!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
GDI32.dll
USER32.dll
NTDLL.DLL
msvcrt.dll
API-MS-Win-Security-Base-L1-1-0.dll
gdiplus.dll
COMCTL32.dll
KERNEL32.dll
D!d$(D
A_A^A]A\_
WATAUAVAWH
WATAUH
A]A\_
UVWATAUAVAWH
PA_A^A]A\_^]
ATAUAVH
0A^A]A\
WATAUAVAWH
fD;d$@
fD;d$H
fD9d$@
L$DfD;
A_A^A]A\_
ATAUAVH
fD;'sCI
t$ WATAUH
@A]A\_
WATAUH
A]A\_
H SUVWATH
A\_^][
VATAUAVAWH
A_A^A]A\^
t$ WATAUH
UVWATAUAVAWH
u*9Q<|%
A_A^A]A\_^]
kXL9)t
E9k,tHI
0A^A]A\
x6;{@}1H
WATAUH
9\$0u L
x ATAUAVH
A^A]A\
WATAUH
89:u*9z
A]A\_
H9K@t'H
H!{0H!{
;{Du99kDu
C8HcK@H
H9w@u H
VWATAUAVH
@A^A]A\_^
H!T$@D
B 9A ukH
B8H9A8uaL
H9Y8u0H
H;H8s"H
i(f;k(u7I
D$ u^D
UVWATAUAVAWH
0A_A^A]A\_^]
UVWATAUAVAWH
pA_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
x ATAUAVH
A^A]A\
WATAUH
t$`+t$X
x ATAUAVH
A^A]A\
WATAUH
L9i(u0
H9;u%L
UVWATH
A\_^][
SVWATAUAVAWH
`A_A^A]A\_^[
UVWATAUAVAWH
tjH9>t'H
A_A^A]A\_^]
VWATAUAVAW
D$xH9D$ptFH
A_A^A]A\_^[
WATAUH
fD; tqH
fD;(u\H
fD; t{fD
A]A\_
9T$ttIH
up9T$ptjH
9T$ptD;
\$ UVWATAUAVAW
'fE;4$
A_A^A]A\_^]
D$xH9D$pt
D$xH9D$pt
UVWATH
A\_^][
SUVWATH
\$0HcK
D9d$$t
A\_^][
WATAUH
D+D$T+T$P
l$ VWATAUAVH
A^A]A\_^
SUVWATH
D9d$Pv@3
D;d$Pr
A\_^][
UVWATAUAVAWH
H;l$@sI
PA_A^A]A\_^]
x ATAUAVH
Lcd$`A
A^A]A\
UVWATH
A\_^][
WAUAWH
SUVWATAUAVH
A^A]A\_^][
VWATAUAVH
+T$XD+L$P
+T$XD+L$P
A^A]A\_^
SUVWATAUAVAWH
A_A^A]A\_^][
VWATAUAVH
t%fE;0s H
t%fD;3s H
A^A]A\_^[
{ ATAUAVH
A^A]A\
UVWATH
D9d$0H
A\_^][
HcCPH;G8
D$L;CPtD
UVWATAUAVH
A^A]A\_^][
WATAUAVAWH
A_A^A]A\_
VWATAUAWH
A_A]A\_^
UVWATAUAVAWH
A_A^A]A\_^]
SUVWAUH
`A]_^][
H9KHt'H
H!{8H!{
UVWATAUAVAWH
A_A^A]A\_^][
uVH9yXv-H
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
9\$@v5
pA_A^A]A\_^]
WAUAVH
UVWATAUAVAWH
|$XD9g
D$PD9`
D$HD9`
D$(D9`
D$8D9`
ttD9f8@
A_A^A]A\_^]
x ATAUAVH
A^A]A\
H;KXs_H
UVWATAUH
A]A\_^]
VWATAUAVH
A^A]A\_^
UVWATAUAVAWH
A_A^A]A\_^]
AUWVSH
AVAUWVSH
[^_A]A^
L$8;L$H~
L$<;L$L~
UVWATAUAVH
$9t$0t
A^A]A\_^][
UVWATAUAVAWH
A_A^A]A\_^]
t$ WATAUAVAWH
t$X+t$P
t$P+t$XD
T$`D+|$T
l$lD+d$`D+l$du
A_A^A]A\_
WATAUAVAWH
D9d$Hu
D!d$(A+
D!d$(+
A_A^A]A\_
ATAUAVH
A^A]A\
x ATAUAVH
0A^A]A\H
ATAUAVH
A^A]A\
{ ATAUAVH
A^A]A\
H9O0t H
L$ SUVWH
x ATAUAVH
A^A]A\
x:;^Xu
SVWATH
8A\_^[
WATAUH
0A]A\_
LcA<E3
napstat.pdb
bad allocation
Invalid parameter passed to C runtime function.
305.1i
RegDeleteKeyExW
RegDeleteKeyW
API-MS-WIN-Service-winsvc-L1-1-0.dll
API-MS-WIN-Service-Management-L1-1-0.dll
SHELL32.dll
OLEAUT32.dll
SHLWAPI.dll
ole32.dll
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CommandLineToArgvW
SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW
StrCmpW
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoInitialize
StringFromGUID2
CoGetObject
KERNEL32.dll
COMCTL32.dll
gdiplus.dll
API-MS-Win-Security-Base-L1-1-0.dll
ntdll.dll
msvcrt.dll
USER32.dll
GDI32.dll
DPtoLP
CreateFontIndirectW
SelectObject
DeleteObject
RestoreDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
SetWindowOrgEx
SetBkMode
SetTextColor
GetStockObject
GetObjectA
GetObjectW
DeleteDC
CreateBitmap
SetLayout
SetViewportOrgEx
ModifyWorldTransform
SetGraphicsMode
SaveDC
BitBlt
GetDeviceCaps
SetWindowLongPtrW
DefWindowProcW
GetWindowLongPtrW
PostMessageW
PostQuitMessage
SendMessageW
SetWindowTextW
ShowWindow
UpdateWindow
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowExW
IsWindow
CallWindowProcW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
CharNextW
RegisterWindowMessageW
LoadIconW
LoadImageW
GetSystemMetrics
PeekMessageW
MsgWaitForMultipleObjectsEx
DestroyIcon
KillTimer
LoadStringW
ReleaseDC
SetForegroundWindow
UnregisterClassA
SetTimer
GetCursorPos
CreatePopupMenu
AppendMenuW
SetMenuItemInfoW
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
BringWindowToTop
GetSysColor
SystemParametersInfoW
GetWindowRect
MapWindowPoints
FillRect
GetAncestor
IsIconic
GetLastActivePopup
BeginPaint
EndPaint
MoveWindow
InvalidateRect
GetWindowLongW
GetWindowTextW
GetWindowTextLengthW
DrawTextW
IsWindowEnabled
GetParent
TrackMouseEvent
SetRect
ScreenToClient
GetDlgItem
SetFocus
DestroyWindow
GetScrollInfo
SetScrollInfo
ScrollWindowEx
GetScrollPos
SetScrollPos
ScrollWindow
GetFocus
DrawIcon
EnableWindow
IsWindowVisible
SendNotifyMessageW
GetKeyState
GetClientRect
swprintf_s
memcpy_s
memmove_s
malloc
_vscwprintf
wcsncpy_s
vswprintf_s
wcstol
towupper
wcsstr
wcschr
iswspace
_resetstkoflw
wcscat_s
_vsnwprintf
memcmp
__CxxFrameHandler3
_onexit
__dllonexit
memset
_errno
realloc
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
_cexit
_XcptFilter
__wgetmainargs
_callnewh
_CxxThrowException
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
wcscpy_s
__C_specific_handler
_unlock
memcpy
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
GdiplusShutdown
GdipAddPathArcI
GdipClosePathFigure
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipCreateLineBrushFromRectI
GdipDeleteBrush
GdipFree
GdipDrawPath
GdipDrawImageRectI
GdipCreateBitmapFromHICON
GdipFillPath
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipCreateLineBrushFromRectWithAngleI
GdipMeasureString
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFile
GdipFillRectangleI
GdipAlloc
GdiplusStartup
VirtualAlloc
InterlockedPopEntrySList
VirtualFree
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
DelayLoadFailureHook
LoadLibraryExA
GetSystemTimeAsFileTime
LocalFree
MoveFileExW
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetSystemDefaultLangID
DeleteFileW
GetTimeFormatW
InterlockedPushEntrySList
FileTimeToSystemTime
FileTimeToLocalFileTime
CheckElevationEnabled
GetUserPreferredUILanguages
SetProcessWorkingSetSize
GetLocaleInfoW
RegQueryValueExW
FindResourceExW
WaitForSingleObject
CreateThread
GlobalFree
GetCommandLineW
CreateProcessW
FormatMessageW
SetEvent
CreateMutexW
CreateEventW
CloseHandle
LoadLibraryExW
MultiByteToWideChar
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
lstrcmpiW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
GetLastError
HeapSetInformation
FindResourceW
LoadResource
LockResource
SizeofResource
GetUserDefaultUILanguage
HeapFree
GetProcessHeap
HeapAlloc
RaiseException
SetLastError
lstrlenW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetDateFormatW
TerminateProcess
UnhandledExceptionFilter
OutputDebugStringA
GetCurrentProcessId
.?AVCMessageMap@ATL@@
.?AVCWindow@ATL@@
.?AV?$CWindowImplRoot@VCWindow@ATL@@@ATL@@
.?AV?$CWindowImplBaseT@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@
.?AU_ATL_MODULE70@ATL@@
.?AVCAtlModule@ATL@@
.?AV?$CAtlModuleT@VCComModule@ATL@@@ATL@@
.?AVCComModule@ATL@@
.?AV?$CWindowImpl@VCBannerPanel@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@
.?AVCBannerPanel@@
.?AV?$CWindowImpl@VCSHAItemList@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@
.?AVCSHAItemList@@
.?AV?$CWindowImpl@VCScrollPanel@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@
.?AVCScrollPanel@@
.?AV?$CWindowImpl@VCDetailsWindow@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@
.?AVCDetailsWindow@@
.?AV?$CComObject@VCSafeWebBrowser@@@ATL@@
.?AUIDocHostShowUI@@
.?AUIDocHostUIHandler@@
.?AUIOleWindow@@
.?AUIOleInPlaceSite@@
.?AUIOleClientSite@@
.?AUIUnknown@@
.?AUIDispatch@@
.?AV?$IDispatchImpl@UIDispatch@@$1?_GUID_00020400_0000_0000_c000_000000000046@@3U__s_GUID@@B$1?m_libid@CAtlModule@ATL@@2U_GUID@@A$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$CWindowImpl@VCWebBrowseHost@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@
.?AV?$CComCoClass@VCWebBrowseHost@@$1?GUID_NULL@@3U_GUID@@B@ATL@@
.?AVCComObjectRootBase@ATL@@
.?AV?$CComObjectRootEx@VCComSingleThreadModel@ATL@@@ATL@@
.?AVCWebBrowseHost@@
.?AVCSafeWebBrowser@@
.?AUIRegistrarBase@@
.?AVCRegObject@ATL@@
.?AVbad_alloc@std@@
.?AVexception@@
.?AV?$CWindowImplBaseT@VCWindow@ATL@@V?$CWinTraits@$0A@$0A@@2@@ATL@@
.?AV?$CWindowImpl@VCMyWindow@@VCWindow@ATL@@V?$CWinTraits@$0A@$0A@@3@@ATL@@
.?AVCMyWindow@@
.?AVCAtlException@ATL@@
.?AVImage@Gdiplus@@
.?AVGdiplusBase@Gdiplus@@
.?AV?$CWindowImplBaseT@VCWindow@ATL@@V?$CWinTraits@$0FEAAAAAA@$0CA@@2@@ATL@@
.?AV?$CWindowImpl@VCSHAItem@@VCWindow@ATL@@V?$CWinTraits@$0FEAAAAAA@$0CA@@3@@ATL@@
.?AVCSHAItem@@
.?AV?$CSysLinkT@VCWindow@ATL@@@@
.?AV?$CWindowImplRoot@V?$CSysLinkT@VCWindow@ATL@@@@@ATL@@
.?AV?$CWindowImplBaseT@V?$CSysLinkT@VCWindow@ATL@@@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@
.?AV?$CWindowImpl@VCShellStandardSysLink@@V?$CSysLinkT@VCWindow@ATL@@@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@
.?AVCShellStandardSysLink@@
.?AUIAccPropServer@@
.?AVCScrollPanelPropertyServer@@
<?xml version='1.0' encoding='utf-8' standalone='yes'?>
<assembly
xmlns="urn:schemas-microsoft-com:asm.v1"
xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"
manifestVersion="1.0"
<assemblyIdentity
name="napstat.exe"
processorArchitecture="*"
type="win32"
version="1.0.0.0"
/>
<description>Isolation Notify</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity
language="*"
name="Microsoft.Windows.Common-Controls"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
type="win32"
version="6.0.0.0"
/>
</dependentAssembly>
</dependency>
<asmv3:application>
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
wvzbf"cf
siSTLH
CGGKKKMl
FFFHGDDMUUVXZZS
gCLNNUX
p]\\]]X
EZZ\]p
q`\[_bRI
^Y\]`ecRSaWNC
xRdXMGC
/&'')()
5*9;;:*
6:????:
BAA}~>
l:2.-*
S*14>XQHEGA5
e@FGILMFC0
PJNcTU9?>3,
yslily
1))((%$
wGoRs>
Z_Viz^)uUk
5&S5DI
,@]k}ngg
PJyFk}&I
ox@S)ulwg
]}}{;y
fwwWw:
!{{=^x
Yk7Y_k
w!"[;D
1Kty;M&
! l90HH)VD
)`040PB
ZkXpt90
UqXt"_b]
;p-ehk
!D?#)U5`)8R
qU5 6:
2FU_Vm
xr& 3`
cfffg$
P#6~>B
i7Te`B
xYK@``
B\2lhp
vS*Fa-}
kR*X.!l
g]dbI!
{nJ(".
<Y,Ol3
Sjy"xI
+(OLbz
o}+IN8
*S$_,#W(
c qLsQJI
B:u^?8"
HH[HiG\
RPJI$8
CJiHHC(
[XXd'N
#<x"D(9
TJI)cP
DdddddE
w%j11^
y/G&)&g&
K3b"2E
S47okH
%#AGP2q
fXfafo
.m,c}s
NkGP,E
%*QaKE
(Bl"$&B
Ad"$6Blb
/0j!1J
ftvrB'
n#ES{X
b^ @@}&
IDAT<}
1x]oZ{
"Dd Pt4
Qt}x{?0
);=}1my
h9(Fv1
43T3F4n
+`T#+a
Le]Fk#bc
$6:4=V
C"$pah
"D$"DD
897sh|
Jrdarf
P8c8%Pj
-?Toa{G
'aTR)B
~gZ:[
Pqd*](F
rn:U -
MJ?FRMBt
-)/6MSGwRt:
4@&j-')Dli^
#&!AP^G{
+5'LK[:
&1"MG_2
mtph:MKG
G;8/r|xh
;8*zmfT
ywmfgd^9
%.-,%B?>'tqpP
%{}}Auvv
HGG:Ji3h
9E44?Q5s
Lc;JXsB
Dz#-=}
.,,!hebX~zw
wwwwwp
}}}}way
xtmaaadddeeeeK
xmh`OOOOWWbbddeaE
Oxmm`OIIAEEJJUWbbbd`A
{aah_KAAAA<DFFFTWbWdOI^
KO`OKA?:3@
ADFTTTWWOIE
KOLKK?<33I
<===TTUOFIA
JJLK?;30:
k.<<==TFFIIA
JJLLE?404
/7<9=FFEAAA
KJLLE;..
/66<<<E;;;
LUXLLC.4
//67<;;3
JXX[L85
+////;2223
UX]]LK
*+...3
Xqsp]X
C))()((((
fC6)))()((
fYVP-))((((
sYVVSP6)(((
sqfYYVC9,((
~~sqYYSCC81+
sqYVCCC8E
qYSCFD;h
qYSGFB;
s]XSEC>3
s]LEA?>
s]LGE?>
s]LE?>?D
p[EC>?
v{ljimmmmS
clbRGGSSUVVG
ThREA<<BLLUUSE
[RHA91113>>>QSA_
>DA7)*
@05>>LE2
BBA7((
045>B9F
]$-4539)
rId~:
e.! ! #
gNI.!
WQNJ/%"
qgWNJ;/&
gQJ=0D
oNM>,k
reM=:*Y^
J`dd`J
JdaD1adJ
Md8%le:lf
MdFC?)!
JdFZZC)!
MddU[Z@(#
RMaa^C07daMR
aN`dd`N`
;;;4ddd
PPPOiii
WWWYnnn
PPP:ppp
aaa?{{{
===`BBB
222M+++
j3cb#xp
#c"$#xp
zssr6xp
w:rscxp
ORRRRT
sqpbaWXYZ[4578862,
yvmhffgj`#'))*)&
vkd^dg_##))))"
{tld^^]"##)%$
{wuolg]""##$"
{yvon/+%$"
yrDB<<0-
|GDD><33..
ED><:..
GC>;.:=
HfjjTH
Hjf&dfjH
Hj%##ceAjH
cFF?jL
bDF@iL
bGFB>TP
`=<;:fL
HjU/*)+1
HjW8-''
HjVV7.,
HjY]]Z93
Kjj^lk]452
fLKfgm_N5ifKLf
ROTjjTLR
===`BBB
222M+++
IGGGG_
~tt}wz
tqqE0.1X
~}tEp6
w}tmpp-
ayw}xqEDpB
v}xxxmDDFp/
tlEDDFpB:`}z
xtEFDFD=5568u
xmFDDF3
xmFDFF,
tllDDF,
tlDFlF,
{olFDDF
tFllDD
,pooosq}wwtm8
tlDlDF
Flpmomtmmmm?
FlFlDElEmEE8
DDDDEDEEEEEBP
DDDDDDCCECCBP
DDDCDCDECEC@P
CDDCCCCCCC@@L
ADDCCDCCE@<<L
UFFDDDECCC<<L
UnllllEECC<CL
UnnllllDEC<@L
UnnnlllDAC<@P
rrnlllDDDA77
rrnnllUU77X
rrnlnU?G
fyw`A8
tyqw]?A.
ef|c??A846U
Xz}u`?g3
_blxffw=
g]]`aaa=
?_?Z@@@;G
:??>?@@7F
:???>>>2F
:??>>@22F
Lg_?]@>2F
Lk_[Z:>2F
dd_]?:73I
[immi[
[mjI8jm[
/?;%ij
^mOLB!
[mNLQ=
^mRRYe
[mTUfh
47 m[
^mmGWgXC<-#mm^
`^jjHK:'mj^`
j_immi_i
;;;4ddd
PPPOiii
WWWYnnn
PPP:ppp
aaa?{{{
===`BBB
222M+++
quarui_details_window_class
Probation
Not-Quarantined
quarui_hidden_window
Quarantined
QUI_APP_EVENT
TaskbarCreated
Local\quar_qclintfy_mtx
Delete
NoRemove
ForceRemove
TypeLib
Software
SYSTEM
SECURITY
Hardware
Interface
FileType
Component Categories
ATL:%p
<NULL>
SmallText
LargeText
"%1\control.exe" ncpa.cpl%2
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
Wadvapi32.dll
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
Module
Module_Raw
REGISTRY
0x%08lx
EnableBranding
Software\Microsoft\NetworkAccessProtection\UI
Software\Microsoft\NetworkAccessProtection\UI\Branding\%d
DefaultBrandingLanguage
Software\Microsoft\NetworkAccessProtection\UI\Branding\%s
Picture
STATIC
SysLink
Elevation:Administrator!new:%s
ShieldIcon
napagent
BUTTON
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Network Access Protection Client UI
FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)
InternalName
napstat.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
napstat.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
6.1.7600.16385
VarFileInfo
Translation