ccefd30734fa482d006ae935a86c930bd5e5e4a7290608cf7d731f615e8921b8[.]zip

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25/05/2021, 00:00

Not After

24/05/2036, 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

cb:0d:23:c3:48:f0:79:27:73:71:66:94:80:ea:e6:27
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

28/06/2022, 00:00

Not After

14/06/2024, 23:59

Subject

CN=Cybereason Inc.,O=Cybereason Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

14:a6:f8:fa:19:bb:1d:0d:66:e6:96:59:c5:4e:4c:25:b4:be:cd:14:de:75:c6:a1:97:87:9e:ed:9d:41:8d:0d
Signer

Actual PE Digest

14:a6:f8:fa:19:bb:1d:0d:66:e6:96:59:c5:4e:4c:25:b4:be:cd:14:de:75:c6:a1:97:87:9e:ed:9d:41:8d:0d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Cybereason Inc.,O=Cybereason Inc.,L=Boston,ST=Massachusetts,C=US

27/03/2023, 18:21
Valid: true

Chain 1

CN=Cybereason Inc.,O=Cybereason Inc.,L=Boston,ST=Massachusetts,C=US

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

shlwapi

PathIsUNCW

PathFileExistsW

ws2_32

WSACleanup

WSAStartup

kernel32

RtlLookupFunctionEntry

RtlCaptureContext

CreateEventW

WaitForSingleObjectEx

ResetEvent

InitializeCriticalSectionAndSpinCount

AcquireSRWLockShared

AcquireSRWLockExclusive

ReleaseSRWLockShared

ReleaseSRWLockExclusive

MultiByteToWideChar

MoveFileExW

CopyFileW

CreateDirectoryExW

GetModuleHandleW

DeviceIoControl

SetLastError

AreFileApisANSI

RemoveDirectoryW

GetFileInformationByHandle

GetFileAttributesExW

GetFileAttributesW

GetDiskFreeSpaceExW

FindNextFileW

UnhandledExceptionFilter

FindClose

DeleteFileW

CreateDirectoryW

WaitForSingleObject

SetPriorityClass

InitializeCriticalSectionEx

DeleteCriticalSection

FormatMessageW

WideCharToMultiByte

RtlVirtualUnwind

IsProcessorFeaturePresent

QueryPerformanceCounter

GetSystemTimeAsFileTime

InitializeSListHead

OpenProcess

CreateToolhelp32Snapshot

MapViewOfFileEx

UnmapViewOfFile

GetModuleHandleA

CreateFileMappingA

GetModuleHandleExW

GetStdHandle

GetFileType

WriteFile

TlsGetValue

TlsSetValue

DeleteFiber

Process32NextW

Process32FirstW

ReadProcessMemory

QueryFullProcessImageNameW

GetUserDefaultLangID

ConvertFiberToThread

LoadLibraryA

GetConsoleMode

SetConsoleMode

ReadConsoleA

ReadConsoleW

Sleep

CancelIoEx

GetOverlappedResult

SetFilePointer

GetFileSize

CreateFileA

GetDriveTypeW

GetLogicalDriveStringsW

SetEndOfFile

FindFirstFileW

GetEnvironmentVariableW

GetWindowsDirectoryA

GetPriorityClass

K32GetModuleFileNameExA

QueryDosDeviceA

GetLogicalDriveStringsA

SetThreadPriority

LocalFree

FormatMessageA

SetUnhandledExceptionFilter

IsDebuggerPresent

DebugBreak

TlsFree

FreeLibrary

GetCurrentProcessId

GetProcAddress

LoadLibraryW

CloseHandle

TlsAlloc

SetEvent

OutputDebugStringW

GetLastError

GetSystemDirectoryW

GetCurrentThreadId

CreateFileW

LeaveCriticalSection

TerminateProcess

ExpandEnvironmentStringsW

GetCurrentProcess

EnterCriticalSection

SetConsoleCtrlHandler

FindFirstFileExW

msvcp140

?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z

?uncaught_exception@std@@YA_NXZ

?_Xbad_alloc@std@@YAXXZ

?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

?_Throw_C_error@std@@YAXH@Z

?_Xlength_error@std@@YAXPEBD@Z

?_Syserror_map@std@@YAPEBDH@Z

_Mtx_destroy_in_situ

_Mtx_lock

_Mtx_init_in_situ

_Mtx_unlock

?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

_Strcoll

_Strxfrm

?id@?$collate@D@std@@2V0locale@2@A

?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z

_Unlock_shared_ptr_spin_lock

_Lock_shared_ptr_spin_lock

_Thrd_detach

?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A

??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ

?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z

?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z

?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z

?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z

?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

_Thrd_sleep

?widen@?$ctype@_W@std@@QEBA_WD@Z

?narrow@?$ctype@_W@std@@QEBAD_WD@Z

?exceptions@ios_base@std@@QEAAXH@Z

?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z

??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z

?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ

?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z

?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z

?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z

?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ

?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ

?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ

?tolower@?$ctype@D@std@@QEBADD@Z

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?id@?$ctype@D@std@@2V0locale@2@A

?_Xinvalid_argument@std@@YAXPEBD@Z

?_Random_device@std@@YAIXZ

??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z

?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z

?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z

?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ

?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z

?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

_Cnd_broadcast

_Cnd_timedwait

_Cnd_init_in_situ

_Mtx_current_owns

?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ

?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z

?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ

?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

_Thrd_hardware_concurrency

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z

?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z

?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z

??0_Locinfo@std@@QEAA@PEBD@Z

??1_Locinfo@std@@QEAA@XZ

?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

?_Incref@facet@locale@std@@UEAAXXZ

?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

??0facet@locale@std@@IEAA@_K@Z

??1facet@locale@std@@MEAA@XZ

?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

_Wcsxfrm

?id@?$collate@_W@std@@2V0locale@2@A

?id@?$ctype@_W@std@@2V0locale@2@A

?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z

_Wcscoll

?is@?$ctype@_W@std@@QEBA_NF_W@Z

?tolower@?$ctype@_W@std@@QEBA_W_W@Z

?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z

_Query_perf_counter

?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z

_Query_perf_frequency

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z

_Cnd_init

_Mtx_destroy

_Thrd_start

_Mtx_init

_Cnd_wait

_Cnd_destroy

_Cnd_do_broadcast_at_thread_exit

_Cnd_signal

??Bid@locale@std@@QEAA_KXZ

?always_noconv@codecvt_base@std@@QEBA_NXZ

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

??0_Lockit@std@@QEAA@H@Z

??1_Lockit@std@@QEAA@XZ

_Cnd_destroy_in_situ

_Thrd_join

_Thrd_id

?_Throw_Cpp_error@std@@YAXH@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

?_Xbad_function_call@std@@YAXXZ

?_Winerror_message@std@@YAKKPEADK@Z

?_Winerror_map@std@@YAHH@Z

_Xtime_get_ticks

?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

memcmp

wcsstr

memchr

strrchr

__std_exception_destroy

_CxxThrowException

memset

__C_specific_handler

strchr

__std_type_info_compare

memmove

memcpy

__RTDynamicCast

__std_terminate

_set_purecall_handler

_purecall

strstr

__CxxFrameHandler3

__std_exception_copy

api-ms-win-crt-heap-l1-1-0

_set_new_mode

free

realloc

malloc

_callnewh

api-ms-win-crt-string-l1-1-0

isprint

_strnicmp

wcsncpy_s

strcmp

isspace

strncmp

_stricmp

wcsncat_s

_wcsicmp

strspn

strcspn

strncpy

api-ms-win-crt-runtime-l1-1-0

raise

strerror_s

terminate

_register_onexit_function

signal

_set_abort_behavior

_invalid_parameter_noinfo_noreturn

_errno

_initialize_onexit_table

_cexit

_seh_filter_exe

_wassert

strerror

_set_app_type

_crt_atexit

_configure_wide_argv

_initialize_wide_environment

_get_initial_wide_environment

_initterm

_initterm_e

exit

_exit

_register_thread_local_exe_atexit_callback

__p___argc

__p___wargv

_c_exit

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-stdio-l1-1-0

__p__commode

fputc

_get_stream_buffer_pointers

__stdio_common_vsprintf

_set_fmode

__stdio_common_vsnprintf_s

_fseeki64

fflush

fclose

fgetc

fwrite

fputs

__stdio_common_vsscanf

fgetpos

setvbuf

fopen

_wfopen

_setmode

ftell

ungetc

fsetpos

fseek

_fileno

fgets

ferror

__acrt_iob_func

__stdio_common_vfprintf

feof

fread

__stdio_common_vswprintf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

___lc_codepage_func

localeconv

api-ms-win-crt-math-l1-1-0

_dtest

_dsign

__setusermatherr

floorf

log2f

logf

api-ms-win-crt-filesystem-l1-1-0

remove

_unlock_file

_stat64i32

_lock_file

api-ms-win-crt-convert-l1-1-0

strtoul

strtol

strtoull

strtoll

strtod

atoi

sharedexclusionmanagement

??0ExclusionManagementWrapper@@QEAA@V?$shared_ptr@VConfigurator@@@std@@V?$shared_ptr@VConfigurationManagerInterface@@@2@V?$shared_ptr@VExclusionManagerLogger@@@2@@Z

configurationmanager

?handler@ConfigurationManager@@MEAAXXZ

?SetupNonPolicyInternalConfigListener@ConfigurationManager@@MEAAXXZ

?SetupAdvancedOptionsInternalConfigListener@ConfigurationManager@@MEAAXXZ

?SetUpDebugComponentInternalConfigListener@ConfigurationManager@@MEAAXXZ

?initInternalListeners@ConfigurationManager@@MEAAXXZ

?getCurrentConfiguration@ConfigurationManager@@MEAA?AV?$shared_ptr@VCustomerConfiguration@transport@activeprobe@cyber@com@@@std@@XZ

??1ConfigurationManager@@UEAA@XZ

??0ConfigurationManager@@QEAA@AEAVio_context@asio@boost@@V?$shared_ptr@VConfigurationManagerInfo@@@std@@_N_N@Z

?registerToConfigurationManager@ConfigurationManager@@MEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VCapabilitiesUpdateListener@@@3@@Z

??1CapabilitiesInterface@@UEAA@XZ

?saveActualsToDB@CapabilitiesInterface@@UEAAXXZ

?addListener@ConfigurationManager@@QEAAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$weak_ptr@VCapabilitiesUpdateListener@@@3@@Z

?isReadyForHandling@ConfigurationManager@@MEAA_NXZ

?taskInitialDelayInSec@ConfigurationManager@@MEBAIXZ

?taskPeriodInMs@ConfigurationManager@@MEBA_KXZ

?unRegisterFromEvents@ConfigurationManager@@MEAAXXZ

?registerForEvents@ConfigurationManager@@MEAAXXZ

??0CapabilitiesInterface@@QEAA@AEAVio_context@asio@boost@@V?$shared_ptr@VConfigurator@@@std@@@Z

?taskName@CapabilitiesInterface@@MEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?handler@CapabilitiesInterface@@MEAAXXZ

?taskPeriodInMs@CapabilitiesInterface@@MEBA_KXZ

?getFeatureDBName@CapabilitiesInterface@@UEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

??0ConfigurationManagerInfo@@QEAA@V?$shared_ptr@VTriggeringConfigurator@@@std@@V?$shared_ptr@VTasker@@@2@@Z

crlibprotobuf

?SerializeToOstream@Message@protobuf@google@@QEBA_NPEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@@Z

?ParseFromArray@MessageLite@protobuf@google@@QEAA_NPEBXH@Z

?SerializeAsString@MessageLite@protobuf@google@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?SerializeToArray@MessageLite@protobuf@google@@QEBA_NPEAXH@Z

?ParseFromString@MessageLite@protobuf@google@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

mpr

WNetGetUniversalNameW

sharedcomponentutils

?toUpper@StringUtils@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD@Z

??$get@M@Configurator@@QEBAMAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBM@Z

??$set@_K@Configurator@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEB_K@Z

??$set@M@Configurator@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBM@Z

?rtrim@StringUtils@@YAXAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?openProcessForQuerying@WindowsUtils@@YAPEAXK_N@Z

?restore@ShadowCopyAccessor@@QEAA_NAEBVpath@filesystem@boost@@AEBV?$function@$$A6A_NAEBVpath@filesystem@boost@@0@Z@std@@@Z

??1ShadowCopyAccessor@@QEAA@XZ

??0ShadowCopyAccessor@@QEAA@W4_VSS_SNAPSHOT_CONTEXT@@@Z

?verifySignature@SignatureVerifier@@YA?AW4SignatureStatus@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?terminateProcess@ProcessUtils@@YA_N_KV?$duration@_JU?$ratio@$00$0DOI@@std@@@chrono@std@@@Z

?split@StringUtils@@YA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@0@Z

?readProcessWorkingDirectory@ProcessUtils@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEB_K@Z

?getChildProcessesForPid@ProcessUtils@@YA?AV?$vector@_KV?$allocator@_K@std@@@std@@_K@Z

?suspendThread@ProcessUtils@@YA_N_K@Z

?stringStartsWith@StringUtils@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z

?toLower@StringUtils@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV23@@Z

?GetToken@TokenAdapter@@QEAA_NK_NKK@Z

?kernelPathToUserModePath@PathUtils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

??0ImpersonateAdapter@@QEAA@AEBVTokenAdapter@@@Z

??0TokenAdapter@@QEAA@XZ

??1TokenAdapter@@UEAA@XZ

?getSystemTime@WindowsUtils@@YA_KXZ

?filetime2unixepoch@WindowsUtils@@YA_JAEBU_FILETIME@@@Z

?larginteger2unixepoch@WindowsUtils@@YA_JT_LARGE_INTEGER@@@Z

?convertUtf8ListToUtf16List@StringUtils@@YA?AV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@3@@Z

?SetVssBackupState@ShadowCopyAccessor@@QEAA_NW4_VSS_BACKUP_TYPE@@@Z

?createShadowCopySnapshot@ShadowCopyAccessor@@QEAA?AU_GUID@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?GuidToString@ShadowCopyAccessor@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U_GUID@@@Z

?StringToGuid@ShadowCopyAccessor@@SA?AU_GUID@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?isSnapshotExist@ShadowCopyAccessor@@QEAA_NAEBU_GUID@@@Z

?setThreadName@ThreadUtils@@SAXPEBD@Z

??$get@N@Configurator@@QEBANAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBN@Z

?toLower@StringUtils@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD@Z

?utf16To8@StringUtils@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z

?getInstance@CounterRegistrat@@SAAEAV1@XZ

?utf16To8Safe@StringUtils@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@AEAV23@@Z

??0ServiceBase@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@_N222@Z

??1ServiceBase@@UEAA@XZ

?log_component_levels@Logger@@2V?$array@W4level@Logger@@$0EE@@std@@A

??0CRLogMessage@@QEAA@PEBDHW4log_component@Logger@@H@Z

??1CRLogMessage@@QEAA@XZ

?log_component_names@Logger@@2PAPEBDA

??$get@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Configurator@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV12@0@Z

?severityFromString@Logger@@SA?AW4level@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?Run@ServiceBase@@SAHAEAV1@@Z

?WriteErrorLogEntry@ServiceBase@@QEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z

?initLogger@ServiceBase@@QEAAXXZ

?IsAOACSupported@WindowsUtils@@YA_NXZ

??$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Configurator@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z

?expandEnvironmentVariables@PathUtils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

?initCounterLogging@CounterRegistrat@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0II00@Z

??$get@I@Configurator@@QEBAIAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBI@Z

?parseJSONFile@Configurator@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??$get@H@Configurator@@QEBAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBH@Z

?SetServiceStatus@ServiceBase@@IEAAXKKKK@Z

?start@SimpleTask@@QEAAXXZ

??1Tasker@@QEAA@XZ

??0Tasker@@QEAA@E@Z

??0TriggeringConfigurator@@QEAA@V?$shared_ptr@VTasker@@@std@@@Z

?OnPause@ServiceBase@@MEAAXXZ

?OnContinue@ServiceBase@@MEAAXXZ

?SetGeneralError@ServiceBase@@MEAAXXZ

?stream@CRLogMessage@@QEAAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@XZ

?postExecute@PeriodicTask@@MEAAXXZ

?scheduleExecution@PeriodicTask@@UEAAX_K@Z

??1PeriodicTask@@UEAA@XZ

??0PeriodicTask@@QEAA@AEAVio_context@asio@boost@@@Z

?taskInitialDelayInSec@SimpleTask@@MEBAIXZ

??$get@_N@Configurator@@QEBA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEB_N@Z

??$set@_N@Configurator@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEB_N@Z

??$set@I@Configurator@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBI@Z

??$set@H@Configurator@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBH@Z

?handleResponse@PeriodicBaseTask@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?handleError@PeriodicBaseTask@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?onConnected@PeriodicBaseTask@@MEAAXXZ

?printCounterStatusToFile@CounterRegistrat@@QEAAXXZ

?exists@Configurator@@QEBA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?secSinceEpoch@TimeUtils@@SAIXZ

??1PeriodicBaseTask@@UEAA@XZ

?taskInitialDelayInSec@PeriodicBaseTask@@MEBAIXZ

?msecSinceEpochToDate@TimeUtils@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K@Z

??$get@_K@Configurator@@QEBA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEB_K@Z

??0PeriodicBaseTask@@QEAA@AEAVio_context@asio@boost@@V?$shared_ptr@VTriggeringConfigurator@@@std@@@Z

??$get@I@Configurator@@QEBAIAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?toLower@StringUtils@@YAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

?toLower@StringUtils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@$$QEAV23@@Z

?getStringFromReg@RegistryUtils@@SA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@AEAV43@K_N@Z

?utf8To16@StringUtils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

?getStrFilenameFromPathA@StringUtils@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV23@@Z

?toLower@StringUtils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@@Z

?registerCounter@CounterRegistrat@@AEAA?AURegistrationTicket@1@PEAVCounterBase@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?deregisterCounter@CounterRegistrat@@AEAAXPEAVCounterBase@@@Z

advapi32

RegisterEventSourceW

RegNotifyChangeKeyValue

RegCloseKey

RegOpenKeyExW

RegQueryValueExW

ReportEventW

CryptAcquireContextW

CryptReleaseContext

CryptDestroyKey

CryptSetHashParam

CryptGetProvParam

CryptGetUserKey

CryptExportKey

CryptDecrypt

CryptCreateHash

CryptDestroyHash

CryptSignHashW

CryptEnumProvidersW

CloseTrace

OpenTraceW

ProcessTrace

RegGetValueW

RegCreateKeyExW

RegSetValueExW

DeregisterEventSource

user32

GetProcessWindowStation

GetUserObjectInformationW

MessageBoxW

libzmq

zmq_ctx_set

zmq_errno

zmq_ctx_new

zmq_close

zmq_curve_keypair

zmq_msg_init_size

zmq_msg_data

zmq_msg_send

zmq_msg_size

zmq_msg_recv

zmq_msg_close

zmq_setsockopt

zmq_strerror

zmq_socket

zmq_ctx_destroy

zmq_connect

zmq_msg_init

databaseutils

??0HashListDB@@QEAA@W4DataBaseMode@@W4HashDBFileName@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?isGlobalDbEmpty@HashListDB@@QEAAHAEA_N@Z

?getGlobalHashes@HashListDB@@QEAAIAEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z

??1HashListDB@@QEAA@XZ

?init@DBFactory@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AEBV?$function@$$A6AXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@3@1AEBV?$function@$$A6A_NAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@3@@Z

?getInstance@DBFactory@@SAAEAV1@XZ

?unsafeGet@DBFactory@@AEAA?AV?$shared_ptr@VDBManagerBase@@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

??0DBManagerConfig@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00@Z

?setNotifyOnDBEncryptionFailure@DBManagerBase@@QEAAXAEBV?$function@$$A6AXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?setInfoLogCallback@DBManagerBase@@QEAAXAEBV?$function@$$A6AXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?setErrorLogCallback@DBManagerBase@@QEAAXAEBV?$function@$$A6AXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z

?init@HashListDB@@QEAAHXZ

protobuf

?default_instance_@ArwCommandlineExclusion@transport@activeprobe@cyber@com@@0PEAV12345@EA

?default_instance_@ShadowCopyConfig@transport@activeprobe@cyber@com@@0PEAV12345@EA

?default_instance_@ConfigurationValue@transport@activeprobe@cyber@com@@0PEAV12345@EA

?default_instance_@ConfigurationItem@transport@activeprobe@cyber@com@@0PEAV12345@EA

?default_instance_@CmsSettings@transport@activeprobe@cyber@com@@0PEAV12345@EA

?default_instance_@RulesEngineSetting@transport@activeprobe@cyber@com@@0PEAV12345@EA

?default_instance_@Ngav@transport@activeprobe@cyber@com@@0PEAV12345@EA

?default_instance_@CMS@transport@activeprobe@cyber@com@@0PEAV12345@EA

?default_instance_@CustomerConfiguration@transport@activeprobe@cyber@com@@0PEAV12345@EA

?default_instance_@TableItem@transport@activeprobe@cyber@com@@0PEAV12345@EA

?MergeFrom@RulesEngineSetting@transport@activeprobe@cyber@com@@QEAAXAEBV12345@@Z

?mutable_ngavsettings@CustomerConfiguration@transport@activeprobe@cyber@com@@QEAAPEAVNgav@2345@XZ

?mutable_rulesenginesetting@Ngav@transport@activeprobe@cyber@com@@QEAAPEAVRulesEngineSetting@2345@XZ

?mutable_bsamode@RulesEngineSetting@transport@activeprobe@cyber@com@@QEAAPEAVConfigurationItem@2345@XZ

?mutable_rulesengineruleidexclusions@RulesEngineSetting@transport@activeprobe@cyber@com@@QEAAPEAVTableItems@2345@XZ

?mutable_rulesengineexclusionpaths@RulesEngineSetting@transport@activeprobe@cyber@com@@QEAAPEAVTableItems@2345@XZ

?mutable_mode@RulesEngineSetting@transport@activeprobe@cyber@com@@QEAAPEAVConfigurationItem@2345@XZ

?mutable_item@TableItem@transport@activeprobe@cyber@com@@QEAAPEAVConfigurationItem@2345@XZ

?mutable_items@TableItems@transport@activeprobe@cyber@com@@QEAAPEAVTableItem@2345@H@Z

?mutable_value@ConfigurationItem@transport@activeprobe@cyber@com@@QEAAPEAVConfigurationValue@2345@XZ

?mutable_capability@ConfigurationItem@transport@activeprobe@cyber@com@@QEAAPEAVConfigurationCapability@2345@XZ

?mutable_actual@ConfigurationValue@transport@activeprobe@cyber@com@@QEAAPEAVValueType@2345@XZ

?MergeFrom@ArwSetting@transport@activeprobe@cyber@com@@QEAAXAEBV12345@@Z

?mutable_arwsetting@Ngav@transport@activeprobe@cyber@com@@QEAAPEAVArwSetting@2345@XZ

?mutable_commandline@ArwCommandlineExclusion@transport@activeprobe@cyber@com@@QEAAPEAVConfigurationItem@2345@XZ

?mutable_allowlist@ArwCommandlineExclusions@transport@activeprobe@cyber@com@@QEAAPEAVArwCommandlineExclusion@2345@H@Z

?mutable_autorestoreenable@ArwSetting@transport@activeprobe@cyber@com@@QEAAPEAVConfigurationItem@2345@XZ

?mutable_allowlist@ArwSetting@transport@activeprobe@cyber@com@@QEAAPEAVArwCommandlineExclusions@2345@XZ

?mutable_vssenable@ArwSetting@transport@activeprobe@cyber@com@@QEAAPEAVConfigurationItem@2345@XZ

?mutable_mbrenable@ArwSetting@transport@activeprobe@cyber@com@@QEAAPEAVConfigurationItem@2345@XZ

?mutable_level@ArwSetting@transport@activeprobe@cyber@com@@QEAAPEAVConfigurationItem@2345@XZ

?mutable_mode@ArwSetting@transport@activeprobe@cyber@com@@QEAAPEAVConfigurationItem@2345@XZ

?IsInitialized@PreventionProgram@language@prevention@cyber@com@@UEBA_NXZ

??1PreventionProgram@language@prevention@cyber@com@@UEAA@XZ

??4PreventionProgram@language@prevention@cyber@com@@QEAAAEAV01234@AEBV01234@@Z

??0PreventionProgram@language@prevention@cyber@com@@QEAA@XZ

??1EpCollectorRpc@ipc@activeprobe@cyber@com@@UEAA@XZ

??0EpCollectorRpc@ipc@activeprobe@cyber@com@@QEAA@XZ

?mutable_publishrulesengine@EpCollectorRpc@ipc@activeprobe@cyber@com@@QEAAPEAVRECollectionPublishEventCommand@2345@XZ

?set_path@FileInfo@data@input@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?mutable_creatorprocesskey@RECollectionPublishEventCommand@ipc@activeprobe@cyber@com@@QEAAPEAVProcessKey@2345@XZ

?mutable_parentprocesskey@RECollectionPublishEventCommand@ipc@activeprobe@cyber@com@@QEAAPEAVProcessKey@2345@XZ

?set_processname@RECollectionPublishEventCommand@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?set_commandline@RECollectionPublishEventCommand@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?mutable_processkey@RECollectionPublishEventCommand@ipc@activeprobe@cyber@com@@QEAAPEAVProcessKey@2345@XZ

?set_sha1@RECollectionPublishEventCommand@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?set_md5@RECollectionPublishEventCommand@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?set_filepath@RECollectionPublishEventCommand@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?set_ruleid@RuleNameId@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?set_rulename@RuleNameId@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?default_instance_@PreventionRuleGroup@language@prevention@cyber@com@@0PEAV12345@EA

?default_instance_@HierarchyRuleGroup@language@prevention@cyber@com@@0PEAV12345@EA

?default_instance_@PreventionProgram@language@prevention@cyber@com@@0PEAV12345@EA

?image_paths_size@Exclusion@language@prevention@cyber@com@@QEBAHXZ

?image_names_size@Exclusion@language@prevention@cyber@com@@QEBAHXZ

?rules@HierarchyRuleGroup@language@prevention@cyber@com@@QEBAAEBVRule@2345@H@Z

?rules_size@HierarchyRuleGroup@language@prevention@cyber@com@@QEBAHXZ

?rules@PreventionRuleGroup@language@prevention@cyber@com@@QEBAAEBVRule@2345@H@Z

?rules_size@PreventionRuleGroup@language@prevention@cyber@com@@QEBAHXZ

?programs@PreventionProgram@language@prevention@cyber@com@@QEBAAEBVPreventionRuleGroup@2345@H@Z

?programs_size@PreventionProgram@language@prevention@cyber@com@@QEBAHXZ

?hierarchy_rules@PreventionProgram@language@prevention@cyber@com@@QEBAAEBVHierarchyRuleGroup@2345@H@Z

?hierarchy_rules_size@PreventionProgram@language@prevention@cyber@com@@QEBAHXZ

?setup@PreventionProgram@language@prevention@cyber@com@@QEBAAEBVOperationSpecification@2345@H@Z

?setup_size@PreventionProgram@language@prevention@cyber@com@@QEBAHXZ

?default_instance_@OperationSpecification@language@prevention@cyber@com@@0PEAV12345@EA

?instructions@Rule@language@prevention@cyber@com@@QEBAAEBVOperation@2345@H@Z

?instructions_size@Rule@language@prevention@cyber@com@@QEBAHXZ

?match@Operation@language@prevention@cyber@com@@QEBAAEBVMatchRegexParameters@2345@XZ

?compare@Operation@language@prevention@cyber@com@@QEBAAEBVStringFieldCompareParameters@2345@XZ

?default_instance_@EpCollectorRpc@ipc@activeprobe@cyber@com@@0PEAV12345@EA

??1IpcRpcResponse@ipc@activeprobe@cyber@com@@UEAA@XZ

??0IpcRpcResponse@ipc@activeprobe@cyber@com@@QEAA@XZ

??0EpCollectorRpc@ipc@activeprobe@cyber@com@@QEAA@AEBV01234@@Z

??4IpcRpcResponse@ipc@activeprobe@cyber@com@@QEAAAEAV01234@AEBV01234@@Z

??4EpCollectorRpc@ipc@activeprobe@cyber@com@@QEAAAEAV01234@AEBV01234@@Z

??0MetroHash64@@QEAA@_K@Z

?Update@MetroHash64@@QEAAXPEBE_K@Z

?Finalize@MetroHash64@@QEAAXQEAE@Z

?mutable_publisharw@EpCollectorRpc@ipc@activeprobe@cyber@com@@QEAAPEAVARWPublish@2345@XZ

?set_sha256@ARWPublish@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?set_sha1@ARWPublish@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?set_md5@ARWPublish@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?set_publishreason@ARWPublish@ipc@activeprobe@cyber@com@@QEAAXW4DetectionDecisionStatus@2345@@Z

?set_detectionreason@ARWPublish@ipc@activeprobe@cyber@com@@QEAAXW4DetectionReason@2345@@Z

?set_processname@ARWPublish@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?set_filepath@EncryptedFile@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?set_remediationstatus@ARWPublish@ipc@activeprobe@cyber@com@@QEAAXW4RemediationConclusion@2345@@Z

?set_aggressionlevel@ARWPublish@ipc@activeprobe@cyber@com@@QEAAXW4StatisticsAggressionLevel@2345@@Z

?set_processimagehash@ARWPublish@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?add_encryptedfile@ARWPublish@ipc@activeprobe@cyber@com@@QEAAPEAVEncryptedFile@2345@XZ

?default_instance_@ArwSetting@transport@activeprobe@cyber@com@@0PEAV12345@EA

?mutable_quarantinefile@QuarantineFileProbeInternal@data@input@cyber@com@@QEAAPEAVFileInfo@2345@XZ

?set_requester@QuarantineFileProbeInternal@data@input@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??1QuarantineFileProbeInternal@data@input@cyber@com@@UEAA@XZ

??0QuarantineFileProbeInternal@data@input@cyber@com@@QEAA@XZ

?default_instance_@QuarantineFileProbeInternal@data@input@cyber@com@@0PEAV12345@EA

?set_extensionafter@FileStatistics@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?set_extensionbefore@FileStatistics@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?set_secondfilepath@EncryptedFile@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?mutable_statisticsscore@EncryptedFile@ipc@activeprobe@cyber@com@@QEAAPEAVFileStatistics@2345@XZ

?mutable_publishbsa@EpCollectorRpc@ipc@activeprobe@cyber@com@@QEAAPEAVBsaPublish@2345@XZ

?add_match@BsaPublish@ipc@activeprobe@cyber@com@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?mutable_file@QuarantineFileProbeInternal@data@input@cyber@com@@QEAAPEAVFileInfo@2345@XZ

?add_rulenameids@RECollectionPublishEventCommand@ipc@activeprobe@cyber@com@@QEAAPEAVRuleNameId@2345@XZ

yaramatcher

yr_rules_destroy

yr_rules_scan_mem

yr_compiler_get_rules

yr_compiler_add_string

yr_initialize

yr_compiler_create

yr_compiler_destroy

concrt140

?_Byte_reverse_table@details@Concurrency@@3QBEB

api-ms-win-crt-time-l1-1-0

_time64

_gmtime64_s

version

GetFileVersionInfoSizeW

VerQueryValueW

GetFileVersionInfoW

ole32

CoCreateInstance

crypt32

CertDuplicateCertificateContext

CertGetCertificateContextProperty

CertCloseStore

CertEnumCertificatesInStore

CertFindCertificateInStore

CertOpenStore

CertFreeCertificateContext

wsock32

send

closesocket

recv

WSASetLastError

WSAGetLastError

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

bcrypt

BCryptGenRandom

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ