Query.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Query.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
Query.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
Query.dll
-
Size
1.3MB
-
MD5
63b282fb2550893724647a359ba2323f
-
SHA1
410179880e8fde095a5a10d8c4f94daf5eaec256
-
SHA256
578899a358a571c6addf178b6ec3392f2b5945a352b132fda526950535389157
-
SHA512
2ed3b46abfa8bc3d27070d22cf76d53f563f653b5f338875df0fab1d7e7322bfe472bf829224145a8fa9b155ebc373dd92a7ffa4e63dbeff66ca54b0a0b8a84b
-
SSDEEP
24576:1p5c7zB0n6Gs9DvGNBDMrRCzGZ5YYe3tno9AKvEYWRwniBbMxYY:vkzOXsJGNYjPYYedno9AKvEYWRwniBbm
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Query.dll
Files
-
Query.dll.dll regsvr32 windows:6 windows x86 arch:x86
7846b898cf232fcc18ddbf8f833be8fa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
isdigit
_ftol2
wcsrchr
_wcsnicmp
wcsstr
memmove
wcstoul
wcstombs
_wsplitpath_s
_wcsicmp
wcschr
memcpy
_CxxThrowException
wcscpy_s
memset
__CxxFrameHandler3
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
qsort
_strnicmp
wcscspn
_vsnwprintf
fclose
feof
fgets
wcstol
iswspace
swscanf
wcstod
iswdigit
towlower
_wcsupr
isxdigit
toupper
strchr
strtoul
towupper
isalpha
wcsspn
_wfopen
_itow
_errno
iswalpha
bsearch
_wcslwr
_ftol2_sse
malloc
realloc
free
_ultow
wcsncmp
strcspn
_vsnprintf
_XcptFilter
_initterm
_amsg_exit
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_stricmp
ntdll
RtlNtStatusToDosError
RtlUnicodeStringToOemString
RtlOemStringToUnicodeString
RtlInitUnicodeString
NtDeviceIoControlFile
NtFsControlFile
RtlFreeHeap
NtCreateFile
RtlDosPathNameToNtPathName_U
NtOpenKey
NtNotifyChangeKey
RtlQueryRegistryValues
RtlUpcaseUnicodeChar
RtlInitAnsiString
NtQueryInformationToken
NtOpenThreadToken
NtOpenProcessToken
NtQueryVolumeInformationFile
NtOpenFile
VerSetConditionMask
NtQueryInformationFile
NtQueryDirectoryFile
NtCancelIoFile
NtNotifyChangeDirectoryFile
NtQuerySecurityObject
NtQueryInformationProcess
NtWaitForSingleObject
NtCreateEvent
NtSetInformationFile
NtQuerySystemTime
NtQuerySystemInformation
RtlCaptureStackBackTrace
ord1
NtDuplicateToken
NtClose
user32
UnregisterDeviceNotification
PeekMessageW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetLastInputInfo
RegisterDeviceNotificationW
rpcrt4
NdrCStdStubBuffer_Release
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
NdrDllUnregisterProxy
NdrDllRegisterProxy
CStdStubBuffer_QueryInterface
NdrDllCanUnloadNow
NdrDllGetClassObject
UuidFromStringW
oleaut32
VariantChangeType
SafeArrayDestroy
SysFreeString
SysAllocString
SysStringByteLen
SafeArrayCopy
SafeArrayAllocData
SysAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayAllocDescriptorEx
SysStringLen
SetErrorInfo
VariantClear
VariantInit
VariantCopy
GetErrorInfo
SysAllocStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayPutElement
SafeArrayCreateVector
VarR8FromDec
VarCyFromR8
VarDecFromR8
SafeArrayCreate
VariantChangeTypeEx
shell32
SHGetDesktopFolder
shlwapi
PathFindExtensionW
ord456
ole32
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoGetClassObject
StgConvertPropertyToVariant
PropVariantClear
StgOpenStorage
PropVariantCopy
CoFileTimeNow
CoSetProxyBlanket
CreateBindCtx
FreePropVariantArray
StgPropertyLengthAsVariant
StgConvertVariantToProperty
CoUninitialize
CoInitializeEx
CoFreeUnusedLibraries
CreateStreamOnHGlobal
GetClassFile
api-ms-win-service-core-l1-1-0
SetServiceStatus
RegisterServiceCtrlHandlerExW
api-ms-win-service-winsvc-l1-1-0
QueryServiceStatus
ControlService
api-ms-win-service-management-l1-1-0
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceW
api-ms-win-service-management-l2-1-0
ChangeServiceConfigW
QueryServiceConfigW
kernel32
SetNamedPipeHandleState
GetSystemDefaultLCID
GetCPInfo
IsDBCSLeadByteEx
SwitchToThread
CreateProcessW
GetStringTypeW
GetSystemPowerStatus
GetLocalTime
LocalFileTimeToFileTime
GetThreadTimes
ReadProcessMemory
GetCurrentProcessId
GetExitCodeProcess
DuplicateHandle
OpenProcess
SetPriorityClass
GetVersionExW
QueueUserAPC
PeekNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CancelIo
DisconnectNamedPipe
ReadFileEx
WriteFileEx
WaitForMultipleObjectsEx
OpenEventW
GetSystemDirectoryW
GlobalLock
GlobalUnlock
HeapSetInformation
GetThreadPriority
WaitForMultipleObjects
SetThreadPriority
GetLogicalDrives
GetSystemTimeAsFileTime
CompareFileTime
SetProcessWorkingSetSize
GetComputerNameW
GetModuleHandleExW
VerifyVersionInfoW
OpenFileMappingW
VirtualUnlock
SleepEx
ResumeThread
SetErrorMode
InterlockedCompareExchange
GetSystemInfo
ReleaseMutex
CreateMutexW
InterlockedExchange
lstrlenA
GetCurrentThread
SearchPathW
GetCalendarInfoW
GetSystemTime
GetFileAttributesExW
WaitNamedPipeW
GetCurrentDirectoryW
CompareStringW
FoldStringW
FileTimeToSystemTime
SystemTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
CreateThread
GetCurrentThreadId
VirtualAlloc
VirtualFree
SetThreadUILanguage
GetModuleHandleW
FormatMessageW
GetUserDefaultLCID
IsValidLocale
WaitForSingleObject
LoadLibraryW
GetTickCount
SetEvent
DisableThreadLibraryCalls
GetCurrentProcess
TerminateProcess
GetLocaleInfoW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
SetLastError
WriteFile
GetFileSize
ReadFile
GetOverlappedResult
SetFilePointer
SetEndOfFile
WaitForSingleObjectEx
ResetEvent
CreateEventW
FlushFileBuffers
FlushViewOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
GlobalAlloc
GlobalFree
LocalAlloc
GetLongPathNameW
GetDriveTypeW
QueryDosDeviceW
HeapAlloc
HeapFree
HeapSize
TransactNamedPipe
SetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapCreate
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryExW
LoadLibraryA
GetModuleFileNameW
FreeLibrary
GetProcAddress
TryEnterCriticalSection
Sleep
LocalFree
GetLastError
LCMapStringW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
CreateDirectoryW
DeviceIoControl
CreateFileW
advapi32
AddAce
GetUserNameW
AddAccessAllowedAce
RegQueryInfoKeyW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
GetAclInformation
GetAce
ImpersonateNamedPipeClient
GetSecurityDescriptorLength
OpenThreadToken
LogonUserW
AccessCheck
GetNamedSecurityInfoW
SetNamedSecurityInfoW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
ImpersonateLoggedOnUser
RevertToSelf
RegOpenKeyA
RegEnumKeyW
GetLengthSid
CopySid
AllocateAndInitializeSid
FreeSid
InitializeAcl
InitializeSecurityDescriptor
RegCloseKey
SetSecurityDescriptorDacl
SetFileSecurityW
LsaNtStatusToWinError
LsaRetrievePrivateData
LsaFreeMemory
LsaOpenPolicy
LsaCreateSecret
LsaOpenSecret
LsaClose
LsaSetSecret
RegConnectRegistryW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
Exports
Exports
??0CAllocStorageVariant@@QAE@AAUtagPROPVARIANT@@AAVPMemoryAllocator@@@Z
??0CAllocStorageVariant@@QAE@AAVPDeSerStream@@AAVPMemoryAllocator@@@Z
??0CAllocStorageVariant@@QAE@PBDAAVPMemoryAllocator@@@Z
??0CAllocStorageVariant@@QAE@PBGAAVPMemoryAllocator@@@Z
??0CAllocStorageVariant@@QAE@PBU_GUID@@AAVPMemoryAllocator@@@Z
??0CAllocStorageVariant@@QAE@W4VARENUM@@KAAVPMemoryAllocator@@@Z
??0CCatState@@QAE@XZ
??0CCategorizationSet@@QAE@ABV0@@Z
??0CCategorizationSet@@QAE@I@Z
??0CCiAdminParams@@QAE@PAVCLangList@@@Z
??0CCiRegParams@@QAE@PBG@Z
??0CColumnSet@@QAE@I@Z
??0CColumns@@QAE@ABV0@@Z
??0CColumns@@QAE@I@Z
??0CDFA@@QAE@PBGAAVCTimeLimit@@E@Z
??0CDbColId@@QAE@ABU_GUID@@PBG@Z
??0CDbColId@@QAE@ABUtagDBID@@@Z
??0CDbColId@@QAE@ABV0@@Z
??0CDbColId@@QAE@XZ
??0CDbColumnNode@@QAE@ABUtagDBID@@H@Z
??0CDbColumns@@QAE@I@Z
??0CDbContentRestriction@@QAE@PBGABUtagDBID@@KK@Z
??0CDbContentRestriction@@QAE@PBGABVCDbColumnNode@@KK@Z
??0CDbNatLangRestriction@@QAE@PBGABUtagDBID@@K@Z
??0CDbNatLangRestriction@@QAE@PBGABVCDbColumnNode@@K@Z
??0CDbPropIDSet@@QAE@XZ
??0CDbQueryResults@@QAE@XZ
??0CDbSelectNode@@QAE@XZ
??0CDbSortSet@@QAE@I@Z
??0CDefColumnRegEntry@@QAE@XZ
??0CDriveInfo@@QAE@PBGK@Z
??0CDynStream@@QAE@PAVPMmStream@@@Z
??0CEventItem@@QAE@GGKGKPBX@Z
??0CEventLog@@QAE@PBG0@Z
??0CException@@QAE@XZ
??0CFileBuffer@@QAE@AAVCFileMapView@@I@Z
??0CFileMapView@@QAE@PBG@Z
??0CFilterDaemon@@QAE@AAVCiProxy@@AAVCCiFrameworkParams@@AAVCLangList@@PAEKPAUICiCFilterClient@@@Z
??0CFullPath@@QAE@PBG@Z
??0CFullPath@@QAE@PBGI@Z
??0CFullPropSpec@@QAE@AAVPDeSerStream@@@Z
??0CFullPropSpec@@QAE@ABV0@@Z
??0CFwAsyncWorkItem@@QAE@AAVCWorkManager@@AAVCWorkQueue@@@Z
??0CFwEventItem@@QAE@GKGKPAX@Z
??0CGenericCiProxy@@QAE@AAVCSharedNameGen@@KK@Z
??0CGetDbProps@@QAE@XZ
??0CImpersonateRemoteAccess@@QAE@PAVCImpersonationTokenCache@@@Z
??0CImpersonationTokenCache@@QAE@PBG@Z
??0CIndexTable@@QAE@AAVCiStorage@@AAVCTransaction@@@Z
??0CInternalPropertyRestriction@@QAE@KKABVCStorageVariant@@PAVCRestriction@@@Z
??0CKeyArray@@QAE@HH@Z
??0CLangList@@QAE@PAUICiCLangRes@@K@Z
??0CLocalGlobalPropertyList@@QAE@K@Z
??0CLocalGlobalPropertyList@@QAE@PAVCEmptyPropertyList@@HPBGK@Z
??0CMachineAdmin@@QAE@PBGH@Z
??0CMemSerStream@@QAE@I@Z
??0CMemSerStream@@QAE@PAEK@Z
??0CMetaDataMgr@@QAE@HW4CiVRootTypeEnum@@KPBG@Z
??0CMmStream@@QAE@KH@Z
??0CMmStreamConsecBuf@@QAE@XZ
??0CNatLanguageRestriction@@QAE@PBGABVCFullPropSpec@@K@Z
??0CNodeRestriction@@QAE@KI@Z
??0CNormalizer@@QAE@AAVPNoiseList@@@Z
??0CPathParser@@QAE@PBGK@Z
??0CPerfMon@@QAE@PBG@Z
??0CPersDeComp@@QAE@AAVPDirectory@@KAAVCPhysIndex@@KHH@Z
??0CPhysStorage@@IAE@AAVPStorage@@AAVPStorageObject@@KIPAVPMmStream@@HIH@Z
??0CPhysStorage@@IAE@AAVPStorage@@AAVPStorageObject@@KPAVPMmStream@@W4EOpenMode@1@HIH@Z
??0CPidLookupTable@@QAE@XZ
??0CPidRemapper@@QAE@ABVCPidMapper@@AAV?$XInterface@UIPropertyMapper@@@@PAVCRestriction@@PAVCColumnSet@@PAVCSortSet@@@Z
??0CPropListFile@@QAE@PAVCEmptyPropertyList@@HPBGK@Z
??0CPropNameArray@@QAE@AAVPDeSerStream@@@Z
??0CPropNameArray@@QAE@I@Z
??0CPropStoreManager@@QAE@K@Z
??0CPropertyRestriction@@QAE@KABVCFullPropSpec@@ABVCStorageVariant@@@Z
??0CPropertyRestriction@@QAE@XZ
??0CPropertyStoreWids@@QAE@AAVCPropStoreManager@@@Z
??0CPropertyValueParser@@QAE@AAVCQueryScanner@@GK@Z
??0CQueryScanner@@QAE@PBGHKH@Z
??0CRangeKeyRepository@@QAE@XZ
??0CRangeRestriction@@QAE@XZ
??0CRcovStrmAppendTrans@@QAE@AAVPRcovStorageObj@@@Z
??0CRcovStrmMDTrans@@QAE@AAVPRcovStorageObj@@W4MDOp@0@K@Z
??0CRcovStrmTrans@@IAE@AAVPRcovStorageObj@@W4RcovOpType@@@Z
??0CRegAccess@@QAE@KPBG@Z
??0CRegChangeEvent@@QAE@PBGH@Z
??0CRegNotify@@QAE@PBG@Z
??0CRequestClient@@QAE@PBGPAUIDBProperties@@@Z
??0CRequestQueue@@QAE@IIIHIIABU_GUID@@@Z
??0CScopeEnum@@QAE@AAVCCatalogAdmin@@@Z
??0CScopeRestriction@@QAE@PBGHH@Z
??0CSdidLookupTable@@QAE@XZ
??0CSizeSerStream@@QAE@XZ
??0CSort@@QAE@I@Z
??0CSortSet@@QAE@I@Z
??0CStandardPropMapper@@QAE@XZ
??0CSvcQuery@@QAE@PBGPAUIDBProperties@@@Z
??0CSynRestriction@@QAE@ABVCKey@@KKKH@Z
??0CTimeLimit@@QAE@KK@Z
??0CTransaction@@QAE@XZ
??0CUnfilteredRestriction@@QAE@XZ
??0CValueNormalizer@@QAE@AAVPKeyRepository@@@Z
??0CVirtualString@@QAE@I@Z
??0CWin32RegAccess@@QAE@PAUHKEY__@@PBG@Z
??0CWordRestriction@@QAE@ABVCKeyBuf@@KKKH@Z
??0CWorkQueue@@QAE@IW4WorkQueueType@0@@Z
??0CiStorage@@QAE@PBGAAUICiCAdviseStatus@@KKH@Z
??0SStorageObject@@QAE@PAVPStorageObject@@@Z
??1?$XPtr@VCDbCmdTreeNode@@@@QAE@XZ
??1?$XPtr@VCDbColumnNode@@@@QAE@XZ
??1?$XPtr@VCDbProjectListAnchor@@@@QAE@XZ
??1?$XPtr@VCDbProjectListElement@@@@QAE@XZ
??1CAllocStorageVariant@@IAE@XZ
??1CCatState@@QAE@XZ
??1CCatalogAdmin@@QAE@XZ
??1CCatalogEnum@@QAE@XZ
??1CColumns@@QAE@XZ
??1CContentRestriction@@QAE@XZ
??1CDFA@@QAE@XZ
??1CDbCmdTreeNode@@QAE@XZ
??1CDbColumns@@QAE@XZ
??1CDbContentBaseRestriction@@QAE@XZ
??1CDbProp@@QAE@XZ
??1CDbPropBaseRestriction@@QAE@XZ
??1CDbPropIDSet@@QAE@XZ
??1CDbPropSet@@QAE@XZ
??1CDbQueryResults@@QAE@XZ
??1CDbSortKey@@QAE@XZ
??1CDbSortSet@@QAE@XZ
??1CDynStream@@QAE@XZ
??1CEventItem@@QAE@XZ
??1CEventLog@@QAE@XZ
??1CFileMapView@@QAE@XZ
??1CFilterDaemon@@QAE@XZ
??1CFullPropSpec@@QAE@XZ
??1CFwAsyncWorkItem@@UAE@XZ
??1CFwEventItem@@QAE@XZ
??1CGenericCiProxy@@UAE@XZ
??1CImpersonateClient@@QAE@XZ
??1CImpersonateSystem@@QAE@XZ
??1CImpersonationTokenCache@@QAE@XZ
??1CInternalPropertyRestriction@@QAE@XZ
??1CKeyArray@@QAE@XZ
??1CLangList@@QAE@XZ
??1CMachineAdmin@@QAE@XZ
??1CMemSerStream@@UAE@XZ
??1CMetaDataMgr@@QAE@XZ
??1CMmStream@@UAE@XZ
??1CNatLanguageRestriction@@QAE@XZ
??1CNodeRestriction@@QAE@XZ
??1CNotRestriction@@QAE@XZ
??1COccRestriction@@QAE@XZ
??1CParseCommandTree@@QAE@XZ
??1CPerfMon@@QAE@XZ
??1CPhraseRestriction@@QAE@XZ
??1CPhysStorage@@UAE@XZ
??1CPidLookupTable@@QAE@XZ
??1CPidRemapper@@QAE@XZ
??1CProcess@@QAE@XZ
??1CPropStoreManager@@QAE@XZ
??1CPropertyList@@UAE@XZ
??1CPropertyRestriction@@QAE@XZ
??1CPropertyStore@@QAE@XZ
??1CPropertyStoreWids@@QAE@XZ
??1CQueryUnknown@@QAE@XZ
??1CRangeKeyRepository@@UAE@XZ
??1CRangeRestriction@@QAE@XZ
??1CRegChangeEvent@@QAE@XZ
??1CRegNotify@@MAE@XZ
??1CRestriction@@QAE@XZ
??1CScopeAdmin@@QAE@XZ
??1CScopeEnum@@QAE@XZ
??1CScopeRestriction@@QAE@XZ
??1CSdidLookupTable@@QAE@XZ
??1CSizeSerStream@@UAE@XZ
??1CSort@@QAE@XZ
??1CSynRestriction@@QAE@XZ
??1CVirtualString@@QAE@XZ
??1CWin32RegAccess@@QAE@XZ
??1CWordRestriction@@QAE@XZ
??1CWorkManager@@QAE@XZ
??1CWorkQueue@@QAE@XZ
??1SStorageObject@@QAE@XZ
??3CDbCmdTreeNode@@SGXPAX@Z
??3CDbColId@@SGXPAX@Z
??3CDbContent@@SGXPAX@Z
??3CDbParameter@@SGXPAX@Z
??3CDbPropSet@@SGXPAX@Z
??4CDbByGuid@@QAEAAV0@ABV0@@Z
??4CDbColId@@QAEAAV0@ABV0@@Z
??8CDbColId@@QBEHABV0@@Z
?AbortWorkItems@CWorkManager@@QAEXXZ
?Accept@CQueryScanner@@QAEXXZ
?AcceptCommand@CQueryScanner@@QAEXXZ
?AcceptWord@CQueryScanner@@QAEXXZ
?AccessCheck@CSdidLookupTable@@QAEHKPAXKAAH@Z
?AcqLine@CQueryScanner@@QAEPAGH@Z
?AcqPath@CQueryScanner@@QAEPAGXZ
?AcqPhrase@CQueryScanner@@QAEPAGXZ
?AcqRst@CRangeKeyRepository@@QAEPAVCRangeRestriction@@XZ
?AcqWord@CQueryScanner@@QAEPAGXZ
?AcquireRead@CPropertyStore@@AAEXAAVCReadWriteLockRecord@@@Z
?Add@CDbColumns@@QAEHABVCDbColId@@I@Z
?Add@CDbQueryResults@@QAEXPAGK@Z
?Add@CDbSortSet@@QAEHABVCDbColId@@KI@Z
?Add@CDbSortSet@@QAEHABVCDbSortKey@@I@Z
?Add@CKeyArray@@QAEHHABVCKey@@@Z
?Add@CKeyArray@@QAEHHABVCKeyBuf@@@Z
?Add@CWorkQueue@@QAEXPAVPWorkItem@@@Z
?AddArg@CEventItem@@QAEXK@Z
?AddArg@CEventItem@@QAEXPBG@Z
?AddArg@CFwEventItem@@QAEXK@Z
?AddArg@CFwEventItem@@QAEXPBG@Z
?AddCachedProperty@CCatalogAdmin@@QAEXABVCFullPropSpec@@KKKH@Z
?AddCatalog@CCatState@@QAEXAAV?$XPtrST@G@@@Z
?AddCatalog@CMachineAdmin@@QAEXPBG0@Z
?AddChild@CNodeRestriction@@QAEXPAVCRestriction@@AAI@Z
?AddDir@CCatState@@QAEXAAV?$XPtrST@G@@@Z
?AddEntry@CCombinedPropertyList@@UAEXPAVCPropEntry@@H@Z
?AddEntry@CPropertyList@@UAEXPAVCPropEntry@@H@Z
?AddError@CEventItem@@QAEXK@Z
?AddKey@CSynRestriction@@QAEXABVCKeyBuf@@@Z
?AddMachine@CCatState@@QAEXAAV?$XPtrST@G@@@Z
?AddRef@CDbProperties@@UAGKXZ
?AddRef@CEmptyPropertyList@@UAGKXZ
?AddRef@CEnumString@@UAGKXZ
?AddRef@CEnumWorkid@@UAGKXZ
?AddRef@CFwPropertyMapper@@UAGKXZ
?AddRef@CQueryUnknown@@UAGKXZ
?AddRefWorkThreads@CWorkQueue@@QAEXXZ
?AddScope@CCatalogAdmin@@QAEXPBG0H00@Z
?AddSortColumn@CDbSortNode@@QAEHABUtagDBID@@HK@Z
?AddTable@CDbNestingNode@@QAEHPAVCDbCmdTreeNode@@@Z
?AddToWorkList@CWorkManager@@QAEXPAVCFwAsyncWorkItem@@@Z
?AddToWorkQueue@CFwAsyncWorkItem@@QAEXXZ
?AllocAndCopyWString@CDbCmdTreeNode@@SGPAGPBG@Z
?AllocHeapAndCopy@@YGPAGPBGAAK@Z
?AllocHeapAndGetWString@@YGPAGAAVPDeSerStream@@@Z
?Append@CEnumString@@QAEXPBG@Z
?Append@CEnumWorkid@@QAEXK@Z
?AppendChild@CDbCmdTreeNode@@IAEXPAV1@@Z
?AppendListElement@CDbListAnchor@@IAEHGABUtagDBID@@@Z
?AppendListElement@CDbListAnchor@@IAEHPAVCDbCmdTreeNode@@@Z
?AppendListElement@CDbProjectListAnchor@@QAEHABUtagDBID@@PAG@Z
?BeginTransaction@CPropStoreManager@@QAEKXZ
?BorrowBuffer@CPhysStorage@@QAEPAKKHH@Z
?BorrowNewBuffer@CPhysStorage@@QAEPAKK@Z
?BuildRegistryPropertiesKey@@YGXAAV?$XArray@G@@PBG@Z
?BuildRegistryScopesKey@@YGXAAV?$XArray@G@@PBG@Z
?CIShutdown@@YGXXZ
?ChangeCurrentCatalog@CCatState@@QAEXPBG@Z
?ChangeCurrentDepth@CCatState@@QAEXH@Z
?ChangeCurrentMachine@CCatState@@QAEXPBG@Z
?ChangeCurrentScope@CCatState@@QAEXPBG@Z
?ChangeDirty@CPropStoreInfo@@AAEXH@Z
?CheckError@CLocalGlobalPropertyList@@QAEJAAKPAPAG@Z
?CheckError@CPropListFile@@QAEJAAKPAPAG@Z
?CheckHasIndexTable@CiStorage@@SGHPBG@Z
?CiGetPassword@@YGHPBG0PAG@Z
?CiNtOpen@@YGPAXPBGKKK@Z
?CiNtOpenNoThrow@@YGJAAPAXPBGKKK@Z
?Cleanup@CDbColId@@QAEXXZ
?Cleanup@CDbProp@@QAEXXZ
?CleanupDataValue@CDbCmdTreeNode@@IAEXXZ
?ClearList@CCombinedPropertyList@@QAEXXZ
?ClearList@CPropertyList@@QAEXXZ
?Clone@CDbCmdTreeNode@@QBEPAV1@H@Z
?Clone@CEnumString@@UAGJPAPAUIEnumString@@@Z
?Clone@CNodeRestriction@@QBEPAV1@XZ
?Clone@COccRestriction@@QBEPAV1@XZ
?Clone@CRestriction@@QBEPAV1@XZ
?Close@CPhysStorage@@QAEXXZ
?Close@CPipeClient@@IAEXXZ
?Close@CPropSetMap@COLEPropManager@@QAEXXZ
?CloseRecord@CPropStoreManager@@QAEXPAVCCompositePropRecord@@@Z
?CloseRecord@CPropStoreManager@@QAEXPAVCCompositePropRecordForWrites@@@Z
?CoTaskAllocator@@3VCCoTaskAllocator@@A
?Commit@CRcovStrmAppendTrans@@QAEXXZ
?Commit@CRcovStrmMDTrans@@QAEXXZ
?Commit@CRcovStrmWriteTrans@@QAEXXZ
?ContainsDrive@CDriveInfo@@SGHPBG@Z
?Copy@CDbParameter@@QAEHABUtagDBPARAMETER@@@Z
?Copy@CDbProp@@QAEHABUtagDBPROP@@@Z
?Copy@CDbPropSet@@QAEHABUtagDBPROPSET@@@Z
?CreateSubdirs@CMachineAdmin@@QAEXPBG@Z
?DataWriteRead@CRequestClient@@QAEXPAXK0KAAK@Z
?DecodeHtmlNumeric@@YGXPAG@Z
?DecodeURLEscapes@@YGXPAEAAKPAGK@Z
?DeleteRecord@CPropStoreManager@@QAEXK@Z
?DeleteRegistryParamNoThrow@CCatalogAdmin@@QAEXPBG@Z
?DetermineDriveType@CiStorage@@SGIPBG@Z
?DisableCI@CMachineAdmin@@QAEHXZ
?DisableNotification@CRegNotify@@QAEXXZ
?DisableVPathNotify@CMetaDataMgr@@QAEXXZ
?Disconnect@CRequestClient@@QAEXXZ
?DoFailTest@@YGXJ@Z
?DoIt@CCopyRcovObject@@QAEJXZ
?DoUpdates@CFilterDaemon@@QAEJXZ
?Done@CFwAsyncWorkItem@@QAEXXZ
?DumpWorkId@@YGJPBGKPAEAAK00K@Z
?Empty@CPidLookupTable@@QAEXXZ
?Empty@CPropStoreManager@@QAEXXZ
?Empty@CRcovStrmWriteTrans@@QAEXXZ
?Empty@CSdidLookupTable@@QAEXXZ
?EnableCI@CMachineAdmin@@QAEHXZ
?EnableVPathNotify@CMetaDataMgr@@QAEXPAVCMetaDataVPathChangeCallBack@@@Z
?EndTransaction@CPropStoreManager@@QAEXKHKK@Z
?Enum@CWin32RegAccess@@QAEHPAGK@Z
?EnumPropInfo@CEmptyPropertyList@@UAGJKPAPBGPAPAUtagDBID@@PAGPAI@Z
?EnumVPaths@CMetaDataMgr@@QAEXAAVCMetaDataCallBack@@@Z
?EnumVServers@CMetaDataMgr@@QAEXAAVCMetaDataVirtualServerCallBack@@@Z
?EnumerateFilesInDir@CiStorage@@SGXPBGAAVCEnumString@@@Z
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?EnumerateValues@CRegAccess@@QAEXPAGAAVCRegCallBack@@@Z
?Eof@CMmStreamConsecBuf@@QAEHXZ
?ExtensionHasScriptMap@CMetaDataMgr@@QAEHPBG@Z
?FPSToPROPID@CPidConverter@@UAEJABVCFullPropSpec@@AAK@Z
?FastInit@CPropStoreManager@@QAEXPAVCiStorage@@@Z
?FetchProperty@COLEPropManager@@QAEXABU_GUID@@ABUtagPROPSPEC@@PAUtagPROPVARIANT@@PAI@Z
?FillMax@CKeyArray@@QAEHH@Z
?Find@CCombinedPropertyList@@UAEPBVCPropEntry@@PBG@Z
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
?Find@CPropertyList@@UAEPBVCPropEntry@@ABVCDbColId@@@Z
?Find@CPropertyList@@UAEPBVCPropEntry@@PBG@Z
?Find@CStaticPropertyList@@UAEPBVCPropEntry@@PBG@Z
?FindPropid@CPidLookupTable@@QAEHABVCFullPropSpec@@AAKH@Z
?Flush@CDynStream@@QAEXXZ
?Flush@CPhysStorage@@QAEXH@Z
?Flush@CPropStoreManager@@QAEXXZ
?FormFullTree@CTextToTree@@QAEPAUtagDBCOMMANDTREE@@XZ
?FormQueryTree@@YGPAVCDbCmdTreeNode@@AAV1@AAVCCatState@@PAUIColumnMapper@@HH@Z
?Get@CRegAccess@@QAEKPBG@Z
?Get@CRegAccess@@QAEXPBGPAGI@Z
?Get@CWin32RegAccess@@QAEHPBGAAK@Z
?Get@CWin32RegAccess@@QAEHPBGPAGIH@Z
?GetAllEntries@CPropertyList@@UAEJPAPAVCPropEntry@@K@Z
?GetBOOL@CAllocStorageVariant@@QBEFI@Z
?GetBackupSize@CPropStoreManager@@QAEKK@Z
?GetBlob@CMemDeSerStream@@UAEXPAEK@Z
?GetBrowserCodepage@@YGKAAVCWebServer@@K@Z
?GetByte@CMemDeSerStream@@UAEEXZ
?GetCD@CCatState@@QAEPBGXZ
?GetCGIVariable@CWebServer@@QAEHPBDAAV?$XArray@G@@AAK@Z
?GetCGIVariableW@CWebServer@@QAEHPBGAAV?$XArray@G@@AAK@Z
?GetCLSID@CAllocStorageVariant@@QBE?AU_GUID@@I@Z
?GetCY@CAllocStorageVariant@@QBE?ATtagCY@@I@Z
?GetCategory@CCatState@@QBEPBGI@Z
?GetChar@CMemDeSerStream@@UAEXPADK@Z
?GetColumn@CCatState@@QBEPBGI@Z
?GetCommandChar@CQueryScanner@@QAEGXZ
?GetDATE@CAllocStorageVariant@@QBENI@Z
?GetDWORDParam@CCatalogAdmin@@QAEHPBGAAK@Z
?GetDWORDParam@CMachineAdmin@@QAEHPBGAAK@Z
?GetDiskSpace@CDriveInfo@@QAEXAA_J0@Z
?GetDouble@CMemDeSerStream@@UAENXZ
?GetDrive@CDriveInfo@@SGXPBGPAG@Z
?GetEntryBuffer@CGenericCiProxy@@QAEPAEAAK@Z
?GetFILETIME@CAllocStorageVariant@@QBE?AU_FILETIME@@I@Z
?GetFileName@CPathParser@@QBEHPAGAAK@Z
?GetFileSystem@CDriveInfo@@QAE?AW4eFileSystem@1@H@Z
?GetFloat@CMemDeSerStream@@UAEMXZ
?GetGUID@CMemDeSerStream@@UAEXAAU_GUID@@@Z
?GetGlobalPropListFile@@YGPAVCPropListFile@@XZ
?GetGlobalStaticPropertyList@@YGPAVCStaticPropertyList@@XZ
?GetI2@CAllocStorageVariant@@QBEFI@Z
?GetI4@CAllocStorageVariant@@QBEJI@Z
?GetI8@CAllocStorageVariant@@QBE?AT_LARGE_INTEGER@@I@Z
?GetLCIDFromString@@YGKPAG@Z
?GetLPSTR@CAllocStorageVariant@@QBEPADI@Z
?GetLPWSTR@CAllocStorageVariant@@QBEPAGI@Z
?GetLocation@CCatalogAdmin@@QAEPBGXZ
?GetLong@CMemDeSerStream@@UAEJXZ
?GetNumber@CQueryScanner@@QAEHAAJAAH@Z
?GetNumber@CQueryScanner@@QAEHAAKAAH@Z
?GetNumber@CQueryScanner@@QAEHAA_JAAH@Z
?GetNumber@CQueryScanner@@QAEHAA_KAAH@Z
?GetOffset@CKeyDeComp@@QAEXAAUBitOffset@@@Z
?GetOleDBErrorInfo@@YGJPAUIUnknown@@ABU_GUID@@KIPAUtagERRORINFO@@PAPAUIErrorInfo@@@Z
?GetOleError@@YGJAAVCException@@@Z
?GetPhysicalPath@CWebServer@@QAEKPBGPAGKK@Z
?GetPropInfo@CEmptyPropertyList@@QAEHABVCDbColId@@PAPBGPAGPAI@Z
?GetPropInfo@CEmptyPropertyList@@QAEHPBGPAPAVCDbColId@@PAGPAI@Z
?GetPropInfoFromId@CEmptyPropertyList@@UAGJPBUtagDBID@@PAPAGPAGPAI@Z
?GetPropInfoFromName@CEmptyPropertyList@@UAGJPBGPAPAUtagDBID@@PAGPAI@Z
?GetPropType@CEmptyPropertyList@@SGGI@Z
?GetPropTypeCount@CEmptyPropertyList@@SGIXZ
?GetPropTypeName@CEmptyPropertyList@@SGPBGI@Z
?GetProperties@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z
?GetProperties@CGetDbProps@@QAEXPAUIDBProperties@@K@Z
?GetPropertyInfo@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPINFOSET@@PAPAG@Z
?GetR4@CAllocStorageVariant@@QBEMI@Z
?GetR8@CAllocStorageVariant@@QBENI@Z
?GetSZParam@CMachineAdmin@@QAEHPBGPAGK@Z
?GetScodeError@@YGJAAVCException@@@Z
?GetSecret@@YGHPBG0PAPAGPAK@Z
?GetSectorSize@CDriveInfo@@QAEKXZ
?GetSortProp@CCatState@@QBEXIPAPBGPAW4SORTDIR@@@Z
?GetStackTrace@@YGXPADK@Z
?GetStartupData@CGenericCiProxy@@QAEPBEAAU_GUID@@AAK@Z
?GetStorage@CPropStoreManager@@QAEAAVPStorage@@K@Z
?GetStr@CKey@@QBEPAGXZ
?GetStr@CKeyBuf@@QBEPAGXZ
?GetString@CMemDeSerStream@@UAEPADXZ
?GetStringDbRestriction@@YGPAVCDbRestriction@@PBGKPAUIColumnMapper@@K@Z
?GetStringFromLCID@@YGPBGK@Z
?GetStringFromLCID@@YGXKPAG@Z
?GetTotalSizeInKB@CPropStoreManager@@QAEKXZ
?GetTotalSizeInKB@CPropertyStore@@QAEKXZ
?GetULong@CMemDeSerStream@@UAEKXZ
?GetUShort@CMemDeSerStream@@UAEGXZ
?GetUserHdrInfo@CIndexTable@@QAEXAAIAAH@Z
?GetVPathAccess@CMetaDataMgr@@QAEKPBG@Z
?GetVPathAuthorization@CMetaDataMgr@@QAEKPBG@Z
?GetVPathSSLAccess@CMetaDataMgr@@QAEKPBG@Z
?GetVolumeName@CDriveInfo@@QAEPBGH@Z
?GetWChar@CMemDeSerStream@@UAEXPAGK@Z
?GetWString@CMemDeSerStream@@UAEPAGXZ
?GetWeight@CDbCmdTreeNode@@QBEJXZ
?Grow@CDynStream@@QAEXAAVPStorage@@K@Z
?GrowBuffer@CVirtualString@@AAEXK@Z
?HTMLEscapeW@@YGXPBGAAVCVirtualString@@K@Z
?Impersonate@CImpersonateClient@@AAEXXZ
?Init@CFileMapView@@QAEXXZ
?Init@CMmStreamConsecBuf@@QAEXPAVPMmStream@@@Z
?Init@CPidLookupTable@@QAEHPAVPRcovStorageObj@@@Z
?Init@CRcovStorageHdr@@QAEXK@Z
?Init@CRegChangeEvent@@QAEXXZ
?Init@CSdidLookupTable@@QAEHPAVCiStorage@@@Z
?InitIterator@CCombinedPropertyList@@UAEXXZ
?InitIterator@CPropertyList@@UAEXXZ
?InitIterator@CStaticPropertyList@@UAEXXZ
?Initialize@CImpersonationTokenCache@@QAEXPBGHHHKKK@Z
?InitializeForRead@CDynStream@@QAEXXZ
?InitializeForWrite@CDynStream@@QAEXK@Z
?InsertChild@CDbCmdTreeNode@@IAEXPAV1@@Z
?IsCIDialect@CDbPropertyRestriction@@QAEHXZ
?IsCIEnabled@CMachineAdmin@@QAEHXZ
?IsCIPaused@CMachineAdmin@@QAEHXZ
?IsCIServiceDisabled@CMachineAdmin@@QAEHXZ
?IsCIStarted@CMachineAdmin@@QAEHXZ
?IsCIStopped@CMachineAdmin@@QAEHXZ
?IsCatalogInactive@CCatalogAdmin@@QAEHXZ
?IsDirectoryWritable@@YGHPBG@Z
?IsIISAdminUp@CMetaDataMgr@@SGHAAH@Z
?IsImpersonated@CImpersonateSystem@@SGHXZ
?IsLeaf@CRestriction@@QBEHXZ
?IsNullPointerVariant@@YGHPAUtagPROPVARIANT@@@Z
?IsPaused@CCatalogAdmin@@QAEHXZ
?IsRunningAsSystem@CImpersonateSystem@@SGHXZ
?IsSameDrive@CDriveInfo@@QAEHPBG@Z
?IsScopeValid@@YGJPBGIH@Z
?IsStarted@CCatalogAdmin@@QAEHXZ
?IsStopped@CCatalogAdmin@@QAEHXZ
?IsValid@CAllocStorageVariant@@QBEHXZ
?IsValid@CNodeRestriction@@QBEHXZ
?IsValid@COccRestriction@@QBEHXZ
?IsValid@CRestriction@@QBEHXZ
?IsWaitingForDocument@CFilterDaemon@@QAEHXZ
?IsWriteProtected@CDriveInfo@@QAEHXZ
?Load@CLocalGlobalPropertyList@@QAEXQBG@Z
?LocaleToCodepage@@YGKK@Z
?LokNewWorkId@CPropertyStore@@AAEKKHH@Z
?LokUpdate@CCatStateInfo@@QAEHXZ
?LongInit@CPropStoreManager@@QAEXAAHAAKP6GXKHPBX@Z2@Z
?Lookup@CPropStoreInfo@@AAEIK@Z
?LookupSDID@CSdidLookupTable@@QAEKPAXK@Z
?MakeBackupCopy@CPhysStorage@@QAEXAAV1@AAVPSaveProgressTracker@@@Z
?MakeBackupCopy@CPidLookupTable@@QAEXAAVPRcovStorageObj@@AAVPSaveProgressTracker@@@Z
?MakeBackupCopy@CPropStoreManager@@QAEXPAUIProgressNotify@@AAHAAVCiStorage@@PAUICiEnumWorkids@@PAPAUIEnumString@@@Z
?MakeICommand@@YGJPAPAUIUnknown@@PBG1PAU1@@Z
?MakeISearch@@YGJPAPAUISearchQueryHits@@PAVCDbRestriction@@PBG@Z
?MakeLocalICommand@@YGJPAPAUIUnknown@@PAUICiCDocStore@@PAU1@@Z
?MakeMetadataICommand@@YGJPAPAUIUnknown@@W4CiMetaData@@PBG2PAU1@@Z
?MakePath@CFullPath@@QAEXPBG@Z
?MakePath@CFullPath@@QAEXPBGI@Z
?MakePrivileged@CImpersonateSystem@@AAEXXZ
?Map@CMmStreamConsecBuf@@QAEXK@Z
?MarkDirty@CDynStream@@QAEHXZ
?Marshall@CBaseStorageVariant@@QBEXAAVPSerStream@@@Z
?Marshall@CContentRestriction@@QBEXAAVPSerStream@@@Z
?Marshall@CDbByGuid@@QBEXAAVPSerStream@@@Z
?Marshall@CDbCmdTreeNode@@QBEXAAVPSerStream@@@Z
?Marshall@CDbColId@@QBEXAAVPSerStream@@@Z
?Marshall@CDbContentVector@@QBEXAAVPSerStream@@@Z
?Marshall@CDbNumeric@@QBEXAAVPSerStream@@@Z
?Marshall@CDbParameter@@QBEXAAVPSerStream@@@Z
?Marshall@CDbProp@@QBEXAAVPSerStream@@@Z
?Marshall@CDbPropSet@@QBEXAAVPSerStream@@@Z
?Marshall@CFullPropSpec@@QBEXAAVPSerStream@@@Z
?Marshall@CNatLanguageRestriction@@QBEXAAVPSerStream@@@Z
?Marshall@CNodeRestriction@@QBEXAAVPSerStream@@@Z
?Marshall@CNotRestriction@@QBEXAAVPSerStream@@@Z
?Marshall@CPropNameArray@@QBEXAAVPSerStream@@@Z
?Marshall@CPropertyRestriction@@QBEXAAVPSerStream@@@Z
?Marshall@CRestriction@@QBEXAAVPSerStream@@@Z
?Marshall@CVectorRestriction@@QBEXAAVPSerStream@@@Z
?MinPageInUse@CBufferCache@@QAEHAAK@Z
?MinPageInUse@CPhysStorage@@QAEHAAK@Z
?MultiByteToXArrayWideChar@@YGKPBEKIAAV?$XArray@G@@@Z
?My_wcstoui64@@YA_KPBGPAPAGH@Z
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 512B - Virtual size: 51B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 36KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ