!This program cannot be run in DOS mode.
�Rich_
`.data
@.reloc
msvcrt.dll
ntdll.dll
RPCRT4.dll
API-MS-Win-Core-ErrorHandling-L1-1-0.dll
API-MS-Win-Core-Heap-L1-1-0.dll
API-MS-Win-Core-Interlocked-L1-1-0.dll
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Core-Misc-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
API-MS-Win-Core-Profile-L1-1-0.dll
API-MS-Win-Core-Synch-L1-1-0.dll
API-MS-Win-Core-SysInfo-L1-1-0.dll
API-MS-Win-Core-ThreadPool-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
PerfpSetServiceState
PerfpServiceMain
PerfpOpenProvider
PerfCollectData
Collect
PerfpRpcIfCallback
PerfpCleanupServer
PerfpGetClientAuthId
PerfHost.pdb
u"SShI
VW8C1t"j
_wcsicmp
memset
_vsnwprintf
memcpy
__wgetmainargs
_cexit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
msvcrt.dll
?terminate@@YAXXZ
_except_handler4_common
_controlfp
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
EtwEventUnregister
EtwEventRegister
RtlFreeHeap
RtlAllocateHeap
EtwEventWrite
RtlNtStatusToDosError
NtClose
NtQueryInformationToken
NtOpenThreadToken
RtlExpandEnvironmentStrings
ntdll.dll
NdrServerCall2
RpcImpersonateClient
RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingInqAuthClientW
RpcServerUnregisterIf
RpcBindingVectorFree
RpcEpUnregister
RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcRevertToSelf
RPCRT4.dll
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
API-MS-Win-Core-ErrorHandling-L1-1-0.dll
HeapSetInformation
API-MS-Win-Core-Heap-L1-1-0.dll
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
API-MS-Win-Core-Interlocked-L1-1-0.dll
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleA
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
RegCloseKey
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Core-Misc-L1-1-0.dll
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
QueryPerformanceCounter
API-MS-Win-Core-Profile-L1-1-0.dll
InitializeSRWLock
API-MS-Win-Core-Synch-L1-1-0.dll
GetTickCount
GetSystemTimeAsFileTime
API-MS-Win-Core-SysInfo-L1-1-0.dll
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
API-MS-Win-Core-ThreadPool-L1-1-0.dll
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
API-MS-WIN-Service-Core-L1-1-0.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="5.1.0.0"
processorArchitecture="x86"
name="Microsoft.Windows.Diagnosis.PerfHost"
type="win32"
<description>Performance Counter DLL Host</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
1T2X2\2h2p2t2x2|2
3$444 6$6d6h6
7-7]7c7j7p7
8<8B8G8^8k8y8
9&90979G9Z9`9f9
0-141_1
3 464A4H4\4i4
5�5(575=5H5O5]5c5i5v5~5
7<7G7R7
:):?:u:
;";(;-;2;7;<;B;J;W;r;{;
< <'<;<A<G<M<Z<`<i<
<$=0=6===F=L=T=Z=g=o=u=
>,?8?E?b?
13191?1E1K1Q1X1_1f1m1t1{1
24282T2X2t2x2
qU+^l-
[)[@4D
TT\]2|H(O
5�_ukNR
j0e9ro
oo oP5
q(@NI,Jv
ElCQ8
VQZ5g6z
oD{@(O
K/q<2Ea
-.Q4\8
4O\W/O
|7ao-c
}ypA^s#
6~NoE=
u5O0&S
lqq8MhbXg
}VH<n;H
{.5lGK
lWRA0POI
`>=q<]D�
hcK6Yv
v])QU`
gyl'8]`T
{r+p+-
?WZ\S*
=5~'GM
?+Op-#
v>_-&IV9w$
GD;df6
>I@]f
v0-{4=
{0:@6T
bL.%,3
ST,P )A@R
LxnX@Z
n?WNyu%'
>FV,.G}h
$^1"Gf
bA"npJ
xr}\s`Y
|d[&fj
zjunF9
I'o*=(|
y7Iqyzr
*^>|t_
8nt 9K<
{h<�+w
-CM{Y_
7MXmJ'aJ
9m@]~h
Q^jW{v8
_+f}}<
L_YvfPk-;
(_OGl-8P
MV@g'o
R!/QVK
;|&R+H
YcZw4ri
FG'9WF
GP%+:A
eg2�i m_8
Lxm>}{.
8T;4rm]
Yhr~H<
<;K:f:6
o#(^"+p
L`t_gjh&
l%9T>v8
_"w�o!
~cB6`_]J
@Vx[mP%
j^C*T;
FZoVOY3@
?d)z?1
tvxB.?
xPLcZ{lr\
u&~6B+
'D's7;Ap
zO[T^R
TSMe>3~L
Og�eIZ
F8bc\/_
z(wpK<
(>"#Td
}>XF6z
Wi]"Re
}e@r,P
^~TnX
xjtXR]
K )8{B
+h|~(()
QR9v0J
"N?/(>
LDD>/z
fihYv7
o75f1LK
Nh1jx0
XBw<$B
s\a3 ?"
^EYVJ.
VaQ[k);vER
B&I7t<
oV_gU8
&:d:OV
0dt;]W
^F\0[O
bBN�gh
IBLA#w
Y};@:>b
O;.^$3U
V\iq;4
kd;|gh
@QH?Tc
3vj2Tx
aLj?\8
l1`~!1
-YUbzpM
e`<w*u
. &/HA[
}f9H^BU
$wG8+My
>vflYZ
~c3Ad12
Lk�$+>:~
1Jr:73
de{$O0s
<9|G-/
Lpuv0r
Om&>aZ=
?]wwI^i
\h8~tcY
!cz)=j
[nsRYt
!I)Ga>
\;MIFH^
xk~t|;
lkQUqg^cX[^R
D-ui7n
cJ$HDZ
3I,"Mf
dLPl^r
L?,<tc
u_P_PqL
k.V)QU
)4GRC}Y!Z
sZ&Z[s$
a7|gv>
U]S"Ih
\DCI`m
{'?:<=~
?17'hA
<#p)EMWo
|!$j\$
/=X*k~l
E}99v�
oGUtwV
~kzH,?
x�7V?J>9
A<?X�4
!a*=k2
i,-V'_
mq#D�
cnQ_rRh
?k%I1>S^
;$1K]Z
9al%{^&
;WHHJlR"8
v8-�[&
"?.Gid
d{#<*>
&J.{j}
z`\'>"
x(F1W|_
�)6)&?
0{"IJS
X ,t:jC
@+i--f
A5b76)
X}?'cd
6x1fY%ga
Gj:"o#
?Qz>fA
a|)f].A
W9!/me]
b=aFqj
^h[LoI
`d?vaL
!Nk4yb
A4*x:R
3Mj~Vz
v1J/H*
7/]]#-
K*&%Ib
XJlY2R
A@_X5<
i$>'yT
3W/,tN`
S`Y-';
[[9%rH)
C;T'{J6
e'553d
r^HL:=
]zoR4~@
`W 6P9I
F0mh*}
z7r#LP
A+M&\("e
V*Eq1^bI
&o;LHt�
6.9):=
(sjg'Kx&
Po?T={UW
�a/~IE
O1AQ9>
No$u)E!7
%WF<z?
/ :N~J
c%]N&4
4yG29v[
M:FMlg
(67z;U
b5Sa>_:
kvU4NL
TUy!au#?
^hMMLTj[8
-Xz?v'!
,>nJ?`
fn/|v?
3ae\F
h]BA8V
K8cV_Z
i$HHT|
QeDw2,
}gm}g}
4LX?EX
�x|#[X
W=nLmg
X12c1$!(
)G(.&K
1dcFPN
Bp$�&7N
ih<i=BD
N ;Ous
ISe6v_
f)%'f1pF
x4F3bov'hG
g%,.\y&-c
ixA.u!
3mygAl/
#,$S<N
,0@c^b
v8v>~S
iqQ&KO
kGH&YI
vg%v&L
]&is=:t
z3@enDEub
P{M>li
i%L`S-
c*@Srl
}ygv:.
/v9E|o
v>v'@>
UcjxI6
s$\nVt?3(]9
HO-ejS
muV~wME
M4[khww
@%n^%\
4_{{L-
9,<X~_
^vv}8|
0�Pn2D
Mf:y�K
pXR!~v
t|~*$>x
<k{_;r
/S]Y#6
X/Ah&;
Org)CRL
=8Gv7>
5fAYI}
�qxJ6d
i='QZ]
rc�uL,
u'{{NK\
U1X//u
'tk=Fo
a@?nyg
ZEH<Je
{DE6#(
>)Aw!s
(=t5�}
%AzFhs
XIO9*3
]^9||-+
<&d5B9
ruI~IB"
%sE\iS
msQJ7w
T6yTcL
`>!l=.
JmB^4G
k$Yy3T
xnCop9
,nT?rr
^zH~m!b
�=t!9r{
X0^i{
?WlnQq
j5{uhsq
,n1-<L&6V
+}:qR;0
coW^>�
I0u{.\
axh5oUt
OFOIyG
BEV_U
g.DUEU
<ZZzD%
_0^Uc_
{T?�Ag
}.j>E0
Io0Qzl
,>~u5?
O>Se QN
W!DC3\8
NVLt1+:
Q@<~gG
puX/XKZ
)FpW|Y
/9-0q0
}�Wns>
BH/Gx:
OWk{Sv
mx@KR0
&E\)Z+'Z
aL0x2,>*Nvh
[n31Z$
Y1pdee
W8Y.VneN
Z@N2C_
LE~$;*2V
[O")UOxE
9&MO'm7X8
^�rO%w
p^e7HGlsj
/X3F)v
sR%{5]
X%\u"
yKC$;Qu8E
a�C^Na
+1YQoD
-+$31F
**ch9b
j]&'dqb
74>NC-
p_+Ei1
�t<KE'
PLVAwZ
dB7v%w%
EF71QHF
/Bifkf$
TIyRn>
QmY5'6
%2V#0m
58#^em
^W8Gy.
*_0$0K
g)/r-a
E;4hB*
"zZ[>X
v\R,G]r?K
(:#yea
o[C%/X
h-ljGr
,?H/{L'
JWWaoW
M+sG8\
'ZdkKL
#AP\(k
$=J{PV
:\K@y}
U9zP:(
|P3jzt
Hx_wN1
xfqY82
243/b.
I9_1}7
e@^:Se-
ehgfedc
BA@?>=<;
Gb's6
!eG'ecs
8~{l_:
VQ,6b!]
E}V{(T
A%|O4R
_\7kFOkg1kUU
J/0rWMoo
Ta~Ah?
\(+5O`g<fk@^P
<BjsaJ
|`\SRp
.A9M@_
/=CD+,
hiDV?c
}5Fme}
WTD},Z
VwM7v=
$ZMh~??
oB]X3^a
r+Cp!;^G
{/h3+hb
zLYD[*m5
[RHiTGz
2ZraocmE0g_71
Gzk$*�.P
Q0d/xh*
E>l�8*9]
2O+;*3?
7DTewrw
fq}-X]T
<U�B?<
W 3o'`
O,uoi@j
[*>p%TP
#9P"Qs
Y.|H3y
@/8S�W59
<}m?= U@m
HoUN)*
RAs2>EOOAo
\|TioE
TUxwrW
01EiS)
vIH}{<X
)G-x-J
M44{T~
Hmpe#7
G&s^S`
b A*Nk
xO6VDZ
<�sE l4
pKsHSnY
cKx:7}y
65`p{Y
2y'+-p
pdIs7r
P=QGXP
t664u1
yB%=OuV
Fku{&w
s>`{7n.xd
O|8<b{)
-h$gw
3PV_vLQ
=K|C;D|
u.3�.#:
.ID/[w;zd
3I+[9:
>P[ehF
rsH#aEt
&cWnFL
s9:|.Mv
d?mvUP
dUk~yO
(_,|<O
(1"+Vn
$Xq>(:|
je:I$T
wut%Yjs
za\7'�
Xq>(:|
\<AeB:P
A9|s6=
m4 o*}
?.3{Yt
n$s).U
x]?vtzQ
B$"E`W[
G~Ts[3
p!YG>z,cM
w^5nLg
lXVR=xCfn
Y\qjrPf&0x*
^[7]h4
Z5I;N{
|@G]0B�vT
:u{v|'
f.fN]rpE
G;{t<N
abM7\$
=!(^We\3l
KH8SMA
yLG~`/
tk{q"@q
~J~(V%T
^,mtv_
{NN=}y
^+J+yO
U^zD?`PFy
9dTloy
WHjDPV
Ei<*Nb<
7-n'Yf
t|\v/$
_�&xb-y
._gW"@`
'6AAX*R
v=r(Wb!
CwYwjX|A
O):0YbS
wO<alr
c9PvU4
6\{.Z'
*]U9z%
hhJi$<H
/<\&OG
'$M8\6
8t{"fW
rk~=(`
R/#cc t
d{+8ucG}_
oc<J:{
(,!l%Bd`
f))r�m
:C@ZVZ
hsj<tR.
_,4p4>
=c|<s%
Yb~VL(
bte>Lys
Kdk*jg
T;pnw&AI
~?OL!)d
pH~Sim
G@z^:85
X2R�iFg
m'uPv;
eF\P6�h
'$57^%
bVo<)p
LdofXw
akPj(S<
=JQ^}04n
$Q<UQ5
=#,'r{/|
c{n}l[^
KUo7!I
Vv94Z*6
lC{)|J8
%*|WX5#,
4-hi'v
"9<$k�
0{p@lX_
ZL5wu1
iK`G"IJ
GK?&4`
{UqXkH
BgLKTb9
>dRaTVh
hj{^n8
vyl*]7
o|ljQd
=d&Jf.
x9OqIf
0k*h`4%z
y+&_ (R
9(j)zw
AQ)MEZ
�b15Wm
?(ZVM3
!v&G77
JCD@)H
xzRaiH
JQ-M:n
>0cW+d
Ex~wCD
t?Tr_VY
'QoM:3\
v�T]mtDw
K{??L(
M}'/RjT
sW,K[zg2\
q7�tL-
+h1-o]
?ov:2p
4z8Mz}
$Hu$G)
8;T;zoo
lI"y^F
�'+$M?
sdCs)j
&r� B9+
gP31A<uAE
{Ede;stl
p*c5jl
?Ogv<F
}/=nvo?/g
zxa9/#
"F,/)=
|\?nd~
`^8lV-
UZY@w;
HKe/E1n
q1^7Bo
B~4k)SS
il>J7"
fY[sZr,
_qcb4v|
RTo.`?
0iukxO
>fPj#: (
sVHiaYT
Hiu}-5
[2~4kQ
kEx!%U
ZI*QJB
Ge%1`/
1d"@/s
uat7US
ekM,{.
#a{>H%cv
3V`[*%a}
,_i.s4
<,?yU6^
$DhUDv
z`;/6Q
j~lQ1N
I9l=@o
dzZ%wJ
&KK"_VmC
LEh|;}k
:R)QI%K
Z(j$4.
z,Y3\h
#Y_?P3
P/v>I(
�H\$.=
MzE3W}`
@OcWCS
s@(3|vj
R3\>B%
r{}4\n
%0pkVl
&#Dq0peC
VlWUO:
;@=+&G
&bcNGGU
]ZBmhp
&l2:K"b!
[q'z)p
B_`$+w
5 !u*&
m"\7D
alX,RP<
Q9}n;Kr
L'5~~z;
^?,G'w
y}$K(4
~dc+N]
8i{J+|;
%T~d(w
v1zz�~
RFB]&:
'MSj5;
$or7m)@
_M>7 3.
{jI^>z$
?]Orp_8N$u
0m8Mbz
SPbJf!
P?;39Q&X
~&woF%
F!92lv5v
V~I5C[
o<tBpR
,7N 8O
N NTF.qE
2'b>@+
3A->?<
vq"?,tTu
ma&f@*3
-iC@"g
5)=JcC
1S+j^o]
Tg>bSi
8?Ws<-
>tAywQ&a
?/msv.
}C5`t.
Jsm0�
..Z6jv0<s
dxReBMoI
R=dF\"
tsv0Dng~
;)Ci8p#=
vS%<wb
O]fAbE
t;m<m5
J:h]::
`{(9�zf
e8d>z�
`!8FTC
QySbY|
+2?=VT�
\EWKLp
i~4N$:
mxr`8Y1=
a_L|UT?
Qj|A;J
t"CBWz-
W)7XUimFc
#L1jjb
|7^~'x
NJ3=�Q
jI*\9\
,Pmv#I
{+oKHE/
3]g]]ae
C<k3|KY
h2)LR7`
(j2(ku
{E?`>z
7n%Y%m
f=Nw8k
N8UCIAnj,�z
9X%n\*
\=fDfz
{~AM2r
{R!b|7
S##1LQ
;" M+d
t/pRIU
xc^.pr
A_$/0{
U?q?[D
[YsSU,
{->(hZx
veHYn6
e=h9O<
Z]a7P"
S`XHFO
LbTdII?
aMsf&#g
:!ZS`a
NEv/Y>N
g$`tm2>U
pZrYF^+
&=j+1W
6F}TDy
K0I|KG
ba&c%D
i!W'Wn
Z$[2m6
e@_A?~
,,AQ!=
9G'bAtT
$W+7`;
Z4otRiaz
<T?vn/
|u|}a*I
#%R#K:
9Avi~B
z<bF>Y$
Q$0Rh}\
6]N&S-
F&lS|vgW8
i*>+Ju
Cwgjl,
Y$8M]Zk
nzH{_>
&Ea$Lz:p
u<aP)E
@#f@@I
xdt1Bf
q1xG�|
,Xh|`GZ
cH]L:T;
_,EZ!m
k|d0B-
ja}X�siEb7
C^t7On
1)Rm/l
G*(] YO
O4^0#X
AzEr:0
tX5V<a_
XJd6e8
PjnYGKex
X%5=cr
j(cLBP%
`Y#n3[
{`uzhI
Y!KsqIJ
)�}ys5
MzX:�=%;q
L8a,HxsU
z,|^A`v
@W!`Wd
%g$$++
jG:d/14
X�yMsC[
gbJ%4ld
|0/.-,+*
k\|>Y5
XYt_~:
DmVAq
l8F�_9
Rj[B*H;
_+S,mw
kdO&gz#ZV\5
^7yO#s
5Q*qHR3D
FMUw$.
|1|r-%
�CC[[)
s>s}"*
�#I;[)Z
P[8kFOkg1kUUSP
`<V[[i:2|0
@Da`ewM
[Y:G)N
G[}Kq^
`~|xLd
wM7@c/
u~v_LF
Q=+4;Rh
\)MM-]
@}z`�`
9CB'Ci
S&BP13
U+HO?o.
qzNqD8
v><dY!
?4W44(
KHdjPH
_:xMw03
@HO!~_
JOnKVi
-A|=~:
ay/Gka
7ll~g3
@Jmx]TGS
@8w-sh8
MphT_t
TDE[{xB
&=, 4T=
eHXN,^w?
Q*EfWZv
�M&E)n
MRR/2F
v=&/qo
{F$T*I
<U�B?<
d@b\ct
P?yoC'v
x._Q]V5
^ZR\3P
f`Btp9
\v)^hy
Am09!/$c@
/[~8r5
Y(9%x[
sXWXO<
PwPoPgP_r[3
P/P'P�
_g__]A
*Jp1nP
MRB4D0
O\?\/\�\
\J/[�[
x;?Y/o
QHD3)y�
_\W\H]
i\?\7cP
bO*S[W[O
gZ_ZWZO7
?Y7Y/Y
gX_XWXO
WwWoW;
;!gVWVGV?V
UGU?ga
mPOPGe
@O@HyK
< dg>k
n=n1:{P
8iNYQd
X^j RE
5sZ*2$
zP:vnU{
_*:|lN
mQ?E-F
MQs^+w
{l'sh~
|>|}-kS
RfUkg0V
NM;>G-
1&AF&9
^|`h3(<
OHMQY9
kxg>kZ
O\)kIO
^Ha7B,
jTEW:Qs
H$KNdgv
�<I$[*:
P\(kIOdg>kZU\P
|>|}-*
�<I$[*:
PQRSUVW
C8hFeN
_^][ZYXU
PerfHost
aExport
Linkage
Library
Performance
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
ncalrpc
SYSTEM\CurrentControlSet\Services\%s\%s
WEVT_TEMPLATE
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
x86 Performance Counter Host
FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)
InternalName
perfhost.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
perfhost.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
6.1.7600.16385
VarFileInfo
Translation
Microsoft-Windows-Diagnosis-Perfhost/Analytic
EventData
Function
Function
EventData
ProviderName
ProviderName
EventData
ReturnValue
Provider
ProviderDll
Function
ReturnValue
Provider
ProviderDll
Function
EventData
FirstArgument
Provider
ProviderDll
Function
FirstArgument
Provider
ProviderDll
Function
EventData
Provider
ProviderDll
Function
Provider
ProviderDll
Function
EventData
Provider
ProviderDll
Function
Provider
ProviderDll
Function
errors
callouts
WEVT_TEMPLATE
