D:\a\_work\1\b\PaintApp\mspaint.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
mspaint.exe
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
mspaint.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
mspaint.exe.ensilo
-
Size
4.1MB
-
MD5
47535b0226f32e9d99b2e00b101428b9
-
SHA1
0c759793cf338d8d388d1f47fcdcbde708b28637
-
SHA256
320ca7e6b6134822adc7df2f8e7b1c5b4dfd0e788f232076c2201024c63d7a4c
-
SHA512
1fd6de158ff90f2aacdaa5a60fcaee32b9b707521bb39e0089122492955249ad628f083b573376afb78f00f0141c3a2fa2d476b4fd959b23a56d807a95a19abd
-
SSDEEP
98304:xeyl5Wi+mgRQNEHI+Rgp0BsY7TyGFJXfg:xjTgR7oObBs4yGFJXf
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource mspaint.exe.ensilo
Files
-
mspaint.exe.ensilo.exe windows:6 windows x64 arch:x64
7b37e71d3f5d92aecf483a4485b78ade
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
api-ms-win-core-com-l1-1-0
CreateStreamOnHGlobal
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CLSIDFromString
StringFromCLSID
GetHGlobalFromStream
CoCreateInstance
CoTaskMemAlloc
CoGetApartmentType
CoGetObjectContext
PropVariantClear
CoTaskMemFree
FreePropVariantArray
api-ms-win-core-errorhandling-l1-1-0
RaiseException
SetLastError
GetLastError
SetErrorMode
api-ms-win-core-heap-l2-1-0
LocalAlloc
GlobalAlloc
LocalFree
GlobalFree
api-ms-win-core-file-l1-2-2
AreFileApisANSI
FindNextStreamW
FindFirstStreamW
api-ms-win-core-file-l1-1-0
GetFileTime
DeleteFileW
SetFileTime
FindClose
GetFileSize
SetEndOfFile
FileTimeToLocalFileTime
SetFileAttributesW
FindFirstFileW
GetFullPathNameW
GetFileAttributesW
WriteFile
ReadFile
CreateFileW
GetFileSizeEx
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-handle-l1-1-0
CloseHandle
oleaut32
SysAllocString
VariantInit
SysStringLen
SetErrorInfo
GetErrorInfo
SysFreeString
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
OutputDebugStringW
DebugBreak
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
GetCurrentThreadId
api-ms-win-core-localization-l1-2-0
GetLocaleInfoW
FormatMessageA
GetThreadLocale
FormatMessageW
GetLocaleInfoEx
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetTickCount
GetSystemInfo
api-ms-win-core-sysinfo-l1-2-0
VerSetConditionMask
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-processthreads-l1-1-1
OpenProcess
api-ms-win-core-psapi-l1-1-0
QueryFullProcessImageNameW
api-ms-win-core-file-l2-1-0
MoveFileExW
api-ms-win-core-file-l2-1-2
CopyFileW
api-ms-win-core-registry-l1-1-0
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
api-ms-win-core-synch-l1-1-0
WaitForSingleObject
InitializeCriticalSectionEx
CreateMutexExW
DeleteCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-util-l1-1-0
EncodePointer
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
WideCharToMultiByte
propsys
PSGetPropertyDescriptionListFromString
PropVariantToStringVectorAlloc
dwmapi
DwmDefWindowProc
DwmSetWindowAttribute
api-ms-win-ntuser-sysparams-l1-1-0
GetSystemMetrics
GetMonitorInfoW
api-ms-win-core-heap-obsolete-l1-1-0
GlobalReAlloc
GlobalSize
GlobalUnlock
GlobalLock
api-ms-win-shcore-stream-winrt-l1-1-0
CreateRandomAccessStreamOverStream
CreateStreamOverRandomAccessStream
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-string-obsolete-l1-1-0
lstrlenW
lstrcmpiW
api-ms-win-core-com-l2-1-1
WriteClassStg
api-ms-win-core-largeinteger-l1-1-0
MulDiv
api-ms-win-security-provider-l1-1-0
SetNamedSecurityInfoW
GetNamedSecurityInfoW
api-ms-win-core-memory-l1-1-0
VirtualQuery
VirtualProtect
mfc140u
ord11665
ord14088
ord12212
ord7719
ord14288
ord6121
ord14290
ord6123
ord14289
ord6122
ord3731
ord11929
ord11933
ord11901
ord12606
ord5555
ord9941
ord6614
ord2011
ord1665
ord5971
ord5401
ord9835
ord11921
ord5706
ord10124
ord7920
ord14216
ord4445
ord12213
ord12608
ord12609
ord2931
ord1844
ord13586
ord2273
ord13545
ord2194
ord1360
ord865
ord1450
ord983
ord7393
ord9842
ord1410
ord941
ord5674
ord12782
ord12176
ord5512
ord10861
ord10128
ord6260
ord5750
ord10703
ord8730
ord12769
ord3964
ord6118
ord877
ord8866
ord13758
ord7541
ord9114
ord13761
ord2311
ord10202
ord4585
ord1667
ord10961
ord10717
ord10670
ord5391
ord10934
ord3801
ord3310
ord9968
ord10882
ord11102
ord11175
ord9180
ord9095
ord11178
ord5262
ord9825
ord11096
ord8878
ord12215
ord9947
ord5090
ord5937
ord11215
ord6115
ord12369
ord1880
ord5973
ord6704
ord5541
ord9670
ord11432
ord9054
ord10828
ord10827
ord10412
ord10123
ord5190
ord5197
ord14132
ord11776
ord9175
ord10941
ord8891
ord8772
ord2779
ord13697
ord8093
ord2511
ord7395
ord2767
ord13023
ord12100
ord12341
ord4549
ord3728
ord5554
ord9942
ord8913
ord9847
ord9843
ord9848
ord9098
ord5981
ord5408
ord3739
ord11675
ord2345
ord1682
ord2864
ord1687
ord14235
ord2810
ord2795
ord1047
ord345
ord3532
ord1367
ord864
ord4462
ord4459
ord4461
ord1039
ord323
ord2342
ord10027
ord13469
ord12267
ord12240
ord3947
ord2269
ord12635
ord2357
ord320
ord14148
ord2663
ord12467
ord12256
ord10960
ord7668
ord12625
ord3949
ord4011
ord9089
ord7650
ord14210
ord10716
ord10668
ord1364
ord861
ord7219
ord7355
ord11481
ord9845
ord7096
ord280
ord4181
ord9168
ord11751
ord2615
ord7518
ord9270
ord10804
ord10967
ord10964
ord2627
ord4588
ord7114
ord10694
ord2187
ord1379
ord891
ord7362
ord5916
ord6619
ord5240
ord10093
ord11184
ord4443
ord3723
ord5189
ord11484
ord11489
ord9043
ord8521
ord5743
ord12223
ord5726
ord13358
ord5727
ord13360
ord1766
ord12142
ord5917
ord4873
ord4872
ord8095
ord7912
ord11763
ord11859
ord4353
ord2510
ord13351
ord5722
ord11784
ord8904
ord10548
ord11323
ord4726
ord13199
ord8928
ord8993
ord4725
ord3081
ord1129
ord502
ord7245
ord6879
ord4947
ord9739
ord11435
ord8604
ord8614
ord10199
ord9217
ord9682
ord9677
ord9205
ord9215
ord9200
ord10968
ord10965
ord8003
ord11770
ord6630
ord2628
ord11805
ord8917
ord11813
ord10704
ord11085
ord3951
ord3308
ord3307
ord6000
ord13397
ord2697
ord11854
ord5755
ord8901
ord6285
ord1492
ord1490
ord5168
ord10835
ord10807
ord9738
ord13864
ord5212
ord13136
ord4335
ord8702
ord6098
ord6074
ord7551
ord6090
ord3952
ord6006
ord1121
ord489
ord4946
ord2350
ord10811
ord5152
ord1381
ord896
ord2307
ord2346
ord2344
ord1382
ord1446
ord979
ord8731
ord10163
ord2686
ord13767
ord3071
ord1089
ord448
ord7893
ord6002
ord13401
ord3212
ord3209
ord7913
ord2698
ord14360
ord9976
ord9978
ord9977
ord9975
ord9979
ord5451
ord11414
ord11415
ord8830
ord11771
ord3718
ord11625
ord14209
ord8656
ord11902
ord6729
ord10691
ord8947
ord3173
ord13513
ord11944
ord11940
ord1700
ord1722
ord1748
ord1734
ord1755
ord4776
ord4843
ord4788
ord4806
ord4800
ord4794
ord4853
ord4837
ord4782
ord4859
ord4814
ord4752
ord4767
ord4828
ord4360
ord12222
ord2439
ord5183
ord8023
ord12544
ord9384
ord4352
ord8084
ord2967
ord14211
ord7651
ord14217
ord6631
ord11406
ord8167
ord13354
ord6578
ord8902
ord5723
ord2629
ord5749
ord8170
ord5399
ord5969
ord1847
ord12350
ord11806
ord8431
ord3333
ord3334
ord7712
ord12624
ord2821
ord11663
ord11662
ord13116
ord10121
ord2921
ord285
ord5709
ord1670
ord8409
ord3812
ord3279
ord7173
ord7389
ord8161
ord3989
ord3278
ord3992
ord2170
ord7116
ord894
ord2495
ord5886
ord2358
ord2223
ord11817
ord11757
ord13956
ord11850
ord5080
ord7222
ord363
ord11229
ord10962
ord5921
ord11053
ord10902
ord10191
ord11496
ord5363
ord5552
ord10868
ord9986
ord9041
ord11027
ord9189
ord5339
ord9364
ord5582
ord11434
ord5083
ord7849
ord5580
ord9945
ord10907
ord1491
ord1489
ord438
ord1086
ord2473
ord1033
ord488
ord1120
ord1503
ord296
ord5229
ord5062
ord7460
ord7461
ord7450
ord5227
ord7922
ord9946
ord8900
ord3713
ord3172
ord2316
ord1454
ord990
ord7394
ord7182
ord6505
ord6542
ord3825
ord1452
ord985
ord8544
ord4357
ord2514
ord2212
ord3742
ord12765
ord4722
ord12746
ord2475
ord6320
ord3756
ord2270
ord6247
ord4721
ord3051
kernel32
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadResource
FindResourceExW
LockResource
SizeofResource
RegisterApplicationRestart
Sleep
ApplicationRecoveryFinished
CreateThread
ApplicationRecoveryInProgress
RegisterApplicationRecoveryCallback
GetTempFileNameW
FileTimeToSystemTime
CompareFileTime
SystemTimeToFileTime
GetSystemTime
SetEvent
CompareStringOrdinal
CreateEventExW
LoadLibraryExW
GetCurrentPackageFullName
ParseApplicationUserModelId
GetCurrentApplicationUserModelId
GetStartupInfoW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalDeleteAtom
GlobalAddAtomW
user32
FillRect
CopyRect
InflateRect
SetRect
UnionRect
SetTimer
KillTimer
IsRectEmpty
SetRectEmpty
GetKeyState
OffsetRect
IsClipboardFormatAvailable
EnableWindow
IntersectRect
GetDC
InvalidateRect
PeekMessageW
UpdateWindow
LoadCursorW
GetSystemMenu
RemoveMenu
PostMessageW
GetParent
SetActiveWindow
SendMessageW
DestroyWindow
NotifyWinEvent
SetCursor
DestroyCursor
TranslateAcceleratorW
GetCursorPos
ScreenToClient
MonitorFromRect
GetWindowThreadProcessId
RegisterClipboardFormatW
DestroyMenu
GetClassInfoW
LoadIconW
GetWindowRect
ReleaseDC
IsWindowVisible
PostQuitMessage
CreateAcceleratorTableW
SetPropW
LoadImageW
GetClientRect
SetProcessDefaultLayout
IsMenu
IsWindow
SetWindowLongPtrW
SetWindowTextW
SetDlgItemTextW
SendDlgItemMessageW
PtInRect
IsIconic
AdjustWindowRectExForDpi
GetWindowLongPtrW
SetDlgItemInt
RegisterClassExW
CheckDlgButton
MoveWindow
DispatchMessageW
GetDlgItem
GetDlgItemInt
TranslateMessage
GetMessageW
SetWindowPos
CreateWindowExW
GetDpiForWindow
GetSystemMetricsForDpi
SetClassLongPtrW
MonitorFromWindow
SetCursorPos
SendInput
GetWindowLongW
SetFocus
DeleteMenu
DefWindowProcW
gdi32
EndPage
SetWorldTransform
SetGraphicsMode
StretchBlt
Rectangle
SetLayout
GetLayout
GetStockObject
AbortDoc
EndDoc
LPtoDP
StartPage
DPtoLP
StartDocW
SetAbortProc
CreateDCW
CreateDIBitmap
CreateBitmap
SelectObject
CreateCompatibleDC
CreateDIBSection
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleBitmap
SaveDC
SetMapMode
GetObjectW
GetDeviceCaps
RestoreDC
CreateSolidBrush
SetViewportExtEx
PlayMetaFile
SetStretchBltMode
BitBlt
RealizePalette
CreatePalette
comdlg32
GetFileTitleW
PrintDlgExW
GetOpenFileNameW
winspool.drv
OpenPrinterW
GetJobW
advapi32
RegDeleteKeyW
EncryptFileW
DecryptFileW
DuplicateEncryptionInfoFile
EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
RegGetValueW
RegSetKeyValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
shell32
DragAcceptFiles
SHGetKnownFolderPath
SHCreateItemFromParsingName
ord75
SHGetSpecialFolderPathW
DragFinish
SHChangeNotify
ord165
DragQueryFileW
SHAddToRecentDocs
shlwapi
PathFindFileNameW
PathStripPathW
ord12
PathFileExistsW
ole32
OleGetClipboard
WriteFmtUserTypeStg
CoCreateGuid
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
ReleaseStgMedium
msvcp140
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Thrd_yield
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_wait
_Mtx_unlock
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_lock
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Xbad_function_call@std@@YAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_broadcast
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Mtx_init_in_situ
_Cnd_init_in_situ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Incref@facet@locale@std@@UEAAXXZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
_Mbrtowc
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Xbad_alloc@std@@YAXXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??Bios_base@std@@QEBA_NXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QEBA_NXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Xlength_error@std@@YAXPEBD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
concrt140
?_Trace_ppl_function@Concurrency@@YAXAEBU_GUID@@EW4ConcRT_EventType@1@@Z
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QEAA_NXZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QEBA_NXZ
??1_Cancellation_beacon@details@Concurrency@@QEAA@XZ
??1_StructuredTaskCollection@details@Concurrency@@QEAA@XZ
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IEAAXXZ
??0_Cancellation_beacon@details@Concurrency@@QEAA@XZ
?Free@Concurrency@@YAXPEAX@Z
?PPLParallelForEventGuid@Concurrency@@3U_GUID@@B
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__RTDynamicCast
_CxxThrowException
memmove
memcpy
__std_exception_copy
__std_exception_destroy
_purecall
__current_exception
memcmp
memset
__C_specific_handler
__std_terminate
__std_type_info_compare
__current_exception_context
api-ms-win-crt-runtime-l1-1-0
_crt_atexit
_initialize_onexit_table
_c_exit
_invalid_parameter_noinfo
_errno
abort
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
_set_app_type
_configure_wide_argv
__p___argc
__p___wargv
_initialize_wide_environment
terminate
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_register_thread_local_exe_atexit_callback
_cexit
_register_onexit_function
api-ms-win-crt-string-l1-1-0
wcscpy_s
iswspace
wcsncpy_s
_wcsdup
_wcsicmp
wcscat_s
strcpy_s
api-ms-win-crt-convert-l1-1-0
wcstol
wcstoul
api-ms-win-crt-math-l1-1-0
_fdsign
__setusermatherr
_dsign
_dclass
_fdclass
_ldclass
atan2f
ceil
ceilf
cosf
_ldsign
floorf
round
sinf
sqrtf
roundf
tan
tanf
api-ms-win-crt-stdio-l1-1-0
_fseeki64
fgetpos
fwrite
fflush
_set_fmode
fsetpos
fread
__stdio_common_vsprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
fclose
_get_stream_buffer_pointers
__p__commode
fputc
ungetc
fgetc
setvbuf
api-ms-win-crt-heap-l1-1-0
calloc
free
malloc
_set_new_mode
api-ms-win-crt-utility-l1-1-0
rand
api-ms-win-crt-locale-l1-1-0
_wsetlocale
_configthreadlocale
___lc_codepage_func
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_unlock_file
provenancesdk
PROV_AuthoringInitFromFile
PROV_UTIL_GetManifestFromRawManifestStoreBytes
PROV_AuthoringEmbedItem
PROV_ValidationInitFromBuffer
PROV_CONTEXT_alloc
PROV_AuthoringSetGeneratorMetadata
PROV_AuthoringAddAssertions
PROV_AuthoringFinalizeOutputToFile
PROV_UTIL_GenerateSignature
PROV_UTIL_GenerateCOSESigStructure
PROV_HASHED_URI_Free
PROV_CONTEXT_free
PROV_ValidationGetRawManifestStore
api-ms-win-core-winrt-string-l1-1-0
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
rpcrt4
UuidToStringW
RpcStringFreeW
UuidCreate
api-ms-win-core-synch-l1-2-0
InitOnceBeginInitialize
InitOnceComplete
winmm
timeGetTime
libcrypto-3-x64
PEM_read_bio_PrivateKey
PEM_read_bio_X509
X509_check_private_key
EVP_PKEY_CTX_new_id
EVP_PKEY_keygen_init
EVP_PKEY_CTX_set_ec_paramgen_curve_nid
EVP_PKEY_keygen
X509_new
X509_set_version
ASN1_INTEGER_set
X509_get_serialNumber
X509_NAME_new
X509_NAME_add_entry_by_txt
X509_set_subject_name
X509_set_issuer_name
X509_gmtime_adj
X509_getm_notBefore
X509_getm_notAfter
X509_set_pubkey
X509_sign
EVP_sha256
BIO_new
BIO_s_mem
PEM_write_bio_PKCS8PrivateKey
BIO_ctrl
BIO_new_mem_buf
PEM_write_bio_X509
X509_NAME_free
EVP_PKEY_CTX_free
X509_free
EVP_PKEY_free
BIO_free
api-ms-win-core-featurestaging-l1-1-0
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
api-ms-win-core-interlocked-l1-1-0
InterlockedPushEntrySList
api-ms-win-core-threadpool-l1-2-0
TrySubmitThreadpoolCallback
Sections
.text Size: 988KB - Virtual size: 987KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 647KB - Virtual size: 646KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 204KB - Virtual size: 211KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 47KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ