2024-04-30_b03e999fbb18c96e3f67be8f9f190511_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-30_b03e999fbb18c96e3f67be8f9f190511_ryuk
Size

16.4MB
MD5

b03e999fbb18c96e3f67be8f9f190511
SHA1

ef5b003bdde290ba56bf2b8b7168ee1b1a3471c4
SHA256

3e8b610a4412a46ada2ee47168a39a156570282f00bef883a51ef84a49f590ca
SHA512

e7ec91c6d331ce03e0d65aff48ac2e93b4a58fd8d61d72b0cdb8aff4a178aa71d22799ae748b0726c222c0413e1c202fb1dad82491e478acc5f1fb473e1fcd47
SSDEEP

196608:13mk5vrpPYpJEeDFBU6rTmIIScD/TBATMkl:13mYvrNYzZuIIFDryAk

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Files

2024-04-30_b03e999fbb18c96e3f67be8f9f190511_ryuk
.exe windows:10 windows x64 arch:x64

e9583d3a440d59f642b92b2d8cde8800

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:d5:1d:a1:ae:0d:58:87:2c:b4:13:16:b2:76:b2:bc:8d:14:28:a4:41:00:fe:fb:5c:1b:d9:28:f5:da:01:fb
Signer

Actual PE Digest

32:d5:1d:a1:ae:0d:58:87:2c:b4:13:16:b2:76:b2:bc:8d:14:28:a4:41:00:fe:fb:5c:1b:d9:28:f5:da:01:fb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\e\src\out\Release_x64\msedgedriver.exe.pdb

Imports

advapi32

BuildTrusteeWithSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CreateProcessAsUserW
CreateProcessWithTokenW
CredFree
CredReadW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
EventRegister
EventSetInformation
EventUnregister
EventWrite
GetLengthSid
GetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegGetValueA
RegGetValueW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
SetSecurityInfo

dbghelp

SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

user32

AllowSetForegroundWindow
CreateWindowExW
DefWindowProcW
DestroyWindow
DispatchMessageW
GetActiveWindow
GetMessageW
GetQueueStatus
KillTimer
LoadKeyboardLayoutW
MapVirtualKeyW
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
RegisterClassExW
SetTimer
ToUnicode
TranslateMessage
UnregisterClassW
VkKeyScanW

ws2_32

WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecvFrom
WSAResetEvent
WSASend
WSASendTo
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_ntop
ioctlsocket
listen
ntohs
recv
recvfrom
sendto
setsockopt
shutdown
socket

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AreFileApisANSI
AssignProcessToJobObject
CancelIo
CancelIoEx
CloseHandle
CompareStringW
ConnectNamedPipe
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateNamedPipeW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateThread
DecodePointer
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetConsoleOutputCP
GetCurrencyFormatEx
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatEx
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetFullPathNameA
GetFullPathNameW
GetGeoInfoW
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
GetNativeSystemInfo
GetNumberFormatEx
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessTimes
GetProductInfo
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetThreadId
GetThreadPriority
GetTickCount
GetTimeFormatEx
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserGeoID
GetVersionExW
GetVolumePathNameW
GetWindowsDirectoryW
GlobalFree
GlobalMemoryStatusEx
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetModuleInformation
K32QueryWorkingSetEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
RegisterWaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ReplaceFileW
ResetEvent
ResolveLocaleName
ResumeThread
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetStdHandle
SetThreadInformation
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrlenA

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoInitializeEx
CoRegisterInitializeSpy
CoRevokeInitializeSpy
CoTaskMemFree
CoUninitialize

iphlpapi

GetAdaptersAddresses
GetBestInterfaceEx

shell32

CommandLineToArgvW
ord680
SHGetFolderPathW
SHGetKnownFolderPath
ShellExecuteExW

ntdll

RtlGetLastNtStatus

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

PathMatchSpecW
ord219

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winhttp

WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpSetTimeouts

crypt32

CertAddStoreToCollection
CertCloseStore
CertControlStore
CertFindCertificateInStore
CertGetEnhancedKeyUsage
CertOpenStore

secur32

AcquireCredentialsHandleW
DeleteSecurityContext
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
QueryContextAttributesW
QuerySecurityPackageInfoW

urlmon

CoInternetCreateSecurityManager

ncrypt

NCryptCreatePersistedKey
NCryptDeleteKey
NCryptEnumKeys
NCryptExportKey
NCryptFinalizeKey
NCryptFreeBuffer
NCryptFreeObject
NCryptIsAlgSupported
NCryptOpenKey
NCryptOpenStorageProvider
NCryptSignHash

Exports

Exports

?$TSS0@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@__Cr@std@@XZ@4HA
??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@XZ
??0DebugEventListener@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventListener@Events@Applications@Microsoft@@QEAA@XZ
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@AEBV?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@UEventProperty@Events@Applications@Microsoft@@@__Cr@std@@@23@@56@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@E@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@UEventProperty@Events@Applications@Microsoft@@@__Cr@std@@@6@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperty@Events@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@NV?$allocator@N@__Cr@std@@@__Cr@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@__Cr@std@@@__Cr@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@@__Cr@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@_JV?$allocator@_J@__Cr@std@@@__Cr@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@CW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@EW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@FW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@GW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@HW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@IW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@JW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@NW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@PEBDW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@UGUID_t@123@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@Utime_ticks_t@123@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperty@Events@Applications@Microsoft@@QEAA@_JW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@_KW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@_NW4PiiKind@123@W4DataCategory@123@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@HHHAEBV?$initializer_list@E@std@@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@PEBD@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@QEBE_N@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@XZ
??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@XZ
??0IDataFieldVisitor@telemetry_client@@QEAA@AEBV01@@Z
??0IDataFieldVisitor@telemetry_client@@QEAA@XZ
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@VVariant@Events@Applications@Microsoft@@@__Cr@std@@@std@@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ
??0ILogController@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0ILogController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogController@Events@Applications@Microsoft@@QEAA@XZ
??0ILogManager@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogManager@Events@Applications@Microsoft@@QEAA@XZ
??0ILogger@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogger@Events@Applications@Microsoft@@QEAA@XZ
??0IModule@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0IModule@Events@Applications@Microsoft@@QEAA@XZ
??0ISemanticContext@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ISemanticContext@Events@Applications@Microsoft@@QEAA@XZ
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@PEB_J@Z
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@XZ
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@_K@Z
??1DebugEventDispatcher@Events@Applications@Microsoft@@UEAA@XZ
??1DebugEventListener@Events@Applications@Microsoft@@UEAA@XZ
??1DebugEventSource@Events@Applications@Microsoft@@UEAA@XZ
??1EventProperties@Events@Applications@Microsoft@@UEAA@XZ
??1EventProperty@Events@Applications@Microsoft@@UEAA@XZ
??1IAuthTokensController@Events@Applications@Microsoft@@UEAA@XZ
??1IDataFieldVisitor@telemetry_client@@UEAA@XZ
??1ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ
??1ILogManager@Events@Applications@Microsoft@@UEAA@XZ
??1ILogger@Events@Applications@Microsoft@@UEAA@XZ
??1IModule@Events@Applications@Microsoft@@UEAA@XZ
??1ISemanticContext@Events@Applications@Microsoft@@UEAA@XZ
??1LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ
??4DebugEventDispatcher@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4DebugEventListener@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@UEventProperty@Events@Applications@Microsoft@@@__Cr@std@@@23@@__Cr@std@@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@UEventProperty@Events@Applications@Microsoft@@@__Cr@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@NV?$allocator@N@__Cr@std@@@__Cr@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@__Cr@std@@@__Cr@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@@__Cr@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@_JV?$allocator@_J@__Cr@std@@@__Cr@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@C@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@E@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@F@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@G@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@H@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@I@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@J@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@N@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@PEBD@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@UGUID_t@123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@Utime_ticks_t@123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_J@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_K@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_N@Z
??4GUID_t@Events@Applications@Microsoft@@QEAAAEAU0123@$$QEAU0123@@Z
??4GUID_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4IAuthTokensController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4IDataFieldVisitor@telemetry_client@@QEAAAEAV01@AEBV01@@Z
??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogManager@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogger@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4IModule@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ISemanticContext@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@$$QEAU0123@@Z
??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4time_ticks_t@Events@Applications@Microsoft@@QEAAAEAU0123@$$QEAU0123@@Z
??4time_ticks_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??8EventProperty@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??8GUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z
??DILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@VVariant@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@VVariant@Events@Applications@Microsoft@@@__Cr@std@@@23@@__Cr@std@@XZ
??MGUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??YEventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@UEventProperty@Events@Applications@Microsoft@@@__Cr@std@@@23@@__Cr@std@@@Z
??_7DebugEventDispatcher@Events@Applications@Microsoft@@6B@
??_7DebugEventListener@Events@Applications@Microsoft@@6B@
??_7DebugEventSource@Events@Applications@Microsoft@@6B@
??_7EventProperties@Events@Applications@Microsoft@@6B@
??_7EventProperty@Events@Applications@Microsoft@@6B@
??_7IAuthTokensController@Events@Applications@Microsoft@@6B@
??_7IDataFieldVisitor@telemetry_client@@6B@
??_7ILogController@Events@Applications@Microsoft@@6B@
??_7ILogManager@Events@Applications@Microsoft@@6BDebugEventDispatcher@123@@
??_7ILogManager@Events@Applications@Microsoft@@6BIContextProvider@123@@
??_7ILogManager@Events@Applications@Microsoft@@6BILogController@123@@
??_7ILogger@Events@Applications@Microsoft@@6B@
??_7IModule@Events@Applications@Microsoft@@6B@
??_7ISemanticContext@Events@Applications@Microsoft@@6B@
?AddEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z
?AddModule@ILogConfiguration@Events@Applications@Microsoft@@QEAAXPEBDAEBV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@__Cr@std@@@Z
?AttachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z
?ClearExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXXZ
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBDAEAW4status_t@234@_K@Z
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBD_NAEAVILogConfiguration@234@AEAW4status_t@234@_K@Z
?DestroyLogManager@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z
?DetachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z
?DispatchEvent@DebugEventSource@Events@Applications@Microsoft@@UEAA_NVDebugEvent@234@@Z
?DispatchEventBroadcast@ILogManager@Events@Applications@Microsoft@@SA_NVDebugEvent@234@@Z
?FromJSON@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@PEBD@Z
?FromLogConfiguration@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@AEAULogConfiguration@Telemetry@23@@Z
?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z
?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@PEBDAEAW4status_t@234@@Z
?GetDataInspector@ILogManager@Events@Applications@Microsoft@@UEAA?AV?$shared_ptr@VIDataInspector@Events@Applications@Microsoft@@@__Cr@std@@XZ
?GetDefaultConfiguration@Events@Applications@Microsoft@@YAAEBVILogConfiguration@123@XZ
?GetLatency@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventLatency@234@XZ
?GetModule@ILogConfiguration@Events@Applications@Microsoft@@QEAA?AV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@__Cr@std@@PEBD@Z
?GetModules@ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@23@@__Cr@std@@@23@@__Cr@std@@XZ
?GetName@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@XZ
?GetPersistence@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPersistence@234@XZ
?GetPiiProperties@EventProperties@Events@Applications@Microsoft@@QEBA?BV?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@U?$pair@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@W4PiiKind@Events@Applications@Microsoft@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@U?$pair@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@W4PiiKind@Events@Applications@Microsoft@@@23@@__Cr@std@@@23@@__Cr@std@@W4DataCategory@234@@Z
?GetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEBA_KXZ
?GetPopSample@EventProperties@Events@Applications@Microsoft@@QEBANXZ
?GetPriority@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPriority@234@XZ
?GetProperties@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@UEventProperty@Events@Applications@Microsoft@@@__Cr@std@@@23@@__Cr@std@@W4DataCategory@234@@Z
?GetTimestamp@EventProperties@Events@Applications@Microsoft@@QEBA_JXZ
?GetType@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@XZ
?HasConfig@ILogConfiguration@Events@Applications@Microsoft@@QEAA_NPEBD@Z
?Hash@GUID_t@Events@Applications@Microsoft@@QEBA_KXZ
?Initialize@IModule@Events@Applications@Microsoft@@UEAAXPEAVILogManager@234@@Z
?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@AEAVILogConfiguration@234@@Z
?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z
?RemoveEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z
?SetAppEnv@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetAppExperimentETag@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetAppExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetAppExperimentImpressionId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetAppId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetAppLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetAppName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetAppVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetCommercialId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetCommonField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@AEBUEventProperty@234@@Z
?SetCustomField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@AEBUEventProperty@234@@Z
?SetDeviceClass@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetDeviceId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetDeviceMake@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetDeviceModel@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetDeviceOrgId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetEventExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@0@Z
?SetLatency@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventLatency@234@@Z
?SetLevel@EventProperties@Events@Applications@Microsoft@@QEAAXE@Z
?SetName@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetNetworkCost@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkCost@234@@Z
?SetNetworkProvider@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetNetworkType@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkType@234@@Z
?SetOsBuild@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetOsName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetOsVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetPersistence@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPersistence@234@@Z
?SetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEAAX_K@Z
?SetPopsample@EventProperties@Events@Applications@Microsoft@@QEAAXN@Z
?SetPriority@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPriority@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@0W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@AEAV?$vector@NV?$allocator@N@__Cr@std@@@67@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@__Cr@std@@@67@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@AEAV?$vector@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@@67@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@AEAV?$vector@_JV?$allocator@_J@__Cr@std@@@67@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@CW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@EW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@FW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@GW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@HW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@IW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@NW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@PEBDW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@UEventProperty@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@UGUID_t@234@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@Utime_ticks_t@234@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_JW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_KW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_NW4PiiKind@234@W4DataCategory@234@@Z
?SetTicket@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4TicketType@234@AEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetTimestamp@EventProperties@Events@Applications@Microsoft@@QEAAX_J@Z
?SetType@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetUserANID@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetUserAdvertisingId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetUserId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@W4PiiKind@234@@Z
?SetUserLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetUserMsaId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?SetUserTimeZone@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?Teardown@IModule@Events@Applications@Microsoft@@UEAAXXZ
?TryGetLevel@EventProperties@Events@Applications@Microsoft@@QEBA?AV?$tuple@_NE@__Cr@std@@XZ
?clear@EventProperty@Events@Applications@Microsoft@@QEAAXXZ
?convertUintVectorToGUID@GUID_t@Events@Applications@Microsoft@@SA?AU_GUID@@AEBV?$vector@EV?$allocator@E@__Cr@std@@@__Cr@std@@@Z
?copydata@EventProperty@Events@Applications@Microsoft@@AEAAXPEBU1234@@Z
?empty@EventProperty@Events@Applications@Microsoft@@QEAA_NXZ
?erase@EventProperties@Events@Applications@Microsoft@@QEAA_KAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@W4DataCategory@234@@Z
?lock@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@__Cr@std@@XZ@4V?$Leaky@Vrecursive_mutex@__Cr@std@@@345@A
?pack@EventProperties@Events@Applications@Microsoft@@QEAAPEAUevt_prop@@XZ
?stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@__Cr@std@@XZ
?to_bytes@GUID_t@Events@Applications@Microsoft@@QEBAXAEAY0BA@E@Z
?to_string@EventProperty@Events@Applications@Microsoft@@UEBA?AV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@XZ
?to_string@GUID_t@Events@Applications@Microsoft@@QEBA?AV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@XZ
?type_name@EventProperty@Events@Applications@Microsoft@@SAPEBDI@Z
?unpack@EventProperties@Events@Applications@Microsoft@@QEAA_NPEAUevt_prop@@_K@Z
GetHandleVerifier
OQS_CPU_has_extension
OQS_KEM_alg_count
OQS_KEM_alg_identifier
OQS_KEM_alg_is_enabled
OQS_KEM_decaps
OQS_KEM_encaps
OQS_KEM_free
OQS_KEM_keypair
OQS_KEM_kyber_768_decaps
OQS_KEM_kyber_768_encaps
OQS_KEM_kyber_768_keypair
OQS_KEM_new
OQS_MEM_cleanse
OQS_MEM_insecure_free
OQS_MEM_secure_bcmp
OQS_MEM_secure_free
OQS_SIG_alg_count
OQS_SIG_alg_identifier
OQS_SIG_alg_is_enabled
OQS_SIG_free
OQS_SIG_keypair
OQS_SIG_new
OQS_SIG_sign
OQS_SIG_verify
OQS_destroy
OQS_init
OQS_randombytes
OQS_randombytes_custom_algorithm
OQS_randombytes_nist_kat_init_256bit
OQS_randombytes_switch_algorithm
OQS_version
evt_api_call_default
sqlite3_dbdata_init

Sections

.text
Size: 11.7MB - Virtual size: 11.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 200B

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 713B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 226B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9583d3a440d59f642b92b2d8cde8800

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

32:d5:1d:a1:ae:0d:58:87:2c:b4:13:16:b2:76:b2:bc:8d:14:28:a4:41:00:fe:fb:5c:1b:d9:28:f5:da:01:fbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

dbghelp

user32

ws2_32

kernel32

ole32

iphlpapi

shell32

ntdll

winmm

userenv

shlwapi

version

winhttp

crypt32

secur32

urlmon

ncrypt

Exports

Exports

Sections

.text Size: 11.7MB - Virtual size: 11.7MB

.rdata Size: 4.0MB - Virtual size: 4.0MB

.data Size: 127KB - Virtual size: 220KB

.pdata Size: 458KB - Virtual size: 457KB

.gxfg Size: 13KB - Virtual size: 13KB

.retplne Size: 512B - Virtual size: 200B

.rodata Size: 2KB - Virtual size: 2KB

.tls Size: 1024B - Virtual size: 713B

_RDATA Size: 512B - Virtual size: 348B

malloc_h Size: 512B - Virtual size: 226B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 72KB - Virtual size: 71KB

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

32:d5:1d:a1:ae:0d:58:87:2c:b4:13:16:b2:76:b2:bc:8d:14:28:a4:41:00:fe:fb:5c:1b:d9:28:f5:da:01:fb
Signer

.text
Size: 11.7MB - Virtual size: 11.7MB

.rdata
Size: 4.0MB - Virtual size: 4.0MB

.data
Size: 127KB - Virtual size: 220KB

.pdata
Size: 458KB - Virtual size: 457KB

.gxfg
Size: 13KB - Virtual size: 13KB

.retplne
Size: 512B - Virtual size: 200B

.rodata
Size: 2KB - Virtual size: 2KB

.tls
Size: 1024B - Virtual size: 713B

_RDATA
Size: 512B - Virtual size: 348B

malloc_h
Size: 512B - Virtual size: 226B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 72KB - Virtual size: 71KB