLastError, DecodePointer, CreateEventExW, FlsFree, FlsSetValue, FlsGetValue, FlsAlloc, CreateHardLinkW, SetFilePointerEx, FindFirstFileExW, GetCurrentDirectoryW, GetLocaleInfoEx, AcquireSRWLockShared, ReleaseSRWLockShared, QueryPerformanceFrequency, SleepConditionVariableSRW, SleepConditionVariableCS, WakeAllConditionVariable, WakeConditionVariable, InitializeConditionVariable, GetExitCodeThread, SwitchToThread, GetStringTypeW, LocalFree, LocalAlloc, LeaveCriticalSection, EnterCriticalSection, GetEnvironmentVariableW, SetFileInformationByHandle, SetFileAttributesW, CreateDirectoryA, GetShortPathNameW, RemoveDirectoryA, GetTempFileNameA, CompareStringA, FileTimeToLocalFileTime, FileTimeToDosDateTime, FindResourceExW, LoadResource, LockResource, SizeofResource, FindResourceW, Process32FirstW, RemoveDirectoryW, ReadFile, GetVolumePathNameW, GetFinalPathNameByHandleW, GetFileType, HeapSize, GetFileSizeEx, WaitForMultipleObjectsEx, GlobalLock, GetPriorityClass, SetPriorityClass, GetThreadPriority, SetThreadPriority, LoadLibraryExA, VirtualFree, GlobalAlloc, GetSystemDefaultLCID, GetSystemDefaultUILanguage, GetComputerNameExW, FlushInstructionCache, InterlockedPopEntrySList, GetLocalTime, GlobalMemoryStatusEx, QueueUserWorkItem, OutputDebugStringA, GetModuleFileNameA, GetModuleHandleW, GetModuleHandleExW, GetTimeZoneInformation, RaiseException, GetNativeSystemInfo, GetSystemPowerStatus, FlushFileBuffers, GetTickCount, QueryPerformanceCounter, MapViewOfFile, CreateFileMappingW, FormatMessageA, LockFileEx, UnlockFile, HeapCompact, GetSystemInfo, DeleteFileA, WaitForSingleObjectEx, LoadLibraryA, CreateFileA, FlushViewOfFile, OutputDebugStringW, GetFileAttributesA, GetDiskFreeSpaceA, FormatMessageW, GetTempPathA, HeapValidate, UnmapViewOfFile, UnlockFileEx, SetEndOfFile, GetFullPathNameA, LockFile, GetDiskFreeSpaceW, GetFullPathNameW, HeapCreate, AreFileApisANSI, InitializeCriticalSection, TryEnterCriticalSection, InitOnceExecuteOnce, InitializeCriticalSectionAndSpinCount, SetEvent, ResetEvent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, InitializeSListHead, GetStartupInfoW, VirtualQuery, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive |
| USER32.dll | UnregisterClassW, ShowWindow, DestroyWindow, CreateWindowExW, RegisterClassW, GetMessageW, PostThreadMessageW, PostQuitMessage, AllowSetForegroundWindow, GetShellWindow, GetSystemMetrics, SendMessageW, AttachThreadInput, IsWindow, SetWindowPos, IsWindowVisible, BringWindowToTop, CreateDialogParamW, DialogBoxParamW, GetDlgItem, SetActiveWindow, GetForegroundWindow, SetForegroundWindow, SetWindowTextW, GetClientRect, GetWindowRect, MapWindowPoints, GetWindowLongW, SetWindowLongW, SetWindowLongPtrW, GetParent, GetWindow, LoadIconW, MonitorFromWindow, GetMonitorInfoW, PeekMessageW, MsgWaitForMultipleObjectsEx, SetCursor, LoadCursorW, TranslateMessage, DispatchMessageW, IsDialogMessageW, PostMessageW, EnumWindows, GetClassNameW, GetWindowThreadProcessId, SystemParametersInfoW, UnregisterPowerSettingNotification, SendMessageTimeoutW, RegisterPowerSettingNotification |
| ADVAPI32.dll | LookupPrivilegeValueW, RegGetValueA, EventRegister, EventWriteTransfer, EventUnregister, EventWrite, CredWriteW, CredReadW, CredDeleteW, CredFree, RegOverridePredefKey, LookupAccountNameW, CryptDestroyKey, CryptSetHashParam, CryptImportKey, AddAce, DeleteAce, GetAce, InitializeAcl, ImpersonateLoggedOnUser, CreateProcessWithTokenW, GetUserNameW, SetFileSecurityW, ConvertSidToStringSidW, SetNamedSecurityInfoW, GetNamedSecurityInfoW, SetEntriesInAclW, StartServiceW, StartServiceCtrlDispatcherW, SetServiceStatus, RegisterServiceCtrlHandlerW, QueryServiceStatusEx, QueryServiceStatus, QueryServiceConfigW, OpenServiceW, OpenSCManagerW, DeleteService, CreateServiceW, ControlService, CloseServiceHandle, ChangeServiceConfig2W, ChangeServiceConfigW, RegDeleteTreeW, RegUnLoadKeyW, RegLoadKeyW, RegEnumKeyW, RegDeleteKeyExW, RegCreateKeyTransactedW, GetAclInformation, FreeSid, DuplicateTokenEx, CreateWellKnownSid, AllocateAndInitializeSid, CreateProcessAsUserW, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegGetValueW, RegSetKeyValueW, RegSetValueExW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegCreateKeyExW, RegCloseKey, CredEnumerateW, IsValidSid, InitializeSid, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, GetSidLengthRequired, GetLengthSid, EqualSid, CopySid, AdjustTokenPrivileges, OpenProcessToken, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextW, ConvertStringSidToSidW, RevertToSelf |
| SHELL32.dll | ShellExecuteW, SHFileOperationW, SHLoadNonloadedIconOverlayIdentifiers, SHGetFolderPathW, CommandLineToArgvW, SHCreateDirectoryExW, SHGetKnownFolderPath, SHGetSpecialFolderPathW, SHChangeNotify, SHParseDisplayName, ShellExecuteExW, SHCreateItemFromParsingName, SHAssocEnumHandlers, SHGetFolderPathAndSubDirW, SHSetKnownFolderPath, SHGetFolderPathA |
| ole32.dll | CreateItemMoniker, CoGetObject, CoSetProxyBlanket, CLSIDFromString, StringFromCLSID, CoInitialize, StringFromGUID2, CoCreateInstance, CoCreateGuid, CoTaskMemFree, CoInitializeEx, CoUninitialize, CoCreateFreeThreadedMarshaler, CreateStreamOnHGlobal, CoTaskMemAlloc, PropVariantClear, CoWaitForMultipleHandles, CreateBindCtx, GetRunningObjectTable |
| OLEAUT32.dll | SysAllocStringLen, VarBstrCmp, VariantChangeType, VariantClear, VariantInit, SysAllocStringByteLen, SysStringByteLen, SysStringLen, SysFreeString, SysAllocString, GetRecordInfoFromTypeInfo, SetErrorInfo, GetErrorInfo, LoadTypeLib, LoadRegTypeLib |
| IPHLPAPI.DLL | GetAdaptersInfo |
| RstrtMgr.DLL | RmRegisterResources, RmEndSession, RmStartSession, RmGetList |
| CRYPT32.dll | CertFindExtension, CryptStringToBinaryW, CryptBinaryToStringW, CertFreeCertificateChain, CertVerifyCertificateChainPolicy |
| RPCRT4.dll | RpcExceptionFilter, RpcBindingFree, RpcBindingFromStringBindingW, RpcBindingVectorFree, RpcStringFreeW, UuidToStringW, RpcStringBindingComposeW, RpcServerInqCallAttributesW, RpcEpUnregister, RpcEpRegisterW, RpcBindingSetAuthInfoExW, RpcServerUseProtseqW, RpcServerUnregisterIf, RpcServerRegisterIfEx, RpcServerInqBindings |
| Secur32.dll | GetUserNameExW |
| SHLWAPI.dll | StrStrIW, PathIsPrefixW, PathStripToRootW, PathStripPathW, PathSkipRootW, PathIsRelativeW, SHRegGetUSValueW, SHGetValueW, PathFindFileNameW, PathIsDirectoryW, PathRemoveFileSpecW, SHDeleteKeyW, SHDeleteValueW, SHGetValueA, SHSetValueW, SHRegGetValueW, SHRegGetPathW, SHRegGetBoolUSValueW, AssocQueryStringW, SHCreateStreamOnFileW, SHCreateStreamOnFileEx, PathFindExtensionW, PathIsDirectoryEmptyW, PathFileExistsW, PathFileExistsA, PathFindFileNameA, PathGetDriveNumberA, PathIsDirectoryA, SHCreateStreamOnFileA |
| VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
| WININET.dll | InternetCheckConnectionW, InternetCrackUrlA, InternetOpenW, InternetCloseHandle, InternetConnectA, InternetReadFile, InternetQueryOptionW, InternetSetStatusCallbackW, HttpOpenRequestA, HttpAddRequestHeadersA, HttpSendRequestW, HttpQueryInfoA |
| WS2_32.dll | setsockopt, htons, WSAStartup, WSAGetLastError, send, listen, htonl, socket, bind, accept, closesocket |
| WTSAPI32.dll | WTSQuerySessionInformationW, WTSEnumerateSessionsW, WTSFreeMemory, WTSQueryUserToken |
| USERENV.dll | CreateEnvironmentBlock, GetDefaultUserProfileDirectoryW, UnloadUserProfile |
| GDI32.dll | CreateDIBSection, SetDIBColorTable, GetObjectW, SelectObject, CreateCompatibleDC, DeleteDC, DeleteObject |
| urlmon.dll | URLOpenStreamW |
| gdiplus.dll | GdipDisposeImage, GdipCloneImage, GdiplusStartup, GdipFree, GdipAlloc, GdiplusShutdown, GdipGetImageWidth, GdipGetImageHeight, GdipGetImagePixelFormat, GdipGetImagePalette, GdipGetImagePaletteSize, GdipCreateBitmapFromStream, GdipGetImageGraphicsContext, GdipDeleteGraphics, GdipCreateBitmapFromScan0, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipDrawImageI |
| COMCTL32.dll | |
| WINTRUST.dll | WinVerifyTrustEx, WTHelperProvDataFromStateData, WTHelperGetProvSignerFromChain |
| WINHTTP.dll | WinHttpCrackUrl, WinHttpOpenRequest, WinHttpOpen, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpConnect, WinHttpReadData, WinHttpQueryDataAvailable, WinHttpQueryHeaders, WinHttpCloseHandle |
| Cabinet.dll |
| Name | Ordinal | Address |
|---|---|---|
| ?$TSS0@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ@4HA | 1 | 0x140470950 |
| ??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z | 2 | 0x140096020 |
| ??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@XZ | 3 | 0x140096020 |
| ??0DebugEventListener@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z | 4 | 0x140096030 |
| ??0DebugEventListener@Events@Applications@Microsoft@@QEAA@XZ | 5 | 0x140096030 |
| ??0DebugEventSource@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z | 6 | 0x140096040 |
| ??0DebugEventSource@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z | 7 | 0x140096100 |
| ??0DebugEventSource@Events@Applications@Microsoft@@QEAA@XZ | 8 | 0x1400378d0 |
| ??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z | 9 | 0x14009db10 |
| ??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 10 | 0x14009db60 |
| ??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@5@@Z | 11 | 0x14009db90 |
| ??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@E@Z | 12 | 0x14009dbe0 |
| ??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@5@@Z | 13 | 0x14009dce0 |
| ??0EventProperties@Events@Applications@Microsoft@@QEAA@XZ | 14 | 0x14009dd40 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@$$QEAU0123@@Z | 15 | 0x1400a30c0 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@NV?$allocator@N@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z | 16 | 0x1400a3110 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z | 17 | 0x1400a3180 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@W4PiiKind@123@W4DataCategory@123@@Z | 18 | 0x1400a31f0 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@_JV?$allocator@_J@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z | 19 | 0x1400a3260 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z | 20 | 0x1400a30c0 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@123@W4DataCategory@123@@Z | 21 | 0x1400a32d0 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@CW4PiiKind@123@W4DataCategory@123@@Z | 22 | 0x1400a3350 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@EW4PiiKind@123@W4DataCategory@123@@Z | 23 | 0x1400a3380 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@FW4PiiKind@123@W4DataCategory@123@@Z | 24 | 0x1400a33b0 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@GW4PiiKind@123@W4DataCategory@123@@Z | 25 | 0x1400a33e0 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@HW4PiiKind@123@W4DataCategory@123@@Z | 26 | 0x1400a3410 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@IW4PiiKind@123@W4DataCategory@123@@Z | 27 | 0x1400a3440 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@JW4PiiKind@123@W4DataCategory@123@@Z | 28 | 0x1400a3410 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@NW4PiiKind@123@W4DataCategory@123@@Z | 29 | 0x1400a3470 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@PEBDW4PiiKind@123@W4DataCategory@123@@Z | 30 | 0x1400a34a0 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@UGUID_t@123@W4PiiKind@123@W4DataCategory@123@@Z | 31 | 0x1400a3530 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@Utime_ticks_t@123@W4PiiKind@123@W4DataCategory@123@@Z | 32 | 0x1400a3570 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@XZ | 33 | 0x1400a35a0 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@_JW4PiiKind@123@W4DataCategory@123@@Z | 34 | 0x1400a3610 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@_KW4PiiKind@123@W4DataCategory@123@@Z | 35 | 0x1400a3610 |
| ??0EventProperty@Events@Applications@Microsoft@@QEAA@_NW4PiiKind@123@W4DataCategory@123@@Z | 36 | 0x1400a3640 |
| ??0GUID_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z | 37 | 0x1400a3660 |
| ??0GUID_t@Events@Applications@Microsoft@@QEAA@HHHAEBV?$initializer_list@E@std@@@Z | 38 | 0x1400a36a0 |
| ??0GUID_t@Events@Applications@Microsoft@@QEAA@PEBD@Z | 39 | 0x1400a36e0 |
| ??0GUID_t@Events@Applications@Microsoft@@QEAA@QEBE_N@Z | 40 | 0x1400a37c0 |
| ??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z | 41 | 0x1400a38a0 |
| ??0GUID_t@Events@Applications@Microsoft@@QEAA@XZ | 42 | 0x1400a3910 |
| ??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z | 43 | 0x140096170 |
| ??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@XZ | 44 | 0x140096170 |
| ??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z | 45 | 0x140096180 |
| ??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z | 46 | 0x140096220 |
| ??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@std@@@Z | 47 | 0x1400a0980 |
| ??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ | 48 | 0x140037a60 |
| ??0ILogController@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z | 49 | 0x140096270 |
| ??0ILogController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z | 50 | 0x140096270 |
| ??0ILogController@Events@Applications@Microsoft@@QEAA@XZ | 51 | 0x140096270 |
| ??0ILogManager@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z | 52 | 0x140096280 |
| ??0ILogManager@Events@Applications@Microsoft@@QEAA@XZ | 53 | 0x140096280 |
| ??0ILogger@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z | 54 | 0x1400962b0 |
| ??0ILogger@Events@Applications@Microsoft@@QEAA@XZ | 55 | 0x1400962b0 |
| ??0IModule@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z | 56 | 0x1400962c0 |
| ??0IModule@Events@Applications@Microsoft@@QEAA@XZ | 57 | 0x1400962c0 |
| ??0ISemanticContext@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z | 58 | 0x1400962d0 |
| ??0ISemanticContext@Events@Applications@Microsoft@@QEAA@XZ | 59 | 0x1400962d0 |
| ??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@$$QEAU0123@@Z | 60 | 0x1400962e0 |
| ??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@AEBU0123@@Z | 61 | 0x1400963e0 |
| ??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ | 62 | 0x1400964a0 |
| ??0time_ticks_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z | 63 | 0x140096f10 |
| ??0time_ticks_t@Events@Applications@Microsoft@@QEAA@PEB_J@Z | 64 | 0x1400a3920 |
| ??0time_ticks_t@Events@Applications@Microsoft@@QEAA@XZ | 65 | 0x1400a3940 |
| ??0time_ticks_t@Events@Applications@Microsoft@@QEAA@_K@Z | 66 | 0x1400a3950 |
| ??1DebugEventDispatcher@Events@Applications@Microsoft@@UEAA@XZ | 67 | 0x140009290 |
| ??1DebugEventListener@Events@Applications@Microsoft@@UEAA@XZ | 68 | 0x140009290 |
| ??1DebugEventSource@Events@Applications@Microsoft@@UEAA@XZ | 69 | 0x140038d70 |
| ??1EventProperties@Events@Applications@Microsoft@@UEAA@XZ | 70 | 0x14009e100 |
| ??1EventProperty@Events@Applications@Microsoft@@UEAA@XZ | 71 | 0x1400a3990 |
| ??1IAuthTokensController@Events@Applications@Microsoft@@UEAA@XZ | 72 | 0x140096890 |
| ??1ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ | 73 | 0x14004a200 |
| ??1ILogManager@Events@Applications@Microsoft@@UEAA@XZ | 74 | 0x1400968a0 |
| ??1ILogger@Events@Applications@Microsoft@@UEAA@XZ | 75 | 0x1400968d0 |
| ??1IModule@Events@Applications@Microsoft@@UEAA@XZ | 76 | 0x140009290 |
| ??1ISemanticContext@Events@Applications@Microsoft@@UEAA@XZ | 77 | 0x1400968e0 |
| ??1LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ | 78 | 0x1400968f0 |
| ??4DebugEventDispatcher@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z | 79 | 0x14000b8b0 |
| ??4DebugEventListener@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z | 80 | 0x14000b8b0 |
| ??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z | 81 | 0x140096ba0 |
| ??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z | 82 | 0x140096c50 |
| ??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z | 83 | 0x14009e230 |
| ??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@@Z | 84 | 0x14009e250 |
| ??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@std@@@Z | 85 | 0x14009e290 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z | 86 | 0x1400a39a0 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 87 | 0x1400a39e0 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@NV?$allocator@N@std@@@std@@@Z | 88 | 0x1400a3a60 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@std@@@Z | 89 | 0x1400a3ac0 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z | 90 | 0x1400a3b20 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@_JV?$allocator@_J@std@@@std@@@Z | 91 | 0x1400a3b80 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@C@Z | 92 | 0x1400a3be0 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@E@Z | 93 | 0x1400a3bf0 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@F@Z | 94 | 0x1400a3c00 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@G@Z | 95 | 0x1400a3c10 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@H@Z | 96 | 0x1400a3c20 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@I@Z | 97 | 0x1400a3c30 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@J@Z | 98 | 0x1400a3c20 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@N@Z | 99 | 0x1400a3c40 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@PEBD@Z | 100 | 0x1400a3c70 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@UGUID_t@123@@Z | 101 | 0x1400a3cd0 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@Utime_ticks_t@123@@Z | 102 | 0x1400a3d10 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_J@Z | 103 | 0x1400a3d50 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_K@Z | 104 | 0x1400a3d80 |
| ??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_N@Z | 105 | 0x1400a3d90 |
| ??4GUID_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z | 106 | 0x140096ce0 |
| ??4IAuthTokensController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z | 107 | 0x14000b8b0 |
| ??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z | 108 | 0x140096cf0 |
| ??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z | 109 | 0x140096d80 |
| ??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z | 110 | 0x14000b8b0 |
| ??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z | 111 | 0x14000b8b0 |
| ??4ILogManager@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z | 112 | 0x14000b8b0 |
| ??4ILogger@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z | 113 | 0x14000b8b0 |
| ??4IModule@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z | 114 | 0x14000b8b0 |
| ??4ISemanticContext@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z | 115 | 0x14000b8b0 |
| ??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@$$QEAU0123@@Z | 116 | 0x140096df0 |
| ??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z | 117 | 0x140096e80 |
| ??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z | 118 | 0x14000b8b0 |
| ??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z | 119 | 0x14000b8b0 |
| ??4time_ticks_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z | 120 | 0x140096f10 |
| ??8EventProperty@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z | 121 | 0x1400a3dc0 |
| ??8GUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z | 122 | 0x1400a42e0 |
| ??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z | 123 | 0x1400a0a10 |
| ??DILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@2@@std@@XZ | 124 | 0x14000b8b0 |
| ??MGUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z | 125 | 0x1400a4330 |
| ??YEventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@@Z | 126 | 0x14009e470 |
| ??_7DebugEventDispatcher@Events@Applications@Microsoft@@6B@ | 127 | 0x140349e68 |
| ??_7DebugEventListener@Events@Applications@Microsoft@@6B@ | 128 | 0x14034b048 |
| ??_7DebugEventSource@Events@Applications@Microsoft@@6B@ | 129 | 0x140349e80 |
| ??_7EventProperties@Events@Applications@Microsoft@@6B@ | 130 | 0x140359aa0 |
| ??_7EventProperty@Events@Applications@Microsoft@@6B@ | 131 | 0x14035a1c0 |
| ??_7IAuthTokensController@Events@Applications@Microsoft@@6B@ | 132 | 0x1403591f0 |
| ??_7ILogController@Events@Applications@Microsoft@@6B@ | 133 | 0x140359238 |
| ??_7ILogManager@Events@Applications@Microsoft@@6BDebugEventDispatcher@123@@ | 134 | 0x140359418 |
| ??_7ILogManager@Events@Applications@Microsoft@@6BIContextProvider@123@@ | 135 | 0x140359400 |
| ??_7ILogManager@Events@Applications@Microsoft@@6BILogController@123@@ | 136 | 0x1403592a0 |
| ??_7ILogger@Events@Applications@Microsoft@@6B@ | 137 | 0x140359098 |
| ??_7IModule@Events@Applications@Microsoft@@6B@ | 138 | 0x140358d48 |
| ??_7ISemanticContext@Events@Applications@Microsoft@@6B@ | 139 | 0x140358d78 |
| ?AddEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z | 140 | 0x14009c7f0 |
| ?AddModule@ILogConfiguration@Events@Applications@Microsoft@@QEAAXPEBDAEBV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@@Z | 141 | 0x1400a0ac0 |
| ?AttachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z | 142 | 0x14009c8a0 |
| ?ClearExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXXZ | 143 | 0x140009290 |
| ?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z | 144 | 0x140097560 |
| ?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBDAEAW4status_t@234@_K@Z | 145 | 0x140097570 |
| ?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBD_NAEAVILogConfiguration@234@AEAW4status_t@234@_K@Z | 146 | 0x140097580 |
| ?DecrementActiveHydrationsCount@QoS@@YAXXZ | 147 | 0x1402c1380 |
| ?DestroyLogManager@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z | 148 | 0x140097690 |
| ?DetachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z | 149 | 0x14009c940 |
| ?DispatchEvent@DebugEventSource@Events@Applications@Microsoft@@UEAA_NVDebugEvent@234@@Z | 150 | 0x14009c9c0 |
| ?DispatchEventBroadcast@ILogManager@Events@Applications@Microsoft@@SA_NVDebugEvent@234@@Z | 151 | 0x1400b90d0 |
| ?FromJSON@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@PEBD@Z | 152 | 0x1400b0280 |
| ?FromLogConfiguration@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@AEAULogConfiguration@Telemetry@23@@Z | 153 | 0x1400b0440 |
| ?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z | 154 | 0x1400a1160 |
| ?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@PEBDAEAW4status_t@234@@Z | 155 | 0x1400a11a0 |
| ?GetActiveHydrationsCount@QoS@@YAIXZ | 156 | 0x1402c1390 |
| ?GetApplicationPropertyId@QoS@@YA?AW4Id@PropertyId@TelemetryConstants@@XZ | 157 | 0x1402c13a0 |
| ?GetDefaultConfiguration@Events@Applications@Microsoft@@YAAEBVILogConfiguration@123@XZ | 158 | 0x1400b0830 |
| ?GetErrorType@QoS@@YA?AW4Type@ErrorType@TelemetryConstants@@JI@Z | 159 | 0x1402c13b0 |
| ?GetErrorType@QoS@@YA?AW4Type@ErrorType@TelemetryConstants@@JIAEBV?$set@IU?$less@I@std@@V?$allocator@I@2@@std@@@Z | 160 | 0x1402c1420 |
| ?GetInstance@Telemetry@@CAPEAV1@XZ | 161 | 0x1402c1800 |
| ?GetLatency@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventLatency@234@XZ | 162 | 0x14009e650 |
| ?GetLogObfuscationKeyManger@@YAJPEAPEAVILogObfuscationKeyManager@@@Z | 163 | 0x14004df90 |
| ?GetLogObfuscatorAes@@YAJPEAPEAVILogObfuscatorAes@@@Z | 164 | 0x14004b770 |
| ?GetModule@ILogConfiguration@Events@Applications@Microsoft@@QEAA?AV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@PEBD@Z | 165 | 0x1400a0b90 |
| ?GetModules@ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@@std@@@2@@std@@XZ | 166 | 0x1400a0de0 |
| ?GetName@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ | 167 | 0x1400283c0 |
| ?GetPersistence@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPersistence@234@XZ | 168 | 0x14009e660 |
| ?GetPiiProperties@EventProperties@Events@Applications@Microsoft@@QEBA?BV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Events@Application | 169 | 0x14009e670 |
| ?GetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEBA_KXZ | 170 | 0x14009e8e0 |
| ?GetPopSample@EventProperties@Events@Applications@Microsoft@@QEBANXZ | 171 | 0x14009e8f0 |
| ?GetPriority@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPriority@234@XZ | 172 | 0x14009e650 |
| ?GetProperties@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@W4DataCategory@234@@Z | 173 | 0x14009e900 |
| ?GetResultType@QoS@@YAPEB_WJI@Z | 174 | 0x1402c1540 |
| ?GetResultType@QoS@@YAPEB_WW4Type@ErrorType@TelemetryConstants@@@Z | 175 | 0x1402c1560 |
| ?GetTimestamp@EventProperties@Events@Applications@Microsoft@@QEBA_JXZ | 176 | 0x14009e920 |
| ?GetType@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ | 177 | 0x14009e930 |
| ?HasConfig@ILogConfiguration@Events@Applications@Microsoft@@QEAA_NPEBD@Z | 178 | 0x1400a0df0 |
| ?Hash@GUID_t@Events@Applications@Microsoft@@QEBA_KXZ | 179 | 0x1400a4510 |
| ?IncrementActiveHydrationsCount@QoS@@YAXXZ | 180 | 0x1402c1590 |
| ?Initialize@IModule@Events@Applications@Microsoft@@UEAAXPEAVILogManager@234@@Z | 181 | 0x140009290 |
| ?InsertIntoIrmEnabledLibrarySet@QoS@@YAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z | 182 | 0x1402c15a0 |
| ?IsAnyLibraryIrmEnabled@QoS@@YA_NXZ | 183 | 0x1402c15b0 |
| ?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@AEAVILogConfiguration@234@@Z | 184 | 0x1400a1260 |
| ?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z | 185 | 0x1400a1290 |
| ?RemoveEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z | 186 | 0x14009cb80 |
| ?RemoveFromIrmEnabledLibrarySet@QoS@@YAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z | 187 | 0x1402c15c0 |
| ?SetAppEnv@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 188 | 0x1400976a0 |
| ?SetAppExperimentETag@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 189 | 0x140097790 |
| ?SetAppExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 190 | 0x140097890 |
| ?SetAppExperimentImpressionId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 191 | 0x140097980 |
| ?SetAppId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 192 | 0x140097a70 |
| ?SetAppLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 193 | 0x140097b60 |
| ?SetAppName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 194 | 0x140097c50 |
| ?SetAppVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 195 | 0x140097d40 |
| ?SetApplicationId@QoS@@YAXI@Z | 196 | 0x1402c15d0 |
| ?SetCommercialId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 197 | 0x140097e30 |
| ?SetCommonField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBUEventProperty@234@@Z | 198 | 0x140009290 |
| ?SetCustomField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBUEventProperty@234@@Z | 199 | 0x140009290 |
| ?SetDeviceClass@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 200 | 0x140097f20 |
| ?SetDeviceId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 201 | 0x140098010 |
| ?SetDeviceMake@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 202 | 0x140098100 |
| ?SetDeviceModel@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 203 | 0x1400981f0 |
| ?SetDeviceOrgId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 204 | 0x1400982e0 |
| ?SetEventExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z | 205 | 0x140009290 |
| ?SetLatency@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventLatency@234@@Z | 206 | 0x14009e940 |
| ?SetLevel@EventProperties@Events@Applications@Microsoft@@QEAAXE@Z | 207 | 0x1400983d0 |
| ?SetName@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 208 | 0x14009e950 |
| ?SetNetworkCost@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkCost@234@@Z | 209 | 0x140098490 |
| ?SetNetworkProvider@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 210 | 0x1400985c0 |
| ?SetNetworkType@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkType@234@@Z | 211 | 0x1400986b0 |
| ?SetOsBuild@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 212 | 0x1400987e0 |
| ?SetOsName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 213 | 0x1400988d0 |
| ?SetOsVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 214 | 0x1400989c0 |
| ?SetPersistence@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPersistence@234@@Z | 215 | 0x14009ea90 |
| ?SetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEAAX_K@Z | 216 | 0x14009eaa0 |
| ?SetPopsample@EventProperties@Events@Applications@Microsoft@@QEAAXN@Z | 217 | 0x14009eab0 |
| ?SetPriority@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPriority@234@@Z | 218 | 0x14009eac0 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@W4DataCategory@234@@Z | 219 | 0x14009eb00 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@NV?$allocator@N@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z | 220 | 0x14009eb50 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z | 221 | 0x14009eba0 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@6@W4PiiKind@234@W4DataCategory@234@@Z | 222 | 0x14009ebf0 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@_JV?$allocator@_J@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z | 223 | 0x14009ec40 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CW4PiiKind@234@W4DataCategory@234@@Z | 224 | 0x140098ab0 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EW4PiiKind@234@W4DataCategory@234@@Z | 225 | 0x140098ac0 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@FW4PiiKind@234@W4DataCategory@234@@Z | 226 | 0x140098ad0 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GW4PiiKind@234@W4DataCategory@234@@Z | 227 | 0x140098ae0 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HW4PiiKind@234@W4DataCategory@234@@Z | 228 | 0x140098af0 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IW4PiiKind@234@W4DataCategory@234@@Z | 229 | 0x140098b00 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NW4PiiKind@234@W4DataCategory@234@@Z | 230 | 0x14009ec90 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBDW4PiiKind@234@W4DataCategory@234@@Z | 231 | 0x14009ece0 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z | 232 | 0x14009ed30 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@W4DataCategory@234@@Z | 233 | 0x14009ee30 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Utime_ticks_t@234@W4PiiKind@234@W4DataCategory@234@@Z | 234 | 0x14009ee80 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z | 235 | 0x14009eee0 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KW4PiiKind@234@W4DataCategory@234@@Z | 236 | 0x140098b10 |
| ?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NW4PiiKind@234@W4DataCategory@234@@Z | 237 | 0x14009ef30 |
| ?SetTicket@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4TicketType@234@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 238 | 0x140009290 |
| ?SetTimestamp@EventProperties@Events@Applications@Microsoft@@QEAAX_J@Z | 239 | 0x14009ef80 |
| ?SetType@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 240 | 0x14009ef90 |
| ?SetUserANID@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 241 | 0x140098b20 |
| ?SetUserAdvertisingId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 242 | 0x140098c10 |
| ?SetUserId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@234@@Z | 243 | 0x140098d00 |
| ?SetUserLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 244 | 0x140098de0 |
| ?SetUserMsaId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 245 | 0x140098ed0 |
| ?SetUserTimeZone@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z | 246 | 0x140098fc0 |
| ?SizeUnknown@QoS@@YAIXZ | 247 | 0x14000a9c0 |
| ?Teardown@IModule@Events@Applications@Microsoft@@UEAAXXZ | 248 | 0x140009290 |
| ?TryGetLevel@EventProperties@Events@Applications@Microsoft@@QEBA?AV?$tuple@_NE@std@@XZ | 249 | 0x14009f130 |
| ?clear@EventProperty@Events@Applications@Microsoft@@QEAAXXZ | 250 | 0x1400a4760 |
| ?convertUintVectorToGUID@GUID_t@Events@Applications@Microsoft@@SA?AU_GUID@@AEBV?$vector@EV?$allocator@E@std@@@std@@@Z | 251 | 0x1400a4810 |
| ?copydata@EventProperty@Events@Applications@Microsoft@@AEAAXPEBU1234@@Z | 252 | 0x1400a4870 |
| ?empty@EventProperty@Events@Applications@Microsoft@@QEAA_NXZ | 253 | 0x1400a4a00 |
| ?erase@EventProperties@Events@Applications@Microsoft@@QEAA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4DataCategory@234@@Z | 254 | 0x14009f510 |
| ?lock@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ@4V67@A | 255 | 0x140470900 |
| ?pack@EventProperties@Events@Applications@Microsoft@@QEAAPEAUevt_prop@@XZ | 256 | 0x14009f530 |
| ?stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ | 257 | 0x14009bb70 |
| ?to_bytes@GUID_t@Events@Applications@Microsoft@@QEBAXAEAY0BA@E@Z | 258 | 0x1400a4b20 |
| ?to_string@EventProperty@Events@Applications@Microsoft@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ | 259 | 0x1400a4b70 |
| ?to_string@GUID_t@Events@Applications@Microsoft@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ | 260 | 0x1400a5420 |
| ?type_name@EventProperty@Events@Applications@Microsoft@@SAPEBDI@Z | 261 | 0x1400a5440 |
| ?unpack@EventProperties@Events@Applications@Microsoft@@QEAA_NPEAUevt_prop@@_K@Z | 262 | 0x14009f800 |
| OnLoadTelemetryExtensions | 263 | 0x140009290 |
| evt_api_call_default | 264 | 0x1400933b0 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
| Catalan | Spain |  |
| Chinese | Taiwan |  |
| Czech | Czech Republic |  |
| Danish | Denmark |  |
| German | Germany |  |
| Greek | Greece |  |
| Finnish | Finland |  |
| French | France |  |
| Hebrew | Israel |  |
| Hungarian | Hungary |  |
| Italian | Italy |  |
| Japanese | Japan |  |
| Korean | North Korea |  |
| Korean | South Korea |  |
| Dutch | Netherlands |  |
| Norwegian | Norway |  |
| Polish | Poland |  |
| Portuguese | Brazil |  |
| Romanian | Romania |  |
| Russian | Russia |  |
| Croatian | Croatia |  |
| Slovak | Slovakia |  |
| Swedish | Sweden |  |
| Thai | Thailand |  |
| Turkish | Turkey |  |
| Indonesian | Indonesia |  |
| Ukrainian | Ukrain | |
| Slovenian | Slovenia |  |
| Estonian | Estonia |  |
| Latvian | Lativa |  |
| Lithuanian | Lithuania |  |
| Vietnamese | Vietnam |  |
| Setsuana | South Africa |  |
| Hindi | India |  |
| Maltese | Malta |  |
| Malay | Malaysia |  |
| Tamil | Sri Lanka |  |
| Kannada | Kanada | |
| Welsh | England | |
| Amharic | Ethiopia | |
| Nepali | Nepal |  |
| Filipino | Philippines | |
| Igbo | Nigeria |  |
| Maori | New Zealand |  |
| Chinese | China |  |
| English | Great Britain |  |
| Portuguese | Portugal |  |
| Gaelic | Ireland |  |
| Bosnian | Bosnian |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node⊘No network behavior found
Click to jump to process
Click to jump to process
| Target ID: | 0 |
| Start time: | 16:56:55 |
| Start date: | 20/12/2023 |
| Path: | C:\Users\user\Desktop\OneDriveSetUp.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff69fd90000 |
| File size: | 65'185'712 bytes |
| MD5 hash: | B471E4C796F44FACBB40EAC898B67503 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
⊘No disassembly
