Static task
static1
Behavioral task
behavioral1
Sample
InstalledPackagesAgent.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
InstalledPackagesAgent.exe
Resource
win10-20240404-en
windows10-1703-x64
Target
InstalledPackagesAgent.exe
Size
414KB
MD5
d5fb13a9aa3bfcddad06ea9e13cde962
SHA1
8e3b05c0ed4c4402b37799b1be1411f46e789639
SHA256
eecb6067c5f9af72b5cf0ab6f2b60bf876b069aa60a33685d9bb29b79626f125
SHA512
66d1c416630c5d17d55065e439bec87487c785bab178cb2d56c77dab5ac584a28d5fcf7642cffc971028fed24d104f973effadb940a39f24d543f75b4c09e435
SSDEEP
6144:xWHzafqYV2JT5DGqu2CuHlklg9NIlz8zkiZGiG3dQmIDz8zkiZGiG3dQmIJQU3:uIoGMCuSS9yveOeRDveOeRJQU3
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
D:\KYD100_SourceCode\UEIP_V5_3014\ueip-v5\UBTService.root\UBTService\AppMonitorPlugin\Bin\Release\InstalledPackagesAgent.pdb
CreateProcessW
GetSystemTime
CreateMutexW
GetCurrentProcessId
OpenProcess
LocalFree
SystemTimeToTzSpecificLocalTime
CreateEventW
CreateDirectoryW
FlushFileBuffers
SetFilePointer
WriteFile
GetLocalTime
MoveFileExW
WaitForSingleObject
GetFileAttributesW
GetLastError
DeleteFileW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
FindNextFileW
FindFirstFileW
FileTimeToSystemTime
CopyFileW
GetSystemTimeAsFileTime
CloseHandle
OutputDebugStringW
GetFileTime
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetTimeZoneInformation
GetTickCount64
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DecodePointer
RegOpenKeyW
ConvertStringSidToSidW
LookupAccountSidW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
CryptDuplicateHash
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SHCreateDirectoryExW
CoInitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree
?UninitializeData@Details@Platform@@YAXH@Z
?GetActivationFactoryByPCWSTR@@YGJPAXAAVGuid@Platform@@PAPAX@Z
?InitializeData@Details@Platform@@YAJH@Z
?GetIidsFn@@YGJHPAKPBU__s_GUID@@PAPAVGuid@Platform@@@Z
?GetIBoxArrayVtable@Details@Platform@@YGPAXPAX@Z
?ReCreateFromException@Details@Platform@@YGJP$AAVException@2@@Z
?Free@Heap@Details@Platform@@SAXPAX@Z
?Allocate@Heap@Details@Platform@@SAPAXI@Z
?__abi_WinRTraiseChangedStateException@@YGXXZ
?__abi_WinRTraiseOutOfBoundsException@@YGXXZ
?__abi_WinRTraiseInvalidArgumentException@@YGXXZ
?__abi_WinRTraiseOutOfMemoryException@@YGXXZ
?__abi_WinRTraiseAccessDeniedException@@YGXXZ
?__abi_WinRTraiseFailureException@@YGXXZ
?__abi_WinRTraiseOperationCanceledException@@YGXXZ
?__abi_WinRTraiseNullReferenceException@@YGXXZ
?__abi_WinRTraiseInvalidCastException@@YGXXZ
?__abi_WinRTraiseNotImplementedException@@YGXXZ
??0Object@Platform@@Q$AAA@XZ
?__abi_FailFast@@YGXXZ
?__abi_WinRTraiseCOMException@@YGXJ@Z
?__abi_WinRTraiseObjectDisposedException@@YGXXZ
?__abi_WinRTraiseDisconnectedException@@YGXXZ
?__abi_WinRTraiseWrongThreadException@@YGXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YGXXZ
?GetCmdArguments@Details@Platform@@YAPAPA_WPAH@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Getcoll
_Strcoll
_Strxfrm
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
??0facet@locale@std@@IAE@I@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xinvalid_argument@std@@YAXPBD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
PathAppendW
SHCreateStreamOnFileW
fsetpos
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except_handler4_common
_commode
_fmode
__initenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
memchr
memcpy_s
memmove
calloc
free
_recalloc
wmemcpy_s
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove_s
vswprintf_s
_vscwprintf
strchr
wcschr
wcscspn
wcsnlen
wcsspn
wcsstr
realloc
_wtoi
_swprintf
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
memset
malloc
_wcsdup
rename
??_V@YAXPAX@Z
strcpy_s
_errno
strtol
fclose
fwrite
_vsnwprintf_s
wcstod
mbstowcs
fwprintf
_wfopen
_wfopen_s
fflush
fgetc
fgetpos
fputc
??1type_info@@UAE@XZ
_fseeki64
setvbuf
ungetc
_lock_file
_unlock_file
_localtime64_s
_time64
wcslen
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
CreateXmlReader
WindowsCreateString
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer
?GetLogData@PBRLog@ReadPBRLog@@QAE_NAAUPBRDataInstance@2@@Z
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ