Manalyze report for 2c364453710b04746907959d5183c81b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Feb-20 07:07:03
Detected languages	English - United States
Debug artifacts	C:\__w\1\b\x64\MicrosoftStartFeedProvider.pdb
CompanyName	Microsoft Corporation
FileVersion	`1.1.282.0`
InternalName	MicrosoftStartFeedProvider.exe
LegalCopyright	©Microsoft Corporation. All rights reserved.
OriginalFilename	MicrosoftStartFeedProvider.exe
ProductName	Microsoft\MicrosoftStartFeedProvider
ProductVersion	`1.1.282.0`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` Contains domain names: assets.msn.cn assets.msn.com browser.events.data.msn.cn browser.events.data.msn.com data.msn.cn data.msn.com enterprisenews.microsoft.com events.data.msn.cn events.data.msn.com https://assets.msn.cn https://assets.msn.cn/service/news/feed/pages/dashboard4 https://assets.msn.cn/staticsb/statics/latest/fixed/CloudConfigs/WindowsDashboard/ClientApp/wdgts_conf.json https://assets.msn.com https://assets.msn.com/service/news/feed/pages/dashboard4 https://browser.events.data.msn.cn https://browser.events.data.msn.cn/OneCollector/1.0 https://browser.events.data.msn.com https://browser.events.data.msn.com/OneCollector/1.0 https://enterprisenews.microsoft.com https://enterprisenews.microsoft.com/ https://login.microsoft.com https://windows.msn.cn https://windows.msn.cn/staticsb/statics/latest/fixed/CloudConfigs/WindowsDashboard/ClientApp/wdgts_conf.json https://windows.msn.com https://windows.msn.com/staticsb/statics/latest/fixed/CloudConfigs/WindowsDashboard/ClientApp/wdgts_conf.json https://www.bing.com https://www.bing.com/th?id https://www.msn.cn https://www.msn.cn/pcs/api/widget/winWidgets/winwidgetshp?bgtask https://www.msn.com https://www.msn.com/en-us/feed?ocid https://www.msn.com/pcs/api/widget/winWidgets/winwidgetshp?bgtask https://www.msn.com/widgets/fullpage/webWidgets/widget?experiences login.microsoft.com microsoft.com windows.msn.cn windows.msn.com www.bing.com www.msn.cn www.msn.com
Info	Cryptographic algorithms detected in the binary:	`Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryExA` `Can access the registry: RegQueryValueExW RegCloseKey RegGetValueW RegQueryInfoKeyW RegOpenKeyExW RegEnumValueW RegEnumKeyW RegOpenKeyW SHRegGetUSValueW SHRegCreateUSKeyW SHRegSetUSValueW SHRegCloseUSKey SHRegOpenUSKeyW SHRegGetBoolUSValueW SHRegEnumUSValueW SHRegWriteUSValueW` `Uses Microsoft's cryptographic API: CryptBinaryToStringW` `Manipulates other processes: OpenProcess`
Safe	VirusTotal score: 0/73 (Scanned on 2025-03-12 16:24:52)	`All the AVs think this file is safe.`

Hashes

MD5	`2c364453710b04746907959d5183c81b`
SHA1	`a9d6ed5980dcf58e52cb6bca4f68ed7f6328dee1`
SHA256	`23b58c0d197aff3c3825a78502a3083cd85bf5d60c0683668e5b4a371f81a9d2`
SHA3	`ce544cbbcae1b7768294c41a9c03d5cbf5429a7c007420323d2aa646f2a89d5a`
SSDeep	`24576:/lQYM/iDNt5MWWETdwZXu2gFMOa8SSOfGg0SD:/VM/iDNfX4etiOPSSOfB0`
Imports Hash	`835c8248d507cd1b3f1d8ea03fa3c957`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Feb-20 07:07:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x108a00`
SizeOfInitializedData	`0x72e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000E1DD0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x180000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0c7323ce58c615e5b757b1bef14e7370`
SHA1	`2a035e623c28b520a396c22c81c2b182cdfedda0`
SHA256	`36052921aa76ade66b63123d8e67ef6fc64eb2ab587f9bdd310886ea96468c80`
SHA3	`fc156775f8eb536be9c7ace04dadd6a9b2379210e6bea877f4ab69f9b2f3502b`
VirtualSize	`0x1089e7`
VirtualAddress	`0x1000`
SizeOfRawData	`0x108a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.25951`

.rdata

MD5	`0380aa79e219085b2166391610bbc6c9`
SHA1	`38fee3d909fefd7832a90c269696c673fb583f48`
SHA256	`f844e267d32d58c64762c7ccdab02349815ef487c13a209ddc48e74c84147a1e`
SHA3	`52d3f14be6e098da1259cb68f547cd9e47adc233df3ac7a74e01b18c3b22433e`
VirtualSize	`0x46028`
VirtualAddress	`0x10a000`
SizeOfRawData	`0x46200`
PointerToRawData	`0x108e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.92316`

.data

MD5	`27bcf91afcaf8b5590c594815957f398`
SHA1	`32bffd813325565f27ae75422849a80bef57fed5`
SHA256	`19f12c097b2b27eb8b3b600ea342accc73962c2cf2af6ae464d0b35676453685`
SHA3	`cb66ed806f76caeb41673e7d314e8ad36f9aae1340ee0fbe6ceda94d89230fd3`
VirtualSize	`0x203f8`
VirtualAddress	`0x151000`
SizeOfRawData	`0x1e200`
PointerToRawData	`0x14f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.85378`

.pdata

MD5	`68006a3a3907a22bdc231cbbb9d28eee`
SHA1	`e252f754993deaa39db6177373e26e7ab5905447`
SHA256	`5177b11916c554668c7d943274be0d8e64d69b959fd2afd72463ddd4d6694f41`
SHA3	`41a08bfdd82f9d7887878bc485985282e9c1acfe9bae34d8d270f19d2941ea57`
VirtualSize	`0x9f3c`
VirtualAddress	`0x172000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x16d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.03905`

.didat

MD5	`565b358837c9b27825cc16c25897a6e5`
SHA1	`ea588d14540c2279acd8ec73118f37fc3d21e98c`
SHA256	`8559469c0b51834fe58d25663c671bcd4785e117764f1c8f0e481fb344ac0f56`
SHA3	`1f6d62a8bf2f91ec5a7011e3509b87f72c336a02fe10c4b09f56b29b8e91de33`
VirtualSize	`0x50`
VirtualAddress	`0x17c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x177200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.706526`

.rsrc

MD5	`6d115904fd25cd735a1bbb9d13fa15e2`
SHA1	`eb7e953a129167e452f52bc61504080a468e76db`
SHA256	`ac4d2e59dbff07f7ba4dcb1bf4906689b7e8482d02fdfcdeb896bb3821fcdf6c`
SHA3	`6341f593396f7e41c9334aeff9b33bec9cb5a7fab4d5b28add408fb57075502a`
VirtualSize	`0x698`
VirtualAddress	`0x17d000`
SizeOfRawData	`0x800`
PointerToRawData	`0x177400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.93011`

.reloc

MD5	`a7286517d2ee27592843871255e4d063`
SHA1	`4c0117329ffeae2891f4f7c59fc93c4c82ff5e23`
SHA256	`62a879fee38514af1c17e9f8d86e08430a02d27cb87649cdb2f3396255a8e46d`
SHA3	`c526429c112fb8e2e96f595a60b900e89f0f4f6d1c34df2d386a63084fe01cab`
VirtualSize	`0x1dc8`
VirtualAddress	`0x17e000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x177c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43088`

Imports

KERNEL32.dll	`FormatMessageW` `IsDebuggerPresent` `SetLastError` `GetLastError` `CloseHandle` `GetProcAddress` `GetModuleHandleW` `SetEvent` `CreateEventExW` `GetModuleFileNameA` `CreateSemaphoreExW` `HeapFree` `ReleaseSemaphore` `GetModuleHandleExW` `WaitForSingleObject` `ReleaseMutex` `WaitForSingleObjectEx` `OpenSemaphoreW` `HeapAlloc` `CreateMutexExW` `GetCurrentProcessId` `GetProcessHeap` `WideCharToMultiByte` `DebugBreak` `InitOnceComplete` `InitOnceBeginInitialize` `SetThreadpoolWait` `WaitForThreadpoolWaitCallbacks` `CloseThreadpoolWait` `CreateThreadpoolWait` `SetThreadpoolWaitEx` `CreateThreadpoolTimer` `SetThreadpoolTimerEx` `SetThreadpoolTimer` `CloseThreadpoolTimer` `InterlockedFlushSList` `EncodePointer` `GetSystemTimePreciseAsFileTime` `CreateEventW` `MultiByteToWideChar` `FileTimeToSystemTime` `GetFileSizeEx` `SystemTimeToFileTime` `InitializeCriticalSectionEx` `GetThreadPreferredUILanguages` `GetCurrentThreadId` `ResetEvent` `Sleep` `WaitForMultipleObjects` `GetSystemTimeAsFileTime` `AcquireSRWLockShared` `ReleaseSRWLockShared` `ConnectNamedPipe` `CreateNamedPipeW` `ReadFile` `InitializeCriticalSection` `DeleteCriticalSection` `TerminateProcess` `OpenProcess` `CompareStringOrdinal` `EnterCriticalSection` `LeaveCriticalSection` `GetCurrentPackageId` `CreateFileW` `CreateDirectoryW` `FindClose` `DeleteFileW` `FindNextFileW` `FindFirstFileExW` `FindFirstFileW` `GetExitCodeThread` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `CreateThread` `CreateSemaphoreW` `WriteFile` `SetFilePointer` `GetLogicalProcessorInformation` `GetPhysicallyInstalledSystemMemory` `SleepConditionVariableSRW` `GetTickCount64` `WakeAllConditionVariable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `IsProcessorFeaturePresent` `GetStartupInfoW` `QueryPerformanceCounter` `InitializeSListHead` `GetUserDefaultGeoName` `OutputDebugStringW` `LoadLibraryExW` `InterlockedPushEntrySList` `TrySubmitThreadpoolCallback`
api-ms-win-core-com-l1-1-0.dll	`CoWaitForMultipleObjects` `CoRegisterClassObject` `CoGetApartmentType` `CoAddRefServerProcess` `CoRevokeClassObject` `CoReleaseServerProcess` `CoInitializeEx` `CoUninitialize` `CoCreateFreeThreadedMarshaler` `CoGetObjectContext`
api-ms-win-core-errorhandling-l1-1-0.dll	`RaiseException`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetSystemInfo`
api-ms-win-core-memory-l1-1-0.dll	`VirtualQuery` `VirtualProtect`
api-ms-win-core-libraryloader-l1-2-0.dll	`LoadLibraryExA` `FreeLibrary`
MSVCP140.dll	`?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ` `?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z` `?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z` `?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z` `??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ` `?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z` `?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z` `??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ` `??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `_Xtime_get_ticks` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xruntime_error@std@@YAXPEBD@Z` `??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z` `?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z` `?_Getname@_Locinfo@std@@QEBAPEBDXZ` `??1_Locinfo@std@@QEAA@XZ` `??1_Lockit@std@@QEAA@XZ` `??0_Locinfo@std@@QEAA@HPEBD@Z` `??0_Lockit@std@@QEAA@H@Z` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `??Bid@locale@std@@QEAA_KXZ` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `_Query_perf_counter` `_Query_perf_frequency` `?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A` `?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBUtm@@PEB_W4@Z` `?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z` `?seekp@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_JH@Z` `?widen@?$ctype@_W@std@@QEBA_WD@Z` `?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?id@?$ctype@_W@std@@2V0locale@2@A` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z` `?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z` `_Thrd_detach` `_Cnd_do_broadcast_at_thread_exit` `_Lock_shared_ptr_spin_lock` `_Unlock_shared_ptr_spin_lock` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z` `?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `_Thrd_join` `_Thrd_id` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?tolower@?$ctype@_W@std@@QEBA_W_W@Z` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD4@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z` `??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z` `?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ` `?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `_Mtx_lock` `?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z` `?_Throw_Cpp_error@std@@YAXH@Z` `_Mtx_unlock` `_Cnd_broadcast` `_Cnd_wait` `?_Random_device@std@@YAIXZ` `_Cnd_register_at_thread_exit` `_Cnd_unregister_at_thread_exit` `?_Syserror_map@std@@YAPEBDH@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z` `?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z` `?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ` `?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ` `?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ` `?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z` `?__ExceptionPtrCopy@@YAXPEAXPEBX@Z` `?__ExceptionPtrDestroy@@YAXPEAX@Z` `?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ` `?_ReportUnobservedException@details@Concurrency@@YAXXZ` `?__ExceptionPtrRethrow@@YAXPEBX@Z` `??0task_continuation_context@Concurrency@@AEAA@XZ` `?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?__ExceptionPtrCurrentException@@YAXPEAX@Z` `?good@ios_base@std@@QEBA_NXZ` `?__ExceptionPtrCreate@@YAXPEAX@Z` `?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z` `?_Xbad_alloc@std@@YAXXZ` `??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `_Thrd_yield` `??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `?__ExceptionPtrToBool@@YA_NPEBX@Z` `?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ` `?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_Xbad_function_call@std@@YAXXZ` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z` `?__ExceptionPtrAssign@@YAXPEAXPEBX@Z` `?uncaught_exception@std@@YA_NXZ`
ole32.dll	`CoTaskMemFree` `PropVariantClear` `CoTaskMemAlloc` `CoCreateGuid`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`memcpy` `__std_exception_destroy` `__std_exception_copy` `__std_terminate` `__C_specific_handler` `__current_exception` `__current_exception_context` `_CxxThrowException` `memset` `memcmp` `memmove` `_purecall`
api-ms-win-crt-runtime-l1-1-0.dll	`_invalid_parameter_noinfo_noreturn` `_register_thread_local_exe_atexit_callback` `_c_exit` `_exit` `_invalid_parameter_noinfo` `_errno` `_beginthreadex` `exit` `_initterm_e` `_initterm` `_get_wide_winmain_command_line` `_initialize_wide_environment` `_configure_wide_argv` `terminate` `_set_app_type` `_seh_filter_exe` `_cexit` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `abort`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vswprintf_s` `__stdio_common_vswprintf` `__p__commode` `_set_fmode`
api-ms-win-crt-string-l1-1-0.dll	`isspace` `toupper` `wcsncmp` `wcsnlen` `iswspace` `_wcsicmp` `_wcsnicmp`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `free` `_callnewh` `_set_new_mode`
api-ms-win-crt-time-l1-1-0.dll	`_gmtime64_s`
api-ms-win-crt-convert-l1-1-0.dll	`wcstombs_s` `_ltoa_s`
api-ms-win-crt-math-l1-1-0.dll	`ceilf` `__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
USER32.dll	`MonitorFromWindow` `GetMonitorInfoW` `SetWindowPos` `RegisterClassExW` `CreateWindowExW` `GetShellWindow` `RegisterPowerSettingNotification` `UnregisterPowerSettingNotification` `PostThreadMessageW` `MessageBoxW` `PostQuitMessage` `DefWindowProcW` `GetWindowLongPtrW` `IsWindowVisible` `GetWindow` `DestroyWindow` `DispatchMessageW` `TranslateMessage` `GetMessageW` `SetWindowLongPtrW` `PostMessageW` `SystemParametersInfoW` `GetSysColor` `LoadCursorW` `AllowSetForegroundWindow`
Wldp.dll	`WldpQueryWindowsLockdownMode`
api-ms-win-core-registry-l1-1-0.dll	`RegQueryValueExW` `RegCloseKey` `RegGetValueW` `RegQueryInfoKeyW` `RegOpenKeyExW` `RegEnumValueW`
api-ms-win-core-registry-l2-1-0.dll	`RegEnumKeyW` `RegOpenKeyW`
CRYPT32.dll	`CryptBinaryToStringW`
OLEAUT32.dll	`SysStringLen` `GetErrorInfo` `SafeArrayUnaccessData` `SafeArrayAccessData` `SafeArrayGetUBound` `SafeArrayGetLBound` `SafeArrayDestroy` `SafeArrayPutElement` `SysAllocString` `SysFreeString` `SafeArrayLock` `SafeArrayCreateVector` `SafeArrayUnlock` `SetErrorInfo`
api-ms-win-core-synch-l1-2-0.dll	`WaitOnAddress` `WakeByAddressAll`
api-ms-win-core-winrt-l1-1-0.dll	`RoGetActivationFactory`
api-ms-win-core-winrt-error-l1-1-1.dll	`RoOriginateLanguageException`
api-ms-win-core-winrt-error-l1-1-0.dll	`RoFailFastWithErrorContext` `RoTransformError`
api-ms-win-core-com-l1-1-1.dll	`RoGetAgileReference`
SHLWAPI.dll (delay-loaded)	`SHRegGetUSValueW` `SHRegCreateUSKeyW` `SHRegSetUSValueW` `AssocQueryStringW` `SHRegCloseUSKey` `SHRegOpenUSKeyW` `SHRegGetBoolUSValueW` `SHRegEnumUSValueW` `SHRegWriteUSValueW`

Delayed Imports

Attributes	`0x1`
Name	`SHLWAPI.dll`
ModuleHandle	`0x16f130`
DelayImportAddressTable	`0x17c000`
DelayImportNameTable	`0x14bfe0`
BoundDelayImportTable	`0x14c0e8`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x348`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3938`
MD5	`61799f9e8a487ca48d1e700397dc421d`
SHA1	`0254f243a9ace2634759a87a567bce7bc86e2346`
SHA256	`6ba7a06483d4e4d0cb00b221787a9a594b1484a5fb1b3acedd82a390ede62985`
SHA3	`850cd43225ddb8929dafedb4e475c33043e8b91ddf023f190e8efe9d6fe86a5c`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07607`
MD5	`a77f7bc715994213a368839a1919b831`
SHA1	`8c048fd3f4dad59ebd01b669d24b4c671855fb0e`
SHA256	`ceadc4ae9430eb6d4aeb47affa24c24e2a1dc4de04012122ad047819a745c489`
SHA3	`ee42472477294ae25a7dbff388c719246ec3c11ccc9362df7c50fa1797fc86fa`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.282.0
ProductVersion	1.1.282.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileVersion (#2)	1.1.282.0
InternalName	MicrosoftStartFeedProvider.exe
LegalCopyright	©Microsoft Corporation. All rights reserved.
OriginalFilename	MicrosoftStartFeedProvider.exe
ProductName	Microsoft\MicrosoftStartFeedProvider
ProductVersion (#2)	1.1.282.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Feb-20 07:07:03
Version	`0.0`
SizeofData	`70`
AddressOfRawData	`0x132ec8`
PointerToRawData	`0x131cc8`
Referenced File	C:\__w\1\b\x64\MicrosoftStartFeedProvider.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Feb-20 07:07:03
Version	`0.0`
SizeofData	`1048`
AddressOfRawData	`0x132f10`
PointerToRawData	`0x131d10`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Feb-20 07:07:03
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140133348`
EndAddressOfRawData	`0x140133350`
AddressOfIndex	`0x14016f750`
AddressOfCallbacks	`0x14010af28`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140151040`
GuardCFCheckFunctionPointer	`5369801728`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xd513f59c`
Unmarked objects	`0`
C objects (34321)	`10`
ASM objects (34321)	`6`
Imports (34321)	`6`
C objects (30795)	`1`
Imports (VS2008 SP1 build 30729)	`44`
C++ objects (34321)	`42`
Imports (30795)	`9`
Total imports	`418`
C++ objects (LTCG) (34436)	`46`
Resource objects (34436)	`1`
151	`1`
Linker (34436)	`1`

2c364453710b04746907959d5183c81b

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.didat

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors