C:\agent\_work\3\s\x64\Release\SysInfoCap.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a7579e2da4c36c310ffcb2ad624a85d0N.exe
Resource
win7-20240705-en
windows7-x64
0 signatures
120 seconds
Behavioral task
behavioral2
Sample
a7579e2da4c36c310ffcb2ad624a85d0N.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
0 signatures
120 seconds
General
-
Target
a7579e2da4c36c310ffcb2ad624a85d0N.exe
-
Size
1.4MB
-
MD5
a7579e2da4c36c310ffcb2ad624a85d0
-
SHA1
affc8d4795e0acd0337993a2e562f26beca5ba96
-
SHA256
0fecee8c2709fc7d1777014c6ba6e42c4d0eeb08e0252630ce560331ea7a66c4
-
SHA512
236af4c32d7e2e6f1aa60090b5dbf5d2e36a63282d89e768dbc084a339157011db38659f27b0090e2d7144514ad765502658467f3c55dd8c3b513b75c89d3527
-
SSDEEP
24576:FRu/ooJ8/Qq4qh0lhSMXlUPpfdyoO7xFDVv7DxAZquHPH9k:F+8/Qqo81y1zDOQ0K
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a7579e2da4c36c310ffcb2ad624a85d0N.exe
Files
-
a7579e2da4c36c310ffcb2ad624a85d0N.exe.exe windows:6 windows x64 arch:x64
7862b3edebbf13b1d8e5c7d1847f692b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
api-ms-win-crt-runtime-l1-1-0
_register_thread_local_exe_atexit_callback
_exit
exit
__p___wargv
terminate
__p___argc
_initterm
_cexit
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_errno
_set_app_type
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_register_onexit_function
_initialize_onexit_table
_beginthreadex
abort
_crt_atexit
_initterm_e
_c_exit
_invalid_parameter_noinfo
api-ms-win-crt-string-l1-1-0
wcsncpy_s
toupper
strnlen
strcpy_s
tolower
towlower
wcsnlen
_wcsicmp
iswspace
wcscpy_s
wcscat_s
wcsncmp
api-ms-win-crt-heap-l1-1-0
malloc
realloc
free
_set_new_mode
_callnewh
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_type_info_name
_CxxThrowException
_purecall
__std_type_info_compare
__std_exception_destroy
memset
memcpy
__std_exception_copy
__std_terminate
memchr
__current_exception
memcmp
__current_exception_context
__C_specific_handler
strchr
memmove
msvcp140
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Wcsxfrm
??_7facet@locale@std@@6B@
?id@?$collate@_W@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Wcscoll
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
_Cnd_broadcast
_Xtime_get_ticks
_Query_perf_counter
_Cnd_destroy_in_situ
_Cnd_wait
??_7_Facet_base@std@@6B@
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_init_in_situ
_Cnd_signal
_Cnd_register_at_thread_exit
_Mtx_unlock
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_init_in_situ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
_Mtx_destroy_in_situ
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Cnd_timedwait
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
_Cnd_unregister_at_thread_exit
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
_Mtx_current_owns
??0task_continuation_context@Concurrency@@AEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?exceptions@ios_base@std@@QEAAXH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1_Facet_base@std@@UEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xbad_alloc@std@@YAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
kernel32
InitOnceBeginInitialize
Sleep
GetModuleFileNameW
CloseHandle
GetVersion
SetEvent
GetLastError
CreateEventW
WideCharToMultiByte
GetModuleHandleW
IsDebuggerPresent
MultiByteToWideChar
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
LocalAlloc
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetSystemFirmwareTable
LoadLibraryW
InterlockedPushEntrySList
FormatMessageW
RtlCaptureContext
GetSystemTime
GetTickCount64
AreFileApisANSI
WaitForSingleObject
ReleaseMutex
CreateMutexW
RaiseException
GetSystemInfo
VirtualProtect
InitOnceComplete
FreeLibrary
GetProcAddress
LoadLibraryExA
GetFileAttributesW
GetFileAttributesExW
ResetEvent
ReleaseSRWLockExclusive
RegisterWaitUntilOOBECompleted
UnregisterWaitUntilOOBECompleted
SubmitThreadpoolWork
OOBEComplete
CreateThreadpoolWork
CreateDirectoryW
DuplicateHandle
K32GetModuleFileNameExW
GetPackageFamilyName
GetPackageId
AcquireSRWLockExclusive
WakeAllConditionVariable
CreateFileW
SleepConditionVariableSRW
OpenProcess
FindClose
FormatMessageA
ExpandEnvironmentStringsW
GetFullPathNameW
FindFirstFileW
LocalFree
GetLocaleInfoEx
OpenPackageInfoByFullName
GetProcessHeap
WTSGetActiveConsoleSessionId
HeapAlloc
DeleteProcThreadAttributeList
GetPackagePathByFullName
UpdateProcThreadAttribute
GetFileInformationByHandleEx
VirtualQuery
GetPackageInfo
InitializeProcThreadAttributeList
ClosePackageInfo
HeapFree
FindPackagesByPackageFamily
GetModuleHandleA
advapi32
CryptGenKey
CreateProcessAsUserW
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
LookupAccountSidW
GetNamedSecurityInfoW
GetAce
RegisterServiceCtrlHandlerExW
RegCloseKey
SetServiceStatus
ChangeServiceConfig2W
RegCreateKeyExW
RegOpenKeyExW
StartServiceCtrlDispatcherW
RegOpenKeyW
RegQueryValueExW
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
FreeSid
RegCreateKeyW
RegSetKeyValueW
CryptReleaseContext
DuplicateTokenEx
CryptGetProvParam
CryptImportKey
CryptSetKeyParam
CryptDestroyHash
CryptHashData
CryptDeriveKey
CryptCreateHash
CryptExportKey
CryptDecrypt
CryptGenRandom
CryptEncrypt
CryptAcquireContextW
CryptGetKeyParam
CryptDestroyKey
ConvertStringSidToSidW
OpenServiceW
GetUserNameW
ControlService
GetTokenInformation
DeleteService
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
CreateServiceW
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vswprintf
__stdio_common_vfwprintf
__stdio_common_vsscanf
setvbuf
_set_fmode
__p__commode
__acrt_iob_func
__stdio_common_vswprintf_s
fclose
_get_stream_buffer_pointers
fread
fwrite
fgetpos
_fseeki64
fsetpos
fflush
fputc
ungetc
fgetc
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
___lc_codepage_func
api-ms-win-power-setting-l1-1-0
PowerSettingRegisterNotification
wtsapi32
WTSQueryUserToken
wintrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext2
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle2
CryptCATAdminReleaseContext
WTHelperGetProvSignerFromChain
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
crypt32
CryptBinaryToStringW
CryptUnprotectData
CryptProtectData
CertNameToStrW
CryptStringToBinaryW
shlwapi
PathFileExistsW
PathFindFileNameW
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW
api-ms-win-appmodel-runtime-l1-1-1
GetPackageFullNameFromToken
GetStagedPackageOrigin
shell32
CommandLineToArgvW
rpcrt4
RpcStringFreeW
RpcServerInqCallAttributesW
UuidToStringW
UuidCreate
RpcRevertToSelf
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcServerRegisterIf3
RpcImpersonateClient
NdrServerCall2
NdrServerCallAll
NdrClientCall3
RpcBindingVectorFree
RpcMgmtStopServerListening
RpcServerListen
RpcMgmtWaitServerListen
api-ms-win-core-path-l1-1-0
PathCchRemoveExtension
PathCchRemoveFileSpec
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
api-ms-win-security-base-l1-2-2
DeriveCapabilitySidsFromName
ole32
CoIncrementMTAUsage
CoCreateFreeThreadedMarshaler
CoCreateGuid
ntdll
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
api-ms-win-crt-convert-l1-1-0
wcstol
strtol
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
api-ms-win-crt-time-l1-1-0
_time64
_mktime64
_localtime64_s
wcsftime
_difftime64
rpcclient.native
?CloseConnection@RpcClient@Core@Client@Bridge@Hp@@QEAAHXZ
?OpenConnection@RpcClient@Core@Client@Bridge@Hp@@QEAAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?ExecuteCommand@RpcClient@Core@Client@Bridge@Hp@@QEAAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@I0AEAV67@@Z
?GetClientForEndpoint@RpcClient@Native@Client@Bridge@Hp@@SA?AV?$shared_ptr@VRpcClient@Native@Client@Bridge@Hp@@@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@7@@Z
oleaut32
GetErrorInfo
SysStringLen
SysFreeString
api-ms-win-core-winrt-error-l1-1-0
SetRestrictedErrorInfo
GetRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-1
RoOriginateLanguageException
api-ms-win-core-winrt-string-l1-1-0
WindowsDeleteString
WindowsPreallocateStringBuffer
WindowsGetStringRawBuffer
WindowsDeleteStringBuffer
WindowsPromoteStringBuffer
WindowsGetStringLen
WindowsDuplicateString
WindowsCreateString
WindowsCreateStringReference
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
RoInitialize
Exports
Exports
??0BridgeAccessManager@Security@Bridge@Hp@@QEAA@AEBV0123@@Z
??0BridgeAccessManager@Security@Bridge@Hp@@QEAA@XZ
??0CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAA@XZ
??0IClientInformation@Server@Bridge@Hp@@QEAA@AEBU0123@@Z
??0IClientInformation@Server@Bridge@Hp@@QEAA@W4ClientType@123@@Z
??0IClientInformation@Server@Bridge@Hp@@QEAA@W4ClientType@123@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0IClientInformation@Server@Bridge@Hp@@QEAA@XZ
??0IClientWithNoHpManifestCheckCriteria@Security@Bridge@Hp@@QEAA@AEBV0123@@Z
??0IClientWithNoHpManifestCheckCriteria@Security@Bridge@Hp@@QEAA@XZ
??0Launcher@Services@Server@Bridge@Hp@@QEAA@AEBV01234@@Z
??0Launcher@Services@Server@Bridge@Hp@@QEAA@XZ
??0MatchingDescriptor@Security@Bridge@Hp@@QEAA@XZ
??0UwpInformation@Uwp@Server@Bridge@Hp@@QEAA@AEBU01234@@Z
??0UwpInformation@Uwp@Server@Bridge@Hp@@QEAA@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0GG@Z
??0UwpInformation@Uwp@Server@Bridge@Hp@@QEAA@XZ
??0UwpMatchingDescriptor@Security@Bridge@Hp@@QEAA@AEBV0123@@Z
??0UwpMatchingDescriptor@Security@Bridge@Hp@@QEAA@UUwpInformation@Uwp@Server@23@W4Operation@MatchingDescriptor@123@@Z
??0UwpPackageDataAccess@Uwp@Server@Bridge@Hp@@QEAA@AEBV01234@@Z
??0UwpPackageDataAccess@Uwp@Server@Bridge@Hp@@QEAA@XZ
??0UwpPackageModel@Uwp@Server@Bridge@Hp@@QEAA@$$QEAU01234@@Z
??0UwpPackageModel@Uwp@Server@Bridge@Hp@@QEAA@AEBU01234@@Z
??0UwpPackageModel@Uwp@Server@Bridge@Hp@@QEAA@XZ
??0UwpWithNoHPManifestExemptionWhiteList@Security@Bridge@Hp@@QEAA@XZ
??0UwpWithNoHpManifestCheckBasedOnMajorAndMinorVersion@Security@Bridge@Hp@@QEAA@AEBV0123@@Z
??0UwpWithNoHpManifestCheckBasedOnMajorAndMinorVersion@Security@Bridge@Hp@@QEAA@V?$shared_ptr@V?$vector@VUwpMatchingDescriptor@Security@Bridge@Hp@@V?$allocator@VUwpMatchingDescriptor@Security@Bridge@Hp@@@std@@@std@@@std@@V?$shared_ptr@UUwpInformation@Uwp@Server@Bridge@Hp@@@5@@Z
??0Win32Information@Win32@Server@Bridge@Hp@@QEAA@AEBU01234@@Z
??0Win32Information@Win32@Server@Bridge@Hp@@QEAA@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0GG@Z
??0Win32Information@Win32@Server@Bridge@Hp@@QEAA@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@GG@Z
??0Win32Information@Win32@Server@Bridge@Hp@@QEAA@XZ
??0Win32MatchingDescriptor@Security@Bridge@Hp@@QEAA@AEBV0123@@Z
??0Win32MatchingDescriptor@Security@Bridge@Hp@@QEAA@UWin32Information@Win32@Server@23@W4Operation@MatchingDescriptor@123@@Z
??0Win32WithNoHPManifestExemptionWhiteList@Security@Bridge@Hp@@QEAA@XZ
??0Win32WithNoHpManifestCheckBasedOnMajorAndMinorVersion@Security@Bridge@Hp@@QEAA@AEBV0123@@Z
??0Win32WithNoHpManifestCheckBasedOnMajorAndMinorVersion@Security@Bridge@Hp@@QEAA@V?$shared_ptr@V?$vector@VWin32MatchingDescriptor@Security@Bridge@Hp@@V?$allocator@VWin32MatchingDescriptor@Security@Bridge@Hp@@@std@@@std@@@std@@V?$shared_ptr@UWin32Information@Win32@Server@Bridge@Hp@@@5@@Z
??0bridge_access_exception@Security@Bridge@Hp@@QEAA@$$QEAV0123@@Z
??0bridge_access_exception@Security@Bridge@Hp@@QEAA@AEBV0123@@Z
??0bridge_access_exception@Security@Bridge@Hp@@QEAA@PEBD@Z
??1BridgeAccessManager@Security@Bridge@Hp@@QEAA@XZ
??1CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAA@XZ
??1IClientInformation@Server@Bridge@Hp@@QEAA@XZ
??1IClientWithNoHpManifestCheckCriteria@Security@Bridge@Hp@@UEAA@XZ
??1Launcher@Services@Server@Bridge@Hp@@QEAA@XZ
??1UwpInformation@Uwp@Server@Bridge@Hp@@QEAA@XZ
??1UwpMatchingDescriptor@Security@Bridge@Hp@@QEAA@XZ
??1UwpPackageDataAccess@Uwp@Server@Bridge@Hp@@UEAA@XZ
??1UwpPackageModel@Uwp@Server@Bridge@Hp@@QEAA@XZ
??1UwpWithNoHPManifestExemptionWhiteList@Security@Bridge@Hp@@QEAA@XZ
??1UwpWithNoHpManifestCheckBasedOnMajorAndMinorVersion@Security@Bridge@Hp@@UEAA@XZ
??1Win32Information@Win32@Server@Bridge@Hp@@QEAA@XZ
??1Win32MatchingDescriptor@Security@Bridge@Hp@@QEAA@XZ
??1Win32WithNoHPManifestExemptionWhiteList@Security@Bridge@Hp@@QEAA@XZ
??1Win32WithNoHpManifestCheckBasedOnMajorAndMinorVersion@Security@Bridge@Hp@@UEAA@XZ
??1bridge_access_exception@Security@Bridge@Hp@@UEAA@XZ
??4BridgeAccessManager@Security@Bridge@Hp@@QEAAAEAV0123@AEBV0123@@Z
??4CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAAAEAV012345@AEBV012345@@Z
??4IClientInformation@Server@Bridge@Hp@@QEAAAEAU0123@AEBU0123@@Z
??4IClientWithNoHpManifestCheckCriteria@Security@Bridge@Hp@@QEAAAEAV0123@AEBV0123@@Z
??4Launcher@Services@Server@Bridge@Hp@@QEAAAEAV01234@AEBV01234@@Z
??4MatchingDescriptor@Security@Bridge@Hp@@QEAAAEAV0123@$$QEAV0123@@Z
??4MatchingDescriptor@Security@Bridge@Hp@@QEAAAEAV0123@AEBV0123@@Z
??4StringUtils@Services@Server@Bridge@Hp@@QEAAAEAV01234@$$QEAV01234@@Z
??4StringUtils@Services@Server@Bridge@Hp@@QEAAAEAV01234@AEBV01234@@Z
??4UwpInformation@Uwp@Server@Bridge@Hp@@QEAAAEAU01234@AEBU01234@@Z
??4UwpMatchingDescriptor@Security@Bridge@Hp@@QEAAAEAV0123@AEBV0123@@Z
??4UwpPackageDataAccess@Uwp@Server@Bridge@Hp@@QEAAAEAV01234@AEBV01234@@Z
??4UwpPackageModel@Uwp@Server@Bridge@Hp@@QEAAAEAU01234@$$QEAU01234@@Z
??4UwpPackageModel@Uwp@Server@Bridge@Hp@@QEAAAEAU01234@AEBU01234@@Z
??4UwpWithNoHPManifestExemptionWhiteList@Security@Bridge@Hp@@QEAAAEAV0123@AEBV0123@@Z
??4UwpWithNoHpManifestCheckBasedOnMajorAndMinorVersion@Security@Bridge@Hp@@QEAAAEAV0123@AEBV0123@@Z
??4Win32Information@Win32@Server@Bridge@Hp@@QEAAAEAU01234@AEBU01234@@Z
??4Win32MatchingDescriptor@Security@Bridge@Hp@@QEAAAEAV0123@AEBV0123@@Z
??4Win32WithNoHPManifestExemptionWhiteList@Security@Bridge@Hp@@QEAAAEAV0123@AEBV0123@@Z
??4Win32WithNoHpManifestCheckBasedOnMajorAndMinorVersion@Security@Bridge@Hp@@QEAAAEAV0123@AEBV0123@@Z
??4bridge_access_exception@Security@Bridge@Hp@@QEAAAEAV0123@$$QEAV0123@@Z
??4bridge_access_exception@Security@Bridge@Hp@@QEAAAEAV0123@AEBV0123@@Z
??_7IClientWithNoHpManifestCheckCriteria@Security@Bridge@Hp@@6B@
??_7UwpPackageDataAccess@Uwp@Server@Bridge@Hp@@6B@
??_7UwpWithNoHpManifestCheckBasedOnMajorAndMinorVersion@Security@Bridge@Hp@@6B@
??_7Win32WithNoHpManifestCheckBasedOnMajorAndMinorVersion@Security@Bridge@Hp@@6B@
??_7bridge_access_exception@Security@Bridge@Hp@@6B@
?Base64Decode@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAAHAEAU_CRYPTOAPI_BLOB@@0K@Z
?Base64Decode@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAA_NAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAU_CRYPTOAPI_BLOB@@@Z
?Base64Encode@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAU_CRYPTOAPI_BLOB@@@Z
?Base64Encode@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAAHAEAU_CRYPTOAPI_BLOB@@0K@Z
?CREATE_FILE_EXTENDED_PATH@Launcher@Services@Server@Bridge@Hp@@0_KB
?CreateAsymetricKeyObjectToDecryptSessionKey@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAAJAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEA_K1@Z
?CreatePrivateExponentOneKey@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@AEAAHPEB_WK0KPEA_K1@Z
?CreateSymetricKeyObjectToDecryptOOBEData@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAAJAEA_K0PEAEAEAK0@Z
?CreateTripleDESKey@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@AEAAXAEA_K00PEAEK1@Z
?DecryptDataCollectedInOOBE@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAAJPEAEAEAKAEA_KAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?DecryptHelper@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAAJPEAEK_KPEAPEAEPEAK@Z
?DeriveSessionKeyWithAlgorithm@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@AEAAH_KIPEAEKPEA_K@Z
?ExportPlainSessionBlob@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@AEAAH_K0PEAPEAEPEAK@Z
?FindPackages@UwpPackageDataAccess@Uwp@Server@Bridge@Hp@@UEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?FromUtf16ToUtf8@StringUtils@Services@Server@Bridge@Hp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEB_W_K@Z
?FromUtf8ToUtf16@StringUtils@Services@Server@Bridge@Hp@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEBD_K@Z
?GenerateSessionKeyWithAlgorithm@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@AEAAH_KIPEA_K@Z
?GetAbsolutePathForUWPAlias@Launcher@Services@Server@Bridge@Hp@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V67@@Z
?GetExemption@UwpWithNoHPManifestExemptionWhiteList@Security@Bridge@Hp@@QEAA?AV?$shared_ptr@V?$vector@VUwpMatchingDescriptor@Security@Bridge@Hp@@V?$allocator@VUwpMatchingDescriptor@Security@Bridge@Hp@@@std@@@std@@@std@@XZ
?GetExemption@Win32WithNoHPManifestExemptionWhiteList@Security@Bridge@Hp@@QEAA?AV?$shared_ptr@V?$vector@VWin32MatchingDescriptor@Security@Bridge@Hp@@V?$allocator@VWin32MatchingDescriptor@Security@Bridge@Hp@@@std@@@std@@@std@@XZ
?GetOriginAndVersionByFamilyName@Launcher@Services@Server@Bridge@Hp@@QEAA?AV?$tuple@H_K@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@7@@Z
?GetOriginAndVersionByFullName@Launcher@Services@Server@Bridge@Hp@@QEAA?AV?$tuple@H_K@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@7@@Z
?GetPackageFullName@UwpPackageDataAccess@Uwp@Server@Bridge@Hp@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V67@@Z
?GetPackageFullNameByFamilyName@Launcher@Services@Server@Bridge@Hp@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V67@@Z
?GetPackageFullNameByFamilyName@Launcher@Services@Server@Bridge@Hp@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V67@V?$shared_ptr@X@7@@Z
?GetPackageInstalledPathByFullName@Launcher@Services@Server@Bridge@Hp@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V67@@Z
?GetPackageInstalledPathByFullName@Launcher@Services@Server@Bridge@Hp@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V67@V?$shared_ptr@X@7@@Z
?GetPackagesPerUser@UwpPackageDataAccess@Uwp@Server@Bridge@Hp@@UEAA?AV?$vector@UUwpPackageModel@Uwp@Server@Bridge@Hp@@V?$allocator@UUwpPackageModel@Uwp@Server@Bridge@Hp@@@std@@@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@7@@Z
?GetPathExpandedImpersonatedAsCurrentUser@Launcher@Services@Server@Bridge@Hp@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V67@V?$shared_ptr@X@7@@Z
?GetUserTokenForCurrentUser@Launcher@Services@Server@Bridge@Hp@@QEAA?AV?$shared_ptr@X@std@@W4_TOKEN_TYPE@@@Z
?ImportPlainSessionBlob@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@AEAAH_K0IPEAEKPEA_K@Z
?IsAnException@UwpWithNoHpManifestCheckBasedOnMajorAndMinorVersion@Security@Bridge@Hp@@UEAA_NXZ
?IsAnException@Win32WithNoHpManifestCheckBasedOnMajorAndMinorVersion@Security@Bridge@Hp@@UEAA_NXZ
?IsRealUserSession@Launcher@Services@Server@Bridge@Hp@@QEAA_NAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?IsRunningAsSystem@UwpPackageDataAccess@Uwp@Server@Bridge@Hp@@AEBA_NXZ
?IsUwpExempt@BridgeAccessManager@Security@Bridge@Hp@@QEAA_NXZ
?IsWin32Exempt@BridgeAccessManager@Security@Bridge@Hp@@QEAA_NXZ
?ProtectData@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAAJAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAU_CRYPTOAPI_BLOB@@@Z
?ProtectDataWithTripleDES@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAAJAEAU_CRYPTOAPI_BLOB@@000@Z
?RegisterPackage@UwpPackageDataAccess@Uwp@Server@Bridge@Hp@@UEAA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Run@Launcher@Services@Server@Bridge@Hp@@QEAA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00@Z
?RunExeAsUser@Launcher@Services@Server@Bridge@Hp@@QEAA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0V?$shared_ptr@X@7@0@Z
?RunExeAsUser@Launcher@Services@Server@Bridge@Hp@@QEAA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0V?$shared_ptr@X@7@0AEAKV?$vector@PEAXV?$allocator@PEAX@std@@@7@@Z
?SetUwpChecker@BridgeAccessManager@Security@Bridge@Hp@@QEAAXV?$shared_ptr@VIClientWithNoHpManifestCheckCriteria@Security@Bridge@Hp@@@std@@@Z
?SetWin32Checker@BridgeAccessManager@Security@Bridge@Hp@@QEAAXV?$shared_ptr@VIClientWithNoHpManifestCheckCriteria@Security@Bridge@Hp@@@std@@@Z
?SidToAccountName@UwpPackageDataAccess@Uwp@Server@Bridge@Hp@@AEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV67@@Z
?Trim@StringUtils@Services@Server@Bridge@Hp@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V67@@Z
?UTF16ToUTF8@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@8@@Z
?UTF8ToUTF16@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@8@@Z
?UnProtectData@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAAJAEAU_CRYPTOAPI_BLOB@@AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1@Z
?UnProtectDataWithTripleDES@CryptographyHelper@Registration@Services@Server@Bridge@Hp@@QEAAJAEAU_CRYPTOAPI_BLOB@@000@Z
?_white_list@UwpWithNoHPManifestExemptionWhiteList@Security@Bridge@Hp@@0V?$vector@VUwpMatchingDescriptor@Security@Bridge@Hp@@V?$allocator@VUwpMatchingDescriptor@Security@Bridge@Hp@@@std@@@std@@A
?_white_list@Win32WithNoHPManifestExemptionWhiteList@Security@Bridge@Hp@@0V?$vector@VWin32MatchingDescriptor@Security@Bridge@Hp@@V?$allocator@VWin32MatchingDescriptor@Security@Bridge@Hp@@@std@@@std@@A
?rLock@Launcher@Services@Server@Bridge@Hp@@0Vmutex@std@@A
?rLock@UwpPackageDataAccess@Uwp@Server@Bridge@Hp@@0Vmutex@std@@A
Sections
.text Size: 497KB - Virtual size: 496KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 339KB - Virtual size: 338KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 568KB - Virtual size: 572KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE