Manalyze report for 2d02fec2347b463526c21b50818c8228

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2027-Jan-29 15:57:03
Detected languages	English - United States
Debug artifacts	Windows.ApplicationModel.Store.pdb
CompanyName	Microsoft Corporation
FileDescription	Microsoft Store Runtime DLL
FileVersion	`10.0.18362.1082 (WinBuild.160101.0800)`
InternalName	Microsoft Store Runtime DLL
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	Windows.ApplicationModel.Store.dll
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.18362.1082`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Tries to detect virtualized environments: SYSTEM\CurrentControlSet\Control\SystemInformation` Contains domain names: adbroker.mp.dse.microsoft.com auth.xboxlive.com collections.md.mp.microsoft.com collections.mp.microsoft.com devcenter.microsoft.com displaycatalog.mp.microsoft.com dse.microsoft.com dsx.mp.microsoft.com https://adbroker.mp.dse.microsoft.com https://adbroker.mp.dse.microsoft.com/v1/adbroker/srtb2 https://collections.md.mp.microsoft.com https://collections.md.mp.microsoft.com/v7.0/collections/consume https://collections.md.mp.microsoft.com/v7.0/collections/sdkQuery https://collections.mp.microsoft.com https://collections.mp.microsoft.com/ https://collections.mp.microsoft.com/v7.0/beneficiaries/me/keys https://displaycatalog.mp.microsoft.com https://displaycatalog.mp.microsoft.com/ https://displaycatalog.mp.microsoft.com/v7.0/products/ https://displaycatalog.mp.microsoft.com/v7.0/products/lookup https://displaycatalog.mp.microsoft.com/v7/products https://displaycatalog.mp.microsoft.com/v7/products/lookup https://licensing.mp.microsoft.com https://licensing.mp.microsoft.com/v8.0/licenseToken https://licensingphone.mp.microsoft.com https://licensingphone.mp.microsoft.com/v9/purchases/appreceipts?os https://licensingphone.mp.microsoft.com/v9/purchases/receipts?os https://licensingwindows.mp.microsoft.com https://licensingwindows.mp.microsoft.com/Licensing/License/AcquireReceipt/6.2/0?productId https://login.microsoft.com https://login.windows.local https://login.windows.net https://login.windows.net/common https://manage.devcenter.microsoft.com https://manage.devcenter.microsoft.com/v1.0/my/storeextension/aad https://manage.devcenter.microsoft.com/v1.0/my/storeextension/device https://manage.devcenter.microsoft.com/v1.0/my/storeextension/user https://onestore.microsoft.com https://pti.store.microsoft.com https://pti.store.microsoft.com/v1/pti/devices https://pti.store.microsoft.com/v1/pti/push https://purchase.mp.microsoft.com https://purchase.mp.microsoft.com/v7.0/users/me/keys https://purchase.mp.microsoft.com/v7.0/users/me/orders https://sfdataservice.microsoft.com https://sfdataservice.microsoft.com/smartinstall/v1.0/suggestions/suggest https://storeedgefd.dsx.mp.microsoft.com https://storeedgefd.dsx.mp.microsoft.com/v8.0/campaigns/cid https://storeedgefd.dsx.mp.microsoft.com/v8.0/campaigns/isMicrosoftAccrued https://storesdk.dsx.mp.microsoft.com https://storesdk.dsx.mp.microsoft.com/v8.0/Sdk/StoreList/ https://storesdk.dsx.mp.microsoft.com/v8.0/Sdk/products/contentId https://storesdk.dsx.mp.microsoft.com/v8.0/sdk/products/ratingsAverage https://storesdk.dsx.mp.microsoft.com/v8.0/sdk/search https://www.microsoft.com https://www.microsoft.com/store/ licensing.mp.microsoft.com licensingphone.mp.microsoft.com licensingwindows.mp.microsoft.com login.microsoft.com login.windows.net manage.devcenter.microsoft.com md.mp.microsoft.com microsoft.com mobilling.microsoft.com mp.dse.microsoft.com mp.microsoft.com onestore.microsoft.com pti.store.microsoft.com purchase.mp.microsoft.com sfdataservice.microsoft.com store.microsoft.com storeedgefd.dsx.mp.microsoft.com storesdk.dsx.mp.microsoft.com user.auth.xboxlive.com windows.net www.microsoft.com xboxlive.com
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`Functions which can be used for anti-debugging purposes: NtQueryInformationProcess` `Can access the registry: RegOpenKeyExW RegCloseKey RegGetValueW RegSetKeyValueW RegDeleteKeyValueW` `Uses Windows's Native API: NtQueryInformationProcess NtQueryWnfStateData` `Uses Microsoft's cryptographic API: CryptCreateHash CryptHashData CryptGetHashParam CryptDestroyHash CryptReleaseContext CryptAcquireContextW` `Can create temporary files: CreateFileA CreateFileW GetTempPathA` `Has Internet access capabilities: WinHttpCrackUrl WinHttpConnect WinHttpCloseHandle WinHttpGetDefaultProxyConfiguration WinHttpGetIEProxyConfigForCurrentUser WinHttpAddRequestHeaders WinHttpGetProxyForUrl WinHttpSetOption WinHttpSetTimeouts WinHttpSendRequest WinHttpOpenRequest WinHttpSetStatusCallback WinHttpReadData WinHttpReceiveResponse WinHttpQueryHeaders WinHttpOpen` `Functions related to the privilege level: OpenProcessToken DuplicateTokenEx` `Manipulates other processes: OpenProcess`
Info	The PE is digitally signed.	`Signer: Microsoft Corporation` `Issuer: Microsoft Code Signing PCA 2010`
Safe	VirusTotal score: 0/71 (Scanned on 2024-03-25 12:46:10)	`All the AVs think this file is safe.`

Hashes

MD5	`2d02fec2347b463526c21b50818c8228`
SHA1	`3cd3daabf1780d31422b66e9562167b1c45f9dc5`
SHA256	`3d7a803599da63eb51ad6ed13bef84f8b930ed2c50c9d2ae5b62b49872f201bf`
SHA3	`39ef796c8283c7176ae7d2135bc5a7ddd33c06b8339d1c0851507676ce994527`
SSDeep	`49152:9lM3h+SYienp59kAgbkv2yYshtRyXW+oFccQxyoYbNdzF4j7oWqlT2R/:9l55/VzFg/`
Imports Hash	`73d22f44b1123c47c3415f1141d22b12`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2027-Jan-29 15:57:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x119600`
SizeOfInitializedData	`0x109000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000117870 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x227000`
SizeOfHeaders	`0x400`
Checksum	`0x22de11`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e1b46ee9e95469562e3352471b91179a`
SHA1	`e9f16066fb31ac0575a4f333e90c3c59773dbfcd`
SHA256	`d5cd2e874f8c30dcb08e04cdc398a9eaed200463f7431e40744dc93091de86e3`
SHA3	`f9aaa79e8119b981582994306cf2fc8d31fbd786796458a5e8cc1d0b1c1c884c`
VirtualSize	`0x1194c8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x119600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.33985`

.rdata

MD5	`8f5990b59c5deede295bf712ea2189e1`
SHA1	`95724a87f37dbc93337432d0253033177ff015e8`
SHA256	`dd9b2022f108c39559f31620e3f69221e7adcb9ddc7280cd2e891ccadb92f701`
SHA3	`42495b37162436eb305922ba206ec48a6cc543959e584f0381b1d4a40414f06b`
VirtualSize	`0xdae9a`
VirtualAddress	`0x11b000`
SizeOfRawData	`0xdb000`
PointerToRawData	`0x119a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.16164`

.data

MD5	`b33557ba5e3f2682f195a8d0b6acfa8d`
SHA1	`120f6ce9f8d1b475dc935e88b6bb69ee4960216b`
SHA256	`050089d7c41a12e55b0695a55eea4ce46f72dcd53485570a7c620ddd1fe59a0c`
SHA3	`67075f2acb9df78d8b4256227c35c1b3e35d4c3c1e97cc38138a9ee8bde99936`
VirtualSize	`0x3990`
VirtualAddress	`0x1f6000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x1f4a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.55096`

.pdata

MD5	`2c799bb57d5a1fdfd7e26b98c2cd259c`
SHA1	`9b6b449c9d7b5f04f5c3da5188cb495682d61cca`
SHA256	`aecbe82a1d376c5f650d8168ea300603042524dfbd410bf7f23ec605bffe2b83`
SHA3	`26820651658c2586f6f943ef02720e7ef739f1b0b158edf66e025e73cdd6b01d`
VirtualSize	`0xa3e0`
VirtualAddress	`0x1fa000`
SizeOfRawData	`0xa400`
PointerToRawData	`0x1f6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.93142`

.didat

MD5	`adb28798299c6843e0e4658921df06a5`
SHA1	`7532ed4ef47ec82caa72bd441e11579cda3dc3b5`
SHA256	`052c99d815ee640b45168c7a63ff96baa9ef40a49a481943c1f5c1ae01f809d1`
SHA3	`28bf3cceff17c72dc3c7fb3f15b0ce9fd20ddce8db91c4d0901bca19e0410739`
VirtualSize	`0x378`
VirtualAddress	`0x205000`
SizeOfRawData	`0x400`
PointerToRawData	`0x200e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.87762`

.rsrc

MD5	`0b350efcec327e8f141caf68803a79d7`
SHA1	`fd7d46037ab00faa7c75bd61a6f819412e0c879d`
SHA256	`f43ff38b99efc62a71793020cfeda23c32623e9c6a4b8b4987b629287a4ef92a`
SHA3	`45c97756e9ed14d6a6957a0c5a755bcd0c5a899e21ce5dd0523a8f214aca3e6a`
VirtualSize	`0xf740`
VirtualAddress	`0x206000`
SizeOfRawData	`0xf800`
PointerToRawData	`0x201200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.3626`

.reloc

MD5	`c320f5ac3212f7311f64e1a4076ae15d`
SHA1	`164832510256ec562d9d0be81017ba5f7cef1718`
SHA256	`ba3f3f2f277b6bd5a6bab4dd10ca4a56761b0a839668c46ac40817157a248d17`
SHA3	`bb8647c478d5d2db0b8a74e93c23995fbf5aab147da9e100d53657203a49b6b9`
VirtualSize	`0x1044c`
VirtualAddress	`0x216000`
SizeOfRawData	`0x10600`
PointerToRawData	`0x210a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44134`

Imports

msvcrt.dll	`_callnewh` `_wtoi` `wcscspn` `_wtof` `wcstoul` `_vsnprintf` `_snwprintf_s` `_wcstoui64` `wcschr` `wcsrchr` `wcstod` `_wcstoi64` `_wcsdup` `_wtol` `toupper` `wcsstr` `floor` `_itow_s` `_wcsicmp` `memcmp` `memcpy` `memmove` `memset` `mbstowcs_s` `memmove_s` `strcmp` `realloc` `_errno` `__CxxFrameHandler3` `_onexit` `__dllonexit` `strchr` `strrchr` `_set_errno` `strtol` `strncpy_s` `wcstombs` `sprintf_s` `_wcsupr` `_unlock` `_lock` `_initterm` `_amsg_exit` `_XcptFilter` `malloc` `wcscpy_s` `??_V@YAXPEAX@Z` `__C_specific_handler` `free` `_purecall` `memcpy_s` `_vsnwprintf` `wcscmp`
ntdll.dll	`RtlUpcaseUnicodeChar` `NtQueryInformationProcess` `NtQueryWnfStateData` `RtlGetDeviceFamilyInfoEnum` `RtlPublishWnfStateData` `RtlSubscribeWnfStateChangeNotification` `RtlQueryWnfStateData` `RtlNtStatusToDosError` `EtwEventRegister` `EtwEventUnregister` `EtwEventSetInformation` `RtlUnsubscribeWnfStateChangeNotification` `EtwEventWriteTransfer` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind`
api-ms-win-core-kernel32-legacy-l1-1-0.dll	`FileTimeToDosDateTime`
combase.dll	`#12` `#14` `#2` `#13` `CStdStubBuffer_CountRefs` `#16` `CStdStubBuffer_QueryInterface` `#7` `#9` `CStdStubBuffer_DebugServerRelease` `#24` `CStdStubBuffer_IsIIDSupported` `#15` `CStdStubBuffer_Disconnect` `CStdStubBuffer_Connect` `#23` `#20` `#21` `#17` `NdrCStdStubBuffer2_Release` `#8` `#19` `NdrCStdStubBuffer_Release` `CStdStubBuffer_Invoke` `#10` `CStdStubBuffer2_CountRefs` `CStdStubBuffer_DebugServerQueryInterface` `CStdStubBuffer2_Disconnect` `#6` `CStdStubBuffer2_QueryInterface` `CStdStubBuffer_AddRef` `#22` `#33` `#34` `#11` `CStdStubBuffer2_Connect` `#18` `#32` `#25` `#5`
api-ms-win-core-libraryloader-l1-2-0.dll	`FreeLibrary` `GetProcAddress` `DisableThreadLibraryCalls` `FreeResource` `LockResource` `GetModuleHandleW` `SizeofResource` `LoadResource` `FindResourceExW` `GetModuleFileNameA` `GetModuleHandleExW` `LoadStringW`
api-ms-win-core-localization-l1-2-0.dll	`GetGeoInfoW` `GetUserDefaultLocaleName` `GetUserGeoID` `LCMapStringEx` `FormatMessageW` `GetLocaleInfoEx`
api-ms-win-core-processthreads-l1-1-0.dll	`GetProcessId` `TerminateProcess` `OpenThread` `GetCurrentProcess` `GetCurrentThread` `OpenThreadToken` `OpenProcessToken` `GetCurrentProcessId` `GetProcessIdOfThread` `GetCurrentThreadId`
api-ms-win-core-heap-l1-1-0.dll	`HeapReAlloc` `GetProcessHeap` `HeapFree` `HeapAlloc`
api-ms-win-core-debug-l1-1-0.dll	`OutputDebugStringW` `IsDebuggerPresent` `DebugBreak`
api-ms-win-core-errorhandling-l1-1-0.dll	`RaiseException` `SetLastError` `GetLastError` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle`
api-ms-win-core-synch-l1-1-0.dll	`ReleaseSRWLockExclusive` `CreateMutexExW` `InitializeSRWLock` `ResetEvent` `WaitForSingleObject` `AcquireSRWLockShared` `AcquireSRWLockExclusive` `WaitForSingleObjectEx` `OpenSemaphoreW` `CreateEventW` `ReleaseMutex` `ReleaseSemaphore` `ReleaseSRWLockShared` `InitializeCriticalSection` `WaitForMultipleObjectsEx` `CreateEventExW` `SetEvent` `InitializeCriticalSectionEx` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `CreateSemaphoreExW`
api-ms-win-core-util-l1-1-0.dll	`DecodePointer` `EncodePointer`
RPCRT4.dll	`I_RpcBindingInqLocalClientPID` `RpcServerInqCallAttributesW` `RpcBindingFromStringBindingW` `UuidFromStringW` `RpcStringBindingComposeW` `RpcBindingSetAuthInfoExW` `UuidCreate` `RpcStringFreeW` `NdrClientCall3` `NdrDllGetClassObject` `NdrDllCanUnloadNow` `NdrStubForwardingFunction` `IUnknown_AddRef_Proxy` `NdrOleFree` `NdrStubCall3` `IUnknown_QueryInterface_Proxy` `IUnknown_Release_Proxy` `NdrOleAllocate`
api-ms-win-core-string-l1-1-0.dll	`CompareStringOrdinal` `CompareStringW` `MultiByteToWideChar`
api-ms-win-core-processenvironment-l1-1-0.dll	`ExpandEnvironmentStringsA`
api-ms-win-core-synch-l1-2-0.dll	`Sleep` `InitOnceExecuteOnce` `WakeAllConditionVariable` `SleepConditionVariableSRW`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetVersionExA` `GetTickCount` `GetSystemTime` `GetTickCount64` `GetSystemTimeAsFileTime` `GetLocalTime`
api-ms-win-eventing-provider-l1-1-0.dll	`EventActivityIdControl` `EventUnregister` `EventRegister` `EventProviderEnabled` `EventWriteTransfer`
api-ms-win-core-threadpool-l1-2-0.dll	`WaitForThreadpoolTimerCallbacks` `CloseThreadpoolTimer` `SetThreadpoolTimer` `CreateThreadpoolTimer`
api-ms-win-security-base-l1-1-0.dll	`ImpersonateLoggedOnUser` `DuplicateTokenEx` `GetLengthSid` `CopySid` `RevertToSelf` `AllocateAndInitializeSid` `FreeSid` `GetTokenInformation`
api-ms-win-core-processthreads-l1-1-1.dll	`OpenProcess`
api-ms-win-core-timezone-l1-1-0.dll	`FileTimeToSystemTime` `SystemTimeToFileTime`
api-ms-win-security-sddl-l1-1-0.dll	`ConvertSidToStringSidW`
api-ms-win-core-heap-l2-1-0.dll	`LocalAlloc` `LocalFree`
api-ms-win-core-file-l1-1-0.dll	`GetFileSize` `WriteFile` `CompareFileTime` `DeleteFileA` `CreateFileA` `FileTimeToLocalFileTime` `FindFirstFileExA` `FindNextFileA` `CreateDirectoryW` `ReadFile` `DeleteFileW` `CreateFileW` `FindClose` `FindFirstFileA` `GetFileInformationByHandle` `SetFilePointer`
api-ms-win-security-base-l1-2-0.dll	`CheckTokenMembershipEx`
api-ms-win-core-file-l1-2-2.dll	`GetTempFileNameA` `GetTempPathA`
Cabinet.dll	`#14` `#10` `#13` `#11`
api-ms-win-core-registry-l1-1-0.dll	`RegOpenCurrentUser` `RegOpenKeyExW` `RegCloseKey` `RegGetValueW`
api-ms-win-core-registry-l1-1-1.dll	`RegSetKeyValueW` `RegDeleteKeyValueW`
api-ms-win-core-path-l1-1-0.dll	`PathCchAppendEx` `PathCchAddExtension`
api-ms-win-core-localization-l2-1-0.dll	`GetCurrencyFormatEx`
api-ms-win-shcore-stream-winrt-l1-1-0.dll	`CreateRandomAccessStreamOverStream`
api-ms-win-core-url-l1-1-0.dll	`UrlEscapeW`
CRYPTSP.dll	`CryptCreateHash` `CryptHashData` `CryptGetHashParam` `CryptDestroyHash` `CryptReleaseContext` `CryptAcquireContextW`
api-ms-win-core-delayload-l1-1-1.dll	`ResolveDelayLoadedAPI`
api-ms-win-core-delayload-l1-1-0.dll	`DelayLoadFailureHook`
api-ms-win-core-threadpool-legacy-l1-1-0.dll	`QueueUserWorkItem`
api-ms-win-eventing-legacy-l1-1-0.dll	`QueryTraceW` `FlushTraceW`
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	`PathCombineA` `PathAppendA` `PathRemoveFileSpecA`
api-ms-win-core-heap-obsolete-l1-1-0.dll	`GlobalFree`
api-ms-win-security-capability-l1-1-0.dll	`CapabilityCheck`
iertutil.dll	`#74` `#85` `#76` `#89`
WINHTTP.dll	`WinHttpCrackUrl` `WinHttpConnect` `WinHttpCloseHandle` `WinHttpGetDefaultProxyConfiguration` `WinHttpGetIEProxyConfigForCurrentUser` `WinHttpAddRequestHeaders` `WinHttpGetProxyForUrl` `WinHttpSetOption` `WinHttpSetTimeouts` `WinHttpSendRequest` `WinHttpOpenRequest` `WinHttpSetStatusCallback` `WinHttpReadData` `WinHttpReceiveResponse` `WinHttpQueryHeaders` `WinHttpOpen`
webservices.dll	`WsCreateReader` `WsReadXmlBufferFromBytes` `WsSetInputToBuffer` `WsMoveReader` `WsReadToStartElement` `WsGetReaderPosition` `WsReadBytes` `WsReadStartElement` `WsCreateError` `WsCreateHeap` `WsFreeReader` `WsFreeHeap` `WsFreeError` `WsReadEndAttribute` `WsReadStartAttribute` `WsFindAttribute` `WsReadChars`
api-ms-win-core-apiquery-l1-1-0.dll	`ApiSetQueryApiSetPresence`
api-ms-win-core-winrt-error-l1-1-0.dll (delay-loaded)	`RoTransformError` `RoOriginateErrorW` `RoOriginateError` `GetRestrictedErrorInfo` `SetRestrictedErrorInfo`

Delayed Imports

Attributes	`0x1`
Name	`api-ms-win-core-winrt-error-l1-1-0.dll`
ModuleHandle	`0x1f8558`
DelayImportAddressTable	`0x205100`
DelayImportNameTable	`0x1f2488`
BoundDelayImportTable	`0x1f2f48`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

DllCanUnloadNow

Ordinal	`1`
Address	`0x5b60`

DllGetActivationFactory

Ordinal	`2`
Address	`0x57f0`

DllGetClassObject

Ordinal	`3`
Address	`0x5960`

JSON_RESPONSE_INTERNAL_STORE_ENDPOINT_EXTENSION_URLS

Type	`JSON_RESPONSE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x32a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16335`
MD5	`aebb4a65da7dd6b18d5e22d9a9b345f3`
SHA1	`77c168d0051d9748c5ba9570e5cbc0d65acaf5fc`
SHA256	`f3f3c450465db21219338533ab3650dd2e79a9fca68b507ecb8edcd7cfc55885`
SHA3	`70908ec9a824684c494421e327856c1b702badf3816ef0ea10fd700c8f7c8a38`

JSON_RESPONSE_MODAL_FLOW_SIZES

Type	`JSON_RESPONSE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06209`
MD5	`9bcea0aaa0ad7282b5b5c97a783b773b`
SHA1	`13af86d186a11bff6ce99da35efd73a12f12cebb`
SHA256	`be5f9a9a9f6fbdecb05200fce1565278bfae48badc1ec14970de6aa1b2441c3b`
SHA3	`19ea86ef1df6908f73630c65af3a5e1d7c5c799cd49cd4b8e9a77ca96b9e68cf`

JSON_RESPONSE_ONE_STORE_CLIENT_DATA_URLS

Type	`JSON_RESPONSE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x758`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.57445`
MD5	`db9f7b448802c66d8c722acc5f60f626`
SHA1	`a4196fed378955f4e15574d2a6bfeb9b4b24a886`
SHA256	`80325bf4cdd62c7e1b7c7b00f850c96b71e58ca3623b3c1dfb0f4af822b2b9e1`
SHA3	`d5b6dde5a64af2b42e6e1b7cc5dbc62d7f8e6ef5b24e841c1d4cec551a375931`

JSON_RESPONSE_STORE_ENDPOINT_EXTENSION_URLS

Type	`JSON_RESPONSE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9bc6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12111`
MD5	`1993f6ca952e29b99c79e6cfd1b0bd66`
SHA1	`9ddbb5553fcd2981883fcde21503bff39d577866`
SHA256	`bfd87f07da197370d695fcc5576c949a8b21f4b784d8bd465ad2e6844da95d8a`
SHA3	`7f182cf646510e6becbc36985101ea3527a0f8d366405538d5df74d1e0eccee3`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0x108`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96412`
MD5	`ba1012d76845bfad28bb9d63776df4ba`
SHA1	`d12d0d0f21fd05eed58c1b5842b45b75e1b92fb7`
SHA256	`3e4fbfc2c85a3bce2457702b7d0e51719558f7077948d37e1ad3b4ee6e3f71f1`
SHA3	`2ce34084b57c2ce9a1cbbd610aafd8f529c8b72fbffdebea9e64a4d628d8f264`

1 (#2)

Type	`WEVT_TEMPLATE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17c2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.84016`
MD5	`2f0d874def2a82c0f2f7a4b04fb3e9fa`
SHA1	`345a55802885b1faa8ef4bc1f47ddc0469f29857`
SHA256	`99636d17b397dde146cb5034a2919a98ffdbfa0afdbb9fabb3b6e2f93268616b`
SHA3	`7dc2f0ccfc3a514967063b02ac8baef401b3d0ee036b42e7b5524104d6781333`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51716`
MD5	`651a1bfbb2db03a7bcff3a0cc682c0cd`
SHA1	`ba9e93e60413d86762f5b1d4127514b1c70a5dbc`
SHA256	`cf751fffde50ee62bbfd596bdea4fc0e0cecda3b6f462aa817ba12d69b959cc0`
SHA3	`ef12de7af04e2643cafa24b4bf5eefc7437d0065fb9d0d0fef074f444ddf3f84`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.18362.1082
ProductVersion	10.0.18362.1082
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Microsoft Store Runtime DLL
FileVersion (#2)	10.0.18362.1082 (WinBuild.160101.0800)
InternalName	Microsoft Store Runtime DLL
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	Windows.ApplicationModel.Store.dll
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.18362.1082

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2027-Jan-29 15:57:03
Version	`0.0`
SizeofData	`59`
AddressOfRawData	`0x1edee8`
PointerToRawData	`0x1ec8e8`
Referenced File	Windows.ApplicationModel.Store.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2027-Jan-29 15:57:03
Version	`0.0`
SizeofData	`1012`
AddressOfRawData	`0x1edf24`
PointerToRawData	`0x1ec924`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2027-Jan-29 15:57:03
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1ee318`
PointerToRawData	`0x1ecd18`

TLS Callbacks

StartAddressOfRawData	`0x1801ee33c`
EndAddressOfRawData	`0x1801ee348`
AddressOfIndex	`0x1801f8550`
AddressOfCallbacks	`0x180171410`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x108`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1801f7c58`
GuardCFCheckFunctionPointer	`6443962408`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xf8d9b545`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`100`
ASM objects (VS2017 v14.15 compiler 26715)	`3`
C objects (VS2017 v14.15 compiler 26715)	`20`
Total imports	`463`
Imports (VS2017 v14.15 compiler 26715)	`11`
C++ objects (VS2017 v14.15 compiler 26715)	`8`
Exports (VS2017 v14.15 compiler 26715)	`1`
C++ objects (LTCG) (VS2017 v14.15 compiler 26715)	`147`
Resource objects (VS2017 v14.15 compiler 26715)	`1`
Linker (VS2017 v14.15 compiler 26715)	`1`

2d02fec2347b463526c21b50818c8228

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.didat

.rsrc

.reloc

Imports

Delayed Imports

DllCanUnloadNow

DllGetActivationFactory

DllGetClassObject

JSON_RESPONSE_INTERNAL_STORE_ENDPOINT_EXTENSION_URLS

JSON_RESPONSE_MODAL_FLOW_SIZES

JSON_RESPONSE_ONE_STORE_CLIENT_DATA_URLS

JSON_RESPONSE_STORE_ENDPOINT_EXTENSION_URLS

1

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors