From 3d83a3e89bd2168724ad153972c183f81ca3f38a Mon Sep 17 00:00:00 2001
From: Utku Tombul <utkutombul@users.noreply.github.com>
Date: Thu, 23 Jan 2025 09:13:44 +0300
Subject: [PATCH] Update Windows.Binary.Exports artifact (#982)

Windows.Binary.Exports artifact was not working in recent Velociraptor
version and needed an update.
---
 content/exchange/artifacts/Exports.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/content/exchange/artifacts/Exports.yaml b/content/exchange/artifacts/Exports.yaml
index 17c38a84f07..78513c22fe8 100644
--- a/content/exchange/artifacts/Exports.yaml
+++ b/content/exchange/artifacts/Exports.yaml
@@ -21,17 +21,17 @@ sources:
         WHERE NOT IsDir
 
       LET all_binary_info = SELECT
-            dict(FullPath=FullPath,Name=Name,Size=Size,IsLink=IsLink) as FileDetails,
+            dict(OSPath=OSPath,Name=Name,Size=Size,IsLink=IsLink) as FileDetails,
             dict(Mtime=Mtime,Atime=Atime,Ctime=Ctime,Btime=Btime) as SI,
-            parse_pe(file=FullPath) as BinaryInfo,
-            authenticode(filename=FullPath) as Authenticode,
-            hash(path=FullPath) as Hash
+            parse_pe(file=OSPath) as BinaryInfo,
+            authenticode(filename=OSPath) as Authenticode,
+            hash(path=OSPath) as Hash
           FROM Targets
           WHERE BinaryInfo
 
       LET binary_exports = SELECT
-            dict(FullPath=FullPath,Name=Name,Size=Size,IsLink=IsLink) as FileDetails,
-            parse_pe(file=FullPath).Exports as Exports
+            dict(OSPath=OSPath,Name=Name,Size=Size,IsLink=IsLink) as FileDetails,
+            parse_pe(file=OSPath).Exports as Exports
           FROM Targets
           WHERE Exports