d:\work\MRP\output\win32\unlimited\Defrag.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7e5600cc6cdee77927285eb8ee66e815975547de759f56ef4b2159bbfcff2d00.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
7e5600cc6cdee77927285eb8ee66e815975547de759f56ef4b2159bbfcff2d00.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
7e5600cc6cdee77927285eb8ee66e815975547de759f56ef4b2159bbfcff2d00
-
Size
5.0MB
-
MD5
e046c4048b103399c6187926a0afb02d
-
SHA1
b5147faeb9b8d3128fb715b7a3812174f4e9a6b7
-
SHA256
7e5600cc6cdee77927285eb8ee66e815975547de759f56ef4b2159bbfcff2d00
-
SHA512
77ae178ccb7f50e1fcf221af8203f0b6cc8b83f737691bdcaa7c9858da4bf647f46b39c8365bbebed137ce120dfbbbfc5525d69c29f69129982684b0e69dcf0d
-
SSDEEP
98304:/RhithP0FVswUuTguiLOrUGKT8BcKuHn59LZKNZbbbM2:5kthPKVswUuTguiLOrUGKT8BcKuHnnZ4
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7e5600cc6cdee77927285eb8ee66e815975547de759f56ef4b2159bbfcff2d00
Files
-
7e5600cc6cdee77927285eb8ee66e815975547de759f56ef4b2159bbfcff2d00.exe windows:4 windows x86 arch:x86
14e58ad2e7210ad7ba34ad08bf648226
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntdll
_wcsicmp
_strnicmp
wcsrchr
wcsstr
wcscat
atoi
sin
_wcsnicmp
strcmp
strncpy
wcsncpy
_wtoi
wcstoul
ZwClose
ZwCreateFile
RtlInitUnicodeString
_chkstk
wcscmp
_alldiv
ZwQueryVolumeInformationFile
_allmul
wcslen
memcpy
NtLoadDriver
NtUnloadDriver
_wcslwr
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwQueryDirectoryObject
ZwOpenDirectoryObject
vsprintf
strchr
strlen
mbstowcs
memset
strstr
NtQueryInformationFile
NtQuerySystemTime
NtReadFile
NtWriteFile
NtDeviceIoControlFile
NtFsControlFile
NtCreateFile
RtlAnsiStringToUnicodeString
NtClose
RtlTimeToSecondsSince1970
cos
memcmp
wcschr
sprintf
strcat
strrchr
strcpy
wcstombs
wcscpy
exfat
ord2
diskinfo
CreateDiskInfo
upgradeshow
PAShowRegisterDlg
PAGetGlobalDataObject
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
mfc80u
ord774
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord5558
ord4535
ord3677
ord2261
ord2260
ord896
ord2461
ord3824
ord1049
ord566
ord5971
ord899
ord757
ord3327
ord4475
ord2832
ord5562
ord5209
ord2011
ord5226
ord4562
ord3942
ord2239
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord6293
ord5327
ord3435
ord6086
ord3249
ord3990
ord354
ord1472
ord605
ord4256
ord6700
ord1392
ord3635
ord5908
ord6720
ord282
ord266
ord1542
ord1661
ord1479
ord5609
ord1662
ord4884
ord1785
ord5178
ord2155
ord1086
ord6111
ord4574
ord1176
ord6282
ord1172
ord5316
ord4314
ord1178
ord265
ord6063
ord5199
ord1946
ord4094
ord2085
ord3176
ord4112
ord3238
ord2159
ord4729
ord6278
ord4098
ord4743
ord1274
ord2365
ord6140
ord1386
ord3309
ord739
ord3189
ord3755
ord4206
ord620
ord1638
ord1580
ord3108
ord5940
ord5567
ord3393
ord2712
ord4108
ord4111
ord6062
ord3754
ord2647
ord5798
ord4118
ord6060
ord6085
ord454
ord3982
ord686
ord2154
ord5827
ord5828
ord2137
ord1303
ord1311
ord1007
ord6715
ord1718
ord6716
ord765
ord763
ord4451
ord1605
ord1600
ord6726
ord6718
ord5156
ord5137
ord6099
ord1619
ord1620
ord3913
ord3163
ord2936
ord1604
ord1603
ord1941
ord2049
ord3903
ord5943
ord3900
ord3471
ord3644
ord4347
ord6147
ord3058
ord2674
ord2723
ord6157
ord2257
ord4573
ord1384
ord4120
ord985
ord5388
ord3706
ord3698
ord3634
ord2812
ord3894
ord1975
ord2632
ord2709
ord1609
ord1355
ord4193
ord4664
ord3434
ord4357
ord3930
ord6075
ord2793
ord350
ord6083
ord604
ord3785
ord6253
ord2139
ord4361
ord4494
ord5511
ord2411
ord4126
ord3914
ord5202
ord1610
ord5910
ord6763
ord3968
ord4854
ord4857
ord4373
ord4378
ord4375
ord410
ord4393
ord648
ord4395
ord4380
ord4770
ord4581
ord4172
ord4165
ord4974
ord3902
ord4383
ord4775
ord4198
ord4784
ord4101
ord4437
ord4438
ord3734
ord4908
ord4513
ord4914
ord4553
ord5043
ord4433
ord4362
ord4495
ord4840
ord4964
ord4523
ord4474
ord4965
ord4510
ord4667
ord4942
ord4788
ord4267
ord4281
ord2711
ord4370
ord1553
ord4371
ord5162
ord4957
ord1351
ord4790
ord3338
ord4704
ord2414
ord4358
ord4799
ord5047
ord2413
ord4958
ord4643
ord4940
ord2415
ord4501
ord4955
ord4668
ord2412
ord4125
ord1293
ord1999
ord1957
ord1922
ord1474
ord4092
ord2080
ord1538
ord2651
ord4228
ord3165
ord6038
ord591
ord1541
ord3172
ord3680
ord599
ord4100
ord5485
ord772
ord3927
ord5710
ord860
ord753
ord5711
ord722
ord1939
ord745
ord1006
ord6001
ord6002
ord894
ord2121
ord2713
ord1416
ord5096
ord314
ord3614
ord2243
ord2244
ord2241
ord6751
ord3570
ord3311
ord1582
ord2086
ord741
ord4234
ord3395
ord4109
ord3756
ord2895
ord3417
ord6061
ord2648
ord587
ord3158
ord1536
ord4226
ord2077
ord3156
ord2076
ord3983
ord3415
ord776
ord5636
ord280
ord5981
ord4238
ord1156
ord3157
ord3590
ord4882
ord2361
ord326
ord5829
ord4119
ord5618
ord5982
ord2390
ord2255
ord2407
ord2521
ord2402
ord709
ord5607
ord2386
ord501
ord6056
ord2409
ord602
ord5604
ord2397
ord3281
ord347
ord6050
ord2379
ord2366
ord4155
ord2381
ord6053
ord2399
ord642
ord5884
ord2169
ord5723
ord2163
ord5638
ord1513
ord572
ord5643
ord6273
ord760
ord5519
ord3796
ord5584
ord6275
ord5410
ord3339
ord3204
ord5397
ord4961
ord5917
ord1353
ord5715
ord5171
ord1955
ord3174
ord1647
ord2985
ord1646
ord1590
ord2081
ord5196
ord1628
ord2531
ord293
ord1549
ord2725
ord3678
ord6721
ord2829
ord5911
ord4301
ord6058
ord1611
ord2708
ord1608
ord2856
ord3940
ord2534
ord1925
ord5633
ord1393
ord2640
ord4230
ord2527
ord5148
ord3712
ord1899
ord3713
ord5067
ord3703
ord6271
ord2638
ord1894
ord4179
ord3943
ord1079
ord5210
ord4480
ord4255
ord3995
ord4117
ord5637
ord1270
ord2362
ord3397
ord3208
ord2311
ord4716
ord4276
ord1591
ord5956
ord6033
ord5231
ord5229
ord920
ord1118
ord5727
ord925
ord929
ord870
ord927
ord502
ord931
ord2384
ord2404
ord1271
ord3198
ord3155
ord2388
ord577
ord2394
ord2392
ord283
ord1058
ord5311
ord1198
msvcr80
rand
srand
wcsncmp
qsort
strncmp
_wassert
memmove
isdigit
calloc
sprintf_s
_localtime64
printf
_CxxThrowException
__CxxFrameHandler3
_purecall
_mktime64
_vswprintf
wcsncpy_s
swscanf_s
_ftime64_s
_wfopen_s
realloc
_wcsdup
malloc
swprintf_s
strcpy_s
system
fwrite
free
_beginthreadex
_time64
memcpy_s
fclose
fread
ftell
fseek
fopen
_localtime64_s
_swprintf
wcscat_s
wcscpy_s
memmove_s
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_vsnprintf
_vsnwprintf
_itow
vswprintf_s
vsprintf_s
_vscprintf
_vscwprintf
wprintf
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
kernel32
FindClose
FindNextFileW
FindFirstFileW
SystemTimeToFileTime
GetSystemTime
FlushFileBuffers
SetThreadExecutionState
GetLogicalDriveStringsW
SuspendThread
ResumeThread
WritePrivateProfileStringA
GetPrivateProfileStringA
TerminateProcess
CreateDirectoryW
ReadFile
GetFileAttributesW
CreateFileW
GetSystemPowerStatus
GetWindowsDirectoryW
Sleep
TerminateThread
GetDiskFreeSpaceExW
GetVolumeInformationW
InterlockedDecrement
DeviceIoControl
ExitProcess
GetLastError
Process32NextW
GetCommandLineW
Process32FirstW
GetSystemTimeAsFileTime
GetVersionExW
DeleteFileW
GetModuleHandleW
WritePrivateProfileStringW
WaitForSingleObject
GetProcAddress
CreateProcessA
CloseHandle
CopyFileA
CreateMutexW
GetModuleFileNameA
GetPrivateProfileStringW
GetSystemWindowsDirectoryA
WTSGetActiveConsoleSessionId
GetModuleFileNameW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WinExec
lstrlenW
WideCharToMultiByte
lstrcpyW
CreateProcessW
FreeLibrary
SetVolumeMountPointW
DeleteVolumeMountPointW
GetSystemWindowsDirectoryW
SetFilePointer
WriteFile
GlobalMemoryStatusEx
GetLocalTime
CreateFileA
CreateDirectoryA
OutputDebugStringA
UnmapViewOfFile
SetEvent
MapViewOfFile
OpenEventW
OpenFileMappingW
SetHandleInformation
CreatePipe
GetExitCodeProcess
LoadLibraryA
SetFileAttributesW
GetLogicalDrives
SetLastError
GetDiskFreeSpaceW
SetFilePointerEx
GetFileSizeEx
GetTickCount
CopyFileW
LocalFree
RemoveDirectoryW
VirtualFree
VirtualAlloc
GetComputerNameW
GetCurrentThread
IsBadReadPtr
GetFileSize
FindResourceExW
lstrlenA
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesExW
FormatMessageW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetDriveTypeW
FindFirstVolumeMountPointW
GetFileInformationByHandle
FindNextVolumeMountPointW
FindVolumeMountPointClose
SetUnhandledExceptionFilter
LoadLibraryW
GetCurrentThreadId
GetCurrentProcessId
FindResourceW
SizeofResource
LoadResource
GlobalAlloc
FreeResource
LockResource
GlobalLock
GlobalUnlock
GlobalFree
IsBadWritePtr
CreateThread
GetPrivateProfileIntA
MultiByteToWideChar
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
CreateToolhelp32Snapshot
GetPrivateProfileIntW
user32
GetIconInfo
DestroyIcon
IsWindowVisible
IsWindow
DestroyCursor
LoadImageW
GetWindowDC
PostMessageW
SystemParametersInfoW
SetWindowPos
ShowWindow
ScreenToClient
DeleteMenu
ModifyMenuW
LoadIconW
TrackMouseEvent
IsWindowEnabled
SetPropW
CreateWindowExW
RegisterClassW
RemovePropW
SetParent
CreateDialogParamW
DispatchMessageW
TranslateMessage
GetMessageW
KillTimer
GetSubMenu
SetForegroundWindow
CallWindowProcW
DefWindowProcW
GetPropW
ReleaseDC
SetScrollInfo
SetWindowRgn
OffsetRect
IsZoomed
UnregisterClassA
MoveWindow
GetScrollInfo
LoadBitmapW
GetSysColor
TabbedTextOutW
DrawTextW
GetDlgCtrlID
ClientToScreen
ReleaseCapture
SetCapture
IsDlgButtonChecked
FindWindowW
LoadMenuW
DrawIcon
GetSystemMetrics
IsIconic
GetCursorPos
SetTimer
wsprintfW
GetWindowRect
MessageBoxW
GetKeyState
GetAsyncKeyState
SetWindowLongW
CopyRect
GetWindowLongW
SetCursor
DrawStateW
GetWindowTextW
GetFocus
DrawIconEx
LoadCursorW
FillRect
GetParent
GetClientRect
InflateRect
InvalidateRect
SendMessageW
GrayStringW
GetDC
PtInRect
DrawTextExW
EnableWindow
gdi32
CreateFontIndirectW
TextOutW
LineTo
SetTextJustification
CreateFontW
RectVisible
MoveToEx
ExtTextOutW
GetCurrentObject
GetTextMetricsW
GetGlyphOutlineW
CreateRectRgn
ExcludeClipRect
CreateCompatibleDC
CreateCompatibleBitmap
Escape
BitBlt
GetStockObject
SelectObject
PtVisible
CreateSolidBrush
GetObjectW
GetTextExtentPoint32W
DeleteDC
DeleteObject
SetBkColor
GetDeviceCaps
GetBkColor
SetBkMode
CreatePolygonRgn
FillRgn
CreatePatternBrush
SetTextColor
GetTextColor
Rectangle
CreatePen
advapi32
DuplicateTokenEx
RegQueryValueExA
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
RegQueryValueExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueW
RegOpenKeyW
RegLoadKeyW
RegOpenKeyA
RegGetKeySecurity
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegSetKeySecurity
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
RegDeleteKeyW
RegDeleteValueW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegFlushKey
RegSetValueExW
RegUnLoadKeyW
shell32
SHGetFolderPathW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHAppBarMessage
CommandLineToArgvW
SHChangeNotify
ShellExecuteA
ShellExecuteW
comctl32
InitCommonControlsEx
_TrackMouseEvent
shlwapi
PathFileExistsW
PathAppendW
ole32
CoSetProxyBlanket
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
oleaut32
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString
msvcp80
??0?$allocator@_W@std@@QAE@ABV01@@Z
??0?$allocator@_W@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?max_size@?$allocator@_W@std@@QBEIXZ
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
gdiplus
GdipDisposeImage
GdipGetImageHeight
GdipReleaseDC
GdipDeleteGraphics
GdipAlloc
GdiplusShutdown
GdipFree
GdipCreateFromHDC
GdiplusStartup
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDrawImageRectRect
GdipGetImageWidth
rpcrt4
UuidCreate
winhttp
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSendRequest
wtsapi32
WTSFreeMemory
WTSQuerySessionInformationW
Exports
Exports
?AddArrayString@DefragLib@@QAEPAPA_WPAPA_WPA_W@Z
?CallShowStatus@DefragLib@@QAEXPAUDefragDataStruct@@HH@Z
?ColorizeItem@DefragLib@@QAEXPAUDefragDataStruct@@PAUItemStruct@@_K2H@Z
?DeleteAllDefrages@DefragLib@@QAEXXZ
?DeleteItemTree@DefragLib@@QAEXPAUItemStruct@@@Z
?FragmentCount@DefragLib@@QAEHPAUItemStruct@@PA_K@Z
?GetItemLcn@DefragLib@@QAE_KPAUItemStruct@@@Z
?GetLongPath@DefragLib@@QAEPA_WPAUDefragDataStruct@@PAUItemStruct@@@Z
?GetShortPath@DefragLib@@QAEPA_WPAUDefragDataStruct@@PAUItemStruct@@@Z
?IsFragmented@DefragLib@@QAEHPAUItemStruct@@_K1@Z
?MatchMask@DefragLib@@QAEHPA_W0@Z
?RunJkDefrag@DefragLib@@QAEXPA_WHHNPAPA_W1PAH1@Z
?RunOnlyAnalyzeVolume@DefragLib@@QAEXPA_WHHNPAPA_W1PAH1@Z
?RunOnlyTidy@DefragLib@@QAEXPAUDefragDataStruct@@@Z
?ShowHex@DefragLib@@QAEXPAUDefragDataStruct@@PAE_K@Z
?SlowDown@DefragLib@@QAEXPAUDefragDataStruct@@@Z
?StopJkDefrag@DefragLib@@QAEXPAHH@Z
?SystemErrorStr@DefragLib@@QAEXKPA_WI@Z
?TreeBiggest@DefragLib@@QAEPAUItemStruct@@PAU2@@Z
?TreeDetach@DefragLib@@QAEXPAUDefragDataStruct@@PAUItemStruct@@@Z
?TreeFirst@DefragLib@@QAEPAUItemStruct@@PAU2@H@Z
?TreeInsert@DefragLib@@QAEXPAUDefragDataStruct@@PAUItemStruct@@@Z
?TreeNext@DefragLib@@QAEPAUItemStruct@@PAU2@@Z
?TreeNextPrev@DefragLib@@QAEPAUItemStruct@@PAU2@H@Z
?TreePrev@DefragLib@@QAEPAUItemStruct@@PAU2@@Z
?TreeSmallest@DefragLib@@QAEPAUItemStruct@@PAU2@@Z
?stristr@DefragLib@@QAEPADPAD0@Z
?stristrW@DefragLib@@QAEPA_WPA_W0@Z
FormatExtFs
GetObjGAHelp
GetObjGATrackingData
GetObjGoogleAnalytics
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 616KB - Virtual size: 613KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 60KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.2MB - Virtual size: 3.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE