Static task
static1
Behavioral task
behavioral1
Sample
f70515297b7ae1975f4dddb716c5a56e5f2534937c0847a99c2e532ef2dcf03c.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral2
Sample
f70515297b7ae1975f4dddb716c5a56e5f2534937c0847a99c2e532ef2dcf03c.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
General
-
Target
f70515297b7ae1975f4dddb716c5a56e5f2534937c0847a99c2e532ef2dcf03c
-
Size
1.4MB
-
MD5
9a81cae2ead38f2b3658287558880df6
-
SHA1
de672ab5a8c1d3a0a8e74d276ae1c1a110d35886
-
SHA256
f70515297b7ae1975f4dddb716c5a56e5f2534937c0847a99c2e532ef2dcf03c
-
SHA512
ca3e29873f90be22246ea932a5da186f4ba43688dc8ae652178c1c587bd45ac5a0ae5ecd91e7d4edf7686129a2ded3b7c03e74c89d2fd08b41fa170a2c798060
-
SSDEEP
24576:rPnst7DE/mZOkWRVOyHFV3TzBXiZYOSww0o+6q9G9Oo69FhS:rHYuTV3TdXYmwvW9On/hS
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f70515297b7ae1975f4dddb716c5a56e5f2534937c0847a99c2e532ef2dcf03c
Files
-
f70515297b7ae1975f4dddb716c5a56e5f2534937c0847a99c2e532ef2dcf03c.exe windows:6 windows x64 arch:x64
cf9fedc22c1fc7e84788d0cd9e228e85
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
scanpolicyparse
??1ScanPlan@qmscan@@QEAA@XZ
?getScanPauseTime@DataDiscoverySetting@qmscan@@QEBA_NAEAVScanPauseTime@2@@Z
?getPauseTime@ScanPauseTime@qmscan@@QEAAXAEAV?$multimap@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@@Z
??0ScanDestination@qmscan@@QEAA@XZ
??0ScanFilterRule@qmscan@@QEAA@XZ
??0ScanTimeOut@qmscan@@QEAA@XZ
??0ScanPlan@qmscan@@QEAA@XZ
?getScanPlan@DataDiscoverySetting@qmscan@@QEBA_NAEAVScanPlan@2@@Z
??1ScanHeader@qmscan@@QEAA@XZ
?getStatus@DataDiscoverySetting@qmscan@@QEBA?BHXZ
?getScanid@DataDiscoverySetting@qmscan@@QEBA?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetScanPolicy@ScanPolicyParse@@UEAAHAEAV?$map@HVDataDiscoverySetting@qmscan@@U?$less@H@std@@V?$allocator@U?$pair@$$CBHVDataDiscoverySetting@qmscan@@@std@@@4@@std@@@Z
?ParseSpec@ScanPolicyParse@@UEAAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1ScanPolicyParse@@UEAA@XZ
??0ScanPolicyParse@@QEAA@XZ
??1ScanPauseTime@qmscan@@UEAA@XZ
??1ScanTimeOut@qmscan@@QEAA@XZ
??1ScanFilterRule@qmscan@@QEAA@XZ
??1ScanDestination@qmscan@@QEAA@XZ
??1DataDiscoverySetting@qmscan@@QEAA@XZ
??0ScanPauseTime@qmscan@@QEAA@XZ
?getScanTimeType@ScanPlan@qmscan@@QEBA?AW4ScanTimeType@12@XZ
??0ScanHeader@qmscan@@QEAA@XZ
?getScanHeader@DataDiscoverySetting@qmscan@@QEBA_NAEAVScanHeader@2@@Z
?DelTask@ScanPlan@qmscan@@QEAAJPEB_W@Z
?getPolicyId@ScanHeader@qmscan@@QEAAAEBHXZ
??4DataDiscoverySetting@qmscan@@QEAAAEAV01@AEBV01@@Z
??0DataDiscoverySetting@qmscan@@QEAA@AEBV01@@Z
?getScanDestination@DataDiscoverySetting@qmscan@@QEBA_NAEAVScanDestination@2@@Z
?getScanFilterRule@DataDiscoverySetting@qmscan@@QEBA_NAEAVScanFilterRule@2@@Z
?getScanTimeOut@DataDiscoverySetting@qmscan@@QEBA_NAEAVScanTimeOut@2@@Z
?isAllDiskScan@ScanDestination@qmscan@@QEBA_NXZ
?getDirectoryList@ScanDestination@qmscan@@QEBAAEBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ
?getExcludePathList@ScanDestination@qmscan@@QEBAAEBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ
?isFileExtNameFilterEnabled@ScanFilterRule@qmscan@@QEBA_NXZ
?getIncludedFileExtName@ScanFilterRule@qmscan@@QEBAAEBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ
?getExcludedFileExtName@ScanFilterRule@qmscan@@QEBAAEBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ
?isFileSizeFilterEnabled@ScanFilterRule@qmscan@@QEBA_NXZ
?getFileSizeUnit@ScanFilterRule@qmscan@@QEAA_NAEAW4FileSizeUnitType@12@0@Z
?getFileSize@ScanFilterRule@qmscan@@QEAA_NAEA_K0@Z
?isFileTimeFilterEnabled@ScanFilterRule@qmscan@@QEBA_NXZ
?getFileTimeFilterBeginTime@ScanFilterRule@qmscan@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getFileTimeFilterEndTime@ScanFilterRule@qmscan@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0DataDiscoverySetting@qmscan@@QEAA@XZ
libglog
??1LogMessage@google@@QEAA@XZ
??0LogMessage@google@@QEAA@PEBDH@Z
?FLAGS_max_log_size@fLI@@3HA
?FLAGS_colorlogtostderr@fLB@@3_NA
?stream@LogMessage@google@@QEAAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@XZ
??0LogMessage@google@@QEAA@PEBDHH@Z
?SetLogDestination@google@@YAXHPEBD@Z
?FLAGS_minloglevel@fLI@@3HA
?InitGoogleLogging@google@@YAXPEBD@Z
?ShutdownGoogleLogging@google@@YAXXZ
?SendToLog@LogMessage@google@@QEAAXXZ
??0LogMessage@google@@QEAA@PEBDHHHP801@EAAXXZ@Z
?FlushLogFiles@google@@YAXH@Z
?FLAGS_logbuflevel@fLI@@3HA
kernel32
IsDebuggerPresent
QueryPerformanceCounter
WaitForSingleObjectEx
OpenEventA
ResumeThread
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetCurrentProcessId
InitializeCriticalSection
OutputDebugStringW
GetProcAddress
GetModuleHandleW
DeleteCriticalSection
Sleep
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
GetEnvironmentVariableW
GetDiskFreeSpaceExW
GetLocalTime
GetModuleFileNameW
GetCurrentThreadId
lstrcpyW
lstrlenW
CreateFileW
GetCurrentProcess
GetModuleFileNameA
ReadFile
GetLastError
CreateThread
HeapAlloc
GetProcessHeap
HeapFree
WaitForSingleObject
WritePrivateProfileStringW
GetNativeSystemInfo
GetFileSize
TlsAlloc
CreateMutexW
OpenEventW
SetEvent
GetPrivateProfileIntW
WideCharToMultiByte
LocalFree
FormatMessageW
CreateEventW
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetPrivateProfileStringW
GetSystemTimes
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetTickCount
TerminateProcess
TlsSetValue
FormatMessageA
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetLastError
SetWaitableTimer
TlsFree
TlsGetValue
GetSystemInfo
FindFirstFileW
FindClose
CreateIoCompletionPort
VerifyVersionInfoW
VerSetConditionMask
QueueUserAPC
TerminateThread
WaitForMultipleObjects
ReleaseSemaphore
CreateSemaphoreA
CreateProcessW
GetPriorityClass
FindNextFileW
ResetEvent
GetComputerNameExW
GetSystemTimeAsFileTime
WaitForMultipleObjectsEx
CreateEventA
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
DeleteFileA
MoveFileExA
GlobalMemoryStatusEx
GetProcessIoCounters
GlobalAlloc
DeleteFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
FlushFileBuffers
GetSystemTime
FreeLibrary
SystemTimeToFileTime
LockFileEx
UnlockFile
HeapDestroy
LoadLibraryW
HeapReAlloc
GetVersionExA
LoadLibraryA
CreateFileA
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
HeapCreate
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
GetFileAttributesW
HeapValidate
HeapSize
GetTempPathA
AreFileApisANSI
user32
GetLastInputInfo
MessageBoxW
wsprintfW
advapi32
RegCloseKey
RegOpenKeyExW
GetUserNameW
GetUserNameA
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryValueExW
shell32
SHGetSpecialFolderPathW
SHCreateDirectoryExA
SHCreateDirectoryExW
oleaut32
BSTR_UserFree
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserSize
msvcp140
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_unlock
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
_Mtx_lock
_Cnd_signal
?_Throw_Cpp_error@std@@YAXH@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
_Thrd_join
_Thrd_id
?_BADOFF@std@@3_JB
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Thrd_start
_Mtx_destroy
_Cnd_destroy
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
_Mbrtowc
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
_Mtx_init
_Cnd_init
?classic@locale@std@@SAAEBV12@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
_Cnd_init_in_situ
_Cnd_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
_Thrd_detach
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Xtime_get_ticks
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Thrd_sleep
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
shlwapi
PathFileExistsW
PathFindFileNameA
PathRemoveFileSpecW
StrCmpIW
StrStrIW
PathFindExtensionW
StrCmpNIW
PathFileExistsA
PathRemoveExtensionA
PathCombineW
rpcrt4
RpcServerInqBindings
UuidFromStringW
RpcServerUseProtseqW
NdrServerCall2
RpcMgmtStopServerListening
RpcServerRegisterIf
RpcBindingVectorFree
RpcEpRegisterW
RpcServerRegisterAuthInfoW
RpcServerListen
RpcEpUnregister
RpcMgmtWaitServerListen
rpctransfer
?DlpScanHelperAccess@CRpcTransfer@@QEAAKPEB_WKQEAEK1PEAKPEAU__MIDL_BUFFER@@@Z
?DLPCenterAccess@CRpcTransfer@@QEAAKPEB_WKQEAEK1PEAKPEAU__MIDL_BUFFER@@@Z
??0CRpcTransfer@@QEAA@W4_CONNECT_TYPE@@KK@Z
??1CRpcTransfer@@QEAA@XZ
basecommonlib
?getJsonObject@jsHelper@jsonHelper@qmdlp@@QEAA_NPEBDAEAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@1@Z
?getJsonValueArray@jsHelper@jsonHelper@qmdlp@@QEAA_NPEBDAEAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@1@Z
?readString@jsHelper@jsonHelper@qmdlp@@QEAA_NPEBDAEAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?readInt32@jsHelper@jsonHelper@qmdlp@@QEAA_NPEBDAEAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@AEAH@Z
?JsonObjToString@jsHelper@jsonHelper@qmdlp@@QEAA_NAEBV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?splitString@strings@qmdlp@@YAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_WAEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?StringReplace@strings@qmdlp@@YAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V34@1@Z
?loadJson@jsHelper@jsonHelper@qmdlp@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$GenericValue@U?$UTF8@D@rapidjson@@V?$MemoryPoolAllocator@VCrtAllocator@rapidjson@@@2@@rapidjson@@@Z
?ws2s@strings@qmdlp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@I@Z
??1Mutex@thread@qmdlp@@UEAA@XZ
?pathexists@filepath@qmdlp@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetMac@QmFuncHelper@qmdlp@@YAXPEADH@Z
?Trim@strings@qmdlp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV34@0@Z
?GetLocalIP@QmFuncHelper@qmdlp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?splitStringA@strings@qmdlp@@YAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@DAEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@4@@Z
??1jsHelper@jsonHelper@qmdlp@@QEAA@XZ
??0jsHelper@jsonHelper@qmdlp@@QEAA@XZ
?GetInstance@?$CSingleton@VCQMFileUtil@@@qmdlp@@SAPEAVCQMFileUtil@@XZ
?s2ws@strings@qmdlp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@I@Z
?formatstring@strings@qmdlp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBDZZ
?QmCreateEvent@handle@qmdlp@@YAPEAXKHHPEB_W@Z
??0Mutex@thread@qmdlp@@QEAA@XZ
?Get360ProductPath@CQMFileUtil@@QEAA_NAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0RegKey@reg@qmdlp@@QEAA@XZ
??1RegKey@reg@qmdlp@@QEAA@XZ
?Open@RegKey@reg@qmdlp@@QEAAJPEAUHKEY__@@PEB_WK@Z
?ReadValue@RegKey@reg@qmdlp@@QEBAJPEB_WPEAXPEAK2@Z
?Close@RegKey@reg@qmdlp@@QEAAXXZ
?splitString2@strings@qmdlp@@YAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?QmFindNextFile@filepath@qmdlp@@YAHPEAXPEAU_WIN32_FIND_DATAW@@@Z
?pathcombine@filepath@qmdlp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV34@PEB_W@Z
?QmFindFirstFile@filepath@qmdlp@@YAPEAXPEB_WPEAU_WIN32_FIND_DATAW@@@Z
?MatchPattern@strings@qmdlp@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?basename@filepath@qmdlp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV34@@Z
ws2_32
WSAStartup
WSACleanup
dbghelp
MiniDumpWriteDump
dataengine
?GetDataEngine@CQmDataEngineFactory@@SAPEAVEngineInterface@@XZ
?ReleaseEngine@CQmDataEngineFactory@@SAXPEAVEngineInterface@@@Z
qmpolicystore
??0CDownPolicy@@QEAA@XZ
?InitPolicyDownPath@CDownPolicy@@QEAAXXZ
?SaveScanPolicy@CDownPolicy@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SaveDlpPolicy@CDownPolicy@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetScanSpec@CDownPolicy@@QEAA_NAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetPolicySpec@CDownPolicy@@QEAA_NAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1CDownPolicy@@UEAA@XZ
psapi
GetProcessMemoryInfo
preanalyze
?GetPreAnalyze@CQmPreAnalyzeFactory@@SAPEAVPreAnalyzeI@@XZ
?ReleasePreAnalyze@CQmPreAnalyzeFactory@@SAXPEAVPreAnalyzeI@@@Z
dataextract
?ReleaseDataExtract@CQmDataExtractFactory@@SAXPEAVDataExtractI@@@Z
?GetDataExtract@CQmDataExtractFactory@@SAPEAVDataExtractI@@XZ
pdh
PdhOpenQueryW
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery
PdhAddCounterW
vcruntime140
__vcrt_InitializeCriticalSectionEx
memcpy
_CxxThrowException
memcmp
memset
__CxxFrameHandler3
memchr
__std_type_info_compare
_purecall
__C_specific_handler
wcsstr
wcsrchr
__std_exception_destroy
__std_exception_copy
memmove
__std_terminate
api-ms-win-crt-string-l1-1-0
strcpy_s
tolower
strcat_s
wcscat_s
strncpy
strncmp
wcscpy_s
strcmp
api-ms-win-crt-stdio-l1-1-0
fgetpos
__stdio_common_vswprintf_s
fputc
__stdio_common_vswprintf
__p__commode
ungetc
__stdio_common_vsprintf
_set_fmode
fflush
fclose
setvbuf
_get_stream_buffer_pointers
fwrite
fgetc
_fseeki64
fsetpos
api-ms-win-crt-runtime-l1-1-0
_set_abort_behavior
_invalid_parameter_noinfo
terminate
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_initialize_onexit_table
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_getpid
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
strerror
_register_onexit_function
_errno
_beginthreadex
api-ms-win-crt-convert-l1-1-0
_i64tow_s
atoll
_wtoll
_wtoi
api-ms-win-crt-heap-l1-1-0
realloc
calloc
malloc
_callnewh
_recalloc
free
_set_new_mode
_msize
api-ms-win-crt-utility-l1-1-0
rand
srand
api-ms-win-crt-time-l1-1-0
_time64
_localtime64_s
_localtime64
strftime
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_unlock_file
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 715KB - Virtual size: 714KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 220KB - Virtual size: 220KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 31KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 367KB - Virtual size: 366KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ