Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) |
|---|---|---|---|---|---|---|
| FILE | exe | 2025-06-11 13:37:23 | 2025-06-11 13:55:02 | 1059 seconds | Show Options | Show Analysis Log |
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1
2024-11-25 13:37:15,428 [root] INFO: Date set to: 20250611T08:30:16, timeout set to: 1000 2025-06-11 09:30:16,217 [root] DEBUG: Starting analyzer from: C:\tmp_gell1p8 2025-06-11 09:30:16,217 [root] DEBUG: Storing results at: C:\ZvbKyXZRGS 2025-06-11 09:30:16,217 [root] DEBUG: Pipe server name: \\.\PIPE\SMSdEingq 2025-06-11 09:30:16,217 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32 2025-06-11 09:30:16,217 [root] INFO: analysis running as an admin 2025-06-11 09:30:16,217 [root] INFO: analysis package specified: "exe" 2025-06-11 09:30:16,217 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2025-06-11 09:30:17,108 [root] DEBUG: imported analysis package "exe" 2025-06-11 09:30:17,108 [root] DEBUG: initializing analysis package "exe"... 2025-06-11 09:30:17,108 [lib.common.common] INFO: wrapping 2025-06-11 09:30:17,108 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation 2025-06-11 09:30:17,155 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\SenseCncProxy.exe 2025-06-11 09:30:17,155 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2025-06-11 09:30:17,155 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2025-06-11 09:30:17,155 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2025-06-11 09:30:17,155 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2025-06-11 09:30:17,436 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2025-06-11 09:30:17,452 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2025-06-11 09:30:17,498 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2025-06-11 09:30:17,498 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2025-06-11 09:30:17,514 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-06-11 09:30:17,514 [lib.api.screenshot] ERROR: No module named 'PIL' 2025-06-11 09:30:17,514 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2025-06-11 09:30:17,529 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2025-06-11 09:30:17,529 [root] DEBUG: Initialized auxiliary module "Browser" 2025-06-11 09:30:17,529 [root] DEBUG: attempting to configure 'Browser' from data 2025-06-11 09:30:17,529 [root] DEBUG: module Browser does not support data configuration, ignoring 2025-06-11 09:30:17,529 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2025-06-11 09:30:17,529 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2025-06-11 09:30:17,529 [root] DEBUG: Initialized auxiliary module "DigiSig" 2025-06-11 09:30:17,529 [root] DEBUG: attempting to configure 'DigiSig' from data 2025-06-11 09:30:17,529 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2025-06-11 09:30:17,529 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2025-06-11 09:30:17,529 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2025-06-11 09:30:28,795 [modules.auxiliary.digisig] DEBUG: File has a valid signature 2025-06-11 09:30:28,795 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2025-06-11 09:30:28,795 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2025-06-11 09:30:28,811 [root] DEBUG: Initialized auxiliary module "Disguise" 2025-06-11 09:30:28,811 [root] DEBUG: attempting to configure 'Disguise' from data 2025-06-11 09:30:28,811 [root] DEBUG: module Disguise does not support data configuration, ignoring 2025-06-11 09:30:28,811 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2025-06-11 09:30:28,811 [modules.auxiliary.disguise] INFO: Disguising GUID to 6e12c1d2-d034-4fa3-91f2-7fd28e2207a3 2025-06-11 09:30:28,811 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2025-06-11 09:30:28,811 [root] DEBUG: Initialized auxiliary module "Human" 2025-06-11 09:30:28,811 [root] DEBUG: attempting to configure 'Human' from data 2025-06-11 09:30:28,811 [root] DEBUG: module Human does not support data configuration, ignoring 2025-06-11 09:30:28,811 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2025-06-11 09:30:28,811 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2025-06-11 09:30:28,811 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-06-11 09:30:28,811 [root] DEBUG: attempting to configure 'Screenshots' from data 2025-06-11 09:30:28,811 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2025-06-11 09:30:28,811 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2025-06-11 09:30:28,811 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2025-06-11 09:30:28,811 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2025-06-11 09:30:28,811 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2025-06-11 09:30:28,811 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2025-06-11 09:30:28,811 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2025-06-11 09:30:28,811 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2025-06-11 09:30:28,826 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696 2025-06-11 09:30:28,843 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmp_gell1p8\dll\696.ini 2025-06-11 09:30:28,858 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor 2025-06-11 09:30:28,858 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor 2025-06-11 09:30:28,858 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor 2025-06-11 09:30:28,858 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor 2025-06-11 09:30:28,858 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor 2025-06-11 09:30:28,858 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2025-06-11 09:30:28,858 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp_gell1p8\dll\bdrnTF.dll, loader C:\tmp_gell1p8\bin\ugJfAWah.exe 2025-06-11 09:30:28,936 [root] DEBUG: Loader: IAT patching disabled. 2025-06-11 09:30:28,936 [root] DEBUG: Loader: Injecting process 696 with C:\tmp_gell1p8\dll\bdrnTF.dll. 2025-06-11 09:30:28,983 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'. 2025-06-11 09:30:28,999 [root] INFO: Disabling sleep skipping. 2025-06-11 09:30:28,999 [root] DEBUG: 696: Full process memory dumps enabled. 2025-06-11 09:30:28,999 [root] DEBUG: 696: Import reconstruction of process dumps enabled. 2025-06-11 09:30:28,999 [root] DEBUG: 696: Active unpacking of payloads enabled 2025-06-11 09:30:28,999 [root] DEBUG: 696: CAPE debug - unrecognised key norefer. 2025-06-11 09:30:28,999 [root] DEBUG: 696: TLS secret dump mode enabled. 2025-06-11 09:30:28,999 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542 2025-06-11 09:30:29,014 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable 2025-06-11 09:30:29,014 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0 2025-06-11 09:30:29,029 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF8234D0000, thread 5856, image base 0x00007FF60D500000, stack from 0x0000008EFACF4000-0x0000008EFAD00000 2025-06-11 09:30:29,029 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe 2025-06-11 09:30:29,045 [root] DEBUG: 696: Hooked 5 out of 5 functions 2025-06-11 09:30:29,045 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2025-06-11 09:30:29,045 [root] DEBUG: Successfully injected DLL C:\tmp_gell1p8\dll\bdrnTF.dll. 2025-06-11 09:30:29,061 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe> 2025-06-11 09:30: <truncated>
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10-2 | win10-2 | KVM | 2025-06-11 13:37:23 | 2025-06-11 13:54:42 | none |
File Details
| File Name |
SenseCncProxy.exe
|
|---|---|
| File Type | PE32+ executable (GUI) x86-64, for MS Windows |
| File Size | 804920 bytes |
| MD5 | 8552b2d903638d70e5feee276a837e92 |
| SHA1 | 5bb157a66d35898a52acf2aaa01608d9ddb759e1 |
| SHA256 | c8d1af1cdfe8faf7c12a8bccf7234209cdf02ee3eacde237864cb2afa0278134 [VT] [MWDB] [Bazaar] |
| SHA3-384 | b2a6d898eeffe13aa3a21b012238a08ba0b587b71bbe2ab3766ca419c0bc07a2bd6ea1e5c7ef015d4c28580c18b73a32 |
| CRC32 | 6E4F7900 |
| TLSH | T1FF054B57BF9C41E0C17AD1BB8A97C946F7B2B8150B2187CB0251E76F1E6B9E81E39310 |
| Ssdeep | 12288:e+l7FeY5MoNIahX+sUw0jAMhyrdTI/AqiYCYxWtCR9FGjbAZaJQRV1N66Mvk3+M0:e2MhIdTkjRyjWR7yvk3+MhjdDI |
| PE | File Strings BinGraph Vba2Graph VirusTotal |
AA40J6
.?AU_Crt_new_delete@std@@
.?AV<lambda_a71a92aa9d0bb89e67b20293ccce2385>@@
Created
l$ VWATAVAWH
Error code
pA^_^[]
@.data
fA9tM
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1_Locinfo@std@@QEAA@XZ
.?AV_Generic_error_category@std@@
fD9|H
ReleaseMutex
WinHttpSetOption
H VWAVH
%common_pictures%
security check HRESULT
APPID
A stream was set on the message and extraction is not possible
_initterm_e
message/http
Error registering callback
%common_music%
text/x-json
CreateSemaphoreExW
.?AVios_base@std@@
E`HcH
%program_filesx86%
.?AV?$basic_streambuf@D@details@streams@Concurrency@@
.?AV?$_Ref_count_obj@Voauth1_handler@details@oauth1@http@web@@@std@@
.?AV?$_Ref_count@Vhttp_pipeline@http@web@@@std@@
SeDebugPrivilege
.?AU?$_ContinuationTaskHandle@_N_NV<lambda_029922e04d1ae6cb17a19b7c5ff9bb94>@@U?$integral_constant@_N$00@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@_N@pplx@@
.?AV?$_Func_impl_no_alloc@V<lambda_eceda342d263d1ee12e85c9d2b18e090>@@_N_K@std@@
.?AV?$_Func_impl_no_alloc@V<lambda_86772f4b227812f4d2ea48a7a9e68940>@@EV?$task@_N@pplx@@@std@@
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@XXV<lambda_f0d76877e2124af93dd5e09c8d041edf>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@E@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
_o__purecall
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
RegSetValueExW
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@_NXV<lambda_ccc52d68d0ef3c0ed95db32f9cfb7615>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_N@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
%user_UserProgramFilesCommon%
list<T> too long
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
TlP0X
Error opening session
.?AV?$_Func_impl_no_alloc@V<lambda_1afa6a51eb7296cb0289a45382170364>@@E_N@std@@
_o__resetstkoflw
.?AU?$_ContinuationTaskHandle@Vhttp_response@http@web@@V123@V<lambda_9cd8c40e0f7663fc95cab4438ed44c3d>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@Vhttp_response@http@web@@@pplx@@
.?AV<lambda_9396d6e6ec794139160e93d80c1a8d78>@@
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
\$pL;
0A_A^A]A\_^[
H AVH
_o__malloc_base
.?AU?$_ContinuationTaskHandle@_KV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V<lambda_0c960c8852591ecee2a6c101f2fe2d56>@@U?$integral_constant@_N$0A@@2@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@
WinHttpSendRequest chunked
api-ms-win-core-string-l1-1-0.dll
L$@H+
VWAVH
8_^][
PA_A^A]A\_^[
.?AV_Node_endif@std@@
system
O0M0K
D8I)t
Expectation Failed
Microsoft Corporation
.?AV?$_Func_impl_no_alloc@V<lambda_d6fb0d431a85fc22141f115129be5f0a>@@X$$V@std@@
provided uri is invalid:
.?AU?$_ContinuationTaskHandle@JXV<lambda_7c9bca34d54b0f5db7afbd0da8823d51>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@J@pplx@@
|$8M;
LoadLibraryExW
fD9,Qu
.?AV?$_Node_class@_WV?$regex_traits@_W@std@@@std@@
.?AV<lambda_ccc52d68d0ef3c0ed95db32f9cfb7615>@@
.u$H;3
.?AV?$_Func_impl_no_alloc@V<lambda_c09f81b7705a59290caf1214fd28d867>@@_N_K@std@@
VWSUATAUAVAWH
Failed to call CoGetCallContext
T$HE3
USVWATAUAVAWH
nQi ,];
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@_KXV<lambda_90adc82cf027364c05dc7f24a947a1ad>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
CertGetNameStringW
BW,A`zAM
yxxxxxxxH
.?AU?$_ContinuationTaskHandle@XXV<lambda_d02101470ff44e04543297f88e5e8cbe>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@E@pplx@@
ProxyMain: SafeProcessUtils::EnableSuspensionResumptionTracing failed
SECURITY
A8H+A0
.?AV?$_Func_impl_no_alloc@V<lambda_3a91c81f1c3d7784dfd62bb205b6f2d2>@@_NH@std@@
api-ms-win-core-string-obsolete-l1-1-0.dll
AppID
_initterm
|$ L9z
.?AVlogic_error@std@@
Proxy-Authenticate
t'L9A
.?AV<lambda_78e63e4a3d8187e13e35c502361cdab1>@@
H+AHH
.?AV<lambda_32fa9c925e5d317a3f6df61329263685>@@
.idata$5
D8I(t
%user_Downloads%
LoadLibraryW
.?AV?$_Func_impl_no_alloc@V<lambda_3de5604149be175907d8423633e25a56>@@_NH@std@@
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
SenseCnCProxy.pdb
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@_KXV<lambda_d37b4dc0dc46861b42ecf8aeb994c649>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
unknown compression method
.?AU?$_ContinuationTaskHandle@HHV<lambda_2c807db17d9e196b15d71ba7d0a7cbf3>@@U?$integral_constant@_N$00@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@H@pplx@@
text/plain; charset=utf-16le
.?AV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@
.?AV?$_Func_impl_no_alloc@V<lambda_3174d3a03f6863a1a86d34319fc99ee6>@@X$$V@std@@
.pdata
wcschr
%user_UserProgramFiles%
OH;H(s
.?AV?$_Func_base@XE@std@@
Microsoft
t>y#I
@UVWAVAWH
fD9,Hu
.?AV<lambda_5f9b820c72f9d2b7adbb6effe89108d0>@@
.?AVCAtlException@ATL@@
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
If-Range
.data$r$brc
\\::1\
.?AV?$_Func_impl_no_alloc@V<lambda_1587b8ca2f9560ed42b1dcf1f3fa8f3e>@@_KAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_K@std@@
8A_A^A]A\_^][
.?AV?$_Func_impl_no_alloc@V<lambda_d02101470ff44e04543297f88e5e8cbe>@@V?$task@X@pplx@@$$V@std@@
9\uNH
header crc mismatch
%user_StartMenu%
_o__initialize_wide_environment
HttpClient failed. Retrying with complementary proxy setting
20190225133205.353Z0
invalid literal/lengths set
.?AU?$_ContinuationTaskHandle@_NXV<lambda_f9b8b8476485a077d244f8a24a5eff7b>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_N@pplx@@
SetEvent
If-Match
L$XE3
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
A8H+A0H9AHw
_o__configthreadlocale
WinHttpQueryOption failed to get the certificate
CEpH9
Hc8I+
0A^_^
UTF-8 string is missing bytes in character
I9V8u4H
.?AVwinhttp_request_context@details@client@http@web@@
%common_programs%
t@H;1u,H
\??\UNC\localhost\Admin$
Legal_Policy_Statement
.?AV?$_Func_base@EV?$task@X@pplx@@@std@@
T$0#D$@L
D$8@8|$0tKH
%hs!%p:
K SVWH
_o___p__commode
0A_A^A\_^
D$0fA
HKEY_PERFORMANCE_DATA
.?AV<lambda_166b31d6e824c5d9805cb7738b5a95d8>@@
p WAVAWH
T$XH+
.?AV<lambda_3a91c81f1c3d7784dfd62bb205b6f2d2>@@
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
URI must contain a hostname.
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
OPTIONS
.?AV?$_Func_impl_no_alloc@V<lambda_6ab90e83144920cce5208a2cbe379f88>@@_NJ@std@@
.?AU_ATL_MODULE70@ATL@@
.tls$ZZZ
CoCreateInstance
_o_tolower
.?AV?$_Func_impl_no_alloc@V<lambda_7397ceaea3acd37ad84d6588c5fc16a3>@@X$$V@std@@
C4;C,A
.?AVCAtlModule@ATL@@
.?AV?$_Func_base@Vhttp_response@http@web@@V123@@std@@
.?AV?$_Ref_count@V?$basic_container_buffer@V?$vector@EV?$allocator@E@std@@@std@@@details@streams@Concurrency@@@std@@
Microsoft Time-Stamp PCA 20100
9\u=H
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
api-ms-win-crt-string-l1-1-0.dll
MERGE
.rdata$r
f9,Ku
`A^_^
utf-16be
L9w0t
.CRT$XIA
L$ A#
.?AV<lambda_f7b360d7af1f7adfe09137be51dd4a0c>@@
.?AV<lambda_bccf8e683c110f5f73c6947df15ec385>@@
.?AU?$_ContinuationTaskHandle@XXV<lambda_3c3aa4268759fefe294eea6f9c57c205>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@
Unsupported Media Type
111019184142Z
api-ms-win-core-rtlsupport-l1-1-0.dll
\\localhost\
ffffff
hA_A^A]A\_^][
%user_Cookies%
.?AV?$_Ref_count_obj@U?$_Task_completion_event_impl@H@details@pplx@@@std@@
.?AV<lambda_1bf1139a61cf39a2462742b54f29d715>@@
.?AV?$_Func_impl_no_alloc@V<lambda_1f2a427662eb6536495b7b1d6bd973f2>@@X$$V@std@@
generic
?id@?$ctype@_W@std@@2V0locale@2@A
ResetEvent
D8t$0u
.?AU?$_ContinuationTaskHandle@XXV<lambda_89ef8f9e192d0c9d8a44552b2fb585d9>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@
x UAVAWH
GetSidSubAuthority
_o__invalid_parameter_noinfo_noreturn
CoRevertToSelf
FileDescription
%Microsoft Windows Production PCA 2011
\$ UVWH
.?AU?$_ContinuationTaskHandle@XXV<lambda_d866778a64a41e251a28c8eb804a9f63>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@
.?AV?$_Func_impl_no_alloc@V<lambda_166b31d6e824c5d9805cb7738b5a95d8>@@EE@std@@
.?AU?$_ContinuationTaskHandle@_KXV<lambda_081d04ec8089f8a28c39b95ae083bfc2>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@
l$pI;
.?AV?$_Func_impl_no_alloc@V<lambda_907f21353faa31f9175d31fbf95f8c1f>@@_NJ@std@@
\$ VWAVH
UWATAVAWH
%user_AdminTools%
9W(u6
.?AU?$_ContinuationTaskHandle@XXV?$function@$$A6AXV?$task@X@pplx@@@Z@std@@U?$integral_constant@_N$00@2@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@
.?AV?$_CancellationTokenCallback@V<lambda_1438ac20b176de53977512e8751d5d48>@@@details@pplx@@
.?AV?$_Ref_count_obj@U?$_Task_completion_event_impl@E@details@pplx@@@std@@
.?AV?$basic_streambuf@E@details@streams@Concurrency@@
.?AV?$_Func_impl_no_alloc@V<lambda_209767515679f0ba2395a51b78eb3dc9>@@_N_K@std@@
Microsoft Operations Puerto Rico1&0$
%user_InternetCache%
ntdll.dll
UVWAUAWH
.?AVwindows_category_impl@details@utility@@
cpprestsdk/2.6.0
WakeAllConditionVariable
InitializeCriticalSection
Unexpected end of request body stream encountered before Content-Length met.
A_A^A\_^
Microsoft Time-Stamp PCA 2010
HKEY_DYN_DATA
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
invalid signature method.
ypH;8f
AssertWithArgs
.?AV<lambda_7c1b0ea28fcde97ab0b17e1c4c4c8a1e>@@
.?AV<lambda_028aed5236b35ffa4d34ba9fe7c62aca>@@
The token sid isn't the system account token
.?AV?$_Func_impl_no_alloc@V<lambda_4670f2a7ccdca89ee782f9aaed77ecdb>@@X$$V@std@@
.?AVbad_weak_ptr@std@@
D$(E3
f9PXu]H
CLSID
.?AV<lambda_f0439ab3bf77c15bacb76d177bd5d84a>@@
fA9,Qu
OAuth
message
.?AV?$_Func_impl_no_alloc@V<lambda_6ce34030f60640043224b09a005fb4d9>@@EV?$task@X@pplx@@@std@@
originatingContextName
.?AVruntime_error@std@@
0A_A^_^]
.?AVTraceLoggingProvider@wil@@
ascii
stream buffer not set up for output of data
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
upper
.?AV?$_Ref_count_obj@V_http_request@details@http@web@@@std@@
.?AV?$_Func_base@E$$V@std@@
.?AV?$_Func_impl_no_alloc@V<lambda_2516e2e0064226c0f0eb7144e0f65554>@@X$$V@std@@
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
.?AU?$_Task_impl@J@details@pplx@@
.rdata$zETW9
UVWAVAWH
L$0E3
L$8H3
.?AUIClassFactory@@
text/json
Dynamic code mitigation policy was not set as expected. Setting it now
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
A_A^A\_]
.?AV?$_Ref_count_obj@Vwindows_scheduler@details@pplx@@@std@@
.?AU?$_ContinuationTaskHandle@HXV<lambda_09772954a221cf556a33dfb79462c13a>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@H@pplx@@
100701213655Z
\??\UNC\0:0:0:0:0:0:0:1\Admin$
D90v<H
vector<bool> too long
Dx,2$E
.?AV<lambda_3174d3a03f6863a1a86d34319fc99ee6>@@
.?AV<lambda_9cd8c40e0f7663fc95cab4438ed44c3d>@@
If-None-Match
wn>Jj
!#&Ce1
TerminateProcess
\$ UVWAVAW
Ny|EF
__std_type_info_compare
f9,Au
.?AU?$_ContinuationTaskHandle@_N_NV<lambda_59310622ec317c0e20cf6e718c2d182e>@@U?$integral_constant@_N$00@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@_N@pplx@@
InitializeConditionVariable
.?AV?$_Func_impl_no_alloc@V<lambda_ccc52d68d0ef3c0ed95db32f9cfb7615>@@X_N@std@@
.?AV<lambda_20ad9e29cb9cb6f73fabe65bfa200e58>@@
? Dm,
_o__seh_filter_exe
.?AV?$_Ref_count_obj@U?$_Task_impl@J@details@pplx@@@std@@
Server
.?AU?$_ContinuationTaskHandle@_KV?$vector@EV?$allocator@E@std@@@std@@V<lambda_f0439ab3bf77c15bacb76d177bd5d84a>@@U?$integral_constant@_N$0A@@2@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@
L$PHcQ
H9rPu
?_Xout_of_range@std@@YAXPEBD@Z
\??\UNC\
.?AU_TaskProcHandle@details@pplx@@
D$ `3
SUVWAVAWH
?widen@?$ctype@_W@std@@QEBA_WD@Z
incorrect length check
.?AV?$_Func_impl_no_alloc@V<lambda_f49f260a0b38cdd7c945cd508997a8f1>@@X$$V@std@@
J9*`+
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
Ho*[8'
.CRT$XPZ
_o__recalloc
VWSUH
.?AV_Node_base@std@@
GetModuleHandleA
.text$x
R!s4Z
T$ E3
>$7<EK
M15I?
Windows Defender Advanced Threat Protection Communications module
H9Qhv#H
blank
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@_KXV<lambda_081d04ec8089f8a28c39b95ae083bfc2>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
.xdata$x
L$HH3
.?AV<lambda_697ea6c68c8799f754b6e695f450f5f6>@@
A^_^
WinHttpQueryOption
T$(H;S(t
GetModuleHandleW
Proxy-Authorization
_o_wcsncpy_s
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
.?AV<lambda_6ab90e83144920cce5208a2cbe379f88>@@
api-ms-win-core-registry-l1-1-0.dll
HashDigestLength
L$ E3
.CRT$XLZ
_o__register_onexit_function
.?AU?$_PPLTaskHandle@_KU?$_ContinuationTaskHandle@_K_KV<lambda_4239eb92c869bce4984f6fd02768a972>@@U?$integral_constant@_N$00@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@_K@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
.giats
kernelbase.dll
.?AV<lambda_4670f2a7ccdca89ee782f9aaed77ecdb>@@
_o_wcscat_s
WinHttpSendRequest
.?AVErrorHandlingHelpers@wil@@
T$0H;
requestPath
\??\UNC\localhost\
ui8X$t
fD99s6
tFD8^)t@H;
,RCrbwRhIbrPMmkAdLEM0mGW0n4F7BIFlQ+kdE2FftNU=0Z
0A_A^_
.?AV?$_Func_impl_no_alloc@V<lambda_7c1b0ea28fcde97ab0b17e1c4c4c8a1e>@@Vhttp_response@http@web@@$$V@std@@
OriginalFilename
.?AV?$_Func_base@X_N@std@@
.CRT$XLC
BCryptCreateHash
realm
api-ms-win-core-interlocked-l1-1-0.dll
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
.?AV?$_Func_base@EV?$task@J@pplx@@@std@@
%common_startmenu%
.?AV?$_Func_impl_no_alloc@V<lambda_f578a8e1cac080e0bc492485911138c4>@@_N_K@std@@
.?AV?$basic_container_buffer@V?$vector@EV?$allocator@E@std@@@std@@@details@streams@Concurrency@@
L$0fD
$Microsoft Ireland Operations Limited1
Content-Language
fD94Au
Incorrect Content-Type: must be textual to extract_string, JSON to extract_json.
\$8E3
.?AU?$_PPLTaskHandle@EU?$_InitialTaskHandle@XV<lambda_d6fb0d431a85fc22141f115129be5f0a>@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@U_TaskProcHandle@details@3@@details@pplx@@
Conflict
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
DELETE
u#H9<
p[F5_
EventProviderEnabled
!L$<A
QPH;Q@v*H
UVWATAUAVAWH
.?AV?$_Ref_count_obj@U?$_Task_completion_event_impl@_K@details@pplx@@@std@@
CloseHandle
L$8E3
.?AV?$basic_producer_consumer_buffer@E@details@streams@Concurrency@@
.?AVexception@std@@
@.reloc
bad array new length
fD9|}
Found
.?AV<lambda_08114761827faabe1bf84d934f9c06d0>@@
.?AV_Node_if@std@@
{|?uXH
0A_A^A]_^
.?AV?$_Func_base@XV?$task@_N@pplx@@@std@@
H(VVH
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@HXV<lambda_09772954a221cf556a33dfb79462c13a>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@H@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
??1_Lockit@std@@QEAA@XZ
z.9Wv
3333333
LoadResource
T$(fA
9\uBH
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
GetSystemTimeAsFileTime
D9K(t
failureCount
non-deflate compressed response
fD9(u
invalid code lengths set
Expect
utf-16
Failed to verify certificate chain is expected
A__^[]
9\uFH
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
.?AV?$_Func_impl_no_alloc@V<lambda_61faf62e6c2bcca7d7c24724bc055641>@@EV?$task@J@pplx@@@std@@
.?AV?$producer_consumer_buffer@E@streams@Concurrency@@
A@H9APw
.?AU?$_ContinuationTaskHandle@_KXV<lambda_19125f933ee33231228d2fe672f68ba6>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@
\Device\Mup\;LanmanRedirector\;
{xbu_
USVWATAVH
(D$ f
WWW-Authenticate
RT_CODE
gfffffffH+
\Device\Mup\
Forbidden
D8hqA
ineIu
CharNextW
.?AU?$_Task_impl@V?$vector@EV?$allocator@E@std@@@std@@@details@pplx@@
SetUnhandledExceptionFilter
WinHttpSetStatusCallback
.?AVtype_info@@
?_Syserror_map@std@@YAPEBDH@Z
D$ E3
\\127.0.0.1\
.text
fD9,Gu
.?AU?$_ContinuationTaskHandle@_KXV<lambda_a355ddcfacc701a8c499abedcd642ac8>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@
.?AV?$_Func_base@XV?$task@_K@pplx@@@std@@
.?AV_Ref_count_base@std@@
ntelu
Thales TSS ESN:BBEC-30CA-2DBE1%0#
.rdata$brc
f9Axu`
invalid distance too far back
Microsoft Windows Publisher0
originatingContextId
.?AV_CancellationTokenState@details@pplx@@
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
WAUAVH
Not Acceptable
GhD)}`L
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@_NXV<lambda_08114761827faabe1bf84d934f9c06d0>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_N@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
w+OQvr
.?AVCComClassFactory@ATL@@
cntrl
A^A]_
CL$8H+
%common_documents%
wjH9Q
D8I)u
t#tvI
.?AV?$_Func_impl_no_alloc@V<lambda_d37b4dc0dc46861b42ecf8aeb994c649>@@XV?$task@_K@pplx@@@std@@
.?AU?$_PPLTaskHandle@EU?$_InitialTaskHandle@XV<lambda_460549ce75b622ec175b79b5716ef784>@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@U_TaskProcHandle@details@3@@details@pplx@@
t$8I;
LocalAlloc
.idata$4
.?AV?$_Func_base@XPEAX@std@@
.?AV?$_Func_impl_no_alloc@V<lambda_09772954a221cf556a33dfb79462c13a>@@XV?$task@H@pplx@@@std@@
.?AV<lambda_6b83559ad7332dea4ee7e395b2e48e0b>@@
.rdata$T$brc
GetTokenInformation
NtSetInformationProcess
`A_A^A]A\_^[
_o___stdio_common_vswprintf
.?AV?$_Ref_count_obj@V?$basic_producer_consumer_buffer@E@details@streams@Concurrency@@@std@@
Component Categories
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
.?AU?$_PPLTaskHandle@V?$vector@EV?$allocator@E@std@@@std@@U?$_ContinuationTaskHandle@_KV?$vector@EV?$allocator@E@std@@@std@@V<lambda_f0439ab3bf77c15bacb76d177bd5d84a>@@U?$integral_constant@_N$0A@@2@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@U_ContinuationTaskHandleBase@details@5@@details@pplx@@
_o__cexit
CT$0H
RegEnumKeyExW
.?AU?$_PPLTaskHandle@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$_ContinuationTaskHandle@_KV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V<lambda_0c960c8852591ecee2a6c101f2fe2d56>@@U?$integral_constant@_N$0A@@2@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@U_ContinuationTaskHandleBase@details@5@@details@pplx@@
{SPU}P
Xi#/H
HTTP/1.1
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
9\uJH
api-ms-win-core-com-l1-1-0.dll
T$PI+
WinHttpCloseHandle
.?AV<lambda_f9b8b8476485a077d244f8a24a5eff7b>@@
.?AV<lambda_a574ca920d15d8c6f31c3581fdf5db43>@@
CoRegisterPSClsid
.CRT$XDZ
.?AV?$_Ref_count_obj@U?$_Task_impl@H@details@pplx@@@std@@
.?AV?$_Ref_count_obj@V_http_response@details@http@web@@@std@@
.?AV_CancellationTokenRegistration@details@pplx@@
__C_specific_handler
191123202626Z0
@USVWAVAWH
.?AV<lambda_a355ddcfacc701a8c499abedcd642ac8>@@
.?AV?$_Func_base@_KAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_K@std@@
6@8~Lt
Error opening connection
\Device\Mup\localhost\Admin$
8Xyu;
text/plain
Failed mapping type
L9wpt-H
(D$@f
Retry-After
HttpClient completed retrying with complementary proxy setting
CertFreeCertificateContext
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
D90v3H
Can't convert more than MAXINT chars
CreateEventW
oG0fA
|$ AVH
bad allocation
^F{THxV
D$HfD
.text$mn$00
.?AV<lambda_19125f933ee33231228d2fe672f68ba6>@@
Accepted
SetLastError
.rsrc$01
ucH;{ u]
CallContext:[%hs]
amcore\wcd\source\common\src\safeprocessutils.cpp
DebugBreak
Y@H9;u%L
WinHttpQueryDataAvailable
A_A^A]A\_^[]
RegDeleteValueW
%user_Recent%
UTF-8 continuation byte is missing leading byte
{|]uxH
uO9T$`vIL
fE9<Pu
ntelD
?id@?$collate@_W@std@@2V0locale@2@A
CoTaskMemRealloc
USERENV.dll
Error setting timeouts
.?AV?$_Func_impl_no_alloc@V<lambda_de991c8aaf63a171af3162df96c891a8>@@X$$V@std@@
_o__invalid_parameter_noinfo
.?AVrange_error@std@@
text/x-javascript
InitializeSListHead
C0;C,s
%common_templates%
deque<T> too long
invalid proxy URL
_CxxThrowException
.?AV<lambda_3e9ab7cb7dc1570d7e2ca0d394b6e160>@@
.?AV_Node_rep@std@@
.?AV_System_error_category@std@@
T$pM+
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
LeaveCriticalSection
_o__set_fmode
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
L$ USVWAVH
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
.?AV?$_Func_impl_no_alloc@V<lambda_68eafabd67f4932b8e9918fb0693cf42>@@X$$V@std@@
%common_admin_tools%
B'M^J
L$ SVWH
D$(H;
Microsoft Corporation1)0'
Microsoft Corporation. All rights reserved.
D$PHcH
callContext
L$PH3
incorrect header check
.?AV?$streambuf@E@streams@Concurrency@@
?{uSH
charset=
.text$yd
A_A^A]A\][_^
%system_common%
H;A@wqH
L}!<i
bad cast
Not Modified
WATAVH
api-ms-win-core-localization-l1-2-0.dll
.?AU?$_Task_impl@Vhttp_response@http@web@@@details@pplx@@
M9|$P
@'B1`
cv?|U
Wadvapi32.dll
.?AV?$_Func_impl_no_alloc@V<lambda_3c3aa4268759fefe294eea6f9c57c205>@@X$$V@std@@
T$ H;
.?AV<lambda_75207de83fb492f6ab39832f90aebb5d>@@
@.rsrc
base_uri
%common_video%
f W{Q
^|H;N
AcquireSRWLockExclusive
api-ms-win-crt-private-l1-1-0.dll
WinHttpOpen
D8AptM
CertFreeCertificateChain
`A_A^A]A\_^]
l$ E3
.?AV?$enable_shared_from_this@V_http_request@details@http@web@@@std@@
L$@fD
%common_startup%
LegalCopyright
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
Reset Content
.?AV?$_Ref_count_obj@U?$_Task_impl@V?$vector@EV?$allocator@E@std@@@std@@@details@pplx@@@std@@
application/xml
.?AV?$_Func_impl_no_alloc@V<lambda_91022614685448e9613fba7d669360ed>@@EV?$task@_K@pplx@@@std@@
function
xSvf$
xdigit
H+APH
.?AU?$_InitialTaskHandle@XV<lambda_d6fb0d431a85fc22141f115129be5f0a>@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@
SeLoadDriverPrivilege
9\uCH
.?AV?$streambuf@D@streams@Concurrency@@
_Wcsxfrm
M0K0I
security check failed
\Device\Mup\0:0:0:0:0:0:0:1\Admin$
.?AV?$_Func_base@_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@std@@
10.5850.17763.348
?\$}y
fD9|U
.?AV?$_Func_impl_no_alloc@V<lambda_f0439ab3bf77c15bacb76d177bd5d84a>@@V?$vector@EV?$allocator@E@std@@@std@@_K@std@@
_o___std_exception_copy
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
@A_A^A]A\_^]
L$0H3
CL$pH
.?AV_http_response@details@http@web@@
alpha
.?AV?$_Func_impl_no_alloc@V<lambda_a71a92aa9d0bb89e67b20293ccce2385>@@_N_N@std@@
_o__configure_wide_argv
HeapDestroy
Error: request was not prefixed with listener uri
.rdata$zzzdbg
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
fD9"thL
WAVAWH
:\u:L
Microsoft.Windows.ErrorHandling.Fallback
.rdata
Accept-Encoding
api-ms-win-core-errorhandling-l1-1-0.dll
??0_Locinfo@std@@QEAA@PEBD@Z
.?AV?$_Func_impl_no_alloc@V<lambda_0a06f970bcc1645e3213bcca92c911ef>@@V?$task@X@pplx@@E@std@@
Retry setting are not applicable
RegDeleteKeyW
Proxy Authentication Required
A_A^_^[]
invalid window size
UTF-8 string character can never start with 10xxxxxx
oauth_signature_method
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@XXV<lambda_89ef8f9e192d0c9d8a44552b2fb585d9>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
.?AV?$_Node_str@_W@std@@
tGf9)u;H
BCryptFinishHash
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
.?AV?$_Func_impl_no_alloc@V<lambda_19125f933ee33231228d2fe672f68ba6>@@XV?$task@_K@pplx@@@std@@
.?AV?$_Ref_count_obj@V?$basic_ostream_helper@E@details@streams@Concurrency@@@std@@
fD9,Au
.?AV?$_Ref_count_obj@V?$basic_istream_helper@E@details@streams@Concurrency@@@std@@
.?AV?$_Func_impl_no_alloc@V<lambda_89ef8f9e192d0c9d8a44552b2fb585d9>@@X$$V@std@@
WinHttpReceiveResponse
.?AV?$_Func_impl_no_alloc@V<lambda_df661cc4afe48d466781cfb5831923ba>@@_N_N@std@@
%Microsoft Windows Production PCA 20110
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
WaitForSingleObject
VWUSATAUAVAWH
%user_Programs%
Q8>#\
@VWAUAVAWH
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
_o___stdio_common_vsprintf_s
GetModuleFileNameA
9@u#H
.?AV?$_Func_impl_no_alloc@V<lambda_f47d828152306eea50442fa911c4e673>@@X$$V@std@@
PLAINTEXT
application/atom+xml
_o__set_app_type
SVWATAUAVAWH
%user_Temp%
.?AVoauth1_handler@details@oauth1@http@web@@
0A_A^A\
_register_thread_local_exe_atexit_callback
FindResourceExW
print
.?AV<lambda_1ffc6bc953dfd49ba9de3307864e71a1>@@
dJ~$Pl
api-ms-win-core-sysinfo-l1-1-0.dll
SHGetKnownFolderPath
.?AV?$_Func_impl_no_alloc@V<lambda_f0d76877e2124af93dd5e09c8d041edf>@@V?$task@X@pplx@@$$V@std@@
application/x-www-form-urlencoded
l<}2l
memcpy
.?AU?$_PPLTaskHandle@JU?$_ContinuationTaskHandle@JJV<lambda_1625c652f72682a961712e3f631673b2>@@U?$integral_constant@_N$00@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@J@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
.idata$3
XA_A^A]A\_^[]
invalid code -- missing end-of-block
.?AVfunction_pipeline_wrapper@details@http@web@@
.?AVTraceProvider@sense@@
261019185142Z0
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
ProxyMain SetEvent(hNotifyEvent)
10.5850.17763.348 (WinBuild.160101.0800)
.?AV<lambda_f6bfd4fd61a85f2a7f331c54c39f3d68>@@
.?AV<lambda_460549ce75b622ec175b79b5716ef784>@@
utf-8
8/tGL
~WJD[
boundary
.?AV?$_Func_impl_no_alloc@V<lambda_3e9ab7cb7dc1570d7e2ca0d394b6e160>@@_NH@std@@
\system
RtlDllShutdownInProgress
Q_-u
.?AU?$_ContinuationTaskHandle@_NXV<lambda_ccc52d68d0ef3c0ed95db32f9cfb7615>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_N@pplx@@
punct
.?AV<lambda_1afa6a51eb7296cb0289a45382170364>@@
_o_isdigit
_o_pow
A^A\_^[]
H*0"ZOW
string too long
"Microsoft Window
.?AV?$_Func_impl_no_alloc@V<lambda_a355ddcfacc701a8c499abedcd642ac8>@@XV?$task@_K@pplx@@@std@@
CoGetCallContext
Setting autologon policy to WINHTTP_AUTOLOGON_SECURITY_LEVEL_HIGH
H;A@wKL;
.?AU?$_PPLTaskHandle@HU?$_ContinuationTaskHandle@HHV<lambda_2c807db17d9e196b15d71ba7d0a7cbf3>@@U?$integral_constant@_N$00@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@H@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
.?AU?$_ContinuationTaskHandle@_KXV<lambda_d37b4dc0dc46861b42ecf8aeb994c649>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@
.?AV<lambda_de991c8aaf63a171af3162df96c891a8>@@
.?AV<lambda_f2452dc7086737be85042c20e1eb7cbe>@@
(_^][
.?AV<lambda_103de0c1e4607d41afccfeeb5f141c6f>@@
UATAUAVAWH
)\ZEo^m/
HeapFree
L$8A#
invalid string position
UWATAUAVH
@A_A^A\_^
PA^_^[]
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@XXV<lambda_d866778a64a41e251a28c8eb804a9f63>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
.?AV?$_Func_impl_no_alloc@V<lambda_3b7f2ed34a5f2b5b0659e5029d879108>@@_NJ@std@@
currentContextId
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
assertVersion
GetTickCount
CtfD;
.?AV<lambda_1f2a427662eb6536495b7b1d6bd973f2>@@
@8|$0
L$@E3
\temp
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
invalid distances set
.?AV<lambda_907f21353faa31f9175d31fbf95f8c1f>@@
.?AVhttp_pipeline_stage@http@web@@
L$@H3
Accept-Language
.P6A_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
Invalid hexidecimal digit
bucketArgument2
.?AV<lambda_2516e2e0064226c0f0eb7144e0f65554>@@
oauth_verifier
.?AV<lambda_68eafabd67f4932b8e9918fb0693cf42>@@
.?AV?$_Func_impl_no_alloc@V<lambda_20ad9e29cb9cb6f73fabe65bfa200e58>@@_NJ@std@@
.?AV<lambda_7c9bca34d54b0f5db7afbd0da8823d51>@@
9fE;x
Content-Length
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
.?AV?$_Func_impl_no_alloc@P6A_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z_NAEBV12@@std@@
\??\UNC\127.0.0.1\Admin$
UWAVH
MultiByteToWideChar
.?AV?$_Func_impl_no_alloc@V<lambda_78e63e4a3d8187e13e35c502361cdab1>@@Vhttp_response@http@web@@$$V@std@@
%user_SkyDrive%
SetProcessMitigationPolicy
A_A^A\
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
/fD;e
@VWAVH
EventSetInformation
??Bid@locale@std@@QEAA_KXZ
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
230280+4361160
8Xqu;
Chttp://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl0a
L$0#D$@L
.?AV<lambda_61faf62e6c2bcca7d7c24724bc055641>@@
_c_exit
GlobalCollection
.?AUIRegistrarBase@@
.?AV?$_Func_impl_no_alloc@V<lambda_6c81800f8f5fd9975165e8ba8954c6b7>@@_NH@std@@
OutputDebugStringW
.?AV?$_Func_impl_no_alloc@V<lambda_9cd8c40e0f7663fc95cab4438ed44c3d>@@Vhttp_response@http@web@@V234@@std@@
CtH;K
Setting proxy options
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
internal\sdk\inc\wil/resource.h
%system_AllUsersProfileRoot%
ReturnHr
_o__set_new_mode
application/x-javascript
SHELL32.dll
pV }S
.?AV<lambda_d37b4dc0dc46861b42ecf8aeb994c649>@@
@UWATAVH
.?AU?$_ContinuationTaskHandle@JJV<lambda_1625c652f72682a961712e3f631673b2>@@U?$integral_constant@_N$00@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@J@pplx@@
t?y&I
api-ms-win-core-libraryloader-l1-2-1.dll
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@JXV<lambda_7c9bca34d54b0f5db7afbd0da8823d51>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@J@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
space
.?AV?$_Ref_count_obj@Voauth2_handler@details@oauth2@http@web@@@std@@
A^A\]
.CRT$XTA
.?AV?$CComObjectCached@VCCommandProxy@@@ATL@@
.?AVwindows_scheduler@details@pplx@@
"<~$B
.?AV?$CAtlModuleT@VCComModule@ATL@@@ATL@@
.P6AXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
.?AV<lambda_d6fb0d431a85fc22141f115129be5f0a>@@
@8,1u
.?AV<lambda_d09b281386762be7f492b5a6134c745d>@@
WATAUAVAWH
SUVWH
.?AU?$_PPLTaskHandle@Vhttp_response@http@web@@U?$_ContinuationTaskHandle@Vhttp_response@http@web@@V123@V<lambda_9cd8c40e0f7663fc95cab4438ed44c3d>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@Vhttp_response@http@web@@@pplx@@U_ContinuationTaskHandleBase@details@6@@details@pplx@@
GJ+H=
Gi:%5
count
totalHits
.?AU?$_PPLTaskHandle@_KU?$_ContinuationTaskHandle@_K_KV<lambda_d1bb5d5ce98276b914df7a72f7a7f1db>@@U?$integral_constant@_N$00@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@_K@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
fD9t]
$`2X`F
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
USVWAUAVH
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@XXV<lambda_d02101470ff44e04543297f88e5e8cbe>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@E@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
api-ms-win-security-base-l1-1-0.dll
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@_KXV<lambda_19125f933ee33231228d2fe672f68ba6>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
A_A^A]A\_
|$ E3
.CRT$XCAA
Length Required
\$ UH
cehx;
.CRT$XTZ
Not Found
Qkkbal
CoRevokeClassObject
L9{0t#H
Failed to create certificate chain
.00cfg
i/$Lj
fD9,Fu
W/q#IX
.?AVCAccessToken@ATL@@
.?AVoauth1_exception@experimental@oauth1@http@web@@
FreeLibrary
@SUVWH
.?AV<lambda_209767515679f0ba2395a51b78eb3dc9>@@
ProxyMain RegisterClassFactory
FailFast
D$0M;
.?AV?$_Ref_count_obj@U?$_Task_impl@_N@details@pplx@@@std@@
HttpClient failed
URI scheme must be 'http' or 'https'
.?AV_http_request@details@http@web@@
T$0E3
~ L9o
http://www.microsoft.com/windows0
OpenThreadToken
ATAVAWH
.?AU?$_PPLTaskHandle@_NU?$_ContinuationTaskHandle@_N_NV<lambda_029922e04d1ae6cb17a19b7c5ff9bb94>@@U?$integral_constant@_N$00@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@_N@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
\\0:0:0:0:0:0:0:1\
is_done() cannot be called on a default constructed task.
Method Not Allowed
.?AVfacet@locale@std@@
.?AV?$_Func_base@V?$task@Vhttp_response@http@web@@@pplx@@Vhttp_request@http@web@@V?$shared_ptr@Vhttp_pipeline_stage@http@web@@@std@@@std@@
CompanyName
%user_PrintHood%
.?AV<lambda_3c3aa4268759fefe294eea6f9c57c205>@@
GetCurrentThreadId
@A_A^_
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@_KXV<lambda_a355ddcfacc701a8c499abedcd642ac8>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
L$pI;
.?AV?$_Func_impl_no_alloc@V<lambda_d09b281386762be7f492b5a6134c745d>@@_KAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@std@@
\Device\Mup\0:0:0:0:0:0:0:1\
WaitForThreadpoolTimerCallbacks
H UWATAVAWH
oG fA
.?AV?$_Func_impl_no_alloc@V<lambda_6fb1e3511ff054126081dae3e4ef7f7a>@@_N_K@std@@
.?AVCCommandProxy@@
imageSize
.?AV?$_Ref_count_obj@U?$_Task_completion_event_impl@Vhttp_response@http@web@@@details@pplx@@@std@@
@SVWATAUAVAWH
NtQueryVolumeInformationFile
.?AVoauth2_handler@details@oauth2@http@web@@
FUs'|
D$ @A*
.?AV?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
D$8I;
8/u[H
.?AU_Task_impl_base@details@pplx@@
CoRegisterClassObject
t*i~C
_o__exit
GetProcessHeap
Jjw[Sc
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
Sleep
Open failed
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
HKEY_CLASSES_ROOT
Failed to create mssense sid
A_A^A\_[
Unknown WinHTTP Function
fD9*t
request_uri_path
u0HcH<H
m_proxyUrl
@8uwv#I
.?AV?$_Func_base@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_K@std@@
t$ UWATAVAWH
o#ggfzy/4n
180823202626Z
Referer
_o__wcsnicmp
.CRT$XLD
%user_Profile%
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
.?AV?$_Func_impl_no_alloc@V<lambda_8eb4aba8e29c2dc55834bd9f1670d1b2>@@X$$V@std@@
_o__errno
Bad Gateway
T$0H+
8wD<j8
incorrect data check
.?AV<lambda_df661cc4afe48d466781cfb5831923ba>@@
invalid stored block lengths
)Microsoft Root Certificate Authority 20100
.?AV<lambda_732fc24489cbc21d67cd24754191ac2d>@@
RegOpenKeyExW
H9_Hs<
ReleaseSemaphore
Content-Disposition
/6p7^
%program_filescommon%
GetSidLengthRequired
.?AV_http_client_communicator@details@client@http@web@@
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_o_toupper
.?AUIUnknown@@
PA_A^A]A\_^]
xM!&\
\??\UNC\::1\Admin$
?classic@locale@std@@SAAEBV12@XZ
`A_A^A\_^[]
invalid bit length repeat
.?AV?$streambuf_state_manager@D@details@streams@Concurrency@@
USVWAVH
D$8H;
?fffffff
#D$@H
.?AV?$_Ref_count_obj@U?$_Task_completion_event_impl@_N@details@pplx@@@std@@
CloseThreadpoolTimer
.?AVtask_canceled@pplx@@
8"uMH
Content-Type
_Wcscoll
.?AV?$_Func_impl_no_alloc@V<lambda_08114761827faabe1bf84d934f9c06d0>@@X_N@std@@
L$ SUVWH
t$8H;
)`=`S
.?AV<lambda_3b7f2ed34a5f2b5b0659e5029d879108>@@
\Device\Mup\127.0.0.1\Admin$
D$0HcH
HTTP Version not supported
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
Cache-Control
@8~8t
.?AV?$_Ref_count_obj@U_ExceptionHolder@details@pplx@@@std@@
|hK,_
CheckTokenMembership
wcsrchr
deflate
?_Xlength_error@std@@YAXPEBD@Z
%systemdrive%
Range
_o__initialize_onexit_table
_o_free
D$PE3
application/http
.?AV_Root_node@std@@
.?AV<lambda_c09f81b7705a59290caf1214fd28d867>@@
memmove
?_Xbad_function_call@std@@YAXXZ
(caller: %p)
.?AUscheduler_interface@pplx@@
.?AU?$_PPLTaskHandle@EU?$_InitialTaskHandle@XV<lambda_1f2a427662eb6536495b7b1d6bd973f2>@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@U_TaskProcHandle@details@3@@details@pplx@@
Invalid URI string, two hexidecimal digits must follow '%'
.?AV?$_Func_impl_no_alloc@V<lambda_76496c5d619feefa2f6d422ae15f74a9>@@_NH@std@@
oauth_callback_confirmed
strchr
@8y(t
lower
f94Bu
250701214655Z0|1
WinHttpAddRequestHeaders
.rtc$TAA
.P6A_NVexception_ptr@std@@H@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
e A_A^]
HA_A^A]A\][_^
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
us-ascii
.?AV?$_Ref_count_resource@PEAVwinhttp_request_context@details@client@http@web@@V<lambda_499324dff2029233947519212c3cb421>@@@std@@
tIfD9
040904B0
uninitialized stream object
.CRT$XIC
WinHttpGetProxyForUrl
.rdata$zETW2
D8I(t'A
M H1E
SizeofResource
%temp%
.?AV?$_Ref_count_obj@U?$_Task_impl@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@details@pplx@@@std@@
@USVWAVH
lstrcmpiW
.?AV?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
A^A]_^[]
%user_Documents%
JS+J@
.?AVbad_alloc@std@@
A_A^A]A\_^]
%user_History%
.rtc$IZZ
.?AV?$_Func_base@E_N@std@@
A_A^]
\\.\pipe\
??1facet@locale@std@@MEAA@XZ
%common_desktop%
.?AV?$_Ref_count_obj@V_block@?$basic_producer_consumer_buffer@E@details@streams@Concurrency@@@std@@
oauth_version
Warning
180606185719Z
.?AU?$_Task_impl@H@details@pplx@@
.?AV?$_CancellationTokenCallback@V<lambda_253b886d01f8d04b7ec9c237eec285af>@@@details@pplx@@
Content-MD5
?_Incref@facet@locale@std@@UEAAXXZ
{ ATAVAWH
L9Ihv'H
InitOnceComplete
.?AU?$_Task_impl@E@details@pplx@@
@USVWAWH
.?AV<lambda_0a06f970bcc1645e3213bcca92c911ef>@@
ForceRemove
TelemetryAssertDiagTrack
.?AU?$_PPLTaskHandle@_NU?$_ContinuationTaskHandle@_N_NV<lambda_59310622ec317c0e20cf6e718c2d182e>@@U?$integral_constant@_N$00@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@_N@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
H;0u3H
f9)uBH
.rtc$IAA
oauth_signature
=dn"M,
.?AV<lambda_e6e865b02442c781fd79a3f885b4a7b6>@@
WideCharToMultiByte
.?AUICommandProxy@@
User-Agent
t$(E3
@SVWH
VarFileInfo
VWAUAVAWH
SenseCnCProxy
T$hL;
tMfD91u@H
D8y(u
j0m?
ProxyMain: SafeProcessUtils::EnableDynamicCodeMitigation failed
UHL9}`H
wait() cannot be called on a default constructed task.
.?AV<lambda_3de5604149be175907d8423633e25a56>@@
()$^.*+?[]|\-{},:=!
.?AV?$_Func_base@EV?$task@_K@pplx@@@std@@
.?AV?$_Func_base@EV?$task@H@pplx@@@std@@
.?AV?$_Ref_count_obj@U?$_Task_completion_event_impl@J@details@pplx@@@std@@
Non-Authoritative Information
api-ms-win-core-libraryloader-l1-2-0.dll
.?AV?$_Func_impl_no_alloc@V<lambda_0073bfcf7319a8539931a760272dfdc9>@@XE@std@@
l$ L9)
Switching Protocols
Continue
\Device\Mup\DfsClient\;
See Other
.?AU?$_InitialTaskHandle@XV<lambda_460549ce75b622ec175b79b5716ef784>@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@
unknown header flags set
CONNECT
Authorization
D$`HcH
HMAC-SHA1
.?AV?$_Func_impl_no_alloc@V<lambda_01b5ac7335078ebe71e8c66a869098b3>@@XV?$task@_K@pplx@@@std@@
oauth_consumer_key
H9wPs
ProxyMain failed to register class factory
.?AV<lambda_4d20462beec7f338325cab504d9784c2>@@
Local\SM0:%d:%d:%hs
.?AV?$_Func_impl_no_alloc@V<lambda_3e28be46f0610dd8f824b00699bc5d1d>@@_N_K@std@@
SUVWAVH
A@H98t2L
L$PE3
.?AV<lambda_86772f4b227812f4d2ea48a7a9e68940>@@
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@EXV<lambda_0073bfcf7319a8539931a760272dfdc9>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
FormatMessageW
\$8H!)H
module
InitializeCriticalSectionAndSpinCount
%user_LocalAppData%
.?AV_RefCounter@details@pplx@@
wD9W,u
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@XXV<lambda_68eafabd67f4932b8e9918fb0693cf42>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
iso-8859-1
The buffer is already allocated, this maybe caused by overlap of stream read or write
.?AV?$_Func_impl_no_alloc@V<lambda_70858db2871deca49f9ec26dd64e80f0>@@_NH@std@@
Microsoft Corporation1$0"
AcquireOplockOperationSuccessCounter
BCryptOpenAlgorithmProvider
A_A^A]A\_
.?AV_Node_back@std@@
.rtc$TZZ
NoRemove
text/plain; charset=utf-16
nCipher NTS ESN:4DE9-0C5E-3E091+0)
Internal Error
E8ePt*I
\??\UNC\::1\
DeleteCriticalSection
.?AV?$_Func_impl_no_alloc@V<lambda_1a4ba9a033606acb72964c8d2389513b>@@EV?$task@H@pplx@@@std@@
RaiseException
[[:xdigit:]]{40}
\$ WH
RtlCaptureContext
CL$8H
Content-Location
winhttp.dll
CloseThreadpoolWork
SWATAVAWH
.?AV?$_Ref_count_obj@U?$_Task_impl@Vhttp_response@http@web@@@details@pplx@@@std@@
x ATAVAWH
gfffffffH
t{HcL$ HcD$$H
.CRT$XLA
D$@I;
D$FH;
EqualSid
.?AV<lambda_09772954a221cf556a33dfb79462c13a>@@
.?AV<lambda_f0d76877e2124af93dd5e09c8d041edf>@@
.?AUIFailureCallback@details@wil@@
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
Genuu
; charset=utf-8
HeapReAlloc
GetLengthSid
.?AV?$_Func_base@EE@std@@
%user_CDBurning%
%user_Contacts%
.?AV?$_Func_base@_N_N@std@@
9{tu"
HKEY_LOCAL_MACHINE
application/octet-stream
.?AV<lambda_70858db2871deca49f9ec26dd64e80f0>@@
.?AV<lambda_671c3838b006585d83a81506877f9ea5>@@
A_A^_
%user_NetHood%
Microsoft Corporation1200
%user_SentTo%
Washington1
msvcp_win.dll
then() cannot be called on a default constructed task.
OH;H8s
Error setting options
#L$<A
A_A^A\
.?AV?$_Func_base@V?$task@X@pplx@@$$V@std@@
.?AU?$_ContinuationTaskHandle@_NXV<lambda_08114761827faabe1bf84d934f9c06d0>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_N@pplx@@
.?AV<lambda_2168ee8ffed455914286439d169b3077>@@
%systemwow64%
D$0H;
%programdata%
Last-Modified
api-ms-win-core-heap-l2-1-0.dll
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
CoIncrementMTAUsage
api-ms-win-core-processthreads-l1-1-0.dll
.?AU?$_ContinuationTaskHandle@XXV<lambda_68eafabd67f4932b8e9918fb0693cf42>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@
@USVWATAVAWH
\SenseCncPS.dll
.?AV<lambda_f47d828152306eea50442fa911c4e673>@@
timestamp
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
7fD;>u
.?AU?$_Task_impl@_N@details@pplx@@
imageName
.?AVSafeIntException@safeint3@msl@@
.?AV?$_Func_impl_no_alloc@V<lambda_0d85cee702a050201e9c7712d3d86393>@@_NH@std@@
_o_terminate
amcore\wcd\source\sensecncproxy\src\commandproxy.cpp
ReleaseSRWLockExclusive
[-&LMb#{'
t>y&H
RtlLookupFunctionEntry
The buffer needs to allocate first
.?AU?$_Task_impl@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@details@pplx@@
.?AV<lambda_91022614685448e9613fba7d669360ed>@@
too many length or distance symbols
_o__stricmp
.?AV<lambda_8522952d9daf342ab8435981ff32f303>@@
[%hs(%hs)]
originatingBinary
QueryPerformanceCounter
.?AV?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@
effffff
threadId
.?AV?$_Func_impl_no_alloc@V<lambda_bccf8e683c110f5f73c6947df15ec385>@@XV?$task@X@pplx@@@std@@
Assert
H;\$@u
.?AV?$CComClassFactorySingleton@VCCommandProxy@@@ATL@@
f9HXu
\Device\Mup
StringFileInfo
t$ WAVAWH
.?AV?$_Ref_count_obj@U?$_Task_impl@_K@details@pplx@@@std@@
Software
0A_A^A]A\_
%CDIDLResources%
?__ExceptionPtrDestroy@@YAXPEAX@Z
api-ms-win-core-handle-l1-1-0.dll
BCryptHashData
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
.?AV<lambda_06109912e51ce2e1eec173a54e1194d9>@@
.?AVrequest_context@details@client@http@web@@
]/qNn
?__ExceptionPtrRethrow@@YAXPEBX@Z
.?AV<lambda_6ce34030f60640043224b09a005fb4d9>@@
Payment Required
.text$mn
.?AV?$_Func_impl_no_alloc@V<lambda_5f9b820c72f9d2b7adbb6effe89108d0>@@_NH@std@@
D$XE3
L$ SH
failureId
9\u?L
response stream unexpectedly failed to write the requested number of bytes
.?AV?$_Func_impl_no_alloc@V<lambda_6b83559ad7332dea4ee7e395b2e48e0b>@@XV?$task@X@pplx@@@std@@
#+3;CScs
.?AVbad_array_new_length@std@@
Interface
.?AV<lambda_1500774b5d8f1b084f622bc1949a3c26>@@
A GET or HEAD request should not have an entity body.
SUVWATAUAVAWH
.?AV<lambda_7397ceaea3acd37ad84d6588c5fc16a3>@@
_o___p___wargv
EventWriteTransfer
Failed to open calling process
Microsoft Operations Puerto Rico1'0%
A^A\_]
T$@E3
L$`H3
D$@E3
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
.?AV?$CComObject@V?$CComClassFactorySingleton@VCCommandProxy@@@ATL@@@ATL@@
A8yPt'I
UnloadUserProfile
\??\UNC\127.0.0.1\
fD9LH
.?AV<lambda_6fb1e3511ff054126081dae3e4ef7f7a>@@
ProxyMain RegisterProxyStub
Upgrade
.?AV?$_Func_impl_no_alloc@V<lambda_671c3838b006585d83a81506877f9ea5>@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@_K@std@@
.?AVhttp_exception@http@web@@
_o_isalpha
.?AVCComModule@ATL@@
[[:xdigit:]]{64}
8A^_^[
IsDebuggerPresent
.?AU?$_Task_impl@_K@details@pplx@@
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
D$xH9D$pt
.rdata$zETW1
_o_wcstok_s
UTF-16 string is missing low surrogate
t"D8=7b
WinHttpQueryAuthSchemes
@A_A^A\
Module_Raw
H;>u:I
RtlVirtualUnwind
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
WinHttpSetTimeouts
wsH9Q
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
Pragma
_o__crt_atexit
|$ UH
GetModuleFileNameW
D$pHcH
@SVWATAUAVAW
.?AV<lambda_081d04ec8089f8a28c39b95ae083bfc2>@@
.?AV?$_Func_impl_no_alloc@P6AXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@ZXAEAV12@@std@@
USVWAUAVAWH
\$pf9
fD;8ugH
Request Uri Too Large
pA_A^_^]
RaiseFailFastException
%user_Videos%
.?AVhttp_msg_base@details@http@web@@
api-ms-win-core-processthreads-l1-1-1.dll
A_A^A]_^
CryptUnprotectMemory
D;d$4
fD9<Pu
.?AV?$_Func_impl_no_alloc@V<lambda_1bf1139a61cf39a2462742b54f29d715>@@X$$V@std@@
H;y@v-H
.?AU?$_ContinuationTaskHandle@XXV<lambda_f0d76877e2124af93dd5e09c8d041edf>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@E@pplx@@
WinHttpReadData
.CRT$XCA
.?AV_Interruption_exception@details@pplx@@
NtQueryInformationProcess
KERNEL32.dll
AHH90t_H
A^A]A\_]
ie!$<G~1
Setting ignore server certificate verification
text/javascript
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
f;D$@
SetThreadpoolTimer
.?AU?$_ContinuationTaskHandle@EXV<lambda_0073bfcf7319a8539931a760272dfdc9>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@
The token sid isn't a member
invalid literal/length code
.?AU?$_ContinuationTaskHandle@_KXV<lambda_90adc82cf027364c05dc7f24a947a1ad>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@
.?AV?$streambuf_state_manager@E@details@streams@Concurrency@@
.?AV?$_Func_impl_no_alloc@V<lambda_90adc82cf027364c05dc7f24a947a1ad>@@XV?$task@_K@pplx@@@std@@
T$8H!\$8
UnhandledExceptionFilter
Requested range not satisfiable
9\u5H
fD9 t
EventUnregister
.?AV<lambda_0c960c8852591ecee2a6c101f2fe2d56>@@
U0S0Q
WinHttpOpenRequest
Microsoft Time-Stamp Service0
t>y#H
currentContextName
@SUVWATAUAVAWH
T$pH+
.?AV?$_CancellationTokenCallback@V<lambda_10f6e4762073256c936a0a44b5fd5661>@@@details@pplx@@
_o___std_exception_destroy
.?AV?$_Func_impl_no_alloc@V<lambda_7c9bca34d54b0f5db7afbd0da8823d51>@@XV?$task@J@pplx@@@std@@
D$0L;
/8R:5
VS_VERSION_INFO
N0H;y
?=u$L
.?AVCSid@ATL@@
.?AV<lambda_d02101470ff44e04543297f88e5e8cbe>@@
[[:xdigit:]]{32}
api-ms-win-core-synch-l1-2-0.dll
A_A]_^]
G|;Gp
x UATAUAVAWH
A_A^_^]
H9Ghs
.CRT$XCZ
%windows%
.?AU?$_ContinuationTaskHandle@_K_KV<lambda_4239eb92c869bce4984f6fd02768a972>@@U?$integral_constant@_N$00@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@_K@pplx@@
.?AV?$_Func_impl_no_alloc@V<lambda_081d04ec8089f8a28c39b95ae083bfc2>@@XV?$task@_K@pplx@@@std@@
.?AV_System_error@std@@
\$(H;
digit
.?AV<lambda_8eb4aba8e29c2dc55834bd9f1670d1b2>@@
S-1-5-80-1523878533-411328482-2798077809-3098663872-2604013308
.?AV?$_Func_base@_NH@std@@
D$@HcH
%user_SkyDriveDocuments%
.?AV<lambda_89ef8f9e192d0c9d8a44552b2fb585d9>@@
map/set<T> too long
currentContextMessage
Exception
.CRT$XDU
.?AVCComObjectRootBase@ATL@@
Trailer
.?AV?$_Func_base@XAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@std@@
.?AU?$_ContinuationTaskHandle@XXV<lambda_3174d3a03f6863a1a86d34319fc99ee6>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@
request_uri_query
api-ms-win-core-string-l2-1-0.dll
.CRT$XPA
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
.data
fD9lE
CRYPT32.dll
L$pH;
Insufficient buffer size.
\Device\Mup\localhost\
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@XXV<lambda_08052126caf30f35e5385e23194a6196>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
oauth_token_secret
InitializeSid
memset
[%hs]
?_Winerror_message@std@@YAKKPEADK@Z
unknown error
Partial Content
.?AV<lambda_1a4ba9a033606acb72964c8d2389513b>@@
CL$XH
%system%
Connection
9A98u6A9x
\$ UVWAVAWH
GetProcAddress
.?AV<lambda_0073bfcf7319a8539931a760272dfdc9>@@
.?AV?$_Ref_count_obj@Vwinhttp_client@details@client@http@web@@@std@@
.?AV?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
A@H9APw(H+API
oauth_token
.?AV?$_Func_base@XV?$task@J@pplx@@@std@@
D8hpu
u)A8y
bcrypt.dll
ProductName
ProxyMain failed to register proxyStub
fD; t
Microsoft Corporation1.0,
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
.?AV?$_Func_base@_N_K@std@@
BCryptDestroyHash
.?AV?$_Func_impl_no_alloc@V<lambda_1ffc6bc953dfd49ba9de3307864e71a1>@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_K@std@@
.?AV?$_Func_base@_NJ@std@@
.idata$6
d$ L9!
="1.0
.?AVuri_exception@web@@
190529185719Z0z1
CertVerifyCertificateChainPolicy
.P6A_NVhttp_response@http@web@@@Z
api-ms-win-core-heap-l1-1-0.dll
Failed to verify certificate root
.?AV?$enable_shared_from_this@V?$streambuf_state_manager@D@details@streams@Concurrency@@@std@@
.?AV?$_Func_impl_no_alloc@P6A_NVhttp_response@http@web@@@Z_NAEAV123@@std@@
\$ AVH
\Device\Mup\127.0.0.1\
D8^(t
Microsoft Time-Stamp Service
_o__wtoi
t^@8=
@A_A^_^]
D$HE3
shouldUseProxy
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
.?AV?$_Func_impl_no_alloc@V<lambda_2168ee8ffed455914286439d169b3077>@@XPEAX@std@@
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
Bearer
CHD1p
_o_malloc
.?AV<lambda_eceda342d263d1ee12e85c9d2b18e090>@@
FileVersion
.?AV?$_Func_impl_no_alloc@V<lambda_697ea6c68c8799f754b6e695f450f5f6>@@Vhttp_response@http@web@@$$V@std@@
fD9|u
HeapSize
\Device\Mup\::1\Admin$
_o__get_initial_wide_environment
.?AV?$_Ref_count_obj@Vfunction_pipeline_wrapper@details@http@web@@@std@@
3Pzr)
.?AV?$_Func_base@_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV12@_K@std@@
Failed to open the client token
@tI;H
Microsoft Corporation1&0$
SVWAVH
Request Entity Too Large
p AWH
CoImpersonateClient
.?AVsystem_error@std@@
1(0&0
<unknown>
.?AV<lambda_ab1a568821422b58bebcacfc1d738e7b>@@
t$ E3
fD94Xu
T$PH+
wilResult
(D$0f
.?AV?$_Func_impl_no_alloc@V<lambda_8522952d9daf342ab8435981ff32f303>@@_NJ@std@@
GetProcessMitigationPolicy
.?AV_Node_assert@std@@
UAVAWH
A_A^_
_o_exit
Delete
.?AV?$_Ref_count_obj@Vhttp_network_handler@details@client@http@web@@@std@@
%user_Pictures%
.?AV<lambda_499324dff2029233947519212c3cb421>@@
XA_A^A]A\[]_^
?uncaught_exception@std@@YA_NXZ
\Admin$
.?AV?$_Func_impl_no_alloc@V<lambda_a574ca920d15d8c6f31c3581fdf5db43>@@_NH@std@@
.?AU?$_InitialTaskHandle@XV<lambda_1f2a427662eb6536495b7b1d6bd973f2>@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@
.?AV?$_Func_base@X$$V@std@@
un8X$t
Unknown exception
.?AV?$_Iosb@H@std@@
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
L$(H;
api-ms-win-crt-runtime-l1-1-0.dll
I8I+J0H
.?AU?$_ContinuationTaskHandle@_K_KV<lambda_d1bb5d5ce98276b914df7a72f7a7f1db>@@U?$integral_constant@_N$00@std@@U_TypeSelectorAsyncTask@details@pplx@@@?$task@_K@pplx@@
proxyServer
xA_A^A]A\_^[]
amcore\wcd\source\inc\converters.h
.?AV<lambda_90adc82cf027364c05dc7f24a947a1ad>@@
fF94zu
.?AV<lambda_01b5ac7335078ebe71e8c66a869098b3>@@
Ehttp://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt0
?is@?$ctype@_W@std@@QEBA_NF_W@Z
.?AV?$_Func_impl_no_alloc@P6A_NVexception_ptr@std@@H@Z_NV12@H@std@@
serviceBaseUrl
__std_terminate
D$PH;
CoTaskMemAlloc
D$HL+D$@L
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
CreateMutexExW
.?AVerror_category@std@@
L$XL+
invalid distance code
EventRegister
\Device\Mup\::1\
CertGetCertificateChain
.?AV?$_Func_base@_NAEAVhttp_response@http@web@@@std@@
.?AV?$enable_shared_from_this@Vhttp_pipeline_stage@http@web@@@std@@
text/plain; charset=utf-8
@UVWH
.?AV?$_Func_impl_no_alloc@V<lambda_f6bfd4fd61a85f2a7f331c54c39f3d68>@@Vhttp_request@http@web@@$$V@std@@
https
L$hH9
sUfD99s
.?AV?$_Func_base@XV?$task@H@pplx@@@std@@
.?AV?$_Ref_count@V?$basic_container_buffer@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@details@streams@Concurrency@@@std@@
Microsoft.Windows.Sense.Client
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$_Func_base@V?$vector@EV?$allocator@E@std@@@std@@_K@std@@
WinHttpWriteData
HeapAlloc
A_A^A\_^
8A(t-H
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@XXV?$function@$$A6AXV?$task@X@pplx@@@Z@std@@U?$integral_constant@_N$00@2@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
Accept-Ranges
SenseCncProxy.exe
|$ UATAVH
H+D$8H+
Statistics
L$(Lc
.data$brc
L$pH3
#L$0H
f9,zu
H3E H3E
InternalName
Location
Corrupted compressed data
invalid block type
HKEY_CURRENT_CONFIG
9\u<H
?__ExceptionPtrCompare@@YA_NPEBX0@Z
Unauthorized
IsProcessorFeaturePresent
Transfer-Encoding
api-ms-win-core-profile-l1-1-0.dll
.?AU?$_ContinuationTaskHandle@XXV<lambda_08052126caf30f35e5385e23194a6196>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@
BCryptCloseAlgorithmProvider
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@_KXV<lambda_01b5ac7335078ebe71e8c66a869098b3>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
.rsrc$02
Unable to decompress a received compressed http message.
\$ UVWATAUAVAW
Service Unavailable
?_Xbad_alloc@std@@YAXXZ
ModuleCollection
.?AV?$collate@_W@std@@
Precondition Failed
.?AV?$_Func_impl_no_alloc@V<lambda_f2452dc7086737be85042c20e1eb7cbe>@@Vhttp_request@http@web@@$$V@std@@
:~dm1
OLEAUT32.dll
kernel32.dll
Accept-Charset
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
BCryptGetProperty
If-Modified-Since
.?AVwinhttp_client@details@client@http@web@@
WinHttpQueryHeaders
.text$di
REGISTRY
4JpI?=
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@_NXV<lambda_f9b8b8476485a077d244f8a24a5eff7b>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_N@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
USVWAVAWH
SenseHttpClient
originatingContextMessage
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
.?AV_Facet_base@std@@
Error reading outgoing HTTP body from its stream.
VWATAVAWH
Moved Permanently
C$9C w(H
content_type can't contain a 'charset'.
.?AV?$_Func_base@XV?$task@X@pplx@@@std@@
%user_Favorites%
"Microsoft Time Source Master Clock0
GetCurrentProcessId
L$XH3
_o__wcsicmp
RegCreateKeyExW
ConvertStringSidToSidW
I0G1-0+
.?AV?$_Func_base@Vhttp_request@http@web@@$$V@std@@
>Wlko
.rdata$zETW0
?_Winerror_map@std@@YAHH@Z
CreateThreadpoolWork
ot$0f
Hardware
H9CPs
.?AV?$_Func_base@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV12@_K@std@@
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
%program_files%
/w4t*
.?AV_Node_capture@std@@
Sending request to server
0A^_^][
Request Time-out
WaitForSingleObjectEx
multipart/form-data
chunked
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0_Lockit@std@@QEAA@H@Z
L9wptCL9w0t!H
Module
.?AV<lambda_1587b8ca2f9560ed42b1dcf1f3fa8f3e>@@
%user_SkyDrivePictures%
Charset must be iso-8859-1, utf-8, utf-16, utf-16le, or utf-16be to be extracted.
%fonts%
sstd::exception: %hs
Multiple Choices
.?AVCRegObject@ATL@@
errorCode
@USWH
.?AV?$_Func_base@_KAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@std@@
CoTaskMemFree
`{ _~5
2{(w5
{xbuY
\??\UNC\0:0:0:0:0:0:0:1\
D$Xf98
.CRT$XIZ
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@XXV<lambda_3174d3a03f6863a1a86d34319fc99ee6>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
ProxyMain finished
.?AU?$_ContinuationTaskHandle@_KV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V<lambda_1ffc6bc953dfd49ba9de3307864e71a1>@@U?$integral_constant@_N$0A@@2@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@
.?AVinvalid_argument@std@@
.?AV?$_Func_impl_no_alloc@V<lambda_df1fad10fb95c05c01764c725c90cbb1>@@EE@std@@
20190225173423Z
InitializeCriticalSectionEx
??0facet@locale@std@@IEAA@_K@Z
9T$`A
Failed the token sid
DllGetClassObject
!This program cannot be run in DOS mode.
Max-Forwards
No Content
H9Ahs
Msg:[%ws]
.?AV?$_Func_impl_no_alloc@V<lambda_e6e865b02442c781fd79a3f885b4a7b6>@@X$$V@std@@
@A^_^
A_A^A]_^[]
.?AV<lambda_d866778a64a41e251a28c8eb804a9f63>@@
[L-ts g
api-ms-win-eventing-provider-l1-1-0.dll
.?AV?$_Func_impl_no_alloc@V<lambda_732fc24489cbc21d67cd24754191ac2d>@@_NH@std@@
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
A_A^A]A\_^[
get() cannot be called on a default constructed task.
D$@LcH
Redmond1
.?AV?$_Func_impl_no_alloc@V<lambda_a5c2967ed8f3f2157bbbbef9d98d1b2e>@@_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@_K@std@@
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
charset
Kp0qb
.?AV?$CComObjectRootEx@VCComMultiThreadModel@ATL@@@ATL@@
.?AV?$_Func_base@EV?$task@_N@pplx@@@std@@
A^_^[]
?_BADOFF@std@@3_JB
GetCurrentThread
R1h58
A^A\_
Content-Encoding
api-ms-win-core-synch-l1-1-0.dll
application/javascript
Not Implemented
D$ fD
.?AV?$basic_ios@_WU?$char_traits@_W@std@@@std@@
L9{@u
~(HcJ
OpenSemaphoreW
;u sLM
oauth_nonce
f9HXt
r~akow
.?AVhttp_network_handler@details@client@http@web@@
FallbackError
TRACE
Temporary Redirect
EnterCriticalSection
.CRT$XCU
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
RegDeleteKeyExW
a]{?P
\$ E3
stream buffer not set up for input of data
%user_Desktop%
Bad Request
Dynamic code mitigation policy is set as expected.
Content-Range
.?AV<lambda_08052126caf30f35e5385e23194a6196>@@
D$XL;
.?AV<lambda_df1fad10fb95c05c01764c725c90cbb1>@@
.P6A?AV?$task@Vhttp_response@http@web@@@pplx@@AEBVhttp_request@http@web@@V?$shared_ptr@Vhttp_pipeline_stage@http@web@@@std@@@Z
graph
%hs(%d) tid(%x) %08X %ws
oK0D$"<
2333333
.?AV?$_Func_impl_no_alloc@V<lambda_9396d6e6ec794139160e93d80c1a8d78>@@_NH@std@@
.?AV<lambda_a5c2967ed8f3f2157bbbbef9d98d1b2e>@@
oauth_callback
`A_A^_^]
HKEY_CURRENT_USER
GetCurrentProcess
`RT_CODE
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
.?AV<lambda_f578a8e1cac080e0bc492485911138c4>@@
fileName
UTF-16 string has invalid low surrogate
Unable to get an error message for error code:
.?AV?$_Func_impl_no_alloc@V<lambda_103de0c1e4607d41afccfeeb5f141c6f>@@_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@_K@std@@
oauth_timestamp
:\u5L
application/x-json
|$Xf9
LocalFree
q7K,\
SenseCommon
I;v8I
L9o@t
.?AVResultException@wil@@
Accept
WinHttpConnect
CT$ fI
windows
\SystemRoot
Translation
A_A^A]A\_^]
wsbdp
.?AV_Node_end_group@std@@
8application/json
alnum
20190226173423Z0w0=
WilError_02
.?AV?$basic_istream@_WU?$char_traits@_W@std@@@std@@
Gateway Time-out
_o__callnewh
wcsncmp
|$8I;
Invalid HTTP method specified. Method can't be an empty string.
%user_Startup%
FileType
.CRT$XIAC
.?AV?$_Func_impl_no_alloc@V<lambda_d866778a64a41e251a28c8eb804a9f63>@@XV?$task@X@pplx@@@std@@
bad_weak_ptr
ProductVersion
?__ExceptionPtrToBool@@YA_NPEBX@Z
.stls
}"A;\$
tHfD91u;H
__CxxFrameHandler3
%user_Music%
_o__free_base
IsValidSid
t$(H;
k@NPYW
TelemetryAssert
.?AV?$_Func_impl_no_alloc@V<lambda_ab1a568821422b58bebcacfc1d738e7b>@@X$$V@std@@
;D$8|
.CRT$XIAA
is_apartment_aware() cannot be called on a default constructed task.
A_A^A\_^[]
failureType
` AVH
utf-16le
Windows
yxxxxxxxI+
.?AV?$_Func_base@Vhttp_response@http@web@@$$V@std@@
SleepConditionVariableCS
.?AV?$container_buffer@V?$vector@EV?$allocator@E@std@@@std@@@streams@Concurrency@@
HttpClient created
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
hresult
D$0E3
UTF-8 string has invalid Unicode code point
8A_A^_^][
.?AV?$_Func_impl_no_alloc@V<lambda_460549ce75b622ec175b79b5716ef784>@@X$$V@std@@
=L9o<
)[Tvi
.idata$2
SubmitThreadpoolWork
api-ms-win-core-debug-l1-1-0.dll
x AVH
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
.?AU?$_PPLTaskHandle@EU?$_ContinuationTaskHandle@XXV<lambda_3c3aa4268759fefe294eea6f9c57c205>@@U?$integral_constant@_N$0A@@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@E@pplx@@U_ContinuationTaskHandleBase@details@3@@details@pplx@@
.CRT$XCL
.?AV?$_Func_impl_no_alloc@V<lambda_0c960c8852591ecee2a6c101f2fe2d56>@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_K@std@@
.?AV<lambda_3e28be46f0610dd8f824b00699bc5d1d>@@
1/0-0
ProxyMain is waiting for exit
.?AV?$_Ref_count_obj@U?$_Task_impl@E@details@pplx@@@std@@
i&Ma.
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
SYSTEM
.tls$
HKEY_USERS
@UAVAWH
L9h`tNL
T$pH;
WINHTTP.dll
.?AV?$_Func_impl_no_alloc@V<lambda_4d20462beec7f338325cab504d9784c2>@@_NH@std@@
.?AV<lambda_0d85cee702a050201e9c7712d3d86393>@@
.?AV?$enable_shared_from_this@V?$streambuf_state_manager@E@details@streams@Concurrency@@@std@@
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
7.Rich
t$ L9r
.xdata
Http client throw unexpected exception
.gfids
.?AU_ContinuationTaskHandleBase@details@pplx@@
HTTP/1.1
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
WinHttpQueryDataAvaliable
D90vDH
bucketArgument1
T$xI;
.?AU?$_PPLTaskHandle@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$_ContinuationTaskHandle@_KV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V<lambda_1ffc6bc953dfd49ba9de3307864e71a1>@@U?$integral_constant@_N$0A@@2@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@U_ContinuationTaskHandleBase@details@5@@details@pplx@@
.?AV<lambda_f49f260a0b38cdd7c945cd508997a8f1>@@
.?AV?$container_buffer@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@streams@Concurrency@@
%hs(%d)\%hs!%p:
Operating System
.?AV?$_Func_impl_no_alloc@V<lambda_06109912e51ce2e1eec173a54e1194d9>@@E$$V@std@@
%system_public%
TypeLib
>5PJ>
.?AV_Node_end_rep@std@@
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
N0L0J
vector<T> too long
GetModuleHandleExW
.?AV?$_Func_base@_NVexception_ptr@std@@H@std@@
tGH;>u3H
_o_realloc
.?AVbad_cast@std@@
.?AV?$_Func_impl_no_alloc@V<lambda_32fa9c925e5d317a3f6df61329263685>@@X$$V@std@@
.?AU?$_ContinuationTaskHandle@_KXV<lambda_01b5ac7335078ebe71e8c66a869098b3>@@U?$integral_constant@_N$00@std@@U_TypeSelectorNoAsync@details@pplx@@@?$task@_K@pplx@@
T$0I;
WinHttpSetCredentials
form-data
.CRT$XDA
CheckTokenMembership failed
t$ WATAUAVAWH
GetLastError
@USVWATAUAVAWH
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
_o_isspace
AuthD
LogHr
fffffff
.?AV?$_Func_impl_no_alloc@V<lambda_028aed5236b35ffa4d34ba9fe7c62aca>@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV23@_K@std@@
ProxyMain started
.?AV?$_Func_impl_no_alloc@V<lambda_75207de83fb492f6ab39832f90aebb5d>@@X$$V@std@@
.?AVinvalid_operation@pplx@@
D$8H!t$8H
@+ljM
Expires
.?AV?$_Func_impl_no_alloc@V<lambda_f9b8b8476485a077d244f8a24a5eff7b>@@XV?$task@_N@pplx@@@std@@
T$@H+
0123456789ABCDEF
\\?\UNC\
Invalid streambuf object
fD94Gu
policy
api-ms-win-security-sddl-l1-1-0.dll
HashCalculationSuccessCounter
PATCH
H)APH
Use Proxy
\$ L+
pA_A^A]A\_^]
SenseCyberCommon
If-Unmodified-Since
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
.?AV?$_Func_impl_no_alloc@V<lambda_08052126caf30f35e5385e23194a6196>@@XV?$task@X@pplx@@@std@@
.?AV?$_Func_base@V?$task@X@pplx@@E@std@@
Allow
A_A^A]A\]
_o___p___argc
InitOnceBeginInitialize
.?AV?$_Func_impl_no_alloc@V<lambda_1500774b5d8f1b084f622bc1949a3c26>@@Vhttp_response@http@web@@$$V@std@@
localhost
CopySid
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
%user_Templates%
_o___stdio_common_vsnprintf_s
`.rdata
{xuux
RegQueryInfoKeyW
RegCloseKey
.?AV?$basic_container_buffer@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@details@streams@Concurrency@@
.?AV?$_Func_impl_no_alloc@V<lambda_f7b360d7af1f7adfe09137be51dd4a0c>@@_NH@std@@
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
9S|ucH
%user_RoamingAppData%
lineNumber
.?AV<lambda_76496c5d619feefa2f6d422ae15f74a9>@@
.?AV<lambda_6c81800f8f5fd9975165e8ba8954c6b7>@@
.?AV?$_Func_impl_no_alloc@P6A?AV?$task@Vhttp_response@http@web@@@pplx@@AEBVhttp_request@http@web@@V?$shared_ptr@Vhttp_pipeline_stage@http@web@@@std@@@ZV12@V345@V67@@std@@
PE Information
| Image Base | Entry Point | Reported Checksum | Actual Checksum | Minimum OS Version | PDB Path | Compile Time | Import Hash |
|---|---|---|---|---|---|---|---|
| 0x140000000 | 0x00067180 | 0x000c72bf | 0x000c72bf | 10.0 | SenseCnCProxy.pdb | 1984-12-27 13:03:53 | 02269ae876e136e5463f408616ec082b |
Version Infos
| CompanyName | Microsoft Corporation |
|---|---|
| FileDescription | Windows Defender Advanced Threat Protection Communications module |
| FileVersion | 10.5850.17763.348 (WinBuild.160101.0800) |
| InternalName | SenseCncProxy.exe |
| LegalCopyright | รยฉ Microsoft Corporation. All rights reserved. |
| OriginalFilename | SenseCncProxy.exe |
| ProductName | Microsoftรยฎ Windowsรยฎ Operating System |
| ProductVersion | 10.5850.17763.348 |
| Translation | 0x0409 0x04b0 |
Sections
| Name | RAW Address | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000400 | 0x00001000 | 0x000765ac | 0x00076600 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.27 |
| RT_CODE | 0x00076a00 | 0x00078000 | 0x00000825 | 0x00000a00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 4.96 |
| .rdata | 0x00077400 | 0x00079000 | 0x00035466 | 0x00035600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.53 |
| .data | 0x000aca00 | 0x000af000 | 0x0000e0e0 | 0x0000c400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.99 |
| .pdata | 0x000b8e00 | 0x000be000 | 0x00005fe8 | 0x00006000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.83 |
| .rsrc | 0x000bee00 | 0x000c4000 | 0x00000470 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.73 |
| .reloc | 0x000bf400 | 0x000c5000 | 0x0000155c | 0x00001600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.40 |
Overlay
| Offset | 0x000c0a00 |
| Size | 0x00003e38 |
| Name | Offset | Size | Language | Sub-language | Entropy | File type |
|---|---|---|---|---|---|---|
| RT_VERSION | 0x000c4060 | 0x0000040c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.57 | None |
Imports
| Name | Address |
|---|---|
| _c_exit | 0x14007d688 |
| _initterm_e | 0x14007d690 |
| _initterm | 0x14007d698 |
| _register_thread_local_exe_atexit_callback | 0x14007d6a0 |
| Name | Address |
|---|---|
| LoadResource | 0x14007d2a8 |
| SizeofResource | 0x14007d2b0 |
| GetModuleFileNameA | 0x14007d2b8 |
| GetModuleFileNameW | 0x14007d2c0 |
| GetProcAddress | 0x14007d2c8 |
| GetModuleHandleW | 0x14007d2d0 |
| FindResourceExW | 0x14007d2d8 |
| LoadLibraryExW | 0x14007d2e0 |
| FreeLibrary | 0x14007d2e8 |
| GetModuleHandleExW | 0x14007d2f0 |
| Name | Address |
|---|---|
| HeapFree | 0x14007d250 |
| HeapSize | 0x14007d258 |
| HeapDestroy | 0x14007d260 |
| HeapAlloc | 0x14007d268 |
| GetProcessHeap | 0x14007d270 |
| HeapReAlloc | 0x14007d278 |
| Name | Address |
|---|---|
| TerminateProcess | 0x14007d320 |
| GetCurrentThreadId | 0x14007d328 |
| GetCurrentProcess | 0x14007d330 |
| GetCurrentProcessId | 0x14007d338 |
| OpenThreadToken | 0x14007d340 |
| Name | Address |
|---|---|
| FormatMessageW | 0x14007d310 |
| Name | Address |
|---|---|
| SysFreeString | 0x14007d0b0 |
| SysAllocString | 0x14007d0b8 |
| SysStringLen | 0x14007d0c0 |
| VarUI4FromStr | 0x14007d0c8 |
| Name | Address |
|---|---|
| OutputDebugStringW | 0x14007d1f0 |
| IsDebuggerPresent | 0x14007d1f8 |
| DebugBreak | 0x14007d200 |
| Name | Address |
|---|---|
| CloseHandle | 0x14007d240 |
| Name | Address |
|---|---|
| GetLastError | 0x14007d210 |
| SetLastError | 0x14007d218 |
| SetUnhandledExceptionFilter | 0x14007d220 |
| RaiseException | 0x14007d228 |
| UnhandledExceptionFilter | 0x14007d230 |
| Name | Address |
|---|---|
| WaitForSingleObjectEx | 0x14007d408 |
| CreateSemaphoreExW | 0x14007d410 |
| ReleaseSemaphore | 0x14007d418 |
| CreateMutexExW | 0x14007d420 |
| OpenSemaphoreW | 0x14007d428 |
| EnterCriticalSection | 0x14007d430 |
| SetEvent | 0x14007d438 |
| CreateEventW | 0x14007d440 |
| DeleteCriticalSection | 0x14007d448 |
| WaitForSingleObject | 0x14007d450 |
| LeaveCriticalSection | 0x14007d458 |
| ReleaseMutex | 0x14007d460 |
| ResetEvent | 0x14007d468 |
| InitializeCriticalSection | 0x14007d470 |
| InitializeCriticalSectionAndSpinCount | 0x14007d478 |
| Name | Address |
|---|---|
| EventWriteTransfer | 0x14007d6c8 |
| EventProviderEnabled | 0x14007d6d0 |
| EventSetInformation | 0x14007d6d8 |
| EventRegister | 0x14007d6e0 |
| EventUnregister | 0x14007d6e8 |
| Name | Address |
|---|---|
| MultiByteToWideChar | 0x14007d3d0 |
| WideCharToMultiByte | 0x14007d3d8 |
| Name | Address |
|---|---|
| CoGetCallContext | 0x14007d190 |
| CoImpersonateClient | 0x14007d198 |
| CoRevertToSelf | 0x14007d1a0 |
| CoCreateInstance | 0x14007d1a8 |
| CoTaskMemFree | 0x14007d1b0 |
| CoRevokeClassObject | 0x14007d1b8 |
| CoTaskMemRealloc | 0x14007d1c0 |
| CoTaskMemAlloc | 0x14007d1c8 |
| CoIncrementMTAUsage | 0x14007d1d0 |
| CoRegisterPSClsid | 0x14007d1d8 |
| CoRegisterClassObject | 0x14007d1e0 |
| Name | Address |
|---|---|
| CharNextW | 0x14007d3e8 |
| Name | Address |
|---|---|
| RegCreateKeyExW | 0x14007d370 |
| RegDeleteValueW | 0x14007d378 |
| RegQueryInfoKeyW | 0x14007d380 |
| RegEnumKeyExW | 0x14007d388 |
| RegOpenKeyExW | 0x14007d390 |
| RegSetValueExW | 0x14007d398 |
| RegCloseKey | 0x14007d3a0 |
| Name | Address |
|---|---|
| lstrcmpiW | 0x14007d3f8 |
| Name | Address |
|---|---|
| LoadLibraryW | 0x14007d300 |
| Name | Address |
|---|---|
| InitOnceComplete | 0x14007d488 |
| InitOnceBeginInitialize | 0x14007d490 |
| Name | Address |
|---|---|
| RtlLookupFunctionEntry | 0x14007d3b0 |
| RtlVirtualUnwind | 0x14007d3b8 |
| RtlCaptureContext | 0x14007d3c0 |
| Name | Address |
|---|---|
| IsProcessorFeaturePresent | 0x14007d350 |
| Name | Address |
|---|---|
| QueryPerformanceCounter | 0x14007d360 |
| Name | Address |
|---|---|
| GetSystemTimeAsFileTime | 0x14007d4a0 |
| Name | Address |
|---|---|
| InitializeSListHead | 0x14007d298 |
| Name | Address |
|---|---|
| SHGetKnownFolderPath | 0x14007d0d8 |
| Name | Address |
|---|---|
| LocalFree | 0x14007d028 |
| GetModuleHandleA | 0x14007d030 |
| CloseThreadpoolWork | 0x14007d038 |
| SubmitThreadpoolWork | 0x14007d040 |
| CreateThreadpoolWork | 0x14007d048 |
| GetTickCount | 0x14007d050 |
| ReleaseSRWLockExclusive | 0x14007d058 |
| AcquireSRWLockExclusive | 0x14007d060 |
| GetCurrentThread | 0x14007d068 |
| SetProcessMitigationPolicy | 0x14007d070 |
| GetProcessMitigationPolicy | 0x14007d078 |
| Sleep | 0x14007d080 |
| SetThreadpoolTimer | 0x14007d088 |
| CloseThreadpoolTimer | 0x14007d090 |
| WaitForThreadpoolTimerCallbacks | 0x14007d098 |
| InitializeCriticalSectionEx | 0x14007d0a0 |
| Name | Address |
|---|---|
| NtSetInformationProcess | 0x14007dab8 |
| Name | Address |
|---|---|
| IsValidSid | 0x14007d6f8 |
| CheckTokenMembership | 0x14007d700 |
| InitializeSid | 0x14007d708 |
| GetLengthSid | 0x14007d710 |
| CopySid | 0x14007d718 |
| GetSidLengthRequired | 0x14007d720 |
| GetSidSubAuthority | 0x14007d728 |
| EqualSid | 0x14007d730 |
| GetTokenInformation | 0x14007d738 |
| Name | Address |
|---|---|
| ConvertStringSidToSidW | 0x14007d748 |
| Name | Address |
|---|---|
| UnloadUserProfile | 0x14007d0e8 |
| Name | Address |
|---|---|
| BCryptCreateHash | 0x14007d758 |
| BCryptCloseAlgorithmProvider | 0x14007d760 |
| BCryptFinishHash | 0x14007d768 |
| BCryptGetProperty | 0x14007d770 |
| BCryptDestroyHash | 0x14007d778 |
| BCryptHashData | 0x14007d780 |
| BCryptOpenAlgorithmProvider | 0x14007d788 |
| Name | Address |
|---|---|
| CertVerifyCertificateChainPolicy | 0x14007cff0 |
| CertGetNameStringW | 0x14007cff8 |
| CertFreeCertificateContext | 0x14007d000 |
| CertFreeCertificateChain | 0x14007d008 |
| CertGetCertificateChain | 0x14007d010 |
| CryptUnprotectMemory | 0x14007d018 |
| Name | Address |
|---|---|
| LocalAlloc | 0x14007d288 |
| Name | Address |
|---|---|
| WinHttpCloseHandle | 0x14007d0f8 |
| WinHttpQueryHeaders | 0x14007d100 |
| WinHttpOpen | 0x14007d108 |
| WinHttpSetTimeouts | 0x14007d110 |
| WinHttpSetOption | 0x14007d118 |
| WinHttpConnect | 0x14007d120 |
| WinHttpGetProxyForUrl | 0x14007d128 |
| WinHttpOpenRequest | 0x14007d130 |
| WinHttpAddRequestHeaders | 0x14007d138 |
| WinHttpSendRequest | 0x14007d140 |
| WinHttpQueryDataAvailable | 0x14007d148 |
| WinHttpReadData | 0x14007d150 |
| WinHttpWriteData | 0x14007d158 |
| WinHttpQueryAuthSchemes | 0x14007d160 |
| WinHttpSetCredentials | 0x14007d168 |
| WinHttpQueryOption | 0x14007d170 |
| WinHttpReceiveResponse | 0x14007d178 |
| WinHttpSetStatusCallback | 0x14007d180 |
Usage
Processing ( 11.36 seconds )
- 10.39 ProcessMemory
- 0.949 CAPE
- 0.012 BehaviorAnalysis
- 0.007 AnalysisInfo
- 0.001 Debug
Signatures ( 0.05 seconds )
- 0.008 ransomware_files
- 0.005 antianalysis_detectfile
- 0.005 antiav_detectreg
- 0.005 ransomware_extensions
- 0.003 ursnif_behavior
- 0.002 antiav_detectfile
- 0.002 infostealer_ftp
- 0.002 infostealer_im
- 0.002 poullight_files
- 0.002 territorial_disputes_sigs
- 0.001 bot_drive
- 0.001 antianalysis_detectreg
- 0.001 antivm_vbox_files
- 0.001 antivm_vbox_keys
- 0.001 geodo_banking_trojan
- 0.001 browser_security
- 0.001 disables_backups
- 0.001 disables_browser_warn
- 0.001 disables_power_options
- 0.001 azorult_mutexes
- 0.001 infostealer_bitcoin
- 0.001 cryptbot_files
- 0.001 echelon_files
- 0.001 infostealer_mail
- 0.001 masquerade_process_name
- 0.001 revil_mutexes
- 0.001 modirat_behavior
Reporting ( 0.01 seconds )
- 0.005 CAPASummary
- 0.001 JsonDump
Signatures
The PE file contains a PDB path
pdbpath: SenseCnCProxy.pdb
SetUnhandledExceptionFilter detected (possible anti-debug)
The binary contains an unknown PE section name indicative of packing
unknown section: {'name': 'RT_CODE', 'raw_address': '0x00076a00', 'virtual_address': '0x00078000', 'virtual_size': '0x00000825', 'size_of_data': '0x00000a00', 'characteristics': 'IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x60000020', 'entropy': '4.96'}
Yara detections observed in process dumps, payloads or dropped files
Hit: PID 5620 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 59 }']'
Anomalous binary characteristics
anomaly: Entrypoint of binary is located outside of any mapped sections
Screenshots
No screenshots available.Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
C:\Windows\System32\kernel.appcore.dll
\Device\CNG
\Device\CNG
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
Sorry! No behavior.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No process dumps.
Sorry! No process dumps.