Analysis Report · CAPE Sandbox

Analysis

Category	Package	Started	Completed	Duration	Options	Log(s)
FILE	exe	2025-06-10 20:26:58	2025-06-10 20:57:53	1855 seconds	Show Options	Show Analysis Log

procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1

2024-11-25 13:37:15,272 [root] INFO: Date set to: 20250610T18:38:11, timeout set to: 1800
2025-06-10 19:38:11,494 [root] DEBUG: Starting analyzer from: C:\tmp_gell1p8
2025-06-10 19:38:11,588 [root] DEBUG: Storing results at: C:\SLtSxJVgsX
2025-06-10 19:38:11,603 [root] DEBUG: Pipe server name: \\.\PIPE\TCjHsIkvb
2025-06-10 19:38:11,603 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32
2025-06-10 19:38:11,603 [root] INFO: analysis running as an admin
2025-06-10 19:38:11,603 [root] INFO: analysis package specified: "exe"
2025-06-10 19:38:11,603 [root] DEBUG: importing analysis package module: "modules.packages.exe"...
2025-06-10 19:38:12,135 [root] DEBUG: imported analysis package "exe"
2025-06-10 19:38:12,166 [root] DEBUG: initializing analysis package "exe"...
2025-06-10 19:38:12,166 [lib.common.common] INFO: wrapping
2025-06-10 19:38:12,166 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation
2025-06-10 19:38:12,166 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\AddSuggestedFoldersT.exe
2025-06-10 19:38:12,166 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2025-06-10 19:38:12,166 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2025-06-10 19:38:12,166 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2025-06-10 19:38:12,166 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2025-06-10 19:38:12,353 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2025-06-10 19:38:12,369 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig"
2025-06-10 19:38:12,400 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2025-06-10 19:38:12,416 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2025-06-10 19:38:12,432 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2025-06-10 19:38:12,432 [lib.api.screenshot] ERROR: No module named 'PIL'
2025-06-10 19:38:12,432 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2025-06-10 19:38:12,447 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2025-06-10 19:38:12,447 [root] DEBUG: Initialized auxiliary module "Browser"
2025-06-10 19:38:12,447 [root] DEBUG: attempting to configure 'Browser' from data
2025-06-10 19:38:12,447 [root] DEBUG: module Browser does not support data configuration, ignoring
2025-06-10 19:38:12,447 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2025-06-10 19:38:12,447 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2025-06-10 19:38:12,447 [root] DEBUG: Initialized auxiliary module "DigiSig"
2025-06-10 19:38:12,447 [root] DEBUG: attempting to configure 'DigiSig' from data
2025-06-10 19:38:12,447 [root] DEBUG: module DigiSig does not support data configuration, ignoring
2025-06-10 19:38:12,447 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"...
2025-06-10 19:38:12,447 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature
2025-06-10 19:38:23,806 [modules.auxiliary.digisig] DEBUG: File has a valid signature
2025-06-10 19:38:23,806 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2025-06-10 19:38:23,806 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig
2025-06-10 19:38:23,806 [root] DEBUG: Initialized auxiliary module "Disguise"
2025-06-10 19:38:23,806 [root] DEBUG: attempting to configure 'Disguise' from data
2025-06-10 19:38:23,806 [root] DEBUG: module Disguise does not support data configuration, ignoring
2025-06-10 19:38:23,806 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2025-06-10 19:38:23,806 [modules.auxiliary.disguise] INFO: Disguising GUID to a8eaf468-9af3-497e-b845-83cebf5a4c23
2025-06-10 19:38:23,806 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2025-06-10 19:38:23,806 [root] DEBUG: Initialized auxiliary module "Human"
2025-06-10 19:38:23,806 [root] DEBUG: attempting to configure 'Human' from data
2025-06-10 19:38:23,806 [root] DEBUG: module Human does not support data configuration, ignoring
2025-06-10 19:38:23,806 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2025-06-10 19:38:23,806 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2025-06-10 19:38:23,806 [root] DEBUG: Initialized auxiliary module "Screenshots"
2025-06-10 19:38:23,806 [root] DEBUG: attempting to configure 'Screenshots' from data
2025-06-10 19:38:23,822 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2025-06-10 19:38:23,822 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2025-06-10 19:38:23,822 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2025-06-10 19:38:23,822 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2025-06-10 19:38:23,822 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2025-06-10 19:38:23,822 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2025-06-10 19:38:23,822 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2025-06-10 19:38:23,822 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2025-06-10 19:38:23,822 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696
2025-06-10 19:38:23,838 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmp_gell1p8\dll\696.ini
2025-06-10 19:38:23,853 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2025-06-10 19:38:23,853 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2025-06-10 19:38:23,853 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor
2025-06-10 19:38:23,853 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor
2025-06-10 19:38:23,853 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor
2025-06-10 19:38:23,853 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor
2025-06-10 19:38:23,853 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp_gell1p8\dll\KhePLP.dll, loader C:\tmp_gell1p8\bin\ktypyZOY.exe
2025-06-10 19:38:24,025 [root] DEBUG: Loader: IAT patching disabled.
2025-06-10 19:38:24,025 [root] DEBUG: Loader: Injecting process 696 with C:\tmp_gell1p8\dll\KhePLP.dll.
2025-06-10 19:38:24,072 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'.
2025-06-10 19:38:24,072 [root] INFO: Disabling sleep skipping.
2025-06-10 19:38:24,072 [root] DEBUG: 696: Full process memory dumps enabled.
2025-06-10 19:38:24,072 [root] DEBUG: 696: Import reconstruction of process dumps enabled.
2025-06-10 19:38:24,072 [root] DEBUG: 696: Active unpacking of payloads enabled
2025-06-10 19:38:24,072 [root] DEBUG: 696: CAPE debug - unrecognised key norefer.
2025-06-10 19:38:24,072 [root] DEBUG: 696: TLS secret dump mode enabled.
2025-06-10 19:38:24,072 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542
2025-06-10 19:38:24,088 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable
2025-06-10 19:38:24,088 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0
2025-06-10 19:38:24,088 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF8234D0000, thread 5004, image base 0x00007FF60D500000, stack from 0x0000008EFAA74000-0x0000008EFAA80000
2025-06-10 19:38:24,088 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe
2025-06-10 19:38:24,104 [root] DEBUG: 696: Hooked 5 out of 5 functions
2025-06-10 19:38:24,104 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-06-10 19:38:24,104 [root] DEBUG: Successfully injected DLL C:\tmp_gell1p8\dll\KhePLP.dll.
2025-06-10 19:38:24,104 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe>
2025-06-10 <truncated>

Machine

Name	Label	Manager	Started On	Shutdown On	Route
win10-2	win10-2	KVM	2025-06-10 20:26:58	2025-06-10 20:57:33	none

File Details

File Name	AddSuggestedFoldersT.exe
File Type	PE32+ executable (GUI) x86-64, for MS Windows
File Size	754184 bytes
MD5	2ee544da272865441813f5d0788df623
SHA1	fc3f4771ce5df848d7eefd99d4ccfec806d08206
SHA256	36afa68f37cf3392e913b77bd7ed853dd21a98b23d589361c47402a9d5bfbc25 [VT] [MWDB] [Bazaar]
SHA3-384	5aa4a56adac601d395ba0ee504068072a740838bc5217ad69f5c9dfe48ee968d862861075af2d0f307de2e07debc06ef
CRC32	47650594
TLSH	T1F5F449265F9C85D1D12AA17A89A28345FA72B8100B2147CB8161E33E5F3F5F59F3E372
Ssdeep	12288:kPPrFvfOYlttRTVJYYdylrAO/I0MIRA2WsmUbST2pUJdm87l:YGYllTVJBdy5I0MIRA2WsmNTO097l
PE	File Strings BinGraph Vba2Graph VirusTotal

?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z

^1?]8

F<1U.

l$ VWATAVAWH

pA^_^[]

@.data

D$hE3

ViewAll

StopSlideShow

WindowsCreateStringReference

AttachCamera

RepeatAll

ReleaseMutex

GetStartupInfoW

PA^_^][

CoMarshalInterThreadInterfaceInStream

CreateSemaphoreExW

u*9Q<|%

Admin

.?AV<lambda_7b8498a12273488957d4576d2e3cda73>@@

@SVWAVH

Windows.UI.Xaml.Visibility

SuggestionKind

Video

UnPin

no space on device

t$(H!~

not a directory

9Ct|eD

list<T> too long

TlP0X

MailReply

?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z

.?AV<lambda_413e697d3df9dfa3260888caa9b36fb1>@@

api-ms-win-core-string-l1-1-0.dll

System.Enum

CoGetObjectContext

VWAVH

.?AV<lambda_1d36b6a660abcb79c64e19ad460d5875>@@

PA_A^A]A\_^[

L$xH3

system

O0M0K

Microsoft Corporation

fD9,Qu

_XcptFilter

E/}u!

.u$H;3

_lock

ClosedCaption

`A^_^][

completeType

?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z

USVWATAUAVAWH

OrelativeParentDepth

gH9QPtv8QLu.H

RoReportUnhandledError

@SUVWAVH

.?AU__I?$Array@PE$AAVString@Platform@@$00PublicNonVirtuals@Platform@@

.?AUIWeakReferenceSource@Details@Platform@@

AddSuggestedFoldersToLibraryDialog.__MainPageActivationFactory

.data$r

resource unavailable try again

_initterm

DockRight

__ExceptionPtrCurrentException

Windows.Foundation.AsyncOperationCompletedHandler`1<Windows.Foundation.Collections.IVectorView`1<Windows.Storage.StorageFile>>

rP{f?k

.?AVlogic_error@std@@

1+0)0

.idata$5

Preview

AddSuggestedFoldersToLibraryDialog.DelegateCommand

not connected

.CRT$XIYA

protocol_not_supported

TwoPage

Windows.Foundation.Uri

.pdata

Microsoft

SetRestrictedErrorInfo

20180915005723Z

L$ Lc

_acmdln

operation_in_progress

A^A\_

.CRT$XIYB

_get_current_locale

host_unreachable

regex_error(error_stack): There was insufficient memory to determine whether the regular expression could match the specified character sequence.

FontDecrease

SetEvent

connection refused

read only file system

.PE$AAVFailureException@Platform@@

AddSuggestedFoldersToLibraryDialog.BindableBase

_exit

AddSuggestedFoldersToLibraryDialog.__PathCalculatorActivationFactory

learnMoreActivated

XamlTypeInfo.InfoProvider.XamlTypeInfoProvider

operation would block

0A^_^

CalendarWeek

Legal_Policy_Statement

AddSuggestedFoldersToLibraryDialog.MainPage_obj1_BindingsTracking

ReportHacked

%hs!%p:

Character

.PE$AAVInvalidArgumentException@Platform@@

K SVWH

E6T:X

Clear

0A_A^A\_^

Thales TSS ESN:148C-C4B9-20661%0#

callingApp

CoCreateFreeThreadedMarshaler

uc8X$t

ActivityStoppedAutomatically

Clock

.?AU__I?$WriteOnlyArray@PE$AAVString@Platform@@$00PublicNonVirtuals@Platform@@

GetStringTypeW

??0ChangedStateException@Platform@@QE$AAA@XZ

.PE$AAUIDisposable@Platform@@

AddSuggestedFoldersToLibraryDialog.MainPageVM

Microsoft Time-Stamp PCA 20100

9\u=H

Windows.Foundation.IReference`1<Windows.UI.Xaml.Visibility>

argument out of domain

.rdata$r

f9,Ku

`A^_^

$L;0u*H

.?AV<lambda_73292f348cdbf870906b32f491436bd8>@@

IsAddSelectEnabled

.CRT$XIA

ViewModel

A9F tOI

111019184142Z

Shuffle

ManuallyAdded

connection_already_in_progress

.?AVbad_function_call@std@@

generic

GoToToday

??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z

ResetEvent

d$hL9e

x UAVAWH

FileDescription

%Microsoft Windows Production PCA 2011

fHD9gHL

AddSuggestedFoldersToLibraryDialog.FolderSuggestionVM

\$ UVWH

.?AV<lambda_48bd410069cb3ee49e082a8355a7862e>@@

?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z

\$ VWAVH

Microsoft Corporation1

UWATAVAWH

ThumbnailImage

.PE$AAVNullReferenceException@Platform@@

Microsoft Operations Puerto Rico1&0$

ntdll.dll

no stream resources

PhoneBook

10.0.17763.1

directory not empty

Street

InitializeCriticalSection

A_A^A\_^

UVAVH

.?AV<lambda_311af3a3eaf20518b19dbfbed459aaea>@@

Microsoft Time-Stamp PCA 2010

regex_error(error_badrepeat): One of *?+{ was not preceded by a valid regular expression.

network reset

Boolean

.?AV<lambda_193b4eca76fcf2067f3d412e14d9136f>@@

System.ValueType

IsSelectAllChecked

fD9<Hu

OutlineStar

message

no protocol option

originatingContextName

.?AVruntime_error@std@@

Attach

<P)9Y

)t$@H

.PE$AAVChangedStateException@Platform@@

OpenPane

upper

;Q(s!

f9<^u

Caption

.rdata$zETW9

no buffer space

t9 }'

DockLeft

Windows.UI.Xaml.Input.ICommand

UVWAVAWH

D$HH9

L$8H3

FontColor

??0OutOfBoundsException@Platform@@QE$AAA@XZ

Windows.Foundation.IReference`1<Guid>

A_A^A\_]

OpenWith

100701213655Z

MailForward

vector<bool> too long

RoOriginateError

TerminateProcess

Windows.Foundation.TypedEventHandler`2<Windows.UI.Xaml.FrameworkElement, Object>

minATL$__m

MoveToFolder

f9,Au

___mb_cur_max_func

HcF$M

GlobalNavigationButton

Object

\$ A;

SUVWAVAWH

C0D8c@t

?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ

Microsoft Windows0

J9*`+

bad_address

SlideShow

PA_A^A\_^

ClosestKnownFolderParent

?__abi_WinRTraiseObjectDisposedException@@YAXXZ

.text$x

R!s4Z

T$ E3

not_connected

too many links

.?AV<lambda_fdbef63507de489bda1820d752905fe7>@@

regex_error(error_badbrace): The expression contained an invalid range in a { expression }.

blank

|$HL+?I

L$HH3

t$PH;

.xdata$x

A^_^

GetModuleHandleW

MailFilled

initialSuggestions

Download

inappropriate io control operation

api-ms-win-core-registry-l1-1-0.dll

L$ E3

NewFolder

.?AVregex_error@std@@

MainQuestionMusic

.giats

kernelbase.dll

?Free@Heap@Details@Platform@@SAXPEAX@Z

D$ H;

__ExceptionPtrCopy

??0NullReferenceException@Platform@@QE$AAA@XZ

connection reset

A_A^A\_^][

api-ms-win-core-winrt-error-l1-1-0.dll

connection aborted

Windows.ApplicationModel.Resources.ResourceLoader

0A_A^_

OriginalFilename

Page2

.?AU__abi_Module@@

Import

FullText

destination_address_required

Paste

.?AU__abi_IUnknown@@

?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z

MusicInfo

$Microsoft Ireland Operations Limited1

fD94Au

___lc_handle_func

\$8E3

D9yL|

"*~pK

Windows.UI.Color

AddSuggestedFoldersToLibraryDialog.exe

UVWATAUAVAWH

No unloadable elements to disconnect.

CloseHandle

L$8E3

@.reloc

Platform.Object

{|?uXH

z.9Wv

A8Y(t&I

_purecall

9\uBH

timed_out

D9K(t

failureCount

GetSystemTimeAsFileTime

___lc_codepage_func

.?AV<lambda_34b0bb4e0c8c74dd2bb928285c371c0d>@@

h_^][

?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ

Windows.Foundation.IReferenceArray`1<Windows.UI.Xaml.Markup.IXamlMetadataProvider>

Windows.UI.ViewManagement.ApplicationView

??0exception@@QEAA@AEBQEBDH@Z

f9<Hu

SetUnhandledExceptionFilter

Windows.Foundation.Collections.IIterator`1<AddSuggestedFoldersToLibraryDialog.FolderSuggestionVM>

network down

executable format error

\$hE3

Windows.Foundation.Collections.VectorChangedEventHandler`1<AddSuggestedFoldersToLibraryDialog.ThumbnailVM>

D$ E3

.text

bad function call

MainQuestionPictures

Windows.UI.Xaml.Navigation.NavigationFailedEventHandler

.PE$AAVOutOfBoundsException@Platform@@

f9Axu`

PerceivedType

Camera

?__abi_WinRTraiseOperationCanceledException@@YAXXZ

originatingContextId

WAUAVH

Failed to load Page

Windows.System.Threading.ThreadPool

gPzuL

cntrl

A^A]_

D9g0|

?__abi_WinRTraiseChangedStateException@@YAXXZ

AddSuggestedFoldersToLibraryDialog.__BindableBaseActivationFactory

wwN#P

.idata$4

DisplayPath

regex_error(error_collate): The expression contained an invalid collating element name.

ReShare

??0OutOfMemoryException@Platform@@QE$AAA@XZ

;t$p|

.PE$AAVNotImplementedException@Platform@@

`A_A^A]A\_^[

__dllonexit

connection_aborted

identifier removed

RegEnumKeyExW

DthumbnailCount

regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings.

Windows.UI.Xaml.DependencyObject

.?AVbad_cast@@

9\uJH

operation not supported

api-ms-win-core-com-l1-1-0.dll

cross device link

.?AV<lambda_d54468c341eec9bc3403dc5673717b4d>@@

\$ UVWAVH

fD91t

Globe

__C_specific_handler

0A_A^A]A\_^]

std::exception: %hs

no link

(D$@f

nullableBoolConverter

|$ AVH

bad allocation

IcV4E

.text$mn$00

t$ WH

SetLastError

Filter

.rsrc$01

CallContext:[%hs]

DebugBreak

A_A^A]A\_^[]

8XLu.H

L$0H97t_H9

.?AV<lambda_49e1aa748cf2ce5146dd9b902e518a0c>@@

?__abi_WinRTraiseInvalidArgumentException@@YAXXZ

L9d$(t5L

NewWindow

AddSuggestedFoldersToLibraryDialog.ThumbnailVM

Windows.Foundation.TypedEventHandler`2<Windows.UI.Xaml.FrameworkElement, Windows.UI.Xaml.DataContextChangedEventArgs>

H;} H

C$9C w"H

api-ms-win-core-util-l1-1-0.dll

permission_denied

3YWu!

_CxxThrowException

AlignRight

fF94@u

LeaveCriticalSection

resource deadlock would occur

too many files open in system

L$ SVWH

D9l$@}'H

address not available

IsSelected

Pause

Microsoft Corporation1)0'

?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z

.?AVexception@@

callContext

L$PH3

message size

.jpeg

?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z

?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z

@A^_^][

.text$yd

D9n A

bad cast

WATAVH

api-ms-win-core-localization-l1-2-0.dll

Windows.Foundation.IReference`1<AddSuggestedFoldersToLibraryDialog.FolderSuggestionKind>

PA_A^_^]

LcA<E3

AddSuggestedFoldersToLibraryDialog.__NullableBoolConverterActivationFactory

Windows.UI.Xaml.Automation.AutomationProperties

T$ H;

OneBar

(t$pH

Windows.UI.Xaml.Controls.ToolTipService

?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z

|$0I9

@.rsrc

^|H;N

r8@8z@tOH

AcquireSRWLockExclusive

Windows.Foundation.IReferenceArray`1<AddSuggestedFoldersToLibraryDialog.ThumbnailVM>

Highlight

Folder

?UninitializeData@Details@Platform@@YAXH@Z

protocol not supported

__ExceptionPtrDestroy

LegalCopyright

function

xdigit

@8yHt

@8yxt

Calendar

isSelected

9\uCH

L$ Hc

Placeholder

M0K0I

?__abi_WinRTraiseAccessDeniedException@@YAXXZ

Calculator

t3PpS

f9<Fu

D$HH;

@A_A^A]A\_^]

L$0H3

XamlBindingInfo.XamlBindingTrackingBase

t$0H!}

alpha

RotateCamera

wilActivity

fD9<Bu

.rdata$zzzdbg

_vsnprintf_s

.?AVInProcModule@Details@Platform@@

WAVAWH

:\u:L

realloc

.rdata

FontSize

api-ms-win-core-errorhandling-l1-1-0.dll

??0exception@@QEAA@XZ

??1type_info@@UEAA@XZ

Emoji2

CT$8L

too many files open

Windows.Foundation.Collections.IVectorView`1<AddSuggestedFoldersToLibraryDialog.ThumbnailVM>

D;{ }*E

minATL$__a

?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z

tGf9)u;H

wcsstr

\$pH;

no lock available

D$$I;

:cY7.u!

pA_A^A]A\_^[

?__abi_WinRTraiseNullReferenceException@@YAXXZ

%Microsoft Windows Production PCA 20110

OpenFile

CoGetApartmentType

WaitForSingleObject

address in use

}0D9e tEH

GetModuleFileNameA

FourBars

PA_A^A\_^[]

.?AV<lambda_ea4c3032892918e09fb3c0a8dbda54c9>@@

Phone

SVWATAUAVAWH

owner dead

0A_A^A\

audio

network unreachable

api-ms-win-core-sysinfo-l1-1-0.dll

SHGetKnownFolderPath

]>"Z&

WebCam

memcpy

.idata$3

.?AV<lambda_235625e9c764c79fcf38d92f5b57ba16>@@

WindowsIsStringEmpty

GoToStart

261019185142Z0

Lcg8E;e8

Platform.?$WriteOnlyArray@PE$AAVThumbnailVM@AddSuggestedFoldersToLibraryDialog@@$00

Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z

invalid seek

Windows.UI.Xaml.DataTemplate

ShowResults

Repair

{xauQ

libraryType

is a directory

|$ HcN

RtlDllShutdownInProgress

punct

string too long

"Microsoft Window

??0bad_cast@@QEAA@PEBD@Z

no child process

(_^][

BlockContact

D;} }XI

__setusermatherr

Bullets

UATAUAVAWH

HeapFree

invalid string position

UWATAUAVH

9\u5L

PA^_^[]

no message available

1http://www.microsoft.com/PKI/docs/CPS/default.htm0@

currentContextId

GetTickCount

T$PE3

fA96u

.CRT$XIY

A^A]A\_^

L$@H3

]va8+y

Keyboard

ms-appx:///View/MainPage.xaml

?CreateException@Exception@Platform@@SAPE$AAV12@H@Z

Windows.Foundation.Collections.IObservableVector`1<String>

ImagePlaceholderVisibility

UWAVH

regex_error(error_parse)

E9w ~/L

MultiByteToWideChar

@8yPt

Q7Uwa-9u

\$hI;

??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z

Windows.System.Launcher

@VWAVH

connection_reset

EventSetInformation

Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z

Refresh

Chttp://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl0a

??1bad_cast@@UEAA@XZ

UWAUAVAWH

OutputDebugStringW

CtH;K

RepeatOne

stoi argument out of range

@SVWAVAWH

ReturnHr

gWindows.System.Threading.WorkItemHandler

space

Windows.Foundation.Collections.IIterator`1<AddSuggestedFoldersToLibraryDialog.ThumbnailVM>

.?AV<lambda_8ca362f1df21a0655501e114c09a47cb>@@

_ismbblead

UnFavorite

A^_^[

ThumbnailVisiblity

@8,1u

@SUVWATAVAWH

WATAUAVAWH

VWATAUAVH

SUVWH

.?AV<lambda_7dbfe4b53791f5d12ea6d1aace3b0249>@@

fD9t]

$`2X`F

.?AV?$WriteOnlyArray@PE$AAVString@Platform@@$00@Platform@@

tvA;_(siI

.PE$AAUIPrintable@Details@Platform@@

A_A^A]A\_

.CRT$XCAA

Platform.?$WriteOnlyArray@PE$AAVString@Platform@@$00

?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z

CoGetInterfaceAndReleaseStream

Windows.UI.Xaml.Controls.Frame

Windows.Foundation.PropertyValue

?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z

ReleaseSRWLockShared

\$ UH

D$xH!D$0L

Windows.UI.Xaml.Controls.UserControl

connection already in progress

no message

L9{0t#H

.00cfg

^\s+|\s*,\s*|\s+$

@SUVWH

FailFast

Windows.UI.Xaml.Controls.Symbol

T$0E3

http://www.microsoft.com/windows0

LikeDislike

CompanyName

.PE$AAVDisconnectedException@Platform@@

Windows.Foundation.Collections.IVectorView`1<AddSuggestedFoldersToLibraryDialog.FolderSuggestionVM>

Forward

GetCurrentThreadId

ContactInfo

@A_A^_

__getmainargs

Important

Permissions

Platform.?$WriteOnlyArray@VXmlnsDefinition@Markup@Xaml@UI@Windows@@$00

u HcA<H

@SVWATAUAVAWH

calloc

L$HM;

message_size

GetProcessHeap

Sleep

$$vu!

AlignCenter

.PE$AAVObject@Platform@@

t$ UWATAVAWH

Ipbad locale name

@SUVWAVAWH

jcY7.

T$0H+

l$`E3

value too large

@SVATAUAWH

)Microsoft Root Certificate Authority 20100

WindowsGetStringLen

RegOpenKeyExW

H9_Hs<

ReleaseSemaphore

network_unreachable

CreateEventExW

D9{ u

PA_A^A]A\_^]

l$ VWAVH

D$HH!\$@H

??_U@YAPEAX_K@Z

?what@exception@@UEBAPEBDXZ

USVWAVH

D$8H;

.?AVtask_canceled@pplx@@

(null Message)

L$ SUVWH

Remote

Windows.UI.Xaml.PropertyMetadata

World

G L;'u

not supported

|hK,_

??0exception@@QEAA@AEBQEBD@Z

wcsrchr

LeaveChat

I9<$t

D$PE3

??0FailureException@Platform@@QE$AAA@PE$AAVString@1@@Z

network_down

CA^_^]

?__abi_WinRTraiseNotImplementedException@@YAXXZ

memmove

?__abi_FailFast@@YAXXZ

?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z

(caller: %p)

?__abi_WinRTraiseDisconnectedException@@YAXXZ

L$PH;

interrupted

LoadingThumbnail

strchr

_callnewh

lower

250701214655Z0|1

__set_app_type

CellPhone

040904B0

D9w tJH

.rdata$zETW2

Windows.Foundation.IReferenceArray`1<String>

regex_error(error_space): There was insufficient memory to convert the expression into a finite state machine.

wcstol

Windows.Foundation.Collections.IIterator`1<Windows.UI.Xaml.Markup.IXamlMetadataProvider>

wcslen

229879+4379540

@USVWAVH

wrong_protocol_type

too many symbolic link levels

FolderPathCommand

not enough memory

AcquireSRWLockShared

WindowsDeleteString

DisconnectDrive

Document

|$0I;

HcA<H

__crtLCMapStringW

H9QPtc8QLu.H

.?AVbad_alloc@std@@

A_A^A]A\_^]

A_A^]

Windows.UI.Xaml.Application

Priority

PreviewLink

ext-ms-win-shell32-shellfolders-l1-1-0.dll

filename_too_long

Windows.UI.Xaml.Controls.Page

InitOnceComplete

f9)uBH

20180915013113.206Z0

D$8fH

operation_would_block

WideCharToMultiByte

RegQueryValueExW

@SVWH

A_A^_^[

VWAUAVAWH

20180916005723Z0s09

VarFileInfo

:P:(Tu!

_fmode

BrowsePhotos

no such file or directory

tMfD91u@H

Windows.Storage.Pickers.FolderPicker

TUUUUUU

()$^.*+?[]|\-{},:=!

video

_vsnwprintf

api-ms-win-core-libraryloader-l1-2-0.dll

tjH+9L

D9z4u

?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z

@8~(u'A

AddSuggestedFoldersToLibraryDialog.App

Rotate

MainTitleMusic

Local\SM0:%d:%d:%hs

address family not supported

L$PE3

td@85

stream timeout

Windows.UI.Xaml.Media.ImageSource

T$(L+)3

api-ms-win-core-winrt-string-l1-1-0.dll

FormatMessageW

module

regex_error(error_complexity): The complexity of an attempted match against a regular expression exceeded a pre-set level.

?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ

@WAVAWH

Platform.?$WriteOnlyArray@PE$AAUIXamlMetadataProvider@Markup@Xaml@UI@Windows@@$00

AddSuggestedFoldersToLibraryDialog.pdb

A_A^A]A\_

FolderThumbnails

t$PfD

10.0.17763.1 (WinBuild.160101.0800)

BackToWindow

?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z

D9&tZA

M7L9;t]H9

DeleteCriticalSection

RtlCaptureContext

AddSuggestedFoldersToLibraryDialog.NullableBoolConverter

__ExceptionPtrCreate

minATL$__z

Comment

x ATAVAWH

regex_error(error_syntax)

io error

t{HcL$ HcD$$H

.?AV?$Module@$04VInProcModule@Details@Platform@@@WRL@Microsoft@@

Windows.UI.Xaml.PropertyChangedCallback

operation canceled

AddSuggestedFoldersToLibraryDialog

__ExceptionPtrRethrow

Emoji

ToolTip

9{tu"

Windows.Foundation.TypedEventHandler`2<Windows.UI.Core.CoreWindow, Windows.UI.Core.KeyEventArgs>

A_A^_

f#D$@H

Microsoft Corporation1200

?GetCmdArguments@Details@Platform@@YAPEAPEA_WPEAH@Z

d$HfD

ActivityError

Washington1

regex_error(error_backref): The expression contained an invalid back reference.

CH}#6%

Rename

then() cannot be called on a default constructed task.

A_A^A\

?__abi_WinRTraiseFailureException@@YAXXZ

Volume

D$0H;

invalid_argument

SetTile

api-ms-win-core-processthreads-l1-1-0.dll

Windows.Foundation.IReference`1<Boolean>

@USVWATAVAWH

(t$@H

Microsoft.Windows.Shell.AddSuggestedFoldersToLibraryDialog

SystemBaseHighColor

A_A^A]_^

t6D8l$

Windows.Foundation.IReferenceArray`1<AddSuggestedFoldersToLibraryDialog.FolderSuggestionVM>

ReleaseSRWLockExclusive

?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z

D9d$H}7L

t>y&H

RtlLookupFunctionEntry

HcO0H

.8SLu

[%hs(%hs)]

Pictures

QueryPerformanceCounter

.PE$AAUIEquatable@Details@Platform@@

regex_error(error_ctype): The expression contained an invalid character class name.

??0FailureException@Platform@@QE$AAA@XZ

threadId

t$0E3

msvcrt.dll

StringFileInfo

oP:(T

api-ms-win-core-handle-l1-1-0.dll

?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ

.?AVModuleBase@Details@WRL@Microsoft@@

@8ypt

L$PfD

already_connected

MailReplyAll

.?AV<lambda_e6a5498443bbb3e63f504805e1874ade>@@

.text$mn

?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z

broken pipe

D$XE3

Setting

;M$|DI

\$@L+

failureId

setlocale

Platform.String

SaveLocal

protocol error

tH9XPu

Directions

.?AV<lambda_cbab440bccae464812cdd59c3df3cd5d>@@

text file busy

d:\os\public\amd64fre\internal\sdk\inc\wil\resource.h

X_^][

DecodePointer

Klqto%

EventWriteTransfer

Microsoft Operations Puerto Rico1'0%

?InitializeData@Details@Platform@@YAJH@Z

AddSuggestedFoldersToLibraryDialog.__MainPageVMActivationFactory

Windows.Foundation.IReference`1<Windows.UI.Color>

.?AV<lambda_06bbf0d62e40fd5650b4936be636ee17>@@

Windows.Foundation.Collections.IIterator`1<String>

fD94X

L$`H3

address_family_not_supported

D$@E3

@A_A^_^[

ZoomIn

TouchPointer

?__abi_WinRTraiseCOMException@@YAXJ@Z

?__abi_WinRTraiseOutOfMemoryException@@YAXXZ

Windows.Foundation.Collections.IObservableVector`1<Windows.UI.Xaml.Markup.IXamlMetadataProvider>

WindowsGetStringRawBuffer

Windows.Storage.IStorageFolder

`A^^]

timed out

8A^_^[

IsDebuggerPresent

>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0

tAy&H

EventActivityIdControl

HA_A^A]A\_^][

`A_A^A\_^

iSHp6

.rdata$zETW1

Platform.?$WriteOnlyArray@PE$AAVFolderSuggestionVM@AddSuggestedFoldersToLibraryDialog@@$00

Bookmarks

Italic

??1exception@@UEAA@XZ

ThreeBars

permission denied

RtlVirtualUnwind

|$ UH

??3@YAXPEAX@Z

pA_A^_^]

RaiseFailFastException

state not recoverable

regex_error(error_escape): The expression contained an invalid escaped character, or a trailing escape.

Collapsed

AddSuggestedFoldersToLibraryDialog.addsuggestedfolderstolibrarydialog_XamlTypeInfo.XamlMetaDataProvider

AutomaticSuggestion

.?AV<lambda_84e7db6d6437c81532112a123280eaf7>@@

.CRT$XCA

.?AV_Interruption_exception@details@pplx@@

.PEAX

MainQuestionVideo

.?AV<lambda_c059ee218df640472f2e12e30f4a9a7d>@@

.PE$AAVCOMException@Platform@@

A^A]A\_]

Windows.UI.Xaml.Markup.IXamlType2

.?AV<lambda_07b0f5a5e6fb07f2975c05a3080de350>@@

SolidStar

PostUpdate

?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z

T$8H!\$8

UnhandledExceptionFilter

9\u5H

operation in progress

EventUnregister

U0S0Q

Microsoft Time-Stamp Service0

t>y#H

currentContextName

@SUVWATAUAVAWH

UnSyncFolder

AddSuggestedFoldersToLibraryDialog.SelectionChangedDelegate

DockBottom

_free_locale

^^ !"#$%&'()*+,-./01234567^^^^^^^^^^^^^^^^^^^^^^^^^^^89:;<=>?@ABCDEFGHIJKLMNOP^QRSTUVWXYZ[\]

MainTitlePictures

Microphone

SetLockScreen

VS_VERSION_INFO

M'L9?t]H9

api-ms-win-core-synch-l1-2-0.dll

|$ M;

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_

3Illegal to wait on a task in a Windows Runtime STA

A_A^_^]

filename too long

?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z

DisableUpdates

.CRT$XCZ

\$(H;

digit

map/set<T> too long

currentContextMessage

Exception

`A^_^[]

CalendarReply

too_many_files_open

SelectAll

RoFailFastWithErrorContext

.?AV?$Module@$00VInProcModule@Details@Platform@@@WRL@Microsoft@@

SyncFolder

ImportAll

.data

nCipher NTS ESN:57F6-C1E0-554C1+0)

AddSuggestedFoldersToLibraryDialog.PathCalculator

ShowBcc

Windows.UI.Xaml.DependencyPropertyChangedCallback

180823202645Z

ZoomOut

device or resource busy

t$@fD90u

memset

_XamlTypeInfo.InfoProvider.XamlMember

[%hs]

?__abi_WinRTraiseOutOfBoundsException@@YAXXZ

unknown error

pA_A]A\^[

Windows.Foundation.Collections.IObservableVector`1<AddSuggestedFoldersToLibraryDialog.FolderSuggestionVM>

result out of range

XamlTypeInfo.InfoProvider.XamlSystemBaseType

\$ UVWAVAWH

GetProcAddress

t"D8=B

8AddSuggestedFoldersDialogSession

ProductName

Richk

.PE$AAVException@Platform@@

Microsoft Corporation1.0,

?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z

t$@L;

.idata$6

D$`E3

api-ms-win-core-heap-l1-1-0.dll

no such process

ActivityIntermediateStop

Microsoft Time-Stamp Service

L$ Mc

Windows.UI.Xaml.DependencyProperty

@A_A^_^]

D$HE3

H;0u'L

wincorlib.DLL

C0E8x

not_a_socket

.CRT$XCC

bad_file_descriptor

t]fD9#tWH

__pctype_func

FailedThumbnails

Contact2

HangUp

PA^_^

ClosePane

CHD1p

Windows.Foundation.Collections.IObservableVector`1<AddSuggestedFoldersToLibraryDialog.ThumbnailVM>

>[InitializeFolderSuggestion

FileVersion

AllApps

MapDrive

cY7.L

L$hH3

?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z

.?AVlength_error@std@@

Microsoft Corporation1&0$

SVWAVH

1(0&0

Windows.UI.Xaml.Media.Imaging.BitmapImage

180703204550Z

Windows.UI.Xaml.Markup.XamlBindingHelper

regex_error(error_brace): The expression contained mismatched { and }.

t$HL+7I

t$ E3

WindowsConcatString

wilResult

bad address

TotalThumbnails

UAVAWH

A_A^_

memcpy_s

operation not permitted

Delete

FullScreen

CompareStringOrdinal

?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z

0A_A^_^[

DsuggestionKind

?__abi_WinRTraiseInvalidCastException@@YAXXZ

OtherUser

ClearSelection

Platform::Exception^: %ws

.?AUIDisposable@Platform@@

MapPin

Ehttp://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt0

Windows.Foundation.IReference`1<UInt32>

WindowsCreateString

UInt32

CoTaskMemAlloc

CreateMutexExW

L$XL+

Windows.Foundation.Collections.IVectorChangedEventArgs

EventRegister

Windows.UI.Core.CoreWindow

_wcsdup

ZeroBars

D9d$H}=L

@UVWH

D9d$H

A_A^_^]

Upload

.?AVout_of_range@std@@

HeapAlloc

A_A^A\_^

minATL$__r

0A__^

destination address required

SVWAVAWH

file exists

L$pH3

H3E H3E

InternalName

InitializeFolderSuggestion

VideoChat

malloc

9\u<H

api-ms-win-core-profile-l1-1-0.dll

.rsrc$02

FolderPlaceholderVisibility

_unlock

iostream

AddSuggestedFoldersDialogSession

Platform.Guid

DfailedThumbnailCount

wrong protocol type

XamlBindingInfo.XamlBindings

String

H98u2H

.text$di

58_Lu

ProtectedDocument

|=HcF

originatingContextMessage

VWATAVAWH

D8"u3H

SwitchApps

bad message

L$(H3

"Microsoft Time Source Master Clock0

GetCurrentProcessId

L$XH3

Windows.Storage.Search.QueryOptions

I0G1-0+

??0InvalidArgumentException@Platform@@QE$AAA@XZ

@8y@t

.rdata$zETW0

argument list too long

host unreachable

?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z

network_reset

L$(M;

.?AUIValueType@Platform@@

Switch

@8yht

WaitForSingleObjectEx

regex_error

iostream stream error

DclosestKnownFolderParent

Audio

MainTitleVideo

.?AV<lambda_cdc646561116cd7a9091e5cd2a6888a8>@@

Windows.UI.Xaml.Window

Underline

Message

Windows.Foundation.Collections.IVectorView`1<String>

Contact

??0Object@Platform@@QE$AAA@XZ

Windows.UI.Xaml.Data.PropertyChangedEventArgs

bad file descriptor

WindowsDuplicateString

regex_error(error_paren): The expression contained mismatched ( and ).

no such device or address

CoTaskMemFree

,dvg/azijP39ZAt9eUfoHSGdZQDoR+TEF3Mqz7rKxRn4=0Z

.CRT$XIZ

address_in_use

.?AVinvalid_argument@std@@

abort

InitializeCriticalSectionEx

EncodePointer

!This program cannot be run in DOS mode.

Msg:[%ws]

@A^_^

Windows.Foundation.AsyncOperationCompletedHandler`1<Windows.Storage.FileProperties.StorageItemThumbnail>

already connected

api-ms-win-eventing-provider-l1-1-0.dll

?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z

Favorite

get() cannot be called on a default constructed task.

Redmond1

>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0

?__abi_WinRTraiseWrongThreadException@@YAXXZ

D9e t

A^_^[]

FontIncrease

Windows.UI.Xaml.Controls.Primitives.ToggleButton

AddSuggestedFoldersToLibraryDialog.MainPage_obj12_BindingsTracking

PopulateThumbnails

__crtCompareStringW

api-ms-win-core-synch-l1-1-0.dll

.?AV<lambda_763529b0c7473cbc215a52d189ac9b18>@@

?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z

D$ fD

L9{@u

OpenSemaphoreW

Remove

file too large

r~akow

not a socket

FallbackError

f9H\u

EnterCriticalSection

.CRT$XCU

___lc_collate_cp_func

.?AV<lambda_068970ea21c3494a04fa937e8aac0ecf>@@

_errno

Windows.UI.Xaml.Data.PropertyChangedEventHandler

Target

SystemAltHighColor

GtH;O

graph

%hs(%d) tid(%x) %08X %ws

oK0D$"<

Windows.Foundation.IReferenceArray`1<Windows.UI.Xaml.Markup.XmlnsDefinition>

D9d$H}lH

AddSuggestedFoldersToLibraryDialog.addsuggestedfolderstolibrarydialog_XamlTypeInfo.__XamlMetaDataProviderActivationFactory

`A_A^_^]

GetCurrentProcess

Library

fileName

d$ E3

People

v(A;]4|

:\u5L

not a stream

Manage

D$8E3

L9o@t

.?AVResultException@wil@@

9t$p~;H

Windows.UI.Xaml.ApplicationInitializationCallback

Account

Hc_4A;]4}CH

Translation

Orientation

?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z

Windows.Foundation.Collections.IVectorView`1<Windows.UI.Xaml.Markup.IXamlMetadataProvider>

FolderLinkToolTip

A_A^A]A\_^]

alnum

operation_not_supported

AlignLeft

d:\os\public\amd64fre\internal\sdk\inc\wil\result.h

WilError_02

AddFriend

wI9<$t

??_V@YAXPEAX@Z

.?AV?$Array@PE$AAVString@Platform@@$00@Platform@@

address_not_available

|$8I;

]/qNnN

??0NotImplementedException@Platform@@QE$AAA@XZ

ProductVersion

Visible

.PE$AAVOutOfMemoryException@Platform@@

tHfD91u;H

.?AU?$IBoxArray@PE$AAVString@Platform@@@Platform@@

__CxxFrameHandler3

OpenLocal

connection_refused

_onexit

.CRT$XIAA

Dislike

H;}PH

no_protocol_option

191123202645Z0

A_A^A\_^[]

failureType

tB;^(s6I

` AVH

L9w(A

Windows

function not supported

Windows.Foundation.IReference`1<Windows.UI.Xaml.Controls.Symbol>

hresult

%efR\

??0DisconnectedException@Platform@@QE$AAA@XZ

8A_A^_^][

invalid argument

no such device

.idata$2

HcGHH

??0Delegate@Platform@@QE$AAA@XZ

api-ms-win-core-debug-l1-1-0.dll

x AVH

.CRT$XCL

Cancel

.?AVObject@Platform@@

illegal byte sequence

AddSuggestedFoldersToLibraryDialog.__ThumbnailVMActivationFactory

FolderLinkAutomationName

AddSuggestedFoldersToLibraryDialog.MainPage

PlaceholderSymbol

.?AV<lambda_690a7cf74328f8ce88066822a0ac4b5d>@@

.xdata

.gfids

Windows.UI.Core.DispatchedHandler

\$`H;

t$@H!t$0L

190726204550Z0p1

??0exception@@QEAA@AEBV0@@Z

%hs(%d)\%hs!%p:

Operating System

HideBcc

N0L0J

vector<T> too long

GetModuleHandleExW

_cexit

;cY7.u'

ContactPresence

@VWAWH

pA_A^A\_^[]

CalendarDay

H;}`H

t$ WATAUAVAWH

GetLastError

_commode

@USVWATAUAVAWH

UWAWH

image

LogHr

_amsg_exit

??0bad_cast@@QEAA@AEBV0@@Z

TwoBars

?terminate@@YAXXZ

.?AVinvalid_operation@pplx@@

Windows.Foundation.AsyncOperationCompletedHandler`1<Windows.Storage.StorageFolder>

A8y(t&I

AddSuggestedFoldersToLibraryDialog.FolderSuggestionKind

AddSuggestedFoldersToLibraryDialog.__FolderSuggestionVMActivationFactory

.?AV<lambda_20fa939fdd5f76b0d47d0ce1e54a0144>@@

WindowsCompareStringOrdinal

L$HL;

no_buffer_space

}0tIH

Windows.UI.Xaml.UIElement

invalid stoi argument

D$(A;

api-ms-win-core-winrt-error-l1-1-1.dll

A_A^A]A\]

A_A^A]_]

InitOnceBeginInitialize

RelativeParentDepth

`.rdata

L;0u*H

D$@H;

RegQueryInfoKeyW

RegCloseKey

|$ UATAUAVAWH

regex_error(error_brack): The expression contained mismatched [ and ].

9S|ucH

lineNumber

XboxOneConsole

PE Information

Image Base	Entry Point	Reported Checksum	Actual Checksum	Minimum OS Version	PDB Path	Compile Time	Import Hash
0x140000000	0x00064b90	0x000c44dc	0x000c44dc	6.0	AddSuggestedFoldersToLibraryDialog.pdb	2018-09-15 00:57:23	c113327e3e79600a6d4f880ed531f429

Version Infos

CompanyName	Microsoft Corporation
FileDescription	AddSuggestedFoldersToLibraryDialog
FileVersion	10.0.17763.1 (WinBuild.160101.0800)
InternalName	AddSuggestedFoldersToLibraryDialog
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	AddSuggestedFoldersToLibraryDialog.exe
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion	10.0.17763.1
Translation	0x0409 0x04b0

Sections

Name	RAW Address	Virtual Address	Virtual Size	Size of Raw Data	Characteristics	Entropy
.text	0x00000400	0x00001000	0x0006d7cc	0x0006d800	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.25
.rdata	0x0006dc00	0x0006f000	0x00035910	0x00035a00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.66
.data	0x000a3600	0x000a5000	0x00009b68	0x00009000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	4.05
.pdata	0x000ac600	0x000af000	0x00006e4c	0x00007000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.82
.rsrc	0x000b3600	0x000b6000	0x00000480	0x00000600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	2.67
.reloc	0x000b3c00	0x000b7000	0x00002280	0x00002400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	5.40

Overlay

Offset	0x000b6000
Size	0x00002208

Name	Offset	Size	Language	Sub-language	Entropy	File type
RT_VERSION	0x000b6060	0x0000041c	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.44	None

Imports

Name	Address
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z	0x14006f588
?__abi_FailFast@@YAXXZ	0x14006f590
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z	0x14006f598
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z	0x14006f5a0
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z	0x14006f5a8
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ	0x14006f5b0
?__abi_WinRTraiseNotImplementedException@@YAXXZ	0x14006f5b8
?__abi_WinRTraiseInvalidCastException@@YAXXZ	0x14006f5c0
?__abi_WinRTraiseNullReferenceException@@YAXXZ	0x14006f5c8
?__abi_WinRTraiseOperationCanceledException@@YAXXZ	0x14006f5d0
?__abi_WinRTraiseFailureException@@YAXXZ	0x14006f5d8
?__abi_WinRTraiseAccessDeniedException@@YAXXZ	0x14006f5e0
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ	0x14006f5e8
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ	0x14006f5f0
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ	0x14006f5f8
?__abi_WinRTraiseChangedStateException@@YAXXZ	0x14006f600
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ	0x14006f608
?__abi_WinRTraiseWrongThreadException@@YAXXZ	0x14006f610
?__abi_WinRTraiseDisconnectedException@@YAXXZ	0x14006f618
?__abi_WinRTraiseObjectDisposedException@@YAXXZ	0x14006f620
?InitializeData@Details@Platform@@YAJH@Z	0x14006f628
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z	0x14006f630
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z	0x14006f638
?Free@Heap@Details@Platform@@SAXPEAX@Z	0x14006f640
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z	0x14006f648
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ	0x14006f650
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z	0x14006f658
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z	0x14006f660
?UninitializeData@Details@Platform@@YAXH@Z	0x14006f668
??0Object@Platform@@QE$AAA@XZ	0x14006f670
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z	0x14006f678
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z	0x14006f680
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z	0x14006f688
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z	0x14006f690
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z	0x14006f698
??0FailureException@Platform@@QE$AAA@PE$AAVString@1@@Z	0x14006f6a0
?__abi_WinRTraiseCOMException@@YAXJ@Z	0x14006f6a8
??0NotImplementedException@Platform@@QE$AAA@XZ	0x14006f6b0
??0Delegate@Platform@@QE$AAA@XZ	0x14006f6b8
??0DisconnectedException@Platform@@QE$AAA@XZ	0x14006f6c0
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z	0x14006f6c8
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z	0x14006f6d0
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z	0x14006f6d8
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z	0x14006f6e0
??0NullReferenceException@Platform@@QE$AAA@XZ	0x14006f6e8
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z	0x14006f6f0
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z	0x14006f6f8
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z	0x14006f700
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z	0x14006f708
??0OutOfMemoryException@Platform@@QE$AAA@XZ	0x14006f710
??0FailureException@Platform@@QE$AAA@XZ	0x14006f718
??0OutOfBoundsException@Platform@@QE$AAA@XZ	0x14006f720
??0ChangedStateException@Platform@@QE$AAA@XZ	0x14006f728
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z	0x14006f730
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z	0x14006f738
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z	0x14006f740
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z	0x14006f748
??0InvalidArgumentException@Platform@@QE$AAA@XZ	0x14006f750
?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z	0x14006f758
??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z	0x14006f760
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ	0x14006f768
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z	0x14006f770
?GetCmdArguments@Details@Platform@@YAPEAPEA_WPEAH@Z	0x14006f778

Name	Address
EventWriteTransfer	0x14006f2f8
EventUnregister	0x14006f300
EventRegister	0x14006f308
EventSetInformation	0x14006f310
EventActivityIdControl	0x14006f318

Name	Address
GetModuleHandleW	0x14006f0b8
GetModuleHandleExW	0x14006f0c0
GetProcAddress	0x14006f0c8
GetModuleFileNameA	0x14006f0d0

Name	Address
FormatMessageW	0x14006f0e0

Name	Address
GetCurrentProcess	0x14006f0f0
GetCurrentProcessId	0x14006f0f8
TerminateProcess	0x14006f100
GetCurrentThreadId	0x14006f108
GetStartupInfoW	0x14006f110

Name	Address
HeapFree	0x14006f098
GetProcessHeap	0x14006f0a0
HeapAlloc	0x14006f0a8

Name	Address
IsDebuggerPresent	0x14006f040
OutputDebugStringW	0x14006f048
DebugBreak	0x14006f050

Name	Address
SetLastError	0x14006f060
GetLastError	0x14006f068
SetUnhandledExceptionFilter	0x14006f070
UnhandledExceptionFilter	0x14006f078

Name	Address
CloseHandle	0x14006f088

Name	Address
ReleaseMutex	0x14006f188
ReleaseSemaphore	0x14006f190
WaitForSingleObject	0x14006f198
OpenSemaphoreW	0x14006f1a0
CreateMutexExW	0x14006f1a8
ReleaseSRWLockExclusive	0x14006f1b0
InitializeCriticalSection	0x14006f1b8
CreateSemaphoreExW	0x14006f1c0
CreateEventExW	0x14006f1c8
EnterCriticalSection	0x14006f1d0
LeaveCriticalSection	0x14006f1d8
InitializeCriticalSectionEx	0x14006f1e0
SetEvent	0x14006f1e8
ResetEvent	0x14006f1f0
AcquireSRWLockShared	0x14006f1f8
DeleteCriticalSection	0x14006f200
WaitForSingleObjectEx	0x14006f208
AcquireSRWLockExclusive	0x14006f210
ReleaseSRWLockShared	0x14006f218

Name	Address
InitOnceComplete	0x14006f228
Sleep	0x14006f230
InitOnceBeginInitialize	0x14006f238

Name	Address
CoTaskMemAlloc	0x14006f000
CoTaskMemFree	0x14006f008
CoGetInterfaceAndReleaseStream	0x14006f010
CoMarshalInterThreadInterfaceInStream	0x14006f018
CoGetApartmentType	0x14006f020
CoGetObjectContext	0x14006f028
CoCreateFreeThreadedMarshaler	0x14006f030

Name	Address
SHGetKnownFolderPath	0x14006f328

Name	Address
GetStringTypeW	0x14006f160
MultiByteToWideChar	0x14006f168
WideCharToMultiByte	0x14006f170
CompareStringOrdinal	0x14006f178

Name	Address
RegOpenKeyExW	0x14006f130
RegEnumKeyExW	0x14006f138
RegQueryInfoKeyW	0x14006f140
RegCloseKey	0x14006f148
RegQueryValueExW	0x14006f150

Name	Address
DecodePointer	0x14006f260
EncodePointer	0x14006f268

Name	Address
RoOriginateError	0x14006f278
RoFailFastWithErrorContext	0x14006f280
SetRestrictedErrorInfo	0x14006f288

Name	Address
RoReportUnhandledError	0x14006f298

Name	Address
WindowsGetStringRawBuffer	0x14006f2a8
WindowsGetStringLen	0x14006f2b0
WindowsIsStringEmpty	0x14006f2b8
WindowsDuplicateString	0x14006f2c0
WindowsDeleteString	0x14006f2c8
WindowsCreateStringReference	0x14006f2d0
WindowsCreateString	0x14006f2d8
WindowsConcatString	0x14006f2e0
WindowsCompareStringOrdinal	0x14006f2e8

Name	Address
_free_locale	0x14006f338
_get_current_locale	0x14006f340
__crtCompareStringW	0x14006f348
_wcsdup	0x14006f350
abort	0x14006f358
___lc_collate_cp_func	0x14006f360
calloc	0x14006f368
__pctype_func	0x14006f370
___lc_codepage_func	0x14006f378
___lc_handle_func	0x14006f380
__crtLCMapStringW	0x14006f388
___mb_cur_max_func	0x14006f390
setlocale	0x14006f398
memmove	0x14006f3a0
memcpy	0x14006f3a8
??0exception@@QEAA@AEBQEBDH@Z	0x14006f3b0
_callnewh	0x14006f3b8
__CxxFrameHandler3	0x14006f3c0
_vsnwprintf	0x14006f3c8
memcpy_s	0x14006f3d0
_vsnprintf_s	0x14006f3d8
??0exception@@QEAA@XZ	0x14006f3e0
??1exception@@UEAA@XZ	0x14006f3e8
??3@YAXPEAX@Z	0x14006f3f0
wcsstr	0x14006f3f8
??0exception@@QEAA@AEBV0@@Z	0x14006f400
_purecall	0x14006f408
??_U@YAPEAX_K@Z	0x14006f410
??_V@YAXPEAX@Z	0x14006f418
__ExceptionPtrDestroy	0x14006f420
__ExceptionPtrCopy	0x14006f428
__ExceptionPtrRethrow	0x14006f430
__ExceptionPtrCurrentException	0x14006f438
__ExceptionPtrCreate	0x14006f440
?terminate@@YAXXZ	0x14006f448
_errno	0x14006f450
wcstol	0x14006f458
?what@exception@@UEBAPEBDXZ	0x14006f460
??0exception@@QEAA@AEBQEBD@Z	0x14006f468
wcsrchr	0x14006f470
??0bad_cast@@QEAA@AEBV0@@Z	0x14006f478
??1bad_cast@@UEAA@XZ	0x14006f480
??0bad_cast@@QEAA@PEBD@Z	0x14006f488
free	0x14006f490
strchr	0x14006f498
realloc	0x14006f4a0
memset	0x14006f4a8
wcslen	0x14006f4b0
_CxxThrowException	0x14006f4b8
??1type_info@@UEAA@XZ	0x14006f4c0
_lock	0x14006f4c8
_unlock	0x14006f4d0
__dllonexit	0x14006f4d8
__C_specific_handler	0x14006f4e0
_onexit	0x14006f4e8
_XcptFilter	0x14006f4f0
_amsg_exit	0x14006f4f8
__getmainargs	0x14006f500
__set_app_type	0x14006f508
exit	0x14006f510
_exit	0x14006f518
_cexit	0x14006f520
_ismbblead	0x14006f528
__setusermatherr	0x14006f530
_initterm	0x14006f538
_acmdln	0x14006f540
_fmode	0x14006f548
_commode	0x14006f550
malloc	0x14006f558

Name	Address
RtlCaptureContext	0x14006f568
RtlVirtualUnwind	0x14006f570
RtlLookupFunctionEntry	0x14006f578

Name	Address
QueryPerformanceCounter	0x14006f120

Name	Address
GetSystemTimeAsFileTime	0x14006f248
GetTickCount	0x14006f250

Reports: JSON

Statistics (0.97)

Usage

Processing ( 0.91 seconds )

0.895 CAPE
0.008 BehaviorAnalysis
0.007 AnalysisInfo
0.001 Debug

Signatures ( 0.06 seconds )

0.008 ransomware_files
0.006 antiav_detectreg
0.005 antianalysis_detectfile
0.005 ransomware_extensions
0.003 territorial_disputes_sigs
0.003 ursnif_behavior
0.002 antiav_detectfile
0.002 infostealer_ftp
0.002 infostealer_im
0.002 poullight_files
0.001 banker_zeus_p2p
0.001 bot_drive
0.001 bot_drive2
0.001 antianalysis_detectreg
0.001 antivm_vbox_files
0.001 antivm_vbox_keys
0.001 geodo_banking_trojan
0.001 browser_security
0.001 disables_backups
0.001 disables_browser_warn
0.001 disables_power_options
0.001 azorult_mutexes
0.001 infostealer_bitcoin
0.001 cryptbot_files
0.001 echelon_files
0.001 infostealer_mail
0.001 masquerade_process_name
0.001 revil_mutexes
0.001 modirat_behavior

Reporting ( 0.00 seconds )

0.002 CAPASummary
0.001 JsonDump

Signatures

The PE file contains a PDB path

pdbpath: AddSuggestedFoldersToLibraryDialog.pdb

SetUnhandledExceptionFilter detected (possible anti-debug)

Anomalous binary characteristics

anomaly: Entrypoint of binary is located outside of any mapped sections

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.

Summary

C:\Windows\System32\kernel.appcore.dll
\Device\CNG

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\Diagnosis
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.PropertyMetadata\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount

Local\SM0:4660:304:WilStaging_02

No results

Sorry! No behavior.

Sorry! No strace.

Sorry! No tracee.

No hosts contacted.

No TCP connections recorded.

No UDP connections recorded.

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

Sorry! No dropped files.

Sorry! No process dumps.