Static task
static1
Behavioral task
behavioral1
Sample
36a3eda52ca80055da621421ff6f422191bffcca27f972d610d0fee10520b763.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral2
Sample
36a3eda52ca80055da621421ff6f422191bffcca27f972d610d0fee10520b763.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
General
-
Target
36a3eda52ca80055da621421ff6f422191bffcca27f972d610d0fee10520b763
-
Size
1.2MB
-
MD5
ff139776507a62c13118a4fa482c42a2
-
SHA1
99df3e8397cf0bb8f7f6dbd35a6456bc6f0fefdb
-
SHA256
36a3eda52ca80055da621421ff6f422191bffcca27f972d610d0fee10520b763
-
SHA512
c9ff4b2134a3aa0e790f288021c1d0d40869ac76cb9d3b6d35619f4951b5b438c9341d8ca91d66f430cf33cd6f9f0e95cfa3085aa97007d773218eee7dfff17b
-
SSDEEP
24576:wNdE2zlrxrdkEtpDsUZi8/kiq+6gq9FhS:wtHhj5sATq/hS
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 36a3eda52ca80055da621421ff6f422191bffcca27f972d610d0fee10520b763
Files
-
36a3eda52ca80055da621421ff6f422191bffcca27f972d610d0fee10520b763.exe windows:5 windows x86 arch:x86
eb0305e514c0f4af3e1366a0e8fa3a30
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
scanpolicyparse
??0ScanPauseTime@qmscan@@QAE@XZ
??1ScanPlan@qmscan@@QAE@XZ
?getPauseTime@ScanPauseTime@qmscan@@QAEXAAV?$multimap@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@@Z
??0ScanDestination@qmscan@@QAE@XZ
??0ScanFilterRule@qmscan@@QAE@XZ
??0ScanTimeOut@qmscan@@QAE@XZ
??0ScanPlan@qmscan@@QAE@XZ
?getScanPlan@DataDiscoverySetting@qmscan@@QBE_NAAVScanPlan@2@@Z
?getScanTimeType@ScanPlan@qmscan@@QBE?AW4ScanTimeType@12@XZ
??0ScanHeader@qmscan@@QAE@XZ
??1ScanHeader@qmscan@@QAE@XZ
?getStatus@DataDiscoverySetting@qmscan@@QBE?BHXZ
?getScanid@DataDiscoverySetting@qmscan@@QBE?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetScanPolicy@ScanPolicyParse@@UAEHAAV?$map@HVDataDiscoverySetting@qmscan@@U?$less@H@std@@V?$allocator@U?$pair@$$CBHVDataDiscoverySetting@qmscan@@@std@@@4@@std@@@Z
?ParseSpec@ScanPolicyParse@@UAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1ScanPolicyParse@@UAE@XZ
??0ScanPolicyParse@@QAE@XZ
??1ScanPauseTime@qmscan@@UAE@XZ
??1ScanTimeOut@qmscan@@QAE@XZ
??1ScanFilterRule@qmscan@@QAE@XZ
??1ScanDestination@qmscan@@QAE@XZ
?getScanPauseTime@DataDiscoverySetting@qmscan@@QBE_NAAVScanPauseTime@2@@Z
??1DataDiscoverySetting@qmscan@@QAE@XZ
?getScanHeader@DataDiscoverySetting@qmscan@@QBE_NAAVScanHeader@2@@Z
?DelTask@ScanPlan@qmscan@@QAEJPB_W@Z
?getPolicyId@ScanHeader@qmscan@@QAEABHXZ
??4DataDiscoverySetting@qmscan@@QAEAAV01@ABV01@@Z
??0DataDiscoverySetting@qmscan@@QAE@ABV01@@Z
?getScanDestination@DataDiscoverySetting@qmscan@@QBE_NAAVScanDestination@2@@Z
?getScanFilterRule@DataDiscoverySetting@qmscan@@QBE_NAAVScanFilterRule@2@@Z
?getScanTimeOut@DataDiscoverySetting@qmscan@@QBE_NAAVScanTimeOut@2@@Z
?isAllDiskScan@ScanDestination@qmscan@@QBE_NXZ
?getDirectoryList@ScanDestination@qmscan@@QBEABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ
?getExcludePathList@ScanDestination@qmscan@@QBEABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ
?isFileExtNameFilterEnabled@ScanFilterRule@qmscan@@QBE_NXZ
?getIncludedFileExtName@ScanFilterRule@qmscan@@QBEABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ
?getExcludedFileExtName@ScanFilterRule@qmscan@@QBEABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ
?isFileSizeFilterEnabled@ScanFilterRule@qmscan@@QBE_NXZ
?getFileSizeUnit@ScanFilterRule@qmscan@@QAE_NAAW4FileSizeUnitType@12@0@Z
?getFileSize@ScanFilterRule@qmscan@@QAE_NAA_K0@Z
?isFileTimeFilterEnabled@ScanFilterRule@qmscan@@QBE_NXZ
?getFileTimeFilterBeginTime@ScanFilterRule@qmscan@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getFileTimeFilterEndTime@ScanFilterRule@qmscan@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0DataDiscoverySetting@qmscan@@QAE@XZ
libglog
?FLAGS_colorlogtostderr@fLB@@3_NA
??1LogMessage@google@@QAE@XZ
??0LogMessage@google@@QAE@PBDHH@Z
?stream@LogMessage@google@@QAEAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@XZ
?FLAGS_max_log_size@fLI@@3HA
?SetLogDestination@google@@YAXHPBD@Z
?FLAGS_minloglevel@fLI@@3HA
?FLAGS_logbuflevel@fLI@@3HA
?InitGoogleLogging@google@@YAXPBD@Z
?ShutdownGoogleLogging@google@@YAXXZ
?SendToLog@LogMessage@google@@QAEXXZ
??0LogMessage@google@@QAE@PBDHHHP801@AEXXZ@Z
?FlushLogFiles@google@@YAXH@Z
??0LogMessage@google@@QAE@PBDH@Z
kernel32
IsDebuggerPresent
QueryPerformanceCounter
WaitForSingleObjectEx
OpenEventA
ResumeThread
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetCurrentProcessId
InitializeCriticalSection
OutputDebugStringW
GetProcAddress
GetModuleHandleW
DeleteCriticalSection
Sleep
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
GetEnvironmentVariableW
GetDiskFreeSpaceExW
GetLocalTime
GetModuleFileNameW
GetCurrentThreadId
lstrcpyW
lstrlenW
CreateFileW
GetCurrentProcess
GetModuleFileNameA
ReadFile
GetLastError
CreateThread
HeapAlloc
GetProcessHeap
HeapFree
WaitForSingleObject
WritePrivateProfileStringW
GetNativeSystemInfo
GetFileSize
TlsAlloc
CreateMutexW
OpenEventW
SetEvent
GetPrivateProfileIntW
WideCharToMultiByte
LocalFree
FormatMessageW
CreateEventW
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetPrivateProfileStringW
GetSystemTimes
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetTickCount
TerminateProcess
TlsSetValue
FormatMessageA
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetLastError
SetWaitableTimer
TlsFree
TlsGetValue
GetSystemInfo
FindFirstFileW
FindClose
CreateIoCompletionPort
VerifyVersionInfoW
VerSetConditionMask
QueueUserAPC
TerminateThread
WaitForMultipleObjects
ReleaseSemaphore
CreateSemaphoreA
CreateProcessW
GetPriorityClass
FindNextFileW
ResetEvent
GetComputerNameExW
GetSystemTimeAsFileTime
WaitForMultipleObjectsEx
CreateEventA
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
DeleteFileA
MoveFileExA
GlobalMemoryStatusEx
GetProcessIoCounters
GlobalAlloc
DeleteFileW
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
FlushFileBuffers
GetSystemTime
FreeLibrary
SystemTimeToFileTime
LockFileEx
UnlockFile
HeapDestroy
LoadLibraryW
HeapReAlloc
GetVersionExA
LoadLibraryA
CreateFileA
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
AreFileApisANSI
HeapCreate
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
GetFileAttributesW
InterlockedCompareExchange
user32
wsprintfW
GetLastInputInfo
MessageBoxW
advapi32
RegCloseKey
RegOpenKeyExW
GetUserNameW
GetUserNameA
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryValueExW
shell32
SHCreateDirectoryExA
SHGetSpecialFolderPathW
SHCreateDirectoryExW
oleaut32
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
msvcp140
?uncaught_exception@std@@YA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
_Mtx_lock
_Cnd_signal
?_Throw_Cpp_error@std@@YAXH@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
_Thrd_join
_Thrd_id
?_BADOFF@std@@3_JB
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Thrd_start
_Mtx_destroy
_Cnd_destroy
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
_Mbrtowc
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
_Mtx_init
_Cnd_init
?classic@locale@std@@SAABV12@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
_Cnd_init_in_situ
_Cnd_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
_Thrd_detach
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
_Xtime_get_ticks
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
_Thrd_sleep
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
shlwapi
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameA
StrCmpIW
StrStrIW
PathFindExtensionW
StrCmpNIW
PathFileExistsA
PathRemoveExtensionA
PathCombineW
rpcrt4
RpcServerRegisterIf
NdrServerCall2
RpcMgmtStopServerListening
RpcBindingVectorFree
RpcEpUnregister
RpcServerUseProtseqW
RpcMgmtWaitServerListen
RpcServerInqBindings
UuidFromStringW
RpcEpRegisterW
RpcServerListen
RpcServerRegisterAuthInfoW
rpctransfer
??0CRpcTransfer@@QAE@W4_CONNECT_TYPE@@KK@Z
?DlpScanHelperAccess@CRpcTransfer@@QAEKPB_WKQAEK1PAKPAU__MIDL_BUFFER@@@Z
?DLPCenterAccess@CRpcTransfer@@QAEKPB_WKQAEK1PAKPAU__MIDL_BUFFER@@@Z
??1CRpcTransfer@@QAE@XZ
basecommonlib
?getJsonObject@jsHelper@jsonHelper@qmdlp@@QAE_NPBDAAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@1@Z
?getJsonValueArray@jsHelper@jsonHelper@qmdlp@@QAE_NPBDAAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@1@Z
?readString@jsHelper@jsonHelper@qmdlp@@QAE_NPBDAAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?readInt32@jsHelper@jsonHelper@qmdlp@@QAE_NPBDAAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@AAH@Z
?JsonObjToString@jsHelper@jsonHelper@qmdlp@@QAE_NABV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?splitString@strings@qmdlp@@YAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_WAAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?loadJson@jsHelper@jsonHelper@qmdlp@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@@Z
?ws2s@strings@qmdlp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@I@Z
??0Mutex@thread@qmdlp@@QAE@XZ
??1Mutex@thread@qmdlp@@UAE@XZ
?pathexists@filepath@qmdlp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetMac@QmFuncHelper@qmdlp@@YAXPADH@Z
?Trim@strings@qmdlp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV34@0@Z
??1jsHelper@jsonHelper@qmdlp@@QAE@XZ
??0jsHelper@jsonHelper@qmdlp@@QAE@XZ
?GetInstance@?$CSingleton@VCQMFileUtil@@@qmdlp@@SAPAVCQMFileUtil@@XZ
?s2ws@strings@qmdlp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@I@Z
?formatstring@strings@qmdlp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDZZ
?StringReplace@strings@qmdlp@@YAXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V34@1@Z
?QmCreateEvent@handle@qmdlp@@YGPAXKHHPB_W@Z
?GetLocalIP@QmFuncHelper@qmdlp@@YG?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?splitStringA@strings@qmdlp@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@DAAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@4@@Z
?Get360ProductPath@CQMFileUtil@@QAE_NAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0RegKey@reg@qmdlp@@QAE@XZ
??1RegKey@reg@qmdlp@@QAE@XZ
?Open@RegKey@reg@qmdlp@@QAEJPAUHKEY__@@PB_WK@Z
?ReadValue@RegKey@reg@qmdlp@@QBEJPB_WPAXPAK2@Z
?Close@RegKey@reg@qmdlp@@QAEXXZ
?splitString2@strings@qmdlp@@YAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?QmFindNextFile@filepath@qmdlp@@YGHPAXPAU_WIN32_FIND_DATAW@@@Z
?pathcombine@filepath@qmdlp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV34@PB_W@Z
?QmFindFirstFile@filepath@qmdlp@@YGPAXPB_WPAU_WIN32_FIND_DATAW@@@Z
?MatchPattern@strings@qmdlp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?basename@filepath@qmdlp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV34@@Z
ws2_32
WSAStartup
WSACleanup
dbghelp
MiniDumpWriteDump
dataengine
?GetDataEngine@CQmDataEngineFactory@@SAPAVEngineInterface@@XZ
?ReleaseEngine@CQmDataEngineFactory@@SAXPAVEngineInterface@@@Z
qmpolicystore
??0CDownPolicy@@QAE@XZ
?InitPolicyDownPath@CDownPolicy@@QAEXXZ
?SaveScanPolicy@CDownPolicy@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SaveDlpPolicy@CDownPolicy@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetScanSpec@CDownPolicy@@QAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetPolicySpec@CDownPolicy@@QAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1CDownPolicy@@UAE@XZ
psapi
GetProcessMemoryInfo
preanalyze
?GetPreAnalyze@CQmPreAnalyzeFactory@@SAPAVPreAnalyzeI@@XZ
?ReleasePreAnalyze@CQmPreAnalyzeFactory@@SAXPAVPreAnalyzeI@@@Z
dataextract
?GetDataExtract@CQmDataExtractFactory@@SAPAVDataExtractI@@XZ
?ReleaseDataExtract@CQmDataExtractFactory@@SAXPAVDataExtractI@@@Z
pdh
PdhGetFormattedCounterValue
PdhOpenQueryW
PdhAddCounterW
PdhCollectQueryData
PdhCloseQuery
vcruntime140
__CxxFrameHandler3
memset
_CxxThrowException
_except_handler4_common
memchr
_purecall
wcsstr
__std_exception_copy
__std_exception_destroy
memcpy
__vcrt_InitializeCriticalSectionEx
__std_type_info_compare
wcsrchr
memmove
__std_terminate
api-ms-win-crt-string-l1-1-0
wcscpy_s
strcat_s
strncmp
tolower
wcscat_s
strcpy_s
strncpy
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
fclose
_get_stream_buffer_pointers
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
__stdio_common_vsprintf
ungetc
fputc
fgetc
__stdio_common_vswprintf_s
__stdio_common_vswprintf
api-ms-win-crt-runtime-l1-1-0
strerror
_beginthreadex
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_getpid
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_abort_behavior
_c_exit
_register_thread_local_exe_atexit_callback
_cexit
_invalid_parameter_noinfo_noreturn
_errno
terminate
_controlfp_s
_invalid_parameter_noinfo
api-ms-win-crt-convert-l1-1-0
_i64tow_s
_wtoll
atoll
_wtoi
api-ms-win-crt-heap-l1-1-0
realloc
free
_callnewh
calloc
_msize
_set_new_mode
malloc
_recalloc
api-ms-win-crt-utility-l1-1-0
rand
srand
api-ms-win-crt-time-l1-1-0
_localtime64
_time64
strftime
_localtime64_s
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_unlock_file
api-ms-win-crt-math-l1-1-0
_except1
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 640KB - Virtual size: 639KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 118KB - Virtual size: 118KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 72B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 367KB - Virtual size: 366KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ